File name:

Solara Bootstrapper.exe

Full analysis: https://app.any.run/tasks/ecd85685-8f8d-4de1-99ce-a68ce84193cd
Verdict: Malicious activity
Analysis date: August 20, 2024, 20:25:18
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
telegram
crypto-regex
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5:

86DE4E40528FD099AE01872B6AF837CF

SHA1:

C616D8E3DC5643A15127DCE69A327CE37A6B8AB8

SHA256:

7485B221926010F27CDA7F15F35A5C465558EB8C20B4FC37053850ED2B4A211A

SSDEEP:

3072:mE08KvFqwZqvIICbxqHYQdtECrAZnQH7:fmTqebUQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to autorun other applications

      • Solara Bootstrapper.exe (PID: 6752)
      • rat.exe (PID: 5072)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • Solara Bootstrapper.exe (PID: 6552)
      • Solara Bootstrapper.exe (PID: 6752)

    • Reads security settings of Internet Explorer

      • Solara Bootstrapper.exe (PID: 6552)
      • Solara Bootstrapper.exe (PID: 6752)
      • rat.exe (PID: 5072)

    • Reads the date of Windows installation

      • Solara Bootstrapper.exe (PID: 6552)
      • Solara Bootstrapper.exe (PID: 6752)
      • rat.exe (PID: 5072)

    • Application launched itself

      • Solara Bootstrapper.exe (PID: 6552)

    • Executable content was dropped or overwritten

      • Solara Bootstrapper.exe (PID: 6752)

    • Starts CMD.EXE for commands execution

      • Solara Bootstrapper.exe (PID: 6752)

    • Get information on the list of running processes

      • cmd.exe (PID: 7060)

    • Executing commands from a ".bat" file

      • Solara Bootstrapper.exe (PID: 6752)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 7060)

    • Process communicates with Telegram (possibly using it as an attacker's C2 server)

      • rat.exe (PID: 5072)

    • Found regular expressions for crypto-addresses (YARA)

      • rat.exe (PID: 5072)

  • INFO

    • Reads the computer name

      • Solara Bootstrapper.exe (PID: 6552)
      • Solara Bootstrapper.exe (PID: 6752)
      • rat.exe (PID: 5072)

    • Checks supported languages

      • Solara Bootstrapper.exe (PID: 6552)
      • Solara Bootstrapper.exe (PID: 6752)
      • rat.exe (PID: 5072)

    • Reads the machine GUID from the registry

      • Solara Bootstrapper.exe (PID: 6552)
      • Solara Bootstrapper.exe (PID: 6752)
      • rat.exe (PID: 5072)

    • Process checks computer location settings

      • Solara Bootstrapper.exe (PID: 6552)
      • Solara Bootstrapper.exe (PID: 6752)
      • rat.exe (PID: 5072)

    • Reads Environment values

      • Solara Bootstrapper.exe (PID: 6552)
      • Solara Bootstrapper.exe (PID: 6752)
      • rat.exe (PID: 5072)

    • Create files in a temporary directory

      • Solara Bootstrapper.exe (PID: 6752)

    • Reads the software policy settings

      • rat.exe (PID: 5072)

    • Disables trace logs

      • rat.exe (PID: 5072)

    • Checks proxy server information

      • rat.exe (PID: 5072)

    • Attempting to use instant messaging service

      • rat.exe (PID: 5072)

    • Manual execution by a user

      • firefox.exe (PID: 6328)
      • msedge.exe (PID: 7348)

    • Application launched itself

      • firefox.exe (PID: 6328)
      • firefox.exe (PID: 6256)
      • msedge.exe (PID: 2572)
      • msedge.exe (PID: 7348)

    • Reads Microsoft Office registry keys

      • firefox.exe (PID: 6256)
      • msedge.exe (PID: 7348)
      • msedge.exe (PID: 2572)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic CIL Executable (.NET, Mono, etc.) (56.7)
.exe | Win64 Executable (generic) (21.3)
.scr | Windows screen saver (10.1)
.dll | Win32 Dynamic Link Library (generic) (5)
.exe | Win32 Executable (generic) (3.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2043:03:03 16:01:07+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32
LinkerVersion: 48
CodeSize: 111104
InitializedDataSize: 2048
UninitializedDataSize: -
EntryPoint: 0x1d182
OSVersion: 4
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: -
FileDescription: TelegramRAT
FileVersion: 1.0.0.0
InternalName: TelegramRAT.exe
LegalCopyright: Copyright © 2020
LegalTrademarks: -
OriginalFileName: TelegramRAT.exe
ProductName: TelegramRAT
ProductVersion: 1.0.0.0
AssemblyVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
188
Monitored processes
50
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start solara bootstrapper.exe no specs conhost.exe no specs solara bootstrapper.exe conhost.exe no specs schtasks.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs THREAT rat.exe conhost.exe no specs schtasks.exe no specs conhost.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4788 -parentBuildID 20240213221259 -sandboxingKind 0 -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 36339 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6969f1c5-55e3-4b09-9d09-83cd601da62e} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" 18bfa416910 utilityC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
400"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240213221259 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 30537 -prefMapSize 244343 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b21d0e40-bd4c-4585-afea-14e4300912c9} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" 18bf0ae6f10 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
1
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
644"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2516 --field-trial-handle=2360,i,14287430198428742057,10594568072812842712,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
872"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4884 --field-trial-handle=2360,i,14287430198428742057,10594568072812842712,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Version:
122.0.2365.59
876"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2668 --field-trial-handle=2360,i,14287430198428742057,10594568072812842712,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
1048"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20240213221259 -prefsHandle 2288 -prefMapHandle 2276 -prefsLen 30537 -prefMapSize 244343 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1171e05c-b20a-4477-a634-f262ec3310e9} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" 18be3f81310 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
2572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-windowC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
3672"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3244 --field-trial-handle=2360,i,14287430198428742057,10594568072812842712,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
4248"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2736 --field-trial-handle=2400,i,1817651553046047545,5348809326653154470,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
4392"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2356 --field-trial-handle=2360,i,14287430198428742057,10594568072812842712,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
16 201
Read events
16 122
Write events
78
Delete events
1

Modification events

(PID) Process:(6552) Solara Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6552) Solara Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6552) Solara Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6552) Solara Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6752) Solara Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6752) Solara Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6752) Solara Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6752) Solara Bootstrapper.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(5072) rat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(5072) rat.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
2
Suspicious files
111
Text files
66
Unknown types
6

Dropped files

PID
Process
Filename
Type
6256firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.jstext
MD5:7A97B8DBC4F98D175F958C00F463A52A
SHA256:92074D2ED1AA1FD621287E35DB9EF1AE3DC04777EFAE5F09E7A3B4534C201548
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\AlternateServices.binbinary
MD5:71C3A1132EB0FB99889FC702D85D10C8
SHA256:333C02F73B4C619EBC22B1F8A097AA2D148A53FA659170800E0729CA14412A2B
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-wal
MD5:
SHA256:
6256firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
60
DNS requests
84
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3144
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6256
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
7020
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6256
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
6256
firefox.exe
POST
200
184.24.77.67:80
http://r11.o.lencr.org/
unknown
6256
firefox.exe
POST
200
184.24.77.56:80
http://r10.o.lencr.org/
unknown
6256
firefox.exe
POST
200
184.24.77.67:80
http://r11.o.lencr.org/
unknown
6256
firefox.exe
POST
200
184.24.77.56:80
http://r10.o.lencr.org/
unknown
6256
firefox.exe
POST
200
142.250.186.163:80
http://o.pki.goog/wr2
unknown
6256
firefox.exe
POST
200
184.24.77.67:80
http://r11.o.lencr.org/
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1492
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4592
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5072
rat.exe
149.154.167.220:443
api.telegram.org
Telegram Messenger Inc
GB
unknown
2120
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3260
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3144
svchost.exe
40.126.32.72:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3144
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
7020
backgroundTaskHost.exe
20.103.156.88:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 51.104.136.2
whitelisted
google.com
  • 142.250.185.206
  • 172.217.23.206
  • 142.250.185.174
whitelisted
api.telegram.org
  • 149.154.167.220
shared
client.wns.windows.com
  • 40.115.3.253
whitelisted
login.live.com
  • 40.126.32.72
  • 40.126.32.76
  • 20.190.160.17
  • 40.126.32.74
  • 40.126.32.133
  • 40.126.32.140
  • 40.126.32.138
  • 40.126.32.134
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.215.14
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET HUNTING Telegram API Domain in DNS Lookup
Misc activity
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
Misc activity
ET HUNTING Telegram API Certificate Observed
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Solara Bootstrapper.exe