download:

/quivings/Solara/raw/main/Files/SolaraB.zip

Full analysis: https://app.any.run/tasks/995d402e-7a87-4287-8b90-d7bd69fcbc92
Verdict: Malicious activity
Analysis date: May 29, 2024, 17:08:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

4EC8143B6DBE27870CF8333711FF5096

SHA1:

693D467EBEC348469011FFEF1BD370B113653147

SHA256:

2510BE907EC476E8375AC7B5431536AE9A32BF99FE77AB695A5100852B111B96

SSDEEP:

96:EUqjU52FPuD85CRbXQSQ4Bl1ZP5MaOS5ZTDCJvuB66EFscY7LO4ivJEzmqAZdXRD:EU+FuNQt6JP5GS5NGMYE7TogARskfl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3964)

  • SUSPICIOUS

    • Reads the Internet Settings

      • SolaraBootstrapper.exe (PID: 1876)
      • SolaraBootstrapper.exe (PID: 728)
      • SolaraBootstrapper.exe (PID: 1824)
      • SolaraBootstrapper.exe (PID: 1244)
      • SolaraBootstrapper.exe (PID: 2468)
      • SolaraBootstrapper.exe (PID: 1520)
      • SolaraBootstrapper.exe (PID: 2632)
      • SolaraBootstrapper.exe (PID: 2432)
      • SolaraBootstrapper.exe (PID: 1884)
      • SolaraBootstrapper.exe (PID: 1312)
      • SolaraBootstrapper.exe (PID: 2832)
      • SolaraBootstrapper.exe (PID: 2996)
      • SolaraBootstrapper.exe (PID: 3500)
      • SolaraBootstrapper.exe (PID: 3640)
      • SolaraBootstrapper.exe (PID: 3676)
      • SolaraBootstrapper.exe (PID: 3152)
      • SolaraBootstrapper.exe (PID: 3524)
      • SolaraBootstrapper.exe (PID: 3548)
      • SolaraBootstrapper.exe (PID: 3360)
      • SolaraBootstrapper.exe (PID: 3624)
      • SolaraBootstrapper.exe (PID: 328)
      • SolaraBootstrapper.exe (PID: 2180)
      • SolaraBootstrapper.exe (PID: 1368)
      • SolaraBootstrapper.exe (PID: 4024)
      • SolaraBootstrapper.exe (PID: 1788)
      • SolaraBootstrapper.exe (PID: 2348)
      • SolaraBootstrapper.exe (PID: 2532)
      • SolaraBootstrapper.exe (PID: 2476)
      • SolaraBootstrapper.exe (PID: 2484)
      • SolaraBootstrapper.exe (PID: 1612)
      • SolaraBootstrapper.exe (PID: 2712)
      • SolaraBootstrapper.exe (PID: 2664)
      • SolaraBootstrapper.exe (PID: 2892)
      • SolaraBootstrapper.exe (PID: 1028)
      • SolaraBootstrapper.exe (PID: 972)
      • SolaraBootstrapper.exe (PID: 2912)
      • SolaraBootstrapper.exe (PID: 3336)
      • SolaraBootstrapper.exe (PID: 3828)
      • SolaraBootstrapper.exe (PID: 3340)
      • SolaraBootstrapper.exe (PID: 4068)
      • SolaraBootstrapper.exe (PID: 3420)
      • SolaraBootstrapper.exe (PID: 3512)
      • SolaraBootstrapper.exe (PID: 124)
      • SolaraBootstrapper.exe (PID: 3720)
      • SolaraBootstrapper.exe (PID: 1768)

  • INFO

    • Checks supported languages

      • SolaraBootstrapper.exe (PID: 1876)
      • wmpnscfg.exe (PID: 304)
      • SolaraBootstrapper.exe (PID: 728)
      • MSASCui.exe (PID: 4088)
      • SolaraBootstrapper.exe (PID: 1824)
      • SolaraBootstrapper.exe (PID: 2468)
      • SolaraBootstrapper.exe (PID: 1244)
      • SolaraBootstrapper.exe (PID: 2632)
      • SolaraBootstrapper.exe (PID: 1520)
      • SolaraBootstrapper.exe (PID: 1884)
      • SolaraBootstrapper.exe (PID: 2432)
      • SolaraBootstrapper.exe (PID: 2832)
      • SolaraBootstrapper.exe (PID: 2996)
      • SolaraBootstrapper.exe (PID: 1312)
      • SolaraBootstrapper.exe (PID: 3500)
      • SolaraBootstrapper.exe (PID: 3152)
      • SolaraBootstrapper.exe (PID: 3640)
      • SolaraBootstrapper.exe (PID: 3676)
      • SolaraBootstrapper.exe (PID: 3548)
      • SolaraBootstrapper.exe (PID: 3524)
      • SolaraBootstrapper.exe (PID: 3360)
      • SolaraBootstrapper.exe (PID: 3624)
      • SolaraBootstrapper.exe (PID: 328)
      • SolaraBootstrapper.exe (PID: 2180)
      • SolaraBootstrapper.exe (PID: 4024)
      • SolaraBootstrapper.exe (PID: 2348)
      • SolaraBootstrapper.exe (PID: 1368)
      • SolaraBootstrapper.exe (PID: 1788)
      • SolaraBootstrapper.exe (PID: 2532)
      • SolaraBootstrapper.exe (PID: 1612)
      • SolaraBootstrapper.exe (PID: 2476)
      • SolaraBootstrapper.exe (PID: 2484)
      • SolaraBootstrapper.exe (PID: 2664)
      • SolaraBootstrapper.exe (PID: 1028)
      • SolaraBootstrapper.exe (PID: 2712)
      • SolaraBootstrapper.exe (PID: 2892)
      • SolaraBootstrapper.exe (PID: 972)
      • SolaraBootstrapper.exe (PID: 2912)
      • SolaraBootstrapper.exe (PID: 3340)
      • SolaraBootstrapper.exe (PID: 3828)
      • SolaraBootstrapper.exe (PID: 4068)
      • SolaraBootstrapper.exe (PID: 3336)
      • SolaraBootstrapper.exe (PID: 3512)
      • SolaraBootstrapper.exe (PID: 3420)
      • SolaraBootstrapper.exe (PID: 124)
      • SolaraBootstrapper.exe (PID: 1768)
      • SolaraBootstrapper.exe (PID: 3720)

    • Reads the computer name

      • SolaraBootstrapper.exe (PID: 1876)
      • wmpnscfg.exe (PID: 304)
      • SolaraBootstrapper.exe (PID: 1824)
      • SolaraBootstrapper.exe (PID: 728)
      • SolaraBootstrapper.exe (PID: 2468)
      • SolaraBootstrapper.exe (PID: 1244)
      • SolaraBootstrapper.exe (PID: 1520)
      • SolaraBootstrapper.exe (PID: 2632)
      • SolaraBootstrapper.exe (PID: 2432)
      • SolaraBootstrapper.exe (PID: 1884)
      • SolaraBootstrapper.exe (PID: 2832)
      • SolaraBootstrapper.exe (PID: 2996)
      • SolaraBootstrapper.exe (PID: 1312)
      • SolaraBootstrapper.exe (PID: 3500)
      • SolaraBootstrapper.exe (PID: 3152)
      • SolaraBootstrapper.exe (PID: 3640)
      • SolaraBootstrapper.exe (PID: 3676)
      • SolaraBootstrapper.exe (PID: 3548)
      • SolaraBootstrapper.exe (PID: 3524)
      • SolaraBootstrapper.exe (PID: 3360)
      • SolaraBootstrapper.exe (PID: 3624)
      • SolaraBootstrapper.exe (PID: 2180)
      • SolaraBootstrapper.exe (PID: 328)
      • SolaraBootstrapper.exe (PID: 4024)
      • SolaraBootstrapper.exe (PID: 1368)
      • SolaraBootstrapper.exe (PID: 1788)
      • SolaraBootstrapper.exe (PID: 2532)
      • SolaraBootstrapper.exe (PID: 2348)
      • SolaraBootstrapper.exe (PID: 2476)
      • SolaraBootstrapper.exe (PID: 1612)
      • SolaraBootstrapper.exe (PID: 2484)
      • SolaraBootstrapper.exe (PID: 2664)
      • SolaraBootstrapper.exe (PID: 1028)
      • SolaraBootstrapper.exe (PID: 2712)
      • SolaraBootstrapper.exe (PID: 972)
      • SolaraBootstrapper.exe (PID: 2892)
      • SolaraBootstrapper.exe (PID: 2912)
      • SolaraBootstrapper.exe (PID: 3340)
      • SolaraBootstrapper.exe (PID: 3336)
      • SolaraBootstrapper.exe (PID: 3828)
      • SolaraBootstrapper.exe (PID: 4068)
      • SolaraBootstrapper.exe (PID: 3420)
      • SolaraBootstrapper.exe (PID: 3512)
      • SolaraBootstrapper.exe (PID: 124)
      • SolaraBootstrapper.exe (PID: 3720)
      • SolaraBootstrapper.exe (PID: 1768)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3964)

    • Disables trace logs

      • SolaraBootstrapper.exe (PID: 1876)
      • SolaraBootstrapper.exe (PID: 1824)
      • SolaraBootstrapper.exe (PID: 728)
      • SolaraBootstrapper.exe (PID: 1244)
      • SolaraBootstrapper.exe (PID: 2468)
      • SolaraBootstrapper.exe (PID: 1520)
      • SolaraBootstrapper.exe (PID: 2632)
      • SolaraBootstrapper.exe (PID: 2432)
      • SolaraBootstrapper.exe (PID: 1884)
      • SolaraBootstrapper.exe (PID: 2832)
      • SolaraBootstrapper.exe (PID: 1312)
      • SolaraBootstrapper.exe (PID: 2996)
      • SolaraBootstrapper.exe (PID: 3500)
      • SolaraBootstrapper.exe (PID: 3152)
      • SolaraBootstrapper.exe (PID: 3640)
      • SolaraBootstrapper.exe (PID: 3676)
      • SolaraBootstrapper.exe (PID: 3548)
      • SolaraBootstrapper.exe (PID: 3524)
      • SolaraBootstrapper.exe (PID: 3624)
      • SolaraBootstrapper.exe (PID: 3360)
      • SolaraBootstrapper.exe (PID: 2180)
      • SolaraBootstrapper.exe (PID: 328)
      • SolaraBootstrapper.exe (PID: 4024)
      • SolaraBootstrapper.exe (PID: 1368)
      • SolaraBootstrapper.exe (PID: 1788)
      • SolaraBootstrapper.exe (PID: 2348)
      • SolaraBootstrapper.exe (PID: 2476)
      • SolaraBootstrapper.exe (PID: 2532)
      • SolaraBootstrapper.exe (PID: 2484)
      • SolaraBootstrapper.exe (PID: 2664)
      • SolaraBootstrapper.exe (PID: 1612)
      • SolaraBootstrapper.exe (PID: 2712)
      • SolaraBootstrapper.exe (PID: 2892)
      • SolaraBootstrapper.exe (PID: 1028)
      • SolaraBootstrapper.exe (PID: 2912)
      • SolaraBootstrapper.exe (PID: 3340)
      • SolaraBootstrapper.exe (PID: 972)
      • SolaraBootstrapper.exe (PID: 3828)
      • SolaraBootstrapper.exe (PID: 3336)
      • SolaraBootstrapper.exe (PID: 4068)
      • SolaraBootstrapper.exe (PID: 3420)
      • SolaraBootstrapper.exe (PID: 3512)
      • SolaraBootstrapper.exe (PID: 3720)
      • SolaraBootstrapper.exe (PID: 1768)
      • SolaraBootstrapper.exe (PID: 124)

    • Reads the machine GUID from the registry

      • SolaraBootstrapper.exe (PID: 1876)
      • SolaraBootstrapper.exe (PID: 1824)
      • SolaraBootstrapper.exe (PID: 728)
      • SolaraBootstrapper.exe (PID: 2468)
      • SolaraBootstrapper.exe (PID: 1244)
      • SolaraBootstrapper.exe (PID: 1520)
      • SolaraBootstrapper.exe (PID: 2632)
      • SolaraBootstrapper.exe (PID: 2432)
      • SolaraBootstrapper.exe (PID: 1884)
      • SolaraBootstrapper.exe (PID: 2832)
      • SolaraBootstrapper.exe (PID: 1312)
      • SolaraBootstrapper.exe (PID: 2996)
      • SolaraBootstrapper.exe (PID: 3500)
      • SolaraBootstrapper.exe (PID: 3152)
      • SolaraBootstrapper.exe (PID: 3640)
      • SolaraBootstrapper.exe (PID: 3676)
      • SolaraBootstrapper.exe (PID: 3524)
      • SolaraBootstrapper.exe (PID: 3548)
      • SolaraBootstrapper.exe (PID: 3360)
      • SolaraBootstrapper.exe (PID: 3624)
      • SolaraBootstrapper.exe (PID: 2180)
      • SolaraBootstrapper.exe (PID: 328)
      • SolaraBootstrapper.exe (PID: 4024)
      • SolaraBootstrapper.exe (PID: 1368)
      • SolaraBootstrapper.exe (PID: 2348)
      • SolaraBootstrapper.exe (PID: 1788)
      • SolaraBootstrapper.exe (PID: 2532)
      • SolaraBootstrapper.exe (PID: 2476)
      • SolaraBootstrapper.exe (PID: 2484)
      • SolaraBootstrapper.exe (PID: 1612)
      • SolaraBootstrapper.exe (PID: 2712)
      • SolaraBootstrapper.exe (PID: 1028)
      • SolaraBootstrapper.exe (PID: 2664)
      • SolaraBootstrapper.exe (PID: 2892)
      • SolaraBootstrapper.exe (PID: 972)
      • SolaraBootstrapper.exe (PID: 2912)
      • SolaraBootstrapper.exe (PID: 3340)
      • SolaraBootstrapper.exe (PID: 3828)
      • SolaraBootstrapper.exe (PID: 3336)
      • SolaraBootstrapper.exe (PID: 4068)
      • SolaraBootstrapper.exe (PID: 3420)
      • SolaraBootstrapper.exe (PID: 3512)
      • SolaraBootstrapper.exe (PID: 124)
      • SolaraBootstrapper.exe (PID: 1768)
      • SolaraBootstrapper.exe (PID: 3720)

    • Reads Environment values

      • SolaraBootstrapper.exe (PID: 1876)
      • SolaraBootstrapper.exe (PID: 1824)
      • SolaraBootstrapper.exe (PID: 728)
      • SolaraBootstrapper.exe (PID: 1244)
      • SolaraBootstrapper.exe (PID: 2468)
      • SolaraBootstrapper.exe (PID: 2632)
      • SolaraBootstrapper.exe (PID: 1520)
      • SolaraBootstrapper.exe (PID: 2432)
      • SolaraBootstrapper.exe (PID: 1884)
      • SolaraBootstrapper.exe (PID: 2832)
      • SolaraBootstrapper.exe (PID: 1312)
      • SolaraBootstrapper.exe (PID: 2996)
      • SolaraBootstrapper.exe (PID: 3500)
      • SolaraBootstrapper.exe (PID: 3152)
      • SolaraBootstrapper.exe (PID: 3640)
      • SolaraBootstrapper.exe (PID: 3676)
      • SolaraBootstrapper.exe (PID: 3548)
      • SolaraBootstrapper.exe (PID: 3524)
      • SolaraBootstrapper.exe (PID: 3360)
      • SolaraBootstrapper.exe (PID: 3624)
      • SolaraBootstrapper.exe (PID: 328)
      • SolaraBootstrapper.exe (PID: 2180)
      • SolaraBootstrapper.exe (PID: 1368)
      • SolaraBootstrapper.exe (PID: 4024)
      • SolaraBootstrapper.exe (PID: 2348)
      • SolaraBootstrapper.exe (PID: 1788)
      • SolaraBootstrapper.exe (PID: 2476)
      • SolaraBootstrapper.exe (PID: 1612)
      • SolaraBootstrapper.exe (PID: 2532)
      • SolaraBootstrapper.exe (PID: 2484)
      • SolaraBootstrapper.exe (PID: 2664)
      • SolaraBootstrapper.exe (PID: 2712)
      • SolaraBootstrapper.exe (PID: 2892)
      • SolaraBootstrapper.exe (PID: 972)
      • SolaraBootstrapper.exe (PID: 1028)
      • SolaraBootstrapper.exe (PID: 2912)
      • SolaraBootstrapper.exe (PID: 3340)
      • SolaraBootstrapper.exe (PID: 3828)
      • SolaraBootstrapper.exe (PID: 3336)
      • SolaraBootstrapper.exe (PID: 3420)
      • SolaraBootstrapper.exe (PID: 4068)
      • SolaraBootstrapper.exe (PID: 3720)
      • SolaraBootstrapper.exe (PID: 3512)
      • SolaraBootstrapper.exe (PID: 1768)
      • SolaraBootstrapper.exe (PID: 124)

    • Manual execution by a user

      • SolaraBootstrapper.exe (PID: 1876)
      • SolaraBootstrapper.exe (PID: 728)
      • SolaraBootstrapper.exe (PID: 1824)
      • wmpnscfg.exe (PID: 304)
      • MSASCui.exe (PID: 4088)
      • SolaraBootstrapper.exe (PID: 1244)
      • SolaraBootstrapper.exe (PID: 2632)
      • SolaraBootstrapper.exe (PID: 1520)
      • SolaraBootstrapper.exe (PID: 2468)
      • SolaraBootstrapper.exe (PID: 1884)
      • SolaraBootstrapper.exe (PID: 2432)
      • SolaraBootstrapper.exe (PID: 2832)
      • SolaraBootstrapper.exe (PID: 2996)
      • SolaraBootstrapper.exe (PID: 1312)
      • SolaraBootstrapper.exe (PID: 3500)
      • SolaraBootstrapper.exe (PID: 3152)
      • SolaraBootstrapper.exe (PID: 3676)
      • SolaraBootstrapper.exe (PID: 3640)
      • SolaraBootstrapper.exe (PID: 3548)
      • SolaraBootstrapper.exe (PID: 3524)
      • SolaraBootstrapper.exe (PID: 3360)
      • SolaraBootstrapper.exe (PID: 3624)
      • SolaraBootstrapper.exe (PID: 328)
      • SolaraBootstrapper.exe (PID: 1368)
      • SolaraBootstrapper.exe (PID: 2180)
      • SolaraBootstrapper.exe (PID: 4024)
      • SolaraBootstrapper.exe (PID: 2348)
      • SolaraBootstrapper.exe (PID: 1788)
      • SolaraBootstrapper.exe (PID: 2532)
      • SolaraBootstrapper.exe (PID: 2476)
      • SolaraBootstrapper.exe (PID: 1612)
      • SolaraBootstrapper.exe (PID: 2484)
      • SolaraBootstrapper.exe (PID: 2664)
      • SolaraBootstrapper.exe (PID: 2712)
      • SolaraBootstrapper.exe (PID: 1028)
      • SolaraBootstrapper.exe (PID: 972)
      • SolaraBootstrapper.exe (PID: 2892)
      • SolaraBootstrapper.exe (PID: 3340)
      • SolaraBootstrapper.exe (PID: 2912)
      • SolaraBootstrapper.exe (PID: 3828)
      • SolaraBootstrapper.exe (PID: 4068)
      • SolaraBootstrapper.exe (PID: 3336)
      • SolaraBootstrapper.exe (PID: 3420)
      • SolaraBootstrapper.exe (PID: 3512)
      • SolaraBootstrapper.exe (PID: 124)
      • SolaraBootstrapper.exe (PID: 3720)
      • SolaraBootstrapper.exe (PID: 1768)

    • Create files in a temporary directory

      • SolaraBootstrapper.exe (PID: 1876)
      • SolaraBootstrapper.exe (PID: 728)
      • SolaraBootstrapper.exe (PID: 1824)
      • SolaraBootstrapper.exe (PID: 1244)
      • SolaraBootstrapper.exe (PID: 2468)
      • SolaraBootstrapper.exe (PID: 2632)
      • SolaraBootstrapper.exe (PID: 1520)
      • SolaraBootstrapper.exe (PID: 2432)
      • SolaraBootstrapper.exe (PID: 1884)
      • SolaraBootstrapper.exe (PID: 1312)
      • SolaraBootstrapper.exe (PID: 2832)
      • SolaraBootstrapper.exe (PID: 2996)
      • SolaraBootstrapper.exe (PID: 3500)
      • SolaraBootstrapper.exe (PID: 3152)
      • SolaraBootstrapper.exe (PID: 3640)
      • SolaraBootstrapper.exe (PID: 3676)
      • SolaraBootstrapper.exe (PID: 3524)
      • SolaraBootstrapper.exe (PID: 3548)
      • SolaraBootstrapper.exe (PID: 3624)
      • SolaraBootstrapper.exe (PID: 3360)
      • SolaraBootstrapper.exe (PID: 328)
      • SolaraBootstrapper.exe (PID: 2180)
      • SolaraBootstrapper.exe (PID: 1368)
      • SolaraBootstrapper.exe (PID: 4024)
      • SolaraBootstrapper.exe (PID: 1788)
      • SolaraBootstrapper.exe (PID: 2532)
      • SolaraBootstrapper.exe (PID: 2348)
      • SolaraBootstrapper.exe (PID: 2476)
      • SolaraBootstrapper.exe (PID: 1612)
      • SolaraBootstrapper.exe (PID: 2484)
      • SolaraBootstrapper.exe (PID: 2712)
      • SolaraBootstrapper.exe (PID: 1028)
      • SolaraBootstrapper.exe (PID: 2664)
      • SolaraBootstrapper.exe (PID: 972)
      • SolaraBootstrapper.exe (PID: 2892)
      • SolaraBootstrapper.exe (PID: 2912)
      • SolaraBootstrapper.exe (PID: 3340)
      • SolaraBootstrapper.exe (PID: 3336)
      • SolaraBootstrapper.exe (PID: 3828)
      • SolaraBootstrapper.exe (PID: 4068)
      • SolaraBootstrapper.exe (PID: 3420)
      • SolaraBootstrapper.exe (PID: 3512)
      • SolaraBootstrapper.exe (PID: 3720)
      • SolaraBootstrapper.exe (PID: 124)
      • SolaraBootstrapper.exe (PID: 1768)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:05:19 18:25:22
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: SolaraB/Solara/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
133
Monitored processes
48
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe solarabootstrapper.exe wmpnscfg.exe no specs solarabootstrapper.exe solarabootstrapper.exe msascui.exe no specs solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe solarabootstrapper.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
304"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
328"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
728"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
972"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1028"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1244"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1312"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1368"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1520"C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe" C:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SolaraBootstrapper
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\solarab\solara\solarabootstrapper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
41 120
Read events
41 095
Write events
25
Delete events
0

Modification events

(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3964) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Downloads\SolaraB.zip
(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3964) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3964WinRAR.exeC:\Users\admin\Desktop\SolaraB\Solara\SolaraBootstrapper.exeexecutable
MD5:6557BD5240397F026E675AFB78544A26
SHA256:A7FECFC225DFDD4E14DCD4D1B4BA1B9F8E4D1984F1CDD8CDA3A9987E5D53C239
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
141
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
1876
SolaraBootstrapper.exe
140.82.121.3:443
github.com
GITHUB
US
unknown
1876
SolaraBootstrapper.exe
185.199.108.133:443
raw.githubusercontent.com
FASTLY
US
unknown
728
SolaraBootstrapper.exe
140.82.121.3:443
github.com
GITHUB
US
unknown
728
SolaraBootstrapper.exe
185.199.108.133:443
raw.githubusercontent.com
FASTLY
US
unknown
1824
SolaraBootstrapper.exe
140.82.121.3:443
github.com
GITHUB
US
unknown
1824
SolaraBootstrapper.exe
185.199.108.133:443
raw.githubusercontent.com
FASTLY
US
unknown

DNS requests

Domain
IP
Reputation
github.com
  • 140.82.121.3
shared
raw.githubusercontent.com
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.109.133
  • 185.199.111.133
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/quivings/Solara/raw/main/Files/SolaraB.zip