File name:

Solara-Executor_753362.exe

Full analysis: https://app.any.run/tasks/ea3b6923-e999-4afb-84ec-1e624c8f4a70
Verdict: Malicious activity
Analysis date: March 21, 2025, 01:21:59
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
inno
installer
github
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

0C3F6A53786DEBBFF25FAF808D25776E

SHA1:

4ADFFBD4512FEF079BBEB9DF41B3B49D3319BE64

SHA256:

D4B7E76F893D0D9BC79DB5B9A80B88596CC0856110CE9462E10CF9BDE71C1691

SSDEEP:

98304:tF6xfAxr6MfnyoBDJ2ogp9hn5yshbz2FnBs/9S4d9pp9XIdxK9qfJiCzLF6g0qbl:gofez+ueXqgDJD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Disables task manager

      • $uckyLocker.exe (PID: 2416)

    • Renames files like ransomware

      • $uckyLocker.exe (PID: 2416)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Solara-Executor_753362.exe (PID: 6404)
      • Setup.exe (PID: 6724)
      • Setup.exe (PID: 7192)
      • Setup.tmp (PID: 7216)

    • Reads security settings of Internet Explorer

      • setup.tmp (PID: 5072)

    • Reads the Windows owner or organization settings

      • Setup.tmp (PID: 7216)

    • Changes the desktop background image

      • $uckyLocker.exe (PID: 2416)

  • INFO

    • Reads the computer name

      • Solara-Executor_753362.exe (PID: 6404)
      • setup.tmp (PID: 5072)
      • Setup.tmp (PID: 7216)
      • astap.exe (PID: 8004)
      • identity_helper.exe (PID: 7912)

    • Create files in a temporary directory

      • Setup.exe (PID: 6724)
      • Solara-Executor_753362.exe (PID: 6404)
      • Setup.exe (PID: 7192)
      • Setup.tmp (PID: 7216)

    • Checks supported languages

      • Solara-Executor_753362.exe (PID: 6404)
      • Setup.exe (PID: 6724)
      • setup.tmp (PID: 5072)
      • Setup.exe (PID: 7192)
      • Setup.tmp (PID: 7216)
      • identity_helper.exe (PID: 7912)
      • astap.exe (PID: 8004)

    • Process checks computer location settings

      • setup.tmp (PID: 5072)

    • Creates files in the program directory

      • Setup.tmp (PID: 7216)

    • The sample compiled with english language support

      • Setup.tmp (PID: 7216)

    • Manual execution by a user

      • msedge.exe (PID: 3268)

    • Detects InnoSetup installer (YARA)

      • Setup.exe (PID: 6724)

    • Creates a software uninstall entry

      • Setup.tmp (PID: 7216)

    • Creates files or folders in the user directory

      • astap.exe (PID: 8004)

    • Application launched itself

      • msedge.exe (PID: 3268)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4920)
      • msedge.exe (PID: 3268)

    • Reads Environment values

      • identity_helper.exe (PID: 7912)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (46.3)
.exe | Win64 Executable (generic) (41)
.exe | Win32 Executable (generic) (6.6)
.exe | Generic Win/DOS Executable (2.9)
.exe | DOS Executable Generic (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:06 18:57:35+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 1336832
InitializedDataSize: 799744
UninitializedDataSize: -
EntryPoint: 0x133f80
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 5.0.1283.0
ProductVersionNumber: 5.0.1283.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
FileDescription: NanaZip Self Extracting Executable (Setup)
FileVersion: 5.0.1283.0
InternalName: NanaZip.Core.Sfx.Setup
LegalCopyright: © M2-Team and Contributors. All rights reserved.
OriginalFileName: NanaZip.Core.Setup.sfx
ProductName: NanaZip
ProductVersion: 5.0.1283.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
188
Monitored processes
50
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
start solara-executor_753362.exe setup.exe setup.tmp no specs setup.exe setup.tmp sppextcomobj.exe no specs slui.exe no specs astap.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs $uckylocker.exe no specs $uckylocker.exe

Process information

PID
CMD
Path
Indicators
Parent process
976"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6228 --field-trial-handle=2088,i,5940231625019913384,1197103769777423967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4444 --field-trial-handle=2088,i,5940231625019913384,1197103769777423967,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1116"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5948 --field-trial-handle=2088,i,5940231625019913384,1197103769777423967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1128"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7636 --field-trial-handle=2088,i,5940231625019913384,1197103769777423967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
1748"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7944 --field-trial-handle=2088,i,5940231625019913384,1197103769777423967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2288"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8148 --field-trial-handle=2088,i,5940231625019913384,1197103769777423967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2416"C:\Users\admin\Downloads\$uckyLocker.exe" C:\Users\admin\Downloads\$uckyLocker.exe
msedge.exe
User:
admin
Integrity Level:
HIGH
Description:
Loader
Version:
1.0.0.0
Modules
Images
c:\users\admin\downloads\$uckylocker.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
2692"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x280,0x304,0x308,0x2fc,0x310,0x7ffc89ed5fd8,0x7ffc89ed5fe4,0x7ffc89ed5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2980"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7308 --field-trial-handle=2088,i,5940231625019913384,1197103769777423967,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3268"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=DefaultC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
6 096
Read events
6 034
Write events
62
Delete events
0

Modification events

(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.6.1 (a)
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\astap
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\astap\
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:Inno Setup: Icon Group
Value:
ASTAP
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:Inno Setup: Language
Value:
default
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:DisplayName
Value:
ASTAP
(PID) Process:(7216) Setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASTAP, the Astrometric STAcking Program, astrome~478BFEE4_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files\astap\unins000.exe"
Executable files
61
Suspicious files
612
Text files
88
Unknown types
1

Dropped files

PID
Process
Filename
Type
7216Setup.tmpC:\Program Files\astap\astap.exeexecutable
MD5:8C6397D9576DA8FB18FB590FF125DCE8
SHA256:18B6503EEE7F61F30B5C0B119BB8CB2AFE37A0B3D44A26B1754F1E06628B6A3E
7216Setup.tmpC:\Program Files\astap\is-NNN42.tmptext
MD5:0AF6A0458B1E6AA1BF3A0DF3079FC89C
SHA256:F235BA93E85D206E3CB1D0BFC68B0A22C905428EA0B44C3D75297D2024D4FC94
7192Setup.exeC:\Users\admin\AppData\Local\Temp\is-P4VJO.tmp\Setup.tmpexecutable
MD5:1AFBD25DB5C9A90FE05309F7C4FBCF09
SHA256:3BB0EE5569FE5453C6B3FA25AA517B925D4F8D1F7BA3475E58FA09C46290658C
7216Setup.tmpC:\Program Files\astap\unins000.exeexecutable
MD5:0606FE5C05B88CAB34058E8A76BCF472
SHA256:5F43CC68DE53A5D5963947F18B4F63E2F424915D8C9E2B173CE6FD37A1799296
7216Setup.tmpC:\Users\admin\AppData\Local\Temp\is-5RRUU.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7216Setup.tmpC:\Program Files\astap\is-FOMKM.tmptext
MD5:B0DDE86E767A2D34AFD123C6CA0FBA4E
SHA256:7C21D6E337C98897046DC8E5C643F766790876020FD8FF293BA61DF687A70A0F
7216Setup.tmpC:\Program Files\astap\is-IODC9.tmpexecutable
MD5:B2A060878D778354C8E955D193432EA8
SHA256:1F37AEF708B93EB2C2F14F4018D15DB9C8E81BE92DD4256A27A604345EE7D0CA
7216Setup.tmpC:\Program Files\astap\is-T2QV2.tmpexecutable
MD5:8C6397D9576DA8FB18FB590FF125DCE8
SHA256:18B6503EEE7F61F30B5C0B119BB8CB2AFE37A0B3D44A26B1754F1E06628B6A3E
7216Setup.tmpC:\Program Files\astap\variable_stars.csvtext
MD5:0AF6A0458B1E6AA1BF3A0DF3079FC89C
SHA256:F235BA93E85D206E3CB1D0BFC68B0A22C905428EA0B44C3D75297D2024D4FC94
7216Setup.tmpC:\Program Files\astap\is-H118E.tmpexecutable
MD5:6956DD7EA2736F48BB224FA4781CE1C0
SHA256:74AC4EA394B1BD547C24E7471BFEA7958FBB6DF80711BCB8249ACAEE418B8F95
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
143
DNS requests
148
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4920
msedge.exe
GET
304
69.192.161.44:80
http://x1.i.lencr.org/
unknown
whitelisted
4920
msedge.exe
GET
304
69.192.161.44:80
http://r3.i.lencr.org/
unknown
whitelisted
7460
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7460
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6456
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6404
Solara-Executor_753362.exe
172.67.72.50:443
adventiumapp.com
CLOUDFLARENET
US
unknown
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
20.198.162.78:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
SG
whitelisted
6544
svchost.exe
40.126.32.138:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 184.24.77.37
  • 184.24.77.35
whitelisted
adventiumapp.com
  • 172.67.72.50
  • 104.26.11.30
  • 104.26.10.30
unknown
client.wns.windows.com
  • 20.198.162.78
whitelisted
login.live.com
  • 40.126.32.138
  • 20.190.160.128
  • 20.190.160.64
  • 20.190.160.5
  • 20.190.160.22
  • 40.126.32.140
  • 20.190.160.2
  • 20.190.160.130
  • 40.126.32.74
  • 20.190.160.67
  • 20.190.160.65
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
arc.msn.com
  • 20.223.36.55
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted

Threats

PID
Process
Class
Message
4920
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
4920
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
4920
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
4920
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
4920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
4920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
4920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
4920
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Solara-Executor_753362.exe