download:

/Rederax01/Solara-Executor/releases/download/v2.1/Solara.zip

Full analysis: https://app.any.run/tasks/6bb7f59c-9429-4948-aa48-6fafb89b3235
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 28, 2024, 18:17:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
smartloader
loader
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

CAEFBAC898BE006F73F0529B77207B57

SHA1:

6C2CAE98A31C0E635ADCB47B6DA55DB4BBBC21BD

SHA256:

E0EFB9A458BAF57F1D729BC3569BCC53119594A08C8DC84B4C397D10C11D21E4

SSDEEP:

24576:RcPWiTwaY+DSIb24Go/3uvxTooTz6D9Jf7sX:RcPWCwaYiSIb24Go/3uvxTooTz6D9Jfc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3392)
      • luajit.exe (PID: 3092)

    • Connects to the CnC server

      • luajit.exe (PID: 3092)

    • SMARTLOADER has been detected (SURICATA)

      • luajit.exe (PID: 3092)

    • Uses Task Scheduler to run other applications

      • luajit.exe (PID: 3092)

  • SUSPICIOUS

    • Uses ICACLS.EXE to modify access control lists

      • cmd.exe (PID: 2440)
      • cmd.exe (PID: 3336)

    • Reads the Internet Settings

      • cmd.exe (PID: 2440)
      • wscript.exe (PID: 996)
      • luajit.exe (PID: 3092)

    • The process executes VB scripts

      • cmd.exe (PID: 2440)

    • Starts CMD.EXE for commands execution

      • wscript.exe (PID: 996)

    • Executing commands from a ".bat" file

      • wscript.exe (PID: 996)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 996)

    • Reads settings of System Certificates

      • luajit.exe (PID: 3092)

    • Checks Windows Trust Settings

      • luajit.exe (PID: 3092)

    • Checks for external IP

      • luajit.exe (PID: 3092)

    • Executable content was dropped or overwritten

      • luajit.exe (PID: 3092)

    • Connects to the server without a host name

      • luajit.exe (PID: 3092)

    • Adds/modifies Windows certificates

      • luajit.exe (PID: 3092)

    • Reads security settings of Internet Explorer

      • luajit.exe (PID: 3092)

  • INFO

    • Reads the computer name

      • wmpnscfg.exe (PID: 3332)
      • luajit.exe (PID: 3092)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3332)
      • notepad++.exe (PID: 3192)
      • notepad++.exe (PID: 2956)
      • cmd.exe (PID: 2440)
      • luajit.exe (PID: 4012)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3332)
      • luajit.exe (PID: 3092)
      • luajit.exe (PID: 4012)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3392)

    • Checks proxy server information

      • luajit.exe (PID: 3092)

    • Reads the software policy settings

      • luajit.exe (PID: 3092)

    • Creates files or folders in the user directory

      • luajit.exe (PID: 3092)

    • Creates files in the program directory

      • luajit.exe (PID: 3092)

    • Reads the machine GUID from the registry

      • luajit.exe (PID: 3092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:06:01 00:36:18
ZipCRC: 0x510e1df6
ZipCompressedSize: 76270
ZipUncompressedSize: 160045
ZipFileName: conf
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
12
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe wmpnscfg.exe no specs notepad++.exe notepad++.exe cmd.exe no specs cacls.exe no specs wscript.exe no specs cmd.exe cacls.exe no specs #SMARTLOADER luajit.exe schtasks.exe no specs luajit.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
996"C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\getadmin.vbs" C:\Windows\System32\wscript.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2080"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"C:\Windows\System32\cacls.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Control ACLs Program
Exit code:
5
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\cacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2136"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"C:\Windows\System32\cacls.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Control ACLs Program
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\cacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2440C:\Windows\system32\cmd.exe /c ""C:\Users\admin\Desktop\Launcher.bat" "C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2956"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\admin\Desktop\Launcher.bat"C:\Program Files\Notepad++\notepad++.exe
explorer.exe
User:
admin
Company:
Don HO [email protected]
Integrity Level:
MEDIUM
Description:
Notepad++ : a free (GNU) source code editor
Exit code:
0
Version:
7.91
Modules
Images
c:\program files\notepad++\notepad++.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3092luajit.exe confC:\Users\admin\Desktop\luajit.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\luajit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\desktop\lua51.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3192"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\admin\Desktop\Launcher.bat" "C:\Users\admin\Desktop\lua51.dll" "C:\Users\admin\Desktop\luajit.exe" "C:\Users\admin\Desktop\conf"C:\Program Files\Notepad++\notepad++.exe
explorer.exe
User:
admin
Company:
Don HO [email protected]
Integrity Level:
MEDIUM
Description:
Notepad++ : a free (GNU) source code editor
Exit code:
0
Version:
7.91
Modules
Images
c:\program files\notepad++\notepad++.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3332"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3336"C:\Windows\System32\cmd.exe" /c C:\Users\admin\Desktop\Launcher.bat C:\Windows\System32\cmd.exe
wscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3392"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Solara.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
14 238
Read events
14 122
Write events
106
Delete events
10

Modification events

(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3392) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Solara.zip
(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
4
Suspicious files
14
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
3092luajit.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\json[1].jsonbinary
MD5:49722A290DC6AFDE289B50278B0EE604
SHA256:E661EBDE7612D1047D3BBE405DD895941817D88B9840A6B928BBA42E94E5A5CF
3392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3392.49084\Launcher.battext
MD5:9EDCC8710E562B5DAEED73ACAA17E2FD
SHA256:F1ED443FAA01092320E04E0231327BD59C6DF7344AD0F46CA4885D28AA2AFD60
3092luajit.exeC:\Users\admin\Pictures\90059C37132041A4B58D2B75A9850D2Fbinary
MD5:E0CA98E529CCD45638C1C35A8C8F1C45
SHA256:4D9C7D3479994606249DE91E04AE11E72CB3924D3A5919A44CF53D9AD13C144A
3192notepad++.exeC:\Users\admin\AppData\Roaming\Notepad++\config.xmlxml
MD5:75DAF0C838CA0F9DAA89D4074A504E1B
SHA256:97901B6DEF410AA997B0E91A0FD0947EB3A26B7D5C83FD7228FDE04F981AC53C
3392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3392.49084\lua51.dllexecutable
MD5:3DFF7448B43FCFB4DC65E0040B0FFB88
SHA256:FF976F6E965E3793E278FA9BF5E80B9B226A0B3932B9DA764BFFC8E41E6CDB60
3392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3392.49084\confbinary
MD5:BDEC530C93A6D9DEA9FB4EA147F1F44C
SHA256:4464BE92E1A9C00E808FE6913AFE721743E3E5F7693EDB944499E3700EA6A308
2440cmd.exeC:\Users\admin\AppData\Local\Temp\getadmin.vbstext
MD5:D14A6C18536B08C2D91CC10129CEC2CA
SHA256:88F0E55BE41422957E8F4FEC8CAF0F9ED4E68D1F0290171BA8F4BD26C19FA17D
3092luajit.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25binary
MD5:A5911FBEA2207D9A8A5D5A6E981BF277
SHA256:7E8933D0FCFBA850C641EFDC8FF1D427E83DF33E09A13EDEF3D97B7690E5DB7C
3092luajit.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04binary
MD5:DEF4ADB4FF447955DFE8EA80F0A34A7B
SHA256:DA4D7E5776748D1E3AECCFE82A628E6CA40E2EEFC7B5B33838655BDFB65E97C1
3092luajit.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04der
MD5:35105539CB634319505BFDA22B62DAA4
SHA256:7C2BF71A0B92490836D52874B260E77C37935A4C8C133C730C8B103168F454F4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
22
DNS requests
12
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
304
23.50.131.211:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
1372
svchost.exe
GET
200
23.53.41.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
1372
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
3092
luajit.exe
GET
200
208.95.112.1:80
http://ip-api.com/json/
unknown
3092
luajit.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
1060
svchost.exe
GET
304
23.50.131.203:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?8f69642324cc87bd
unknown
3092
luajit.exe
PUT
200
194.87.199.37:80
http://194.87.199.37/api/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms
unknown
3092
luajit.exe
GET
301
140.82.121.4:80
http://github.com/user-attachments/files/16020023/gid.txt
unknown
3092
luajit.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEQDzZE5rbgBQI34JRr174fUd
unknown
3092
luajit.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
2564
svchost.exe
239.255.255.250:3702
unknown
4
System
192.168.100.255:138
unknown
1372
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1060
svchost.exe
224.0.0.252:5355
unknown
1372
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1372
svchost.exe
23.50.131.211:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.53.41.90:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
unknown
3092
luajit.exe
208.95.112.1:80
ip-api.com
TUT-AS
US
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
unknown
ctldl.windowsupdate.com
  • 23.50.131.211
  • 23.50.131.216
  • 23.50.131.203
  • 23.50.131.207
unknown
crl.microsoft.com
  • 23.53.41.90
  • 23.53.40.178
unknown
www.microsoft.com
  • 23.35.229.160
unknown
ip-api.com
  • 208.95.112.1
unknown
ocsp.digicert.com
  • 192.229.221.95
unknown
github.com
  • 140.82.121.4
unknown
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
unknown
ocsp.usertrust.com
  • 104.18.38.233
  • 172.64.149.23
unknown
ocsp.sectigo.com
  • 172.64.149.23
  • 104.18.38.233
unknown

Threats

PID
Process
Class
Message
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
A Network Trojan was detected
LOADER [ANY.RUN] SmartLoader Check-in
A Network Trojan was detected
LOADER [ANY.RUN] SmartLoader Check-in
Process
Message
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
/Rederax01/Solara-Executor/releases/download/v2.1/Solara.zip