Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Macrium Reflect all editions v7.0.1994 x64

Bearded One

Member
Joined
Sep 29, 2020
Messages
7
Macrium Reflect all editions v7.0.1994 x64



@ThumperTM is usually OK but this tries to connect to
152.199.19.74 during install. Why is this?
 
Last edited by a moderator:
That's a very odd. That IP is being used by edg.io, a Verizon reseller on the left coast. That particular IP returns a 1kb file "Download", no extension with a http query. It may be harmless, I would doubt it's part of a legit crack, at best it's an attept to track who is installing the crack. Not knowing what it's calling, who knows? It may return a more detailed program when the program connects to it.
That IP isn't blaclisted but it does have some suspicions noted.
If Virustotal is ok with the program, block that ip with your firewall. It's not going to hurt anything.
If anything else looks funny, I would move on. Better safe than sorry. I got burned a few weeks back when I was in a hurry. I had to make plenty of time to wipe and reload my system after I was hit. I never try cleaning out my systems, when I managed a shop we did removal to save customers money, but we did end up with a very small percentages of returns.
 
That's a very odd. That IP is being used by edg.io, a Verizon reseller on the left coast. That particular IP returns a 1kb file "Download", no extension with a http query. It may be harmless, I would doubt it's part of a legit crack, at best it's an attept to track who is installing the crack. Not knowing what it's calling, who knows? It may return a more detailed program when the program connects to it.
That IP isn't blaclisted but it does have some suspicions noted.
If Virustotal is ok with the program, block that ip with your firewall. It's not going to hurt anything.
If anything else looks funny, I would move on. Better safe than sorry. I got burned a few weeks back when I was in a hurry. I had to make plenty of time to wipe and reload my system after I was hit. I never try cleaning out my systems, when I managed a shop we did removal to save customers money, but we did end up with a very small percentages of returns.
Thanks. Wouldn't it be the uploader who would have put in anything in it and thumper is usually OK. I tried a later different one and is the same. I have blocked the connection to that IP but don't want to chance the file.
I might down load it in a sandbox on a VM
Virustotal report of the workstation exe. There are also server and server pus setups

I downloaded into a sandbox and uploaded for scan https://virusscan.jotti.org/en-US/filescanjob/pos0gkkr2p
virustotal wouldn't open in the VM
 
Last edited:
Yesterday it was called mSnkKMtq

Today it is called bH8kcnGp

An online file checker says bH8kcnGp is:
File Type: data

MIME Type: application/octet-stream;
Suggested file extension(s): bin lha lzh exe class so dll img iso
It is 5 bytes

Also each time you go to that ip the files is called something else

Now it is called z3pqpfkD but still the same type

Google says "A MIME attachment with the content type application/octet-stream is a binary file. Typically, it is an application or a document that is opened in an application such as a spreadsheet or word processor."

Anyone know what that means?
 
Last edited:
So here's a screenshot of Notepad ++ of Download's contents followed by the ascii of the file's contents.. It might be a piece of code to be inserted into the exec to make it work. It's an old trick, the first crack I did on a C64 had something similar. I don't see how this could be interpreted as malicious code, but I am not 100% sure. What do you think?Dowload.jpgDownload ascii.jpg
 
So here's a screenshot of Notepad ++ of Download's contents followed by the ascii of the file's contents.. It might be a piece of code to be inserted into the exec to make it work. It's an old trick, the first crack I did on a C64 had something similar. I don't see how this could be interpreted as malicious code, but I am not 100% sure. What do you think?View attachment 6549View attachment 6550
Thanks for getting back. I have no idea. I can't do cracks. I have never seen a crack that has to connect to web on install. I always have firewall which is how I noticed this
 
Hey I am just sharing what I know. Like I said I that's my experience. It is kinda creepy it calls that IP, it may be logging your IP for some reason. So if you block the IP in your firewall. the program still works? I'd walk away from that download. Just because a download has Thumper's name on it, doesn't mean someone hasn't fiddled with it.
 
Hey I am just sharing what I know. Like I said I that's my experience. It is kinda creepy it calls that IP, it may be logging your IP for some reason. So if you block the IP in your firewall. the program still works? I'd walk away from that download. Just because a download has Thumper's name on it, doesn't mean someone hasn't fiddled with it.
I didn't install it so I don't know if it works. I am just curious about it.
Edit: I installed it on a virtual windows 7. I cut off the internet and it installed without that file. The patch worked fine too
 
Last edited:
I tried a different version. It tries to connect to 104.18.21.226 which is cloudfare.
Trying to connect direct gives error code 1003, of which google says "Companies like Cloudflare use it to specify that the direct IP access is not allowed for this request."
 
Back
Top