File name:

reflasher_v1.4.2_setup.exe

Full analysis: https://app.any.run/tasks/403f7231-619e-446d-a1fd-637ee3d3b3f0
Verdict: Malicious activity
Analysis date: July 24, 2024, 12:02:13
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

A888A62A420709BA7AD7804CE0452A3D

SHA1:

95BA5F9F42DC95F2CA884BD1760E987C30F832D2

SHA256:

5BCEA0625818C439A56F21483DC75EEAFFD59F8274B30AEB5B354D703DD47EA2

SSDEEP:

98304:o+cD4dnR64kf8+hgjd6ks5I35o7UXFzBa1yHdewR9HkYL25NpPi7UH9A+0NfZWaJ:L6Yicxa6m4XAlADT6ssMbBO3kj2/CT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • reflasher_v1.4.2_setup.exe (PID: 364)
      • reflasher_v1.4.2_setup.exe (PID: 4656)
      • reflasher_v1.4.2_setup.tmp (PID: 4340)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • reflasher_v1.4.2_setup.exe (PID: 4656)
      • reflasher_v1.4.2_setup.tmp (PID: 4340)
      • reflasher_v1.4.2_setup.exe (PID: 364)

    • Reads security settings of Internet Explorer

      • reflasher_v1.4.2_setup.tmp (PID: 5196)
      • ReFlasher.exe (PID: 4868)

    • Reads the date of Windows installation

      • reflasher_v1.4.2_setup.tmp (PID: 5196)

    • Reads the Windows owner or organization settings

      • reflasher_v1.4.2_setup.tmp (PID: 4340)

    • Process drops legitimate windows executable

      • msedge.exe (PID: 3304)

  • INFO

    • Checks supported languages

      • reflasher_v1.4.2_setup.exe (PID: 364)
      • reflasher_v1.4.2_setup.exe (PID: 4656)
      • reflasher_v1.4.2_setup.tmp (PID: 4340)
      • reflasher_v1.4.2_setup.tmp (PID: 5196)
      • ReFlasher.exe (PID: 4868)
      • identity_helper.exe (PID: 7272)

    • Process checks computer location settings

      • reflasher_v1.4.2_setup.tmp (PID: 5196)

    • Create files in a temporary directory

      • reflasher_v1.4.2_setup.tmp (PID: 4340)
      • reflasher_v1.4.2_setup.exe (PID: 4656)
      • reflasher_v1.4.2_setup.exe (PID: 364)

    • Creates files in the program directory

      • reflasher_v1.4.2_setup.tmp (PID: 4340)

    • Reads the computer name

      • reflasher_v1.4.2_setup.tmp (PID: 4340)
      • ReFlasher.exe (PID: 4868)
      • identity_helper.exe (PID: 7272)
      • reflasher_v1.4.2_setup.tmp (PID: 5196)

    • Creates a software uninstall entry

      • reflasher_v1.4.2_setup.tmp (PID: 4340)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 5684)
      • msedge.exe (PID: 3304)

    • Reads Microsoft Office registry keys

      • ReFlasher.exe (PID: 4868)
      • msedge.exe (PID: 5684)

    • Reads Environment values

      • identity_helper.exe (PID: 7272)

    • Drops the executable file immediately after the start

      • msedge.exe (PID: 3304)
      • msedge.exe (PID: 5684)

    • Application launched itself

      • msedge.exe (PID: 5684)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 178176
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: ScooterHacking
FileDescription: ScooterHacking ReFlasher Setup
FileVersion:
LegalCopyright:
OriginalFileName:
ProductName: ScooterHacking ReFlasher
ProductVersion: 1.4.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
38
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start reflasher_v1.4.2_setup.exe reflasher_v1.4.2_setup.tmp no specs reflasher_v1.4.2_setup.exe reflasher_v1.4.2_setup.tmp slui.exe no specs reflasher.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
364"C:\Users\admin\AppData\Local\Temp\reflasher_v1.4.2_setup.exe" C:\Users\admin\AppData\Local\Temp\reflasher_v1.4.2_setup.exe
explorer.exe
User:
admin
Company:
ScooterHacking
Integrity Level:
MEDIUM
Description:
ScooterHacking ReFlasher Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\reflasher_v1.4.2_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
372"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3572 --field-trial-handle=2424,i,3443042092518944229,7123385917200526477,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2816"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6920 --field-trial-handle=2424,i,3443042092518944229,7123385917200526477,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3304"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2572 --field-trial-handle=2424,i,3443042092518944229,7123385917200526477,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
3332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6920 --field-trial-handle=2424,i,3443042092518944229,7123385917200526477,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\windows\system32\winmm.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
3992"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2424,i,3443042092518944229,7123385917200526477,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4016"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7020 --field-trial-handle=2424,i,3443042092518944229,7123385917200526477,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4340"C:\Users\admin\AppData\Local\Temp\is-496PE.tmp\reflasher_v1.4.2_setup.tmp" /SL5="$301D8,15318137,921088,C:\Users\admin\AppData\Local\Temp\reflasher_v1.4.2_setup.exe" /SPAWNWND=$201E0 /NOTIFYWND=$401DC C:\Users\admin\AppData\Local\Temp\is-496PE.tmp\reflasher_v1.4.2_setup.tmp
reflasher_v1.4.2_setup.exe
User:
admin
Company:
ScooterHacking
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-496pe.tmp\reflasher_v1.4.2_setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
4656"C:\Users\admin\AppData\Local\Temp\reflasher_v1.4.2_setup.exe" /SPAWNWND=$201E0 /NOTIFYWND=$401DC C:\Users\admin\AppData\Local\Temp\reflasher_v1.4.2_setup.exe
reflasher_v1.4.2_setup.tmp
User:
admin
Company:
ScooterHacking
Integrity Level:
HIGH
Description:
ScooterHacking ReFlasher Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\reflasher_v1.4.2_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
4868"C:\Program Files (x86)\ScooterHacking ReFlasher\ReFlasher.exe"C:\Program Files (x86)\ScooterHacking ReFlasher\ReFlasher.exe
reflasher_v1.4.2_setup.tmp
User:
admin
Company:
ReFlasher
Integrity Level:
MEDIUM
Description:
ReFlasher
Exit code:
2147516547
Version:
1.0.0.0
Modules
Images
c:\program files (x86)\scooterhacking reflasher\reflasher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
12 992
Read events
12 916
Write events
69
Delete events
7

Modification events

(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
F4100000DB6F035AC1DDDA01
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
C0106E61F0B4160B54E99D48FAE31351C25FC26FE09C21DC43E24A05E42716CB
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files (x86)\ScooterHacking ReFlasher\ReFlasher.exe
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
76E130053A34E57FAF80DE915592A37EDCA8E86C21154F728EFF6E60B198F9E2
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{834EFCA8-AF6B-4E67-8A72-D8926288A695}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{834EFCA8-AF6B-4E67-8A72-D8926288A695}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\ScooterHacking ReFlasher
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{834EFCA8-AF6B-4E67-8A72-D8926288A695}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\ScooterHacking ReFlasher\
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{834EFCA8-AF6B-4E67-8A72-D8926288A695}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(4340) reflasher_v1.4.2_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{834EFCA8-AF6B-4E67-8A72-D8926288A695}_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
27
Suspicious files
128
Text files
106
Unknown types
2

Dropped files

PID
Process
Filename
Type
4656reflasher_v1.4.2_setup.exeC:\Users\admin\AppData\Local\Temp\is-496PE.tmp\reflasher_v1.4.2_setup.tmpexecutable
MD5:57BDC47574135F6EBE036DB8D33784E3
SHA256:F3C2A529D2CFC0D8F46F1A08F6D656274E56B3B0D67EC97910A1D09DAD0B9878
364reflasher_v1.4.2_setup.exeC:\Users\admin\AppData\Local\Temp\is-QJL2T.tmp\reflasher_v1.4.2_setup.tmpexecutable
MD5:57BDC47574135F6EBE036DB8D33784E3
SHA256:F3C2A529D2CFC0D8F46F1A08F6D656274E56B3B0D67EC97910A1D09DAD0B9878
4340reflasher_v1.4.2_setup.tmpC:\Program Files (x86)\ScooterHacking ReFlasher\unins000.exeexecutable
MD5:5FF01FE7E07D978755D96CAD578859C1
SHA256:6F72BBCAD86391BBD21BF5F623DD6DE1143E40352AACB1DE9E0568C0EAA2B71F
4340reflasher_v1.4.2_setup.tmpC:\Program Files (x86)\ScooterHacking ReFlasher\ReFlasher.exeexecutable
MD5:9EF925EDE4B212CDECD2CE1E8EBF7EDA
SHA256:D0D2482EA1E313C86BC76CE46D66D47E8ABE515093673324CA1FA2BFB8FF1C69
4340reflasher_v1.4.2_setup.tmpC:\Program Files (x86)\ScooterHacking ReFlasher\ReFlasher.runtimeconfig.jsonbinary
MD5:8B76A07345E5EDCEADDB7159C490CF03
SHA256:E8153794EDAEB9E9EAF7DB83E4CADCBB7963FE410371B2AAC828863934D4FADA
4340reflasher_v1.4.2_setup.tmpC:\Program Files (x86)\ScooterHacking ReFlasher\is-40SDI.tmpexecutable
MD5:9EF925EDE4B212CDECD2CE1E8EBF7EDA
SHA256:D0D2482EA1E313C86BC76CE46D66D47E8ABE515093673324CA1FA2BFB8FF1C69
4340reflasher_v1.4.2_setup.tmpC:\Program Files (x86)\ScooterHacking ReFlasher\is-2OQEN.tmpexecutable
MD5:55825947246A2D9DA7194BC00699AD7B
SHA256:381621FA5AD7C0D881994597089107839A1154ED892206143B79EDF7F0D67D85
4340reflasher_v1.4.2_setup.tmpC:\Program Files (x86)\ScooterHacking ReFlasher\ReFlasher.dllexecutable
MD5:55825947246A2D9DA7194BC00699AD7B
SHA256:381621FA5AD7C0D881994597089107839A1154ED892206143B79EDF7F0D67D85
4340reflasher_v1.4.2_setup.tmpC:\Program Files (x86)\ScooterHacking ReFlasher\binaries\is-AULGH.tmpmp3
MD5:52156E2921AAAD9906E61586BFCB0E1F
SHA256:76A68369407DF247AC716390E45C6D1ADFA9D1ED527B43600FFA6F6C9DB60BE8
4340reflasher_v1.4.2_setup.tmpC:\Program Files (x86)\ScooterHacking ReFlasher\binaries\UICRmp3
MD5:52156E2921AAAD9906E61586BFCB0E1F
SHA256:76A68369407DF247AC716390E45C6D1ADFA9D1ED527B43600FFA6F6C9DB60BE8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
75
DNS requests
63
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6464
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6860
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
6012
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3392
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3488
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
92.123.104.33:443
Akamai International B.V.
DE
unknown
4204
svchost.exe
4.209.32.67:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
3488
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5720
slui.exe
40.91.76.224:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.184.206
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
www.bing.com
  • 92.123.104.47
  • 92.123.104.39
  • 92.123.104.41
  • 92.123.104.45
  • 92.123.104.38
  • 92.123.104.53
  • 92.123.104.51
  • 92.123.104.50
  • 92.123.104.42
  • 92.123.104.30
  • 92.123.104.24
  • 92.123.104.19
  • 92.123.104.29
  • 92.123.104.26
  • 92.123.104.18
  • 92.123.104.21
  • 92.123.104.31
  • 92.123.104.27
whitelisted
login.live.com
  • 40.126.31.73
  • 20.190.159.73
  • 20.190.159.23
  • 20.190.159.4
  • 20.190.159.68
  • 40.126.31.67
  • 40.126.31.71
  • 20.190.159.75
whitelisted
arc.msn.com
  • 20.74.19.45
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

No threats detected
Process
Message
ReFlasher.exe
A fatal error occurred. The required library hostfxr.dll could not be found. If this is a self-contained application, that library should exist in [C:\Program Files (x86)\ScooterHacking ReFlasher\]. If this is a framework-dependent application, install the runtime in the global location [C:\Program Files\dotnet] or use the DOTNET_ROOT environment variable to specify the runtime location or register the runtime location in [HKLM\SOFTWARE\dotnet\Setup\InstalledVersions\x64\InstallLocation].
ReFlasher.exe
The .NET Core runtime can be found at:
ReFlasher.exe
- https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
reflasher_v1.4.2_setup.exe