File name:

Complete.Internet.Repair.5.2.3.4118.rar

Full analysis: https://app.any.run/tasks/cb851f33-1389-45a3-90b1-987fd0c3bc41
Verdict: Malicious activity
Analysis date: May 30, 2020, 01:51:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

1B6BD2A8576FFCE710CA0A43A0609529

SHA1:

638B4F2D36621BAF7D9DAE9D5D6F139A48BDD466

SHA256:

00C1DE69DA0C024798E4432D693FDAA9B5F0D45B79BAAC5B15FF4398DD9715B3

SSDEEP:

98304:Sg3TLBeoGIv53PdRzjNXOtgiwVsfQggEf/d1Mx9XJElA4Y++R2fzsneIXMUW4:3n0op53PdtUtgMFgEfwx9XJElA4Y++Wm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ComIntRep_4118_Setup.exe (PID: 2160)
      • ComIntRep_4118_Setup.exe (PID: 3448)
      • ComIntRep.exe (PID: 684)
      • ComIntRep.exe (PID: 3936)
      • ComIntRep.exe (PID: 1796)
      • ComIntRep.exe (PID: 3276)
      • WuSetupV.exe (PID: 3232)

    • Actions looks like stealing of personal data

      • ComIntRep.exe (PID: 3936)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 2796)
      • cmd.exe (PID: 2328)
      • cmd.exe (PID: 2480)
      • cmd.exe (PID: 3860)
      • cmd.exe (PID: 780)
      • cmd.exe (PID: 3208)
      • cmd.exe (PID: 2212)
      • cmd.exe (PID: 1904)
      • cmd.exe (PID: 2608)
      • cmd.exe (PID: 2728)

    • Uses NET.EXE to stop Windows Update service

      • cmd.exe (PID: 2328)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ComIntRep.exe (PID: 3936)
      • ComIntRep.exe (PID: 3276)

    • Modifies Windows security services settings

      • ComIntRep.exe (PID: 3936)

    • Tries to delete the host file

      • ComIntRep.exe (PID: 3936)

    • Writes to the hosts file

      • ComIntRep.exe (PID: 3936)

    • Changes settings of System certificates

      • WuSetupV.exe (PID: 3232)
      • ComIntRep.exe (PID: 3936)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3636)
      • ComIntRep_4118_Setup.exe (PID: 2160)
      • ComIntRep_4118_Setup.exe (PID: 3448)
      • ComIntRep_4118_Setup.tmp (PID: 1476)

    • Reads the Windows organization settings

      • ComIntRep_4118_Setup.tmp (PID: 1476)

    • Reads Windows owner or organization settings

      • ComIntRep_4118_Setup.tmp (PID: 1476)

    • Creates files in the user directory

      • ComIntRep_4118_Setup.tmp (PID: 1476)
      • ComIntRep.exe (PID: 3936)
      • ComIntRep.exe (PID: 3276)

    • Reads Internet Cache Settings

      • ComIntRep.exe (PID: 3936)
      • ComIntRep.exe (PID: 3276)

    • Starts CMD.EXE for commands execution

      • ComIntRep.exe (PID: 3936)
      • ComIntRep.exe (PID: 3276)

    • Uses NETSH.EXE for network configuration

      • cmd.exe (PID: 3732)
      • cmd.exe (PID: 4084)
      • cmd.exe (PID: 1888)
      • cmd.exe (PID: 2928)
      • cmd.exe (PID: 3628)
      • cmd.exe (PID: 2192)
      • cmd.exe (PID: 1636)
      • cmd.exe (PID: 2884)
      • cmd.exe (PID: 2748)
      • cmd.exe (PID: 3684)
      • cmd.exe (PID: 2556)
      • cmd.exe (PID: 3244)
      • cmd.exe (PID: 2644)
      • cmd.exe (PID: 3152)

    • Uses IPCONFIG.EXE to discover IP address

      • cmd.exe (PID: 3524)
      • cmd.exe (PID: 3012)
      • cmd.exe (PID: 2304)
      • cmd.exe (PID: 2336)
      • cmd.exe (PID: 3160)
      • cmd.exe (PID: 2732)
      • cmd.exe (PID: 1784)
      • cmd.exe (PID: 2344)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 2796)
      • regsvr32.exe (PID: 1396)
      • regsvr32.exe (PID: 2852)
      • regsvr32.exe (PID: 1896)
      • regsvr32.exe (PID: 3684)
      • regsvr32.exe (PID: 3724)
      • regsvr32.exe (PID: 3764)
      • regsvr32.exe (PID: 2720)
      • regsvr32.exe (PID: 864)
      • regsvr32.exe (PID: 2452)
      • regsvr32.exe (PID: 4056)
      • regsvr32.exe (PID: 788)
      • regsvr32.exe (PID: 2576)
      • regsvr32.exe (PID: 3116)
      • regsvr32.exe (PID: 1724)
      • regsvr32.exe (PID: 1012)
      • regsvr32.exe (PID: 3056)
      • regsvr32.exe (PID: 2912)
      • regsvr32.exe (PID: 2280)
      • regsvr32.exe (PID: 3704)
      • regsvr32.exe (PID: 3520)

    • Modifies the open verb of a shell class

      • regsvr32.exe (PID: 2208)
      • regsvr32.exe (PID: 2172)
      • regsvr32.exe (PID: 2452)
      • regsvr32.exe (PID: 3628)
      • regsvr32.exe (PID: 3812)

    • Removes files from Windows directory

      • ComIntRep.exe (PID: 3936)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 2696)
      • cmd.exe (PID: 3432)
      • cmd.exe (PID: 2652)
      • cmd.exe (PID: 2896)
      • cmd.exe (PID: 3344)
      • cmd.exe (PID: 3356)
      • cmd.exe (PID: 2244)

    • Creates files in the Windows directory

      • regsvr32.exe (PID: 2456)
      • ComIntRep.exe (PID: 3936)

    • Creates or modifies windows services

      • ComIntRep.exe (PID: 3936)
      • ComIntRep.exe (PID: 3276)

    • Creates files in the driver directory

      • ComIntRep.exe (PID: 3936)

    • Executed as Windows Service

      • vssvc.exe (PID: 3460)

    • Adds / modifies Windows certificates

      • ComIntRep.exe (PID: 3936)

  • INFO

    • Manual execution by user

      • ComIntRep_4118_Setup.exe (PID: 2160)
      • ComIntRep.exe (PID: 684)
      • ComIntRep.exe (PID: 3936)
      • ComIntRep.exe (PID: 1796)
      • ComIntRep.exe (PID: 3276)

    • Application was dropped or rewritten from another process

      • ComIntRep_4118_Setup.tmp (PID: 3264)
      • ComIntRep_4118_Setup.tmp (PID: 1476)

    • Creates files in the program directory

      • ComIntRep_4118_Setup.tmp (PID: 1476)

    • Creates a software uninstall entry

      • ComIntRep_4118_Setup.tmp (PID: 1476)

    • Reads settings of System Certificates

      • ComIntRep.exe (PID: 3936)

    • Reads the hosts file

      • ComIntRep.exe (PID: 3936)

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 3460)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 1163735
UncompressedSize: 2129968
OperatingSystem: Win32
ModifyDate: 2020:05:27 14:32:09
PackingMethod: Normal
ArchivedFileName: Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\ComIntRep.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
578
Monitored processes
474
Malicious processes
10
Suspicious processes
5

Behavior graph

Click at the process to see the details
start drop and start drop and start winrar.exe comintrep_4118_setup.exe comintrep_4118_setup.tmp no specs comintrep_4118_setup.exe comintrep_4118_setup.tmp comintrep.exe no specs comintrep.exe cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs netsh.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs fsutil.exe no specs cmd.exe no specs bitsadmin.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs sc.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs nbtstat.exe no specs cmd.exe no specs nbtstat.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs comintrep.exe no specs comintrep.exe cmd.exe no specs net.exe no specs net1.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs vssvc.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs ipconfig.exe no specs cmd.exe no specs netsh.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs wusetupv.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\internet explorer\custsat.dll"C:\Windows\System32\regsvr32.exeComIntRep.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
116"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\browsewm.dll"C:\Windows\System32\regsvr32.exeComIntRep.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msctf.dll
c:\windows\system32\regsvr32.exe
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\profapi.dll
336netsh winsock resetC:\Windows\system32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
340"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\elshyph.dll"C:\Windows\System32\regsvr32.exeComIntRep.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
4
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
340"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\wintrust.dll"C:\Windows\System32\regsvr32.exeComIntRep.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dwmapi.dll
448"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\WEBPOST.DLL"C:\Windows\System32\regsvr32.exeComIntRep.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
536"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\dxmasf.dll"C:\Windows\System32\regsvr32.exeComIntRep.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
536"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\lmrt.dll"C:\Windows\System32\regsvr32.exeComIntRep.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\dwmapi.dll
540"C:\Windows\System32\regsvr32.exe" /s "C:\Windows\system32\l3codecx.ax"C:\Windows\System32\regsvr32.exeComIntRep.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
3
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
552netsh winsock resetC:\Windows\system32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
Total events
18 728
Read events
1 898
Write events
16 154
Delete events
676

Modification events

(PID) Process:(3636) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3636) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3636) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3636) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(3636) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Complete.Internet.Repair.5.2.3.4118.rar
(PID) Process:(3636) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3636) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3636) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3636) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1476) ComIntRep_4118_Setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
C4050000A20C7DF62436D601
Executable files
8
Suspicious files
4
Text files
783
Unknown types
17

Dropped files

PID
Process
Filename
Type
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\es.initext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Docs\License.txttext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\af.initext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Docs\Changes.txttext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\ar.initext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\en.initext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Docs\Readme.txttext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\de.initext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\el.initext
MD5:
SHA256:
3636WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3636.35599\Complete.Internet.Repair.5.2.3.4118.KaranPC\ComIntRep_4118_Portable\Language\ComIntRep\fr.initext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
7
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
200
205.185.216.42:80
http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab?2005300155
US
whitelisted
HEAD
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/wsus3setup.cab?2005300155
US
whitelisted
3936
ComIntRep.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEFZnHQTqT5lMbxCBR1nSdZQ%3D
US
der
471 b
whitelisted
3936
ComIntRep.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEQDzZE5rbgBQI34JRr174fUd
US
der
315 b
whitelisted
HEAD
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~x86~~7.6.7600.320.cab?2005300155
US
compressed
116 Kb
whitelisted
GET
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WuSetupHandler.cab?2005300155
US
compressed
61.9 Kb
whitelisted
GET
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/wsus3setup.cab?2005300155
US
compressed
32.9 Kb
whitelisted
HEAD
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WuSetupHandler.cab?2005300155
US
compressed
32.9 Kb
whitelisted
HEAD
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~x86~~7.6.7600.320.cab?2005300155
US
compressed
458 Kb
whitelisted
GET
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/3/windowsupdate/selfupdate/WSUS3/x86/Win7SP1/WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~x86~~7.6.7600.320.cab?2005300155
US
compressed
116 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3936
ComIntRep.exe
151.139.128.11:443
www.rizonesoft.com
Highwinds Network Group, Inc.
US
malicious
3276
ComIntRep.exe
151.139.128.11:443
www.rizonesoft.com
Highwinds Network Group, Inc.
US
malicious
205.185.216.42:80
download.windowsupdate.com
Highwinds Network Group, Inc.
US
whitelisted
3936
ComIntRep.exe
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
40.90.247.210:443
www.update.microsoft.com
Microsoft Corporation
US
malicious
13.107.4.50:80
ds.download.windowsupdate.com
Microsoft Corporation
US
whitelisted

DNS requests

Domain
IP
Reputation
www.rizonesoft.com
  • 151.139.128.11
whitelisted
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
download.windowsupdate.com
  • 205.185.216.42
  • 205.185.216.10
whitelisted
www.update.microsoft.com
  • 40.90.247.210
  • 20.41.46.145
whitelisted
ds.download.windowsupdate.com
  • 13.107.4.50
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Complete.Internet.Repair.5.2.3.4118.rar