Malware analysis Solara.Dir.zip Malicious activity | ANY.RUN

Add for printing

File name:	Solara.Dir.zip
Full analysis:	https://app.any.run/tasks/603c1f50-6a0d-4753-a90a-1b3b0bd34f72
Verdict:	Malicious activity
Analysis date:	February 14, 2026, 14:59:21
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	arch-scr arch-doc roblox
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract, compression method=store
MD5:	DAD2FA125DAB0E38D43D7056164481F9
SHA1:	55B7E3A3FAE68F41AC5AB19742CAA4DD89C99AEF
SHA256:	2BFB131661221AD9DEB114D9E2DEE1C96E15B4273BC1768F4AA0D771B023779B
SSDEEP:	98304:6O6ZeppLYuUmHpps3T0VWtM0I4ZW/vzYN9uRTvSJ9rECjQELF0ZhQ/B22idqyOKT:0+UgUmhqFJmGWl0iIB+5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 120 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 60 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Executing a file with an untrusted certificate
  - SLaunch.exe (PID: 3584)
  - Solara.exe (PID: 2752)
  - Solara.exe (PID: 552)
SUSPICIOUS
- Process drops legitimate windows executable
  - WinRAR.exe (PID: 8508)
- Executes application which crashes
  - Solara.exe (PID: 552)
- Creates file in the systems drive root
  - Solara.exe (PID: 2752)
INFO
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 8508)
- Reads the computer name
  - Solara.exe (PID: 2752)
  - SLaunch.exe (PID: 3584)
  - Solara.exe (PID: 552)
  - identity_helper.exe (PID: 5200)
- Reads the machine GUID from the registry
  - Solara.exe (PID: 2752)
  - Solara.exe (PID: 552)
- ROBLOX mutex has been found
  - Solara.exe (PID: 2752)
  - Solara.exe (PID: 552)
- Drops script file
  - WinRAR.exe (PID: 8508)
  - msedge.exe (PID: 4616)
  - msedge.exe (PID: 4992)
- The sample compiled with english language support
  - WinRAR.exe (PID: 8508)
- Disables trace logs
  - Solara.exe (PID: 2752)
  - Solara.exe (PID: 552)
- Checks supported languages
  - Solara.exe (PID: 2752)
  - SLaunch.exe (PID: 3584)
  - Solara.exe (PID: 552)
  - identity_helper.exe (PID: 5200)
- Manual execution by a user
  - SLaunch.exe (PID: 3584)
  - Solara.exe (PID: 552)
  - Solara.exe (PID: 2752)
- Reads security settings of Internet Explorer
  - Solara.exe (PID: 2752)
  - Solara.exe (PID: 552)
- Checks proxy server information
  - Solara.exe (PID: 2752)
  - Solara.exe (PID: 552)
  - WerFault.exe (PID: 4340)
- Reads Environment values
  - Solara.exe (PID: 2752)
  - Solara.exe (PID: 552)
  - identity_helper.exe (PID: 5200)
- Creates files or folders in the user directory
  - Solara.exe (PID: 2752)
  - Solara.exe (PID: 552)
  - WerFault.exe (PID: 4340)
- Application launched itself
  - msedge.exe (PID: 4616)
  - msedge.exe (PID: 7672)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	-
ZipCompression:	None
ZipModifyDate:	2026:02:07 00:22:50
ZipCRC:	0x00000000
ZipCompressedSize:	-
ZipUncompressedSize:	-
ZipFileName:	Solara/

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

175

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

552

"C:\Users\admin\Desktop\Solara\Solara.exe"

C:\Users\admin\Desktop\Solara\Solara.exe

explorer.exe

User:

admin

Company:

CMD Softworks

Integrity Level:

HIGH

Description:

Solara V3

Exit code:

3762504530

Version:

3.0.0.0

Modules

Images
c:\users\admin\desktop\solara\solara.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

1352

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=3592,i,16973100929334142485,17502077532615105847,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2372

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3588,i,16973100929334142485,17502077532615105847,262144 --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2456

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5384,i,16973100929334142485,17502077532615105847,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2460

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2744,i,16973100929334142485,17502077532615105847,262144 --variations-seed-version --mojo-platform-channel-handle=2776 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2752

"C:\Users\admin\Desktop\Solara\Solara.exe"

C:\Users\admin\Desktop\Solara\Solara.exe

explorer.exe

User:

admin

Company:

CMD Softworks

Integrity Level:

MEDIUM

Description:

Solara V3

Version:

3.0.0.0

Modules

Images
c:\users\admin\desktop\solara\solara.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

3584

"C:\Users\admin\Desktop\Solara\SLaunch.exe"

C:\Users\admin\Desktop\Solara\SLaunch.exe

explorer.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\users\admin\desktop\solara\slaunch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll

3952

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4236,i,16973100929334142485,17502077532615105847,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

4304

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2360,i,16973100929334142485,17502077532615105847,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

133.0.3065.92

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

4340

C:\WINDOWS\system32\WerFault.exe -u -p 552 -s 3656

C:\Windows\System32\WerFault.exe

Solara.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Windows Problem Reporting

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll

Add for printing

Total events

19 302

Read events

19 079

Write events

203

Delete events

Modification events


(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Downloads\chromium_build 1.zip
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\AppData\Local\Temp\Solara.Dir.zip
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\General\Toolbar\Buttons
Operation:	write	Name:	a.prot.pos
Value: 12
(PID) Process:	(8508) WinRAR.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\WinRAR\General\Toolbar\Buttons
Operation:	write	Name:	a.prot.sep
Value: 0

Add for printing

Executable files

Suspicious files

Text files

280

Unknown types

117

Dropped files

PID	Process	Filename		Type
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\bin\ALGA		text
		MD5:002F79AFD689E618BE189F4681A6457E	SHA256:FB352CC83CA6DD976A73125072A8CFB455551697A999F2BE290A6F87D490AF2F
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\Microsoft.Web.WebView2.Wpf.dll		executable
		MD5:D8E466F3951EB9A3D22EB098F4CCED13	SHA256:6D329162B460515A849C693518FF626A1A3363E79D549CFD6822E5601F24603E
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\bin\DEBUG.txt		binary
		MD5:4763B5D9A4FC6357F4C7622F8E1AABEE	SHA256:F1F07712402D314D07BE79499ED8228757C2D0E15DF0778585958A4623CB077C
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\Microsoft.Web.WebView2.WinForms.dll		executable
		MD5:1C42DA9957DAD375688D998AED3B643E	SHA256:BBC50575B6A191FD433DF854227921937F256E91A81B47C697D95EA8ED027FF6
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\Monaco\fileaccess\index.js		text
		MD5:0E709BFB5675FF0531C925B909B58008	SHA256:ED94FD8980C043BAD99599102291E3285323B99CE0EB5D424C00E3DEA1A34E67
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\Monaco\fileaccess\node_modules\array-flatten\package.json		text
		MD5:CB1AA7F817100A03395DD0163BF6EBE9	SHA256:5C5E0E10CFA23F163D1FE68AA57A881D09CAC39D720E1361C697B86C4D33E0F5
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\bin\version.txt		text
		MD5:1490BB9E52DA53C31A07714BCC31F39E	SHA256:DC4CE97FB40E8FDD1B874171EB9B3BFA0E10C0ED7D37591017D71D868904C575
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\Monaco\fileaccess\node_modules\body-parser\lib\read.js		text
		MD5:C148BB38C59CE266E271C96AB1F2D192	SHA256:1E9E274755366C39AE70E8B9A7A42FC12219566E67EFAF9B7EBC2A8B337F5B6B
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\Monaco\fileaccess\node_modules\body-parser\lib\types\raw.js		text
		MD5:ACB38E4FE575AFAF8D1A257E47C6E362	SHA256:4E9CC80A7EE8BD667C68C264B4C374B28E731246DDB6EC22C3968DAF837E30A2
8508	WinRAR.exe	C:\Users\admin\Desktop\Solara\Monaco\fileaccess\node_modules\body-parser\package.json		text
		MD5:826BD4315438573BA1A6D88AE2A2AA65	SHA256:0FD31AD69FDCF1E2A94530F9DB9C93E96709B690393A14711643123F678EE956

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

102

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6768	MoUsoCoreWorker.exe	GET	304	51.124.78.146:443	https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop	US	—	—	whitelisted
8756	svchost.exe	GET	304	51.124.78.146:443	https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2	US	—	—	whitelisted
5768	SIHClient.exe	GET	304	74.179.77.204:443	https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL	US	—	—	whitelisted
5768	SIHClient.exe	GET	200	135.233.95.135:443	https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping	US	—	—	whitelisted
5768	SIHClient.exe	GET	200	74.179.77.204:443	https://slscr.update.microsoft.com/sls/ping	US	—	—	whitelisted
5768	SIHClient.exe	GET	304	74.179.77.204:443	https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL	US	—	—	whitelisted
—	—	GET	200	204.79.197.203:80	http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D	US	binary	960 b	whitelisted
—	—	GET	200	184.86.11.11:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D	US	binary	313 b	whitelisted
356	svchost.exe	POST	200	40.126.31.1:443	https://login.live.com/RST2.srf	US	xml	11.1 Kb	whitelisted
356	svchost.exe	GET	200	184.86.11.11:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	US	binary	471 b	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
8756	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4	System	192.168.100.255:137	—	Not routed	—	whitelisted
8176	RUXIMICS.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	2.16.106.200:443	www.bing.com	AKAMAI-ASN1	NL	whitelisted
6768	MoUsoCoreWorker.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	184.86.11.11:80	ocsp.digicert.com	AKAMAI-AS	US	whitelisted
—	—	204.79.197.203:80	oneocsp.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	172.211.123.248:443	client.wns.windows.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4	System	192.168.100.255:138	—	Not routed	—	whitelisted
356	svchost.exe	40.126.31.1:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	40.127.240.158 20.73.194.208 51.124.78.146	whitelisted
self.events.data.microsoft.com	20.189.173.10	whitelisted
www.bing.com	2.16.106.200 2.16.106.207 2.16.106.196 2.16.241.201 2.16.241.218 2.16.241.207 2.16.241.222 2.16.241.205	whitelisted
th.bing.com	2.16.106.200 2.16.106.196 2.16.106.207	whitelisted
ocsp.digicert.com	184.86.11.11	whitelisted
oneocsp.microsoft.com	204.79.197.203	whitelisted
google.com	172.217.16.174	whitelisted
client.wns.windows.com	172.211.123.248	whitelisted
login.live.com	40.126.31.1 40.126.31.71 20.190.159.128 40.126.31.2 20.190.159.130 40.126.31.129 40.126.31.73 20.190.159.2 40.126.32.68 40.126.32.72 40.126.32.136 20.190.160.14 40.126.32.74 20.190.160.20 40.126.32.76 20.190.160.67	whitelisted
crl.microsoft.com	2.16.164.49 2.16.164.120 184.24.77.37 184.24.77.35	whitelisted

Threats

PID	Process	Class	Message
8756	svchost.exe	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)

Add for printing

No debug info

General Info

Solara.Dir.zip

DAD2FA125DAB0E38D43D7056164481F9

55B7E3A3FAE68F41AC5AB19742CAA4DD89C99AEF

2BFB131661221AD9DEB114D9E2DEE1C96E15B4273BC1768F4AA0D771B023779B

98304:6O6ZeppLYuUmHpps3T0VWtM0I4ZW/vzYN9uRTvSJ9rECjQELF0ZhQ/B22idqyOKT:0+UgUmhqFJmGWl0iIB+5

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Executing a file with an untrusted certificate

SUSPICIOUS

Process drops legitimate windows executable

Executes application which crashes

Creates file in the systems drive root

INFO

Executable content was dropped or overwritten

Reads the computer name

Reads the machine GUID from the registry

ROBLOX mutex has been found

Drops script file

The sample compiled with english language support

Disables trace logs

Checks supported languages

Manual execution by a user

Reads security settings of Internet Explorer

Checks proxy server information

Reads Environment values

Creates files or folders in the user directory

Application launched itself

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings