URL:

https://www.tenorshare.net/

Full analysis: https://app.any.run/tasks/cd7de954-ae73-47d8-9ab0-b3ff87a7917a
Verdict: Malicious activity
Analysis date: January 01, 2024, 11:47:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
Indicators:
MD5:

2B7FBC0F4DAF2D7F9B7AAB93086784FF

SHA1:

65F4A78EF77C045AD8FFA0F2BAC4C386F3F9F31A

SHA256:

FC62A9F4F54CF717862C8B3B1C07CEF7797F39CF0C2341AEFD5299AF1E126F72

SSDEEP:

3:N8DSLbXILLzn:2OLELX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • drvinst.exe (PID: 2976)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 2204)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 3196)
      • drvinst.exe (PID: 1316)
      • drvinst.exe (PID: 1408)

  • SUSPICIOUS

    • Reads the Internet Settings

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • NetFrameCheck.exe (PID: 2376)
      • ReiBoot.exe (PID: 3220)
      • Start.exe (PID: 876)
      • ReibootForAndroid.exe (PID: 2112)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)
      • Start.exe (PID: 3492)
      • Tenorshare 4uKey.exe (PID: 4056)
      • WMIC.exe (PID: 2808)
      • WMIC.exe (PID: 3008)
      • WMIC.exe (PID: 3056)
      • WMIC.exe (PID: 3120)
      • WMIC.exe (PID: 3272)
      • WMIC.exe (PID: 2436)
      • WMIC.exe (PID: 268)
      • WMIC.exe (PID: 3740)
      • WMIC.exe (PID: 3136)
      • WMIC.exe (PID: 3680)
      • WMIC.exe (PID: 3304)
      • WMIC.exe (PID: 3120)
      • WMIC.exe (PID: 844)
      • WMIC.exe (PID: 2112)

    • Reads security settings of Internet Explorer

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • ReiBoot.exe (PID: 3220)
      • ReibootForAndroid.exe (PID: 2112)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Checks Windows Trust Settings

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • ReiBoot.exe (PID: 3220)
      • drvinst.exe (PID: 2976)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 2204)
      • ReibootForAndroid.exe (PID: 2112)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 3196)
      • drvinst.exe (PID: 1408)
      • drvinst.exe (PID: 1316)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Reads settings of System Certificates

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • ReiBoot.exe (PID: 3220)
      • ReibootForAndroid.exe (PID: 2112)
      • rundll32.exe (PID: 188)
      • rundll32.exe (PID: 3488)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Reads the Windows owner or organization settings

      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)

    • Drops a system driver (possible attempt to evade defenses)

      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • PnPutil.exe (PID: 3316)
      • drvinst.exe (PID: 2976)
      • PnPutil.exe (PID: 3288)
      • drvinst.exe (PID: 1548)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • DPInst32.exe (PID: 316)
      • drvinst.exe (PID: 1408)
      • drvinst.exe (PID: 1316)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)

    • Searches for installed software

      • ReiBoot.exe (PID: 3220)
      • ReibootForAndroid.exe (PID: 2112)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Creates a software uninstall entry

      • ReiBoot.exe (PID: 3220)
      • reiboot.exe (PID: 1388)
      • ReibootForAndroid.exe (PID: 2112)
      • 4ukey.exe (PID: 3332)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • reibootforios_net_9.3.1.tmp (PID: 3536)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2976)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 2204)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 3196)
      • drvinst.exe (PID: 1316)
      • drvinst.exe (PID: 1408)

    • Starts CMD.EXE for commands execution

      • ReibootForAndroid.exe (PID: 2112)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 332)
      • cmd.exe (PID: 2324)
      • cmd.exe (PID: 1020)
      • cmd.exe (PID: 3972)
      • cmd.exe (PID: 3876)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3788)
      • cmd.exe (PID: 2064)
      • cmd.exe (PID: 3516)
      • cmd.exe (PID: 3936)
      • cmd.exe (PID: 1000)
      • cmd.exe (PID: 3680)
      • cmd.exe (PID: 2104)
      • cmd.exe (PID: 332)
      • cmd.exe (PID: 3668)
      • cmd.exe (PID: 2056)
      • cmd.exe (PID: 3644)
      • cmd.exe (PID: 3080)
      • cmd.exe (PID: 3824)
      • cmd.exe (PID: 3636)

    • Uses WMIC.EXE to obtain data on the base board management (motherboard or system board)

      • Tenorshare 4uKey.exe (PID: 4056)

  • INFO

    • Checks supported languages

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • reibootforios_net_9.3.1.exe (PID: 3540)
      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • NetFrameCheck.exe (PID: 2376)
      • ReiBoot.exe (PID: 3220)
      • Monitor.exe (PID: 3240)
      • AppleMobileDeviceProcess.exe (PID: 3420)
      • CheckErrorx86.exe (PID: 3416)
      • infInstallx86.exe (PID: 1728)
      • mDNSResponder.exe (PID: 2912)
      • infInstallx86.exe (PID: 2348)
      • infInstallx86.exe (PID: 3504)
      • drvinst.exe (PID: 2976)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • infInstallx86.exe (PID: 3008)
      • reibootforandroid_net_2.1.19.exe (PID: 2304)
      • drvinst.exe (PID: 1548)
      • Start.exe (PID: 876)
      • ReibootForAndroid.exe (PID: 2112)
      • fastboot.exe (PID: 324)
      • InstallAndDriver.exe (PID: 2628)
      • repair.exe (PID: 3748)
      • fastboot.exe (PID: 296)
      • DPInst32.exe (PID: 316)
      • drvinst.exe (PID: 2204)
      • fastboot.exe (PID: 2528)
      • fastboot.exe (PID: 3604)
      • fastboot.exe (PID: 2068)
      • fastboot.exe (PID: 3208)
      • fastboot.exe (PID: 664)
      • fastboot.exe (PID: 2568)
      • fastboot.exe (PID: 668)
      • 4ukeyforios_net_3.4.0.exe (PID: 2572)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)
      • fastboot.exe (PID: 2096)
      • drvinst.exe (PID: 1548)
      • fastboot.exe (PID: 4076)
      • fastboot.exe (PID: 3768)
      • fastboot.exe (PID: 3688)
      • fastboot.exe (PID: 2448)
      • fastboot.exe (PID: 2660)
      • fastboot.exe (PID: 2308)
      • fastboot.exe (PID: 2972)
      • fastboot.exe (PID: 1792)
      • drvinst.exe (PID: 3196)
      • fastboot.exe (PID: 3868)
      • drvinst.exe (PID: 1316)
      • adb.exe (PID: 3020)
      • adb.exe (PID: 3400)
      • adb.exe (PID: 1584)
      • fastboot.exe (PID: 3100)
      • drvinst.exe (PID: 1408)
      • fastboot.exe (PID: 2024)
      • adb.exe (PID: 2340)
      • fastboot.exe (PID: 3948)
      • fastboot.exe (PID: 1172)
      • adb.exe (PID: 2032)
      • fastboot.exe (PID: 3696)
      • adb.exe (PID: 1236)
      • adb.exe (PID: 2868)
      • adb.exe (PID: 2444)
      • fastboot.exe (PID: 3972)
      • fastboot.exe (PID: 1832)
      • fastboot.exe (PID: 560)
      • fastboot.exe (PID: 1264)
      • fastboot.exe (PID: 3956)
      • fastboot.exe (PID: 3908)
      • fastboot.exe (PID: 4076)
      • adb.exe (PID: 2656)
      • fastboot.exe (PID: 3396)
      • fastboot.exe (PID: 2360)
      • fastboot.exe (PID: 2448)
      • fastboot.exe (PID: 2484)
      • fastboot.exe (PID: 492)
      • fastboot.exe (PID: 664)
      • fastboot.exe (PID: 3636)
      • fastboot.exe (PID: 1388)
      • fastboot.exe (PID: 2812)
      • fastboot.exe (PID: 3512)
      • fastboot.exe (PID: 3324)
      • fastboot.exe (PID: 4068)
      • fastboot.exe (PID: 2952)
      • fastboot.exe (PID: 2000)
      • fastboot.exe (PID: 992)
      • fastboot.exe (PID: 3472)
      • fastboot.exe (PID: 4072)
      • fastboot.exe (PID: 2824)
      • fastboot.exe (PID: 3716)
      • fastboot.exe (PID: 3076)
      • fastboot.exe (PID: 3932)
      • fastboot.exe (PID: 3960)
      • fastboot.exe (PID: 3284)
      • fastboot.exe (PID: 3516)
      • fastboot.exe (PID: 3108)
      • fastboot.exe (PID: 2868)
      • fastboot.exe (PID: 2292)
      • Start.exe (PID: 3492)
      • Tenorshare 4uKey.exe (PID: 4056)
      • Monitor.exe (PID: 2472)
      • CheckErrorx86.exe (PID: 3348)
      • infInstallx86.exe (PID: 2928)
      • infInstallx86.exe (PID: 2932)
      • infInstallx86.exe (PID: 1768)
      • infInstallx86.exe (PID: 3492)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 116)
      • iexplore.exe (PID: 2032)
      • reibootforios_net_9.3.1.exe (PID: 3540)
      • PnPutil.exe (PID: 3316)
      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • drvinst.exe (PID: 2976)
      • drvinst.exe (PID: 1548)
      • PnPutil.exe (PID: 3288)
      • reibootforandroid_net_2.1.19.exe (PID: 2304)
      • ReibootForAndroid.exe (PID: 2112)
      • DPInst32.exe (PID: 316)
      • drvinst.exe (PID: 2204)
      • 4ukeyforios_net_3.4.0.exe (PID: 2572)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 3196)
      • drvinst.exe (PID: 1408)
      • drvinst.exe (PID: 1316)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)

    • The process uses the downloaded file

      • iexplore.exe (PID: 116)

    • Application launched itself

      • iexplore.exe (PID: 116)
      • msedge.exe (PID: 3552)
      • msedge.exe (PID: 2768)
      • msedge.exe (PID: 3308)
      • msedge.exe (PID: 1140)
      • adb.exe (PID: 3400)
      • adb.exe (PID: 1584)
      • msedge.exe (PID: 1404)
      • msedge.exe (PID: 1624)

    • Reads the computer name

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • NetFrameCheck.exe (PID: 2376)
      • ReiBoot.exe (PID: 3220)
      • Monitor.exe (PID: 3240)
      • AppleMobileDeviceProcess.exe (PID: 3420)
      • CheckErrorx86.exe (PID: 3416)
      • infInstallx86.exe (PID: 2348)
      • infInstallx86.exe (PID: 1728)
      • mDNSResponder.exe (PID: 2912)
      • drvinst.exe (PID: 2976)
      • drvinst.exe (PID: 1548)
      • Start.exe (PID: 876)
      • ReibootForAndroid.exe (PID: 2112)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • fastboot.exe (PID: 296)
      • fastboot.exe (PID: 324)
      • DPInst32.exe (PID: 316)
      • drvinst.exe (PID: 2204)
      • fastboot.exe (PID: 2528)
      • fastboot.exe (PID: 3604)
      • fastboot.exe (PID: 2068)
      • fastboot.exe (PID: 664)
      • fastboot.exe (PID: 2568)
      • fastboot.exe (PID: 668)
      • fastboot.exe (PID: 3208)
      • fastboot.exe (PID: 2096)
      • drvinst.exe (PID: 1548)
      • fastboot.exe (PID: 4076)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)
      • fastboot.exe (PID: 2308)
      • fastboot.exe (PID: 2448)
      • fastboot.exe (PID: 2972)
      • fastboot.exe (PID: 1792)
      • fastboot.exe (PID: 3768)
      • fastboot.exe (PID: 3688)
      • fastboot.exe (PID: 2660)
      • fastboot.exe (PID: 3868)
      • drvinst.exe (PID: 1316)
      • drvinst.exe (PID: 3196)
      • drvinst.exe (PID: 1408)
      • fastboot.exe (PID: 2024)
      • fastboot.exe (PID: 3100)
      • adb.exe (PID: 2340)
      • adb.exe (PID: 2444)
      • fastboot.exe (PID: 3948)
      • fastboot.exe (PID: 1172)
      • fastboot.exe (PID: 3696)
      • fastboot.exe (PID: 3396)
      • fastboot.exe (PID: 1832)
      • fastboot.exe (PID: 3972)
      • fastboot.exe (PID: 560)
      • fastboot.exe (PID: 1264)
      • fastboot.exe (PID: 3908)
      • fastboot.exe (PID: 4076)
      • fastboot.exe (PID: 3956)
      • fastboot.exe (PID: 2360)
      • fastboot.exe (PID: 2484)
      • fastboot.exe (PID: 2448)
      • fastboot.exe (PID: 492)
      • fastboot.exe (PID: 664)
      • fastboot.exe (PID: 3636)
      • fastboot.exe (PID: 1388)
      • fastboot.exe (PID: 3512)
      • fastboot.exe (PID: 2812)
      • fastboot.exe (PID: 3716)
      • fastboot.exe (PID: 3324)
      • fastboot.exe (PID: 2952)
      • fastboot.exe (PID: 992)
      • fastboot.exe (PID: 3472)
      • fastboot.exe (PID: 4072)
      • fastboot.exe (PID: 2824)
      • fastboot.exe (PID: 4068)
      • fastboot.exe (PID: 2000)
      • fastboot.exe (PID: 3932)
      • fastboot.exe (PID: 3284)
      • fastboot.exe (PID: 2868)
      • fastboot.exe (PID: 3516)
      • fastboot.exe (PID: 3108)
      • fastboot.exe (PID: 2292)
      • fastboot.exe (PID: 3076)
      • fastboot.exe (PID: 3960)
      • Tenorshare 4uKey.exe (PID: 4056)
      • Start.exe (PID: 3492)
      • CheckErrorx86.exe (PID: 3348)
      • Monitor.exe (PID: 2472)
      • infInstallx86.exe (PID: 2932)
      • infInstallx86.exe (PID: 2928)

    • Create files in a temporary directory

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • reibootforios_net_9.3.1.exe (PID: 3540)
      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • PnPutil.exe (PID: 3316)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • PnPutil.exe (PID: 3288)
      • reibootforandroid_net_2.1.19.exe (PID: 2304)
      • ReibootForAndroid.exe (PID: 2112)
      • DPInst32.exe (PID: 316)
      • 4ukeyforios_net_3.4.0.exe (PID: 2572)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)
      • adb.exe (PID: 2340)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Reads Environment values

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • ReiBoot.exe (PID: 3220)
      • ReibootForAndroid.exe (PID: 2112)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Checks proxy server information

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • ReiBoot.exe (PID: 3220)
      • ReibootForAndroid.exe (PID: 2112)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Reads the machine GUID from the registry

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)
      • ReiBoot.exe (PID: 3220)
      • drvinst.exe (PID: 2976)
      • drvinst.exe (PID: 1548)
      • ReibootForAndroid.exe (PID: 2112)
      • DPInst32.exe (PID: 316)
      • drvinst.exe (PID: 2204)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 3196)
      • drvinst.exe (PID: 1316)
      • drvinst.exe (PID: 1408)
      • adb.exe (PID: 2444)
      • adb.exe (PID: 2340)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Creates files or folders in the user directory

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • ReiBoot.exe (PID: 3220)
      • ReibootForAndroid.exe (PID: 2112)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Checks for external IP

      • reiboot.exe (PID: 1388)
      • reiboot-for-android.exe (PID: 952)
      • 4ukey.exe (PID: 3332)

    • Connects to the CnC server

      • reiboot.exe (PID: 1388)

    • Creates files in the program directory

      • reiboot.exe (PID: 1388)
      • 4ukey.exe (PID: 3332)
      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • reiboot-for-android.exe (PID: 952)
      • NetFrameCheck.exe (PID: 2376)
      • ReiBoot.exe (PID: 3220)
      • AppleMobileDeviceProcess.exe (PID: 3420)
      • Start.exe (PID: 876)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • ReibootForAndroid.exe (PID: 2112)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)
      • Start.exe (PID: 3492)
      • Tenorshare 4uKey.exe (PID: 4056)

    • Process drops legitimate windows executable

      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • PnPutil.exe (PID: 3288)
      • drvinst.exe (PID: 1548)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • DPInst32.exe (PID: 316)
      • drvinst.exe (PID: 2204)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)
      • drvinst.exe (PID: 1548)
      • drvinst.exe (PID: 3196)

    • Drops 7-zip archiver for unpacking

      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • ReibootForAndroid.exe (PID: 2112)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)

    • The process drops C-runtime libraries

      • reibootforios_net_9.3.1.tmp (PID: 3536)
      • reibootforandroid_net_2.1.19.tmp (PID: 2516)
      • 4ukeyforios_net_3.4.0.tmp (PID: 1560)

    • Manual execution by a user

      • msedge.exe (PID: 2768)
      • msedge.exe (PID: 1140)
      • msedge.exe (PID: 1624)

    • Process drops legitimate windows executable (CertUtil.exe)

      • reibootforandroid_net_2.1.19.tmp (PID: 2516)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 188)
      • rundll32.exe (PID: 3488)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3852)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
468
Monitored processes
291
Malicious processes
23
Suspicious processes
2

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe reiboot.exe no specs reiboot.exe reiboot-for-android.exe no specs reiboot-for-android.exe 4ukey.exe no specs 4ukey.exe reibootforios_net_9.3.1.exe no specs reibootforios_net_9.3.1.tmp no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netframecheck.exe no specs reiboot.exe monitor.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs checkerrorx86.exe no specs applemobiledeviceprocess.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs infinstallx86.exe no specs msedge.exe no specs netstat.exe no specs netstat.exe no specs msedge.exe no specs netstat.exe no specs netstat.exe no specs mdnsresponder.exe infinstallx86.exe no specs infinstallx86.exe no specs pnputil.exe no specs drvinst.exe no specs infinstallx86.exe no specs pnputil.exe no specs drvinst.exe no specs reibootforandroid_net_2.1.19.exe no specs reibootforandroid_net_2.1.19.tmp no specs start.exe no specs reibootforandroid.exe cmd.exe no specs fastboot.exe no specs installanddriver.exe no specs repair.exe no specs cmd.exe no specs fastboot.exe no specs dpinst32.exe no specs drvinst.exe no specs rundll32.exe no specs vssvc.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe cmd.exe no specs msedge.exe no specs fastboot.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs fastboot.exe no specs msedge.exe no specs cmd.exe no specs fastboot.exe no specs msedge.exe no specs cmd.exe no specs fastboot.exe no specs msedge.exe no specs 4ukeyforios_net_3.4.0.exe no specs cmd.exe no specs fastboot.exe no specs msedge.exe no specs 4ukeyforios_net_3.4.0.tmp no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs fastboot.exe no specs drvinst.exe no specs cmd.exe no specs fastboot.exe no specs rundll32.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs drvinst.exe no specs cmd.exe no specs fastboot.exe no specs drvinst.exe no specs drvinst.exe no specs cmd.exe no specs fastboot.exe no specs netstat.exe no specs cmd.exe no specs cmd.exe no specs adb.exe no specs adb.exe no specs adb.exe no specs cmd.exe no specs fastboot.exe no specs adb.exe no specs adb.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs adb.exe no specs adb.exe no specs cmd.exe no specs fastboot.exe no specs adb.exe no specs adb.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs fastboot.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs taskkill.exe no specs cmd.exe no specs taskkill.exe no specs start.exe no specs tenorshare 4ukey.exe msedge.exe no specs msedge.exe no specs monitor.exe msedge.exe no specs msedge.exe no specs cmd.exe no specs sc.exe no specs msedge.exe msedge.exe no specs wmic.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs msedge.exe no specs netstat.exe no specs netstat.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs msedge.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs checkerrorx86.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs msedge.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs msedge.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs infinstallx86.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs msedge.exe no specs msedge.exe no specs infinstallx86.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs infinstallx86.exe no specs pnputil.exe no specs infinstallx86.exe no specs pnputil.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs cmd.exe no specs wmic.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs cmd.exe no specs sc.exe no specs wmic.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Program Files\Internet Explorer\iexplore.exe" "https://www.tenorshare.net/"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
124"cmd.exe" /C "C:\tenorshare\adb\fastboot.exe" devicesC:\Windows\System32\cmd.exeReibootForAndroid.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
148"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1312 --field-trial-handle=1400,i,4204309666122881323,5744907838104427696,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
188rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{75dadf7e-15d2-4fbb-8302-fc7babd6686c} Global\{14c4e430-a6c5-339a-efe8-fe548da2c768} C:\Windows\System32\DriverStore\Temp\{2ee92f9c-d34f-129e-9a55-ef35222d896f}\android_general.inf C:\Windows\System32\DriverStore\Temp\{2ee92f9c-d34f-129e-9a55-ef35222d896f}\android_general.catC:\Windows\System32\rundll32.exedrvinst.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
268wmic BaseBoard get SerialNumberC:\Windows\System32\wbem\WMIC.exeTenorshare 4uKey.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
268sc start winmgmtC:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
A tool to aid in developing services for WindowsNT
Exit code:
1056
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
296C:\tenorshare\adb\fastboot.exe devicesC:\tenorshare\adb\fastboot.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll
316"C:\Program Files\Tenorshare\ReiBoot for Android\DPInst32.exe" /F /D /SW /PATH "C:\Program Files\Tenorshare\ReiBoot for Android\mobiledrv"C:\Program Files\Tenorshare\ReiBoot for Android\DPInst32.exeReibootForAndroid.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Driver Package Installer
Exit code:
1280
Version:
2.1
Modules
Images
c:\program files\tenorshare\reiboot for android\dpinst32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
324C:\tenorshare\adb\fastboot.exe devicesC:\tenorshare\adb\fastboot.execmd.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\tenorshare\adb\fastboot.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\tenorshare\adb\adbwinapi.dll
c:\windows\system32\ole32.dll
324"cmd.exe" /C "C:\tenorshare\adb\fastboot.exe" devicesC:\Windows\System32\cmd.exeReibootForAndroid.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
113 817
Read events
112 711
Write events
1 086
Delete events
20

Modification events

(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(116) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
1 657
Suspicious files
541
Text files
677
Unknown types
2

Dropped files

PID
Process
Filename
Type
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:95F1E1AC9DA7950C15EAC7B35E0C26E6
SHA256:C3608FC592FFCFAADA330C48024F614D8704A31FD31801F9E43CBFA438FB6DC9
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:48BF72CF8CC33D556D7343C2C614A782
SHA256:9092AD6100F853277D06C66221D298660464ADE5A7FE847A194648CBB7F6C4AF
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:BD4767231A883CCDF4CE913B60355620
SHA256:C8E4CD42C101BBFB306FC96D86EE03BDDCE715BB5F76E29B232548F9D348501A
2032iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464binary
MD5:8202A1CD02E7D69597995CABBE881A12
SHA256:58F381C3A0A0ACE6321DA22E40BD44A597BD98B9C9390AB9258426B5CF75A7A5
2032iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQDHICYI.txttext
MD5:EADA0C00AA91934B624DEA35FC78A100
SHA256:8AF952736F6B43BF21D9628E8656F9419922809C2055831A30ED5A5BD32E2A9A
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\rn-ui-tenorshare2-1.0.0.min[2].csstext
MD5:54536E3EB94EA6125773ED31AB7A8A99
SHA256:72369DCF97771D0A76A1C8E34187729FD2AD2E8ED98C26A009D748F17911236B
2032iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\HSW3ANKI.txttext
MD5:E19E5274700202DACD8ABBAE0F69F544
SHA256:8A92DD725F979636D93EB2E43E40DB3D4D1B00E3E4BE50147E7301424ADC415A
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\J65AP0JS.htmhtml
MD5:5F85491CC5EDC780E85B019F681971E4
SHA256:E996934B3A357D80AC263F505010E79053774466B6B7E7DD04CA600F55031B32
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\rn-ui-tenorshare2-1.0.0.min[1].csstext
MD5:6D8438611880469364B33C0EC4899766
SHA256:3B68099688C2DDADCA0FA70C2F903BECD3D5B16CD13D046F5C22A2BE6375CA58
2032iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\4ddig-file-repair[1].svgimage
MD5:D25A6BA79B944ED3CDFB9F9EDA2E2E3B
SHA256:9C403BCD66970A0E9F06BA626F2B98B9A529746DA2188A8BAACE3CAE4D24EB60
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
163
TCP/UDP connections
622
DNS requests
231
Threats
21

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2032
iexplore.exe
GET
200
184.24.77.194:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?53bfb7cf8a6cf97e
unknown
compressed
4.66 Kb
unknown
2032
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D
unknown
binary
724 b
unknown
2032
iexplore.exe
GET
200
184.24.77.194:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6b21170b0e7a1648
unknown
compressed
4.66 Kb
unknown
2032
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
binary
1.47 Kb
unknown
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAhflMAthXvozBT%2FU%2B2iPio%3D
unknown
binary
471 b
unknown
2032
iexplore.exe
GET
200
192.124.249.31:80
http://crl.starfieldtech.com/sfroot-g2.crl
unknown
binary
584 b
unknown
2032
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
2032
iexplore.exe
GET
200
142.250.186.131:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCZXmpIP%2Bo%2BHhJmodADfw%2Fc
unknown
binary
472 b
unknown
2032
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2032
iexplore.exe
104.18.10.138:443
www.tenorshare.net
CLOUDFLARENET
unknown
4
System
192.168.100.255:138
whitelisted
2032
iexplore.exe
184.24.77.194:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2032
iexplore.exe
142.250.186.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
2032
iexplore.exe
151.101.65.26:443
polyfill.io
FASTLY
US
unknown
2032
iexplore.exe
104.18.16.57:443
assets.afirstsoft.com
CLOUDFLARENET
shared
2032
iexplore.exe
104.18.25.249:443
www.tenorshare.com
CLOUDFLARENET
unknown
2032
iexplore.exe
104.17.25.14:443
cdnjs.cloudflare.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
www.tenorshare.net
  • 104.18.10.138
  • 104.18.11.138
unknown
ctldl.windowsupdate.com
  • 184.24.77.194
  • 184.24.77.202
  • 88.221.110.91
  • 2.16.100.168
whitelisted
ocsp.pki.goog
  • 142.250.186.131
whitelisted
polyfill.io
  • 151.101.65.26
  • 151.101.193.26
  • 151.101.1.26
  • 151.101.129.26
whitelisted
assets.afirstsoft.com
  • 104.18.16.57
  • 104.18.17.57
unknown
www.tenorshare.com
  • 104.18.25.249
  • 104.18.24.249
whitelisted
images.tenorshare.com
  • 104.18.25.249
  • 104.18.24.249
whitelisted
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.starfieldtech.com
  • 192.124.249.31
  • 192.124.249.36
  • 192.124.249.41
whitelisted

Threats

PID
Process
Class
Message
1388
reiboot.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
1388
reiboot.exe
Potential Corporate Privacy Violation
AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
1388
reiboot.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
1388
reiboot.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
1388
reiboot.exe
Possibly Unwanted Program Detected
ET ADWARE_PUP Tensorshare Google Analytics Checkin
952
reiboot-for-android.exe
Potential Corporate Privacy Violation
AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
952
reiboot-for-android.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
3332
4ukey.exe
Potential Corporate Privacy Violation
AV POLICY Internal Host Retrieving External IP Address (ip-api. com)
3332
4ukey.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ip-api.com
3220
ReiBoot.exe
Potential Corporate Privacy Violation
ET POLICY Unsupported/Fake Windows NT Version 5.0
9 ETPRO signatures available at the full report
Process
Message
ReiBoot.exe
log4net:ERROR Appender named [ConsoleAppender] not found.
ReiBoot.exe
log4net:ERROR XmlHierarchyConfigurator: No appender named [ConsoleAppender] could be found.
AppleMobileDeviceProcess.exe
ASL checking for logging parameters in environment variable "asl.log"
AppleMobileDeviceProcess.exe
ASL checking for logging parameters in environment variable "AppleMobileDeviceProcess.exe.log"
ReiBoot.exe
Native library pre-loader is trying to load native SQLite library "C:\Program Files\Tenorshare\Tenorshare ReiBoot\x86\SQLite.Interop.dll"...
ReiBoot.exe
Couldn't load our private device map. Device identification will be limited.
ReiBoot.exe
DeviceMap argument is empty. Skipping appending of deprecated devices.
ReiBoot.exe
ReiBoot.exe
ReiBoot.exe
ASL checking for logging parameters in environment variable "ReiBoot.exe.log"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.tenorshare.net/