URL:

https://www.reasoncoresecurity.com/uninstallpwdkeygenerator.exe-f1a922dc6ee78293db8dffa0cc138a659b5089a5.aspx

Full analysis: https://app.any.run/tasks/3a3ffca4-8b43-4488-a68c-77913a1722e3
Verdict: No threats detected
Analysis date: May 30, 2019, 13:48:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

E160E0AB9B31179ED408DF2DA43135C7

SHA1:

7F35E54EDA65324D3B77F425AF682C3E288C210E

SHA256:

9AA52B4095443E3249FF6BC5089591EC31DE0622A88E4A372343718F40B2E889

SSDEEP:

3:N8DSLQ/OFK2GCcXe1hd2GjDYVGGPGTGaz:2OLQ/Ovqe1W8DYVGGeTGaz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executed via COM

      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2604)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3372)
      • iexplore.exe (PID: 712)

    • Creates files in the user directory

      • iexplore.exe (PID: 3372)
      • iexplore.exe (PID: 712)
      • FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2604)

    • Changes internet zones settings

      • iexplore.exe (PID: 712)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3372)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 712)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 712)

    • Changes settings of System certificates

      • iexplore.exe (PID: 712)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_26_0_0_131_activex.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
712"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2604C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -EmbeddingC:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exesvchost.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe® Flash® Player Installer/Uninstaller 26.0 r0
Exit code:
0
Version:
26,0,0,131
Modules
Images
c:\windows\system32\macromed\flash\flashutil32_26_0_0_131_activex.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3372"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:712 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
487
Read events
403
Write events
80
Delete events
4

Modification events

(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{A4B07FD9-82E1-11E9-A370-5254004A04AF}
Value:
0
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
1
(PID) Process:(712) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307050004001E000D0030002E00BD03
Executable files
0
Suspicious files
5
Text files
51
Unknown types
11

Dropped files

PID
Process
Filename
Type
712iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
712iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V257O05D\uninstallpwdkeygenerator.exe-f1a922dc6ee78293db8dffa0cc138a659b5089a5[1].aspx
MD5:
SHA256:
3372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@www.reasoncoresecurity[1].txttext
MD5:1B03F6E1F8A044A494C831A67A65E8AC
SHA256:5C2B610AA0BE63DE2191F0A385CEBF66D3BD39C598C806D1C73B2677A9E84CF8
3372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ARAMN0G8\togglePopupModal[1].jstext
MD5:ADBE86F800CBB4A6A23EB4E708A453BF
SHA256:18E377F7160B220ABBF969ED97638521302582A985687F0F60339AE0C205A609
3372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:64F33DF18C7E3793C1D1A0DD36A7186C
SHA256:2D220AAA14DD47FFD0772E375BECA97486F67EDA5638D65EF37A873BD88957FF
3372iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.datdat
MD5:8632A37818FE4228AF6FE785D0B4EF76
SHA256:1549575B547DBAF5B49BA7797D9260EE67F76D32C259632157D93D71E4D400DE
3372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V257O05D\uninstallpwdkeygenerator.exe-f1a922dc6ee78293db8dffa0cc138a659b5089a5[1].htmhtml
MD5:A3F0CAC1246990A8538762D179757732
SHA256:EBBBA28BDC0AE46455D53BA0AA56C89A64F48FCF7433F4E8B4792F2E46D0EF08
3372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6KWE0N0S\stylesheet[1].csstext
MD5:3C2FA4750D23112B0D7A63B1720F7891
SHA256:C8FD4474D035A47656FBBFD4E78849B31AA4452C32A6B7922C3890995F2E13D4
3372iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.datdat
MD5:0FA50DB88556F5E280AABE1AF41C9B36
SHA256:6E0888E5C384C540318A8908E28C6C5F3C61492EB532181DBF0D257FB9B80423
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
26
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3372
iexplore.exe
GET
200
52.85.188.246:80
http://x.ss2.us/x.cer
US
der
1.27 Kb
whitelisted
712
iexplore.exe
GET
200
13.107.21.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3372
iexplore.exe
GET
200
67.27.157.254:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
56.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
712
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3372
iexplore.exe
104.25.15.8:443
www.reasoncoresecurity.com
Cloudflare Inc
US
shared
3372
iexplore.exe
172.217.18.170:443
ajax.googleapis.com
Google Inc.
US
whitelisted
3372
iexplore.exe
54.230.93.21:443
cdn.reasonsecurity.com
Amazon.com, Inc.
US
unknown
3372
iexplore.exe
172.217.18.106:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3372
iexplore.exe
216.58.207.72:443
www.googletagmanager.com
Google Inc.
US
whitelisted
52.85.188.246:80
x.ss2.us
Amazon.com, Inc.
US
unknown
67.27.157.254:80
www.download.windowsupdate.com
Level 3 Communications, Inc.
US
suspicious
3372
iexplore.exe
216.58.206.3:443
fonts.gstatic.com
Google Inc.
US
whitelisted
3372
iexplore.exe
216.58.207.46:443
www.google-analytics.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.reasoncoresecurity.com
  • 104.25.15.8
  • 104.25.14.8
malicious
dns.msftncsi.com
  • 131.107.255.255
shared
cdn.reasonsecurity.com
  • 54.230.93.21
  • 54.230.93.172
  • 54.230.93.174
  • 54.230.93.131
shared
fonts.googleapis.com
  • 172.217.18.106
whitelisted
s3.amazonaws.com
  • 52.216.107.174
shared
ajax.googleapis.com
  • 172.217.18.170
  • 216.58.206.10
  • 216.58.207.74
  • 216.58.208.42
  • 172.217.16.138
  • 172.217.18.106
  • 172.217.21.202
  • 216.58.205.234
  • 172.217.21.234
whitelisted
www.googletagmanager.com
  • 216.58.207.72
whitelisted
x.ss2.us
  • 52.85.188.246
  • 52.85.188.145
  • 52.85.188.21
  • 52.85.188.176
whitelisted
www.download.windowsupdate.com
  • 67.27.157.254
  • 8.253.204.249
  • 8.248.119.254
  • 67.27.235.126
  • 8.248.127.254
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.reasoncoresecurity.com/uninstallpwdkeygenerator.exe-f1a922dc6ee78293db8dffa0cc138a659b5089a5.aspx