File name: | Complete.Internet.Repair.5.2.3.4118.rar |
Full analysis: | https://app.any.run/tasks/cb851f33-1389-45a3-90b1-987fd0c3bc41 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 01:51:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 1B6BD2A8576FFCE710CA0A43A0609529 |
SHA1: | 638B4F2D36621BAF7D9DAE9D5D6F139A48BDD466 |
SHA256: | 00C1DE69DA0C024798E4432D693FDAA9B5F0D45B79BAAC5B15FF4398DD9715B3 |
SSDEEP: | 98304:Sg3TLBeoGIv53PdRzjNXOtgiwVsfQggEf/d1Mx9XJElA4Y++R2fzsneIXMUW4:3n0op53PdtUtgMFgEfwx9XJElA4Y++Wm |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 1163735 |
---|---|
UncompressedSize: | 2129968 |
OperatingSystem: | Win32 |
ModifyDate: | 2020:05:27 14:32:09 |
PackingMethod: | Normal |
ArchivedFileName: | Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\ComIntRep.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3636 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Complete.Internet.Repair.5.2.3.4118.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2160 | "C:\Users\admin\Desktop\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Setup.exe" | C:\Users\admin\Desktop\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Setup.exe | explorer.exe | |
User: admin Company: Rizonesoft Integrity Level: MEDIUM Description: Complete Internet Repair Setup Exit code: 0 Version: | ||||
3264 | "C:\Users\admin\AppData\Local\Temp\is-0LPJU.tmp\ComIntRep_4118_Setup.tmp" /SL5="$101D6,2700781,780288,C:\Users\admin\Desktop\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Setup.exe" | C:\Users\admin\AppData\Local\Temp\is-0LPJU.tmp\ComIntRep_4118_Setup.tmp | — | ComIntRep_4118_Setup.exe |
User: admin Company: Rizonesoft Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 | ||||
3448 | "C:\Users\admin\Desktop\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Setup.exe" /SPAWNWND=$101E6 /NOTIFYWND=$101D6 | C:\Users\admin\Desktop\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Setup.exe | ComIntRep_4118_Setup.tmp | |
User: admin Company: Rizonesoft Integrity Level: HIGH Description: Complete Internet Repair Setup Exit code: 0 Version: | ||||
1476 | "C:\Users\admin\AppData\Local\Temp\is-9MVU6.tmp\ComIntRep_4118_Setup.tmp" /SL5="$201EA,2700781,780288,C:\Users\admin\Desktop\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Setup.exe" /SPAWNWND=$101E6 /NOTIFYWND=$101D6 | C:\Users\admin\AppData\Local\Temp\is-9MVU6.tmp\ComIntRep_4118_Setup.tmp | ComIntRep_4118_Setup.exe | |
User: admin Company: Rizonesoft Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 | ||||
684 | "C:\Program Files\Rizonesoft\Complete Internet Repair\ComIntRep.exe" | C:\Program Files\Rizonesoft\Complete Internet Repair\ComIntRep.exe | — | explorer.exe |
User: admin Company: Rizonesoft Integrity Level: MEDIUM Description: Complete Internet Repair Exit code: 3221226540 Version: 5.2.3.4118 | ||||
3936 | "C:\Program Files\Rizonesoft\Complete Internet Repair\ComIntRep.exe" | C:\Program Files\Rizonesoft\Complete Internet Repair\ComIntRep.exe | explorer.exe | |
User: admin Company: Rizonesoft Integrity Level: HIGH Description: Complete Internet Repair Exit code: 0 Version: 5.2.3.4118 | ||||
3732 | C:\Windows\system32\cmd.exe /c netsh interface ipv4 reset all | C:\Windows\system32\cmd.exe | — | ComIntRep.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1152 | netsh interface ipv4 reset all | C:\Windows\system32\netsh.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4084 | C:\Windows\system32\cmd.exe /c netsh interface ipv6 reset all | C:\Windows\system32\cmd.exe | — | ComIntRep.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\ar.ini | text | |
MD5:2F5532074B50A8F52A370A25A23E57A2 | SHA256:CA965D5CA8CA58ED2FC46B6757D53E10B0D5E339EA85BA84546E7900FC5F1811 | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Docs\Readme.txt | text | |
MD5:DEB3B27ABF446F710DC4DE991BC43590 | SHA256:F236D25AEE5DB8A40DCBF18F61AE483CF6EB6EDE654D1F7F71D8863ADEBAA3EF | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\ComIntRep.ini | text | |
MD5:57AA793C2D183162FDAF566880418850 | SHA256:26F95EBF450E957328B80CA912C9BAA1A53C5A40949EB03E9DF05CB4D7B11F47 | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\fr.ini | text | |
MD5:7AE482A3E7A8A2FECA155537C87DC4B4 | SHA256:1C5FAC36B04BF67CEE52160101D0E791A1B8D70ACBC8A93FAA42C6DA80F539FC | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\es.ini | text | |
MD5:88584E1B1E6418D68B9880809ECC3B3C | SHA256:8D2EA56EB19C552600A706FA7A53A37E4E40F0A686B59F585B725C2B8550DFF5 | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\en.ini | text | |
MD5:B74A87F59FC943AEA5A3E2AFAE131722 | SHA256:A5717E3BFBAEE175FF4F9E146A524A2ADE14AE34D958E504356A7B7F163502D5 | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\pt-BR.ini | text | |
MD5:5B3D1F76385C03D830D134E53F66CDBF | SHA256:831E9EAE637F1EBFA167A9A8C3A2F306642B5D33DCA338919E61525B06109758 | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\hu.ini | text | |
MD5:195FF9E014266B784BE50101F76E6CE1 | SHA256:4F5E18E2044A4F0DA7FBC11C394E643FE30EE814E53E4545437C97AEF396DF89 | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\zh-CN.ini | text | |
MD5:D659B17C4F4C5652D7DEC783C4C61F49 | SHA256:DF5FACC71CD7A4B5B1B05E4EB698F4B92F789AE82D1DB3EAB909C35DB563CC04 | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\el.ini | text | |
MD5:0AD4BC5E5F116D38AF513B3C70B5C42F | SHA256:CE8EB7B07C014B1247EC9DB9B717393B9433C0DB2F455D2280DDFBE8E34BD9E3 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | HEAD | 200 | 13.107.4.50:80 | http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/wsus3setup.cab?2005300155 | US | — | — | whitelisted |
— | — | HEAD | 200 | 205.185.216.42:80 | http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab?2005300155 | US | — | — | whitelisted |
— | — | GET | 200 | 13.107.4.50:80 | http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WuSetupHandler.cab?2005300155 | US | compressed | 61.9 Kb | whitelisted |
3936 | ComIntRep.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEQDzZE5rbgBQI34JRr174fUd | US | der | 315 b | whitelisted |
— | — | GET | 200 | 13.107.4.50:80 | http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/wsus3setup.cab?2005300155 | US | compressed | 32.9 Kb | whitelisted |
3936 | ComIntRep.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D | US | der | 471 b | whitelisted |
— | — | HEAD | 200 | 13.107.4.50:80 | http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.320.cab?2005300155 | US | compressed | 61.9 Kb | whitelisted |
— | — | HEAD | 200 | 13.107.4.50:80 | http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.320.cab?2005300155 | US | compressed | 116 Kb | whitelisted |
— | — | GET | 200 | 13.107.4.50:80 | http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.320.cab?2005300155 | US | compressed | 2.21 Mb | whitelisted |
— | — | GET | 200 | 13.107.4.50:80 | http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.320.cab?2005300155 | US | compressed | 458 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3936 | ComIntRep.exe | 151.139.128.11:443 | www.rizonesoft.com | Highwinds Network Group, Inc. | US | malicious |
3276 | ComIntRep.exe | 151.139.128.11:443 | www.rizonesoft.com | Highwinds Network Group, Inc. | US | malicious |
3936 | ComIntRep.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
— | — | 40.90.247.210:443 | www.update.microsoft.com | Microsoft Corporation | US | malicious |
— | — | 13.107.4.50:80 | ds.download.windowsupdate.com | Microsoft Corporation | US | whitelisted |
— | — | 205.185.216.42:80 | download.windowsupdate.com | Highwinds Network Group, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.rizonesoft.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
download.windowsupdate.com |
| whitelisted |
www.update.microsoft.com |
| whitelisted |
ds.download.windowsupdate.com |
| whitelisted |