URL:

https://wearedevs.net/d/Solara

Full analysis: https://app.any.run/tasks/87872ce9-288b-4b7a-a6a4-f4c20668ff2a
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 02, 2025, 14:20:46
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
qrcode
roblox
themida
pastebin
github
miner
obfuscated-js
Indicators:
MD5:

771A662B33999DC1950E228832821E6C

SHA1:

3BEFC2370DCEE4DCCEDF22CB8899BB2091BB8D25

SHA256:

8CFDA65F11EC8D2A2D375B8870E5C1D1673509DC06D0D030687CA4778C902831

SSDEEP:

3:N8R/BApK8AU:25BuBX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • Services.exe (PID: 5436)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • Services.exe (PID: 5528)

    • Vulnerable driver has been detected

      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)

    • MINER has been detected (SURICATA)

      • explorer.exe (PID: 1284)

    • Connects to the CnC server

      • explorer.exe (PID: 1284)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 1564)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2512)
      • MicrosoftEdgeUpdate.exe (PID: 5684)

    • Reads security settings of Internet Explorer

      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • Solara.exe (PID: 4236)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • BootstrapperNew.exe (PID: 7608)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • Solara.exe (PID: 788)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • virusbezmaina.exe (PID: 4104)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • Services.exe (PID: 5436)
      • virusbezmaina.exe (PID: 1808)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • Services.exe (PID: 5528)

    • Process drops legitimate windows executable

      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1564)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3476)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2512)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 2992)
      • setup.exe (PID: 1328)

    • Executable content was dropped or overwritten

      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1564)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3476)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2512)
      • setup.exe (PID: 1328)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 2992)
      • RobloxPlayerBeta.exe (PID: 7232)
      • RobloxPlayerBeta.exe (PID: 7736)
      • virusbezmaina.exe (PID: 4104)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • MicrosoftEdgeUpdate.exe (PID: 5684)

    • Reads the BIOS version

      • Solara.exe (PID: 4236)
      • Solara.exe (PID: 788)

    • Executes application which crashes

      • Solara.exe (PID: 4236)
      • RobloxPlayerBeta.exe (PID: 7232)
      • RobloxPlayerBeta.exe (PID: 7736)

    • Process requests binary or script from the Internet

      • BootstrapperNew.exe (PID: 6732)
      • BootstrapperNew.exe (PID: 7608)

    • Reads the date of Windows installation

      • BootstrapperNew.exe (PID: 6732)
      • BootstrapperNew.exe (PID: 7608)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • Services.exe (PID: 5436)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • Services.exe (PID: 5528)

    • The process drops C-runtime libraries

      • BootstrapperNew.exe (PID: 6732)

    • Changes default file association

      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 7128)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3972)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6192)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5652)

    • Application launched itself

      • setup.exe (PID: 1328)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • updater.exe (PID: 3092)

    • Creates a software uninstall entry

      • setup.exe (PID: 1328)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)

    • Searches for installed software

      • setup.exe (PID: 1328)

    • The process executes VB scripts

      • ñîîáùåíèå.exe (PID: 8144)
      • ñîîáùåíèå.exe (PID: 7636)

    • The process creates files with name similar to system file names

      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)

    • Executing commands from a ".bat" file

      • virusbezmaina2.exe (PID: 544)

    • Starts CMD.EXE for commands execution

      • virusbezmaina2.exe (PID: 544)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 4916)

    • Drops a system driver (possible attempt to evade defenses)

      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)

    • Potential Corporate Privacy Violation

      • explorer.exe (PID: 1284)

    • Connects to unusual port

      • explorer.exe (PID: 1284)

    • The process executes via Task Scheduler

      • updater.exe (PID: 3092)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 684)

    • Reads Environment values

      • identity_helper.exe (PID: 7756)
      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • Solara.exe (PID: 4236)
      • MicrosoftEdgeUpdate.exe (PID: 3624)
      • BootstrapperNew.exe (PID: 7608)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • Solara.exe (PID: 788)
      • MicrosoftEdgeUpdate.exe (PID: 6688)
      • identity_helper.exe (PID: 440)

    • Checks supported languages

      • identity_helper.exe (PID: 7756)
      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1564)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • Solara.exe (PID: 4236)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3476)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • MicrosoftEdgeUpdate.exe (PID: 7128)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3972)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5652)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6192)
      • MicrosoftEdgeUpdate.exe (PID: 3624)
      • MicrosoftEdgeUpdate.exe (PID: 6940)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • BootstrapperNew.exe (PID: 7608)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2512)
      • Solara.exe (PID: 788)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 2992)
      • setup.exe (PID: 1328)
      • setup.exe (PID: 1512)
      • MicrosoftEdgeUpdate.exe (PID: 6688)
      • RobloxPlayerBeta.exe (PID: 7232)
      • RobloxPlayerBeta.exe (PID: 7736)
      • identity_helper.exe (PID: 440)
      • virusbezmaina.exe (PID: 4104)
      • ñîîáùåíèå.exe (PID: 8144)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • virusbezmaina2.exe (PID: 544)
      • Services.exe (PID: 5436)
      • sihost64.exe (PID: 6688)
      • sihost64.exe (PID: 4248)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • virusbezmaina.exe (PID: 1808)
      • sihost64.exe (PID: 4532)
      • Services.exe (PID: 5528)
      • ñîîáùåíèå.exe (PID: 7636)
      • sihost64.exe (PID: 5292)
      • updater.exe (PID: 7964)
      • updater.exe (PID: 3092)

    • Reads the computer name

      • identity_helper.exe (PID: 7756)
      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • Solara.exe (PID: 4236)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • MicrosoftEdgeUpdate.exe (PID: 7128)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3972)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6192)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5652)
      • MicrosoftEdgeUpdate.exe (PID: 3624)
      • MicrosoftEdgeUpdate.exe (PID: 6940)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • BootstrapperNew.exe (PID: 7608)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • Solara.exe (PID: 788)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 2992)
      • setup.exe (PID: 1328)
      • MicrosoftEdgeUpdate.exe (PID: 6688)
      • identity_helper.exe (PID: 440)
      • virusbezmaina.exe (PID: 4104)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • sihost64.exe (PID: 6688)
      • Services.exe (PID: 5436)
      • virusbezmaina.exe (PID: 1808)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • sihost64.exe (PID: 4248)
      • sihost64.exe (PID: 4532)
      • Services.exe (PID: 5528)
      • sihost64.exe (PID: 5292)
      • updater.exe (PID: 3092)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 1044)
      • msedge.exe (PID: 684)
      • WinRAR.exe (PID: 3760)

    • Creates files in the program directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 1564)
      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2512)

    • Reads the machine GUID from the registry

      • BootstrapperNew.exe (PID: 6732)
      • Solara.exe (PID: 4236)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • BootstrapperNew.exe (PID: 7608)
      • Solara.exe (PID: 788)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • sihost64.exe (PID: 6688)
      • Services.exe (PID: 5436)
      • sihost64.exe (PID: 4248)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • sihost64.exe (PID: 4532)
      • Services.exe (PID: 5528)
      • sihost64.exe (PID: 5292)

    • Disables trace logs

      • BootstrapperNew.exe (PID: 6732)
      • Solara.exe (PID: 4236)
      • BootstrapperNew.exe (PID: 7608)
      • Solara.exe (PID: 788)

    • Create files in a temporary directory

      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3476)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • BootstrapperNew.exe (PID: 7608)
      • virusbezmaina.exe (PID: 4104)
      • ñîîáùåíèå.exe (PID: 8144)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • virusbezmaina2.exe (PID: 544)
      • virusbezmaina.exe (PID: 1808)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • ñîîáùåíèå.exe (PID: 7636)

    • Checks proxy server information

      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • wermgr.exe (PID: 7328)
      • Solara.exe (PID: 4236)
      • WerFault.exe (PID: 440)
      • slui.exe (PID: 1508)
      • MicrosoftEdgeUpdate.exe (PID: 3624)
      • BootstrapperNew.exe (PID: 7608)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • wermgr.exe (PID: 7572)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • Solara.exe (PID: 788)
      • MicrosoftEdgeUpdate.exe (PID: 6688)
      • WerFault.exe (PID: 7744)
      • WerFault.exe (PID: 868)

    • Reads the software policy settings

      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • wermgr.exe (PID: 7328)
      • Solara.exe (PID: 4236)
      • WerFault.exe (PID: 440)
      • slui.exe (PID: 1508)
      • MicrosoftEdgeUpdate.exe (PID: 3624)
      • BootstrapperNew.exe (PID: 7608)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • wermgr.exe (PID: 7572)
      • Solara.exe (PID: 788)
      • MicrosoftEdgeUpdate.exe (PID: 6688)
      • WerFault.exe (PID: 7744)
      • WerFault.exe (PID: 868)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • BootstrapperNew.exe (PID: 6732)
      • BootstrapperNew.exe (PID: 7608)

    • The sample compiled with english language support

      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1564)
      • msedge.exe (PID: 684)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3476)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2512)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 2992)
      • setup.exe (PID: 1328)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 8104)
      • BootstrapperNew.exe (PID: 6732)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • MicrosoftEdgeUpdate.exe (PID: 5684)
      • BootstrapperNew.exe (PID: 7608)
      • setup.exe (PID: 1328)
      • virusbezmaina.exe (PID: 4104)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • Services.exe (PID: 5436)
      • virusbezmaina.exe (PID: 1808)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • Services.exe (PID: 5528)

    • Creates files or folders in the user directory

      • wermgr.exe (PID: 7328)
      • WerFault.exe (PID: 440)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 2992)
      • setup.exe (PID: 1512)
      • setup.exe (PID: 1328)
      • WerFault.exe (PID: 7744)
      • WerFault.exe (PID: 868)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)

    • Themida protector has been detected

      • Solara.exe (PID: 4236)

    • Process checks whether UAC notifications are on

      • Solara.exe (PID: 4236)
      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)
      • Solara.exe (PID: 788)
      • updater.exe (PID: 3092)

    • ROBLOX mutex has been found

      • RobloxPlayerInstaller-89XCJ8GK29.exe (PID: 7880)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 6232)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
      • Services.exe (PID: 5436)
      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 6776)
      • Services.exe (PID: 5528)

    • Manual execution by a user

      • BootstrapperNew.exe (PID: 5104)
      • BootstrapperNew.exe (PID: 7608)
      • virusbezmaina.exe (PID: 4104)
      • virusbezmaina2.exe (PID: 544)
      • virusbezmaina.exe (PID: 1808)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 684)

    • Reads security settings of Internet Explorer

      • cscript.exe (PID: 6232)
      • cscript.exe (PID: 6572)

    • The sample compiled with japanese language support

      • Âèðóñû áåç ìàéíêðàôòà.exe (PID: 1132)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
286
Monitored processes
120
Malicious processes
14
Suspicious processes
9

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs bootstrappernew.exe no specs bootstrappernew.exe msedge.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs wermgr.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs solara.exe slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs robloxplayerinstaller-89xcj8gk29.exe rundll32.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs bootstrappernew.exe no specs bootstrappernew.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe solara.exe microsoftedge_x64_138.0.3351.65.exe setup.exe setup.exe no specs msedge.exe no specs microsoftedgeupdate.exe robloxplayerbeta.exe msedge.exe no specs werfault.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs robloxplayerbeta.exe werfault.exe identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs winrar.exe virusbezmaina.exe ñîîáùåíèå.exe no specs conhost.exe no specs THREAT âèðóñû áåç ìàéíêðàôòà.exe cscript.exe no specs virusbezmaina2.exe no specs conhost.exe no specs cmd.exe no specs taskkill.exe no specs msedge.exe no specs sihost64.exe no specs services.exe sihost64.exe no specs #MINER explorer.exe virusbezmaina.exe no specs ñîîáùåíèå.exe no specs conhost.exe no specs âèðóñû áåç ìàéíêðàôòà.exe cscript.exe no specs sihost64.exe no specs services.exe sihost64.exe no specs updater.exe no specs updater.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4288,i,308200353917468379,1884339647302438211,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
440C:\WINDOWS\system32\WerFault.exe -u -p 4236 -s 2064C:\Windows\System32\WerFault.exe
Solara.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\cryptsp.dll
440"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7464,i,308200353917468379,1884339647302438211,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
544"C:\Users\admin\Downloads\virusbezminecrafta-main\virusbezminecrafta-main\virusbezmaina2.exe" C:\Users\admin\Downloads\virusbezminecrafta-main\virusbezminecrafta-main\virusbezmaina2.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\downloads\virusbezminecrafta-main\virusbezminecrafta-main\virusbezmaina2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://wearedevs.net/d/Solara"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
788"C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\admin\Downloads" --bootstrapperExe "C:\Users\admin\Downloads\BootstrapperNew.exe"C:\ProgramData\Solara\Solara.exe
BootstrapperNew.exe
User:
admin
Company:
CMD Softworks
Integrity Level:
HIGH
Description:
Solara V3
Version:
3.0.0.0
Modules
Images
c:\programdata\solara\solara.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
868"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=9248,i,308200353917468379,1884339647302438211,262144 --variations-seed-version --mojo-platform-channel-handle=9296 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
868C:\WINDOWS\system32\WerFault.exe -u -p 7736 -s 744C:\Windows\System32\WerFault.exe
RobloxPlayerBeta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
1044"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1844,i,308200353917468379,1884339647302438211,262144 --variations-seed-version --mojo-platform-channel-handle=2472 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Users\admin\AppData\Local\Temp\Âèðóñû áåç ìàéíêðàôòà.exe" C:\Users\admin\AppData\Local\Temp\Âèðóñû áåç ìàéíêðàôòà.exe
virusbezmaina.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Exit code:
0
Version:
0.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\âèðóñû áåç ìàéíêðàôòà.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
67 778
Read events
65 626
Write events
2 064
Delete events
88

Modification events

(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(684) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
8B3B7C4089972F00
(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328260
Operation:writeName:WindowTabManagerFileMappingId
Value:
{6B0AAC87-5E31-43F3-9382-B20038112B45}
(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328260
Operation:writeName:WindowTabManagerFileMappingId
Value:
{00235BF2-1DDE-4564-A2E5-801C6854EA0C}
(PID) Process:(684) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328260
Operation:writeName:WindowTabManagerFileMappingId
Value:
{474B4E8B-D0E7-4AEF-B7A0-80A52A583587}
Executable files
536
Suspicious files
1 229
Text files
809
Unknown types
102

Dropped files

PID
Process
Filename
Type
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF175498.TMP
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF175498.TMP
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF175498.TMP
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF1754b7.TMP
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1754b7.TMP
MD5:
SHA256:
684msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
331
DNS requests
391
Threats
9

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1044
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:fbqVHJK3sa7AzKOlwfogw3_KMANd1bG4KmWfs_1k05U&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1268
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2764
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7852
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7852
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
764
lsass.exe
GET
200
172.217.16.195:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
764
lsass.exe
GET
200
172.217.16.195:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
1352
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1751853344&P2=404&P3=2&P4=S3hlrE1vP2ucuKElL7o7RLnlNEsiA91GLLsRCwJ6O%2bp94iYgkw3U1LWUCCzThEM5GZuSjwmxCExyALd4T8d%2bMA%3d%3d
unknown
whitelisted
1352
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1751853344&P2=404&P3=2&P4=S3hlrE1vP2ucuKElL7o7RLnlNEsiA91GLLsRCwJ6O%2bp94iYgkw3U1LWUCCzThEM5GZuSjwmxCExyALd4T8d%2bMA%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
20.106.86.13:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1268
svchost.exe
20.106.86.13:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6552
RUXIMICS.exe
20.106.86.13:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1044
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1044
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1044
msedge.exe
104.26.7.147:443
wearedevs.net
CLOUDFLARENET
US
whitelisted
1044
msedge.exe
150.171.27.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1044
msedge.exe
2.16.241.220:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.106.86.13
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.110
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
wearedevs.net
  • 104.26.7.147
  • 172.67.71.2
  • 104.26.6.147
whitelisted
copilot.microsoft.com
  • 2.16.241.220
  • 2.16.241.224
whitelisted
cdn.wearedevs.net
  • 104.26.7.147
  • 104.26.6.147
  • 172.67.71.2
whitelisted
www.bing.com
  • 2.16.241.222
  • 2.16.241.207
  • 2.16.241.205
  • 2.16.241.216
  • 2.16.241.218
  • 2.16.241.204
  • 2.16.241.201
  • 2.19.195.96
  • 2.19.195.90
  • 2.19.195.105
  • 2.19.195.97
  • 2.19.195.104
  • 2.19.195.82
  • 2.19.195.91
  • 2.19.195.83
  • 2.19.195.81
  • 2.19.195.50
  • 2.19.195.58
  • 2.19.195.51
  • 2.19.195.64
  • 2.19.195.75
  • 2.19.195.65
  • 2.19.195.59
  • 2.19.195.67
  • 2.16.241.206
  • 2.19.195.66
  • 2.19.195.72
  • 2.19.195.57
  • 2.19.195.80
whitelisted
fonts.googleapis.com
  • 142.250.185.202
whitelisted
www.googletagmanager.com
  • 142.250.186.136
whitelisted

Threats

PID
Process
Class
Message
1044
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
1044
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
1044
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
1044
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
1352
svchost.exe
Misc activity
ET INFO Packed Executable Download
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Online Pastebin Text Storage
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
1284
explorer.exe
Potential Corporate Privacy Violation
ET INFO Cryptocurrency Miner Checkin
1284
explorer.exe
Potential Corporate Privacy Violation
ET INFO Cryptocurrency Miner Checkin
Process
Message
RobloxPlayerInstaller-89XCJ8GK29.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://wearedevs.net/d/Solara