Malware analysis PixelSee_id247007id.exe.7z Malicious activity

analyze malware

Huge database of samples and IOCs
Custom VM setup
Unlimited submissions
Interactive approach

Add for printing

File name:	PixelSee_id247007id.exe.7z
Full analysis:	https://app.any.run/tasks/995fb863-a229-4e36-8b7a-5fc6e35b2d54
Verdict:	Malicious activity
Analysis date:	February 21, 2023, 23:55:16
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	evasion
Indicators:
MIME:	application/x-7z-compressed
File info:	7-zip archive data, version 0.4
MD5:	310B37601E5E3B8F8D1C1941A2E231F0
SHA1:	32A6753337E5D382D3FEBB343AB818A021B4581A
SHA256:	0D1E143AB85DD44AC7AB62EDE9C13B72145B4958704ECF5FBB7294011C945091
SSDEEP:	49152:D3ndVb+FtwUY7juHVJrBWe2yqXZBBAbVa70IA:7d1+jl66VBBL2nwK0V

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (5.74)
CCleaner (5.74)
FileZilla Client 3.51.0 (3.51.0)
FileZilla Client 3.51.0 (3.51.0)
Google Chrome (86.0.4240.198)
Google Chrome (86.0.4240.198)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft .NET Framework 4.5.2 (4.5.51209)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 83.0 (x86 en-US) (83.0)
Mozilla Firefox 83.0 (x86 en-US) (83.0)
Mozilla Maintenance Service (83.0.0.7621)
Mozilla Maintenance Service (83.0.0.7621)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
Opera 12.15 (12.15.1748)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Skype version 8.29 (8.29)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - PixelSee_id247007id.exe (PID: 2484)
  - PixelSee_id247007id.exe (PID: 3524)
  - lum_inst.exe (PID: 2800)
  - net_updater32.exe (PID: 3504)
  - test_wpf.exe (PID: 1784)
  - pixelsee.exe (PID: 3064)
  - net_updater32.exe (PID: 3380)
  - net_updater32.exe (PID: 2120)
  - luminati-m-controller.exe (PID: 4084)
  - test_wpf.exe (PID: 3496)
  - pixelsee_crashpad_handler.exe (PID: 1236)
  - test_wpf.exe (PID: 2800)
  - idle_report.exe (PID: 1968)
- Actions looks like stealing of personal data
  - PixelSee_id247007id.exe (PID: 3524)
- The DLL Hijacking
  - SearchProtocolHost.exe (PID: 2688)
- Drops the executable file immediately after the start
  - lum_inst.exe (PID: 2800)
  - lum_inst.tmp (PID: 708)
  - net_updater32.exe (PID: 3504)
  - PixelSee_id247007id.exe (PID: 3524)
  - luminati-m-controller.exe (PID: 4084)
  - net_updater32.exe (PID: 3380)
- Changes the autorun value in the registry
  - pixelsee.exe (PID: 3064)
SUSPICIOUS
- Reads the Internet Settings
  - PixelSee_id247007id.exe (PID: 3524)
  - lum_inst.tmp (PID: 708)
  - net_updater32.exe (PID: 3504)
- Reads Microsoft Outlook installation path
  - PixelSee_id247007id.exe (PID: 3524)
- Reads Internet Explorer settings
  - PixelSee_id247007id.exe (PID: 3524)
- Reads the Windows owner or organization settings
  - lum_inst.tmp (PID: 708)
- Executable content was dropped or overwritten
  - lum_inst.exe (PID: 2800)
  - lum_inst.tmp (PID: 708)
  - PixelSee_id247007id.exe (PID: 3524)
  - net_updater32.exe (PID: 3504)
  - luminati-m-controller.exe (PID: 4084)
  - net_updater32.exe (PID: 3380)
- Creates a software uninstall entry
  - PixelSee_id247007id.exe (PID: 3524)
- The process drops C-runtime libraries
  - PixelSee_id247007id.exe (PID: 3524)
  - net_updater32.exe (PID: 3504)
- Reads settings of System Certificates
  - net_updater32.exe (PID: 3504)
  - net_updater32.exe (PID: 2120)
  - net_updater32.exe (PID: 3380)
- Drops a file with too old compile date
  - PixelSee_id247007id.exe (PID: 3524)
- Checks Windows Trust Settings
  - net_updater32.exe (PID: 3504)
  - net_updater32.exe (PID: 3380)
- Adds/modifies Windows certificates
  - lum_inst.tmp (PID: 708)
- Reads security settings of Internet Explorer
  - net_updater32.exe (PID: 3504)
- Changes default file association
  - PixelSee_id247007id.exe (PID: 3524)
  - pixelsee.exe (PID: 3064)
- Executes as Windows Service
  - net_updater32.exe (PID: 3380)
- Application launched itself
  - net_updater32.exe (PID: 3504)
  - net_svc.exe (PID: 528)
- Detected use of alternative data streams (AltDS)
  - net_updater32.exe (PID: 3504)
INFO
- Checks supported languages
  - PixelSee_id247007id.exe (PID: 3524)
  - lum_inst.exe (PID: 2800)
  - lum_inst.tmp (PID: 708)
  - net_updater32.exe (PID: 3504)
  - test_wpf.exe (PID: 1784)
  - net_updater32.exe (PID: 2120)
  - pixelsee.exe (PID: 3064)
  - pixelsee_crashpad_handler.exe (PID: 1236)
  - net_updater32.exe (PID: 3380)
- Reads the computer name
  - PixelSee_id247007id.exe (PID: 3524)
  - net_updater32.exe (PID: 3504)
  - lum_inst.tmp (PID: 708)
  - test_wpf.exe (PID: 1784)
  - pixelsee.exe (PID: 3064)
  - net_updater32.exe (PID: 2120)
  - net_updater32.exe (PID: 3380)
- Checks proxy server information
  - PixelSee_id247007id.exe (PID: 3524)
  - net_updater32.exe (PID: 3504)
- The process checks LSA protection
  - PixelSee_id247007id.exe (PID: 3524)
  - lum_inst.tmp (PID: 708)
  - net_updater32.exe (PID: 3504)
  - test_wpf.exe (PID: 1784)
  - WISPTIS.EXE (PID: 928)
  - pixelsee.exe (PID: 3064)
  - net_updater32.exe (PID: 2120)
  - net_updater32.exe (PID: 3380)
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 3512)
- Manual execution by a user
  - PixelSee_id247007id.exe (PID: 3524)
  - PixelSee_id247007id.exe (PID: 2484)
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 3512)
- Create files in a temporary directory
  - lum_inst.exe (PID: 2800)
  - PixelSee_id247007id.exe (PID: 3524)
- Reads the machine GUID from the registry
  - PixelSee_id247007id.exe (PID: 3524)
  - net_updater32.exe (PID: 3504)
  - test_wpf.exe (PID: 1784)
  - net_updater32.exe (PID: 2120)
  - lum_inst.tmp (PID: 708)
  - pixelsee.exe (PID: 3064)
  - net_updater32.exe (PID: 3380)
- Creates files or folders in the user directory
  - PixelSee_id247007id.exe (PID: 3524)
  - net_updater32.exe (PID: 3504)
  - pixelsee_crashpad_handler.exe (PID: 1236)
  - pixelsee.exe (PID: 3064)
- Drops a file that was compiled in debug mode
  - lum_inst.tmp (PID: 708)
  - PixelSee_id247007id.exe (PID: 3524)
  - net_updater32.exe (PID: 3504)
  - luminati-m-controller.exe (PID: 4084)
  - net_updater32.exe (PID: 3380)
- Application was dropped or rewritten from another process
  - lum_inst.tmp (PID: 708)
- Reads Environment values
  - net_updater32.exe (PID: 3504)
  - pixelsee.exe (PID: 3064)
- Creates files in the program directory
  - net_updater32.exe (PID: 3504)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.7z	\|	7-Zip compressed archive (v0.4) (57.1)
.7z	\|	7-Zip compressed archive (gen) (42.8)

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

3512

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PixelSee_id247007id.exe.7z"

C:\Program Files\WinRAR\WinRAR.exe

Explorer.EXE

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Exit code:

Version:

5.91.0

Modules

Images
c:\windows\system32\ntdll.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll

2484

"C:\Users\admin\Desktop\PixelSee_id247007id.exe"

C:\Users\admin\Desktop\PixelSee_id247007id.exe

—

Explorer.EXE

User:

admin

Company:

PixelSee

Integrity Level:

MEDIUM

Description:

PixelSee Player

Exit code:

3221226540

Modules

Images
c:\users\admin\desktop\pixelsee_id247007id.exe
c:\windows\system32\ntdll.dll

3524

"C:\Users\admin\Desktop\PixelSee_id247007id.exe"

C:\Users\admin\Desktop\PixelSee_id247007id.exe

Explorer.EXE

User:

admin

Company:

PixelSee

Integrity Level:

HIGH

Description:

PixelSee Player

Exit code:

Modules

Images
c:\windows\system32\ntdll.dll
c:\users\admin\desktop\pixelsee_id247007id.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\lpk.dll

2688

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\system32\SearchProtocolHost.exe

—

SearchIndexer.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Microsoft Windows Search Protocol Host

Exit code:

Version:

7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)

Modules

Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

2800

"C:\Users\admin\AppData\Local\Temp\luminati\lum_inst.exe" /verysilent

C:\Users\admin\AppData\Local\Temp\luminati\lum_inst.exe

PixelSee_id247007id.exe

User:

admin

Company:

luminati

Integrity Level:

HIGH

Description:

luminati Setup

Exit code:

101

Version:

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\luminati\lum_inst.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

708

"C:\Users\admin\AppData\Local\Temp\is-SSKAO.tmp\lum_inst.tmp" /SL5="$4014C,2213348,121344,C:\Users\admin\AppData\Local\Temp\luminati\lum_inst.exe" /verysilent

C:\Users\admin\AppData\Local\Temp\is-SSKAO.tmp\lum_inst.tmp

lum_inst.exe

User:

admin

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

101

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-sskao.tmp\lum_inst.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

3504

"C:\Users\admin\PixelSee\Luminati-m\net_updater32.exe" --install-ui win_pixelsee.app --dlg-app-name PixelSee --dlg-tos-link "https://pixelsee.app/license.html" --dlg-benefit-txt "PixelSee (Ad free)" --dlg-logo-link "https://pixelsee.app/installer/binaries/logo-icon.png" --dlg-not-peer-txt ads --dlg-peer-txt remove_ads

C:\Users\admin\PixelSee\Luminati-m\net_updater32.exe

lum_inst.tmp

User:

admin

Company:

Luminati Networks Ltd.

Integrity Level:

HIGH

Description:

Luminati SDK Updater

Exit code:

Version:

1.240.55

Modules

Images
c:\users\admin\pixelsee\luminati-m\net_updater32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll

1784

C:\Users\admin\PixelSee\Luminati-m\test_wpf.exe

—

net_updater32.exe

User:

admin

Company:

Luminati Networks Ltd.

Integrity Level:

HIGH

Description:

test_wpf

Exit code:

Version:

1.240.55

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\pixelsee\luminati-m\test_wpf.exe
c:\windows\system32\mscoree.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

2216

"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;

C:\Windows\SYSTEM32\WISPTIS.EXE

—

net_updater32.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft Pen and Touch Input Component

Exit code:

3221226540

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\ntdll.dll
c:\windows\system32\wisptis.exe

928

"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;

C:\Windows\SYSTEM32\WISPTIS.EXE

—

net_updater32.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft Pen and Touch Input Component

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\wisptis.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll

Add for printing

Total events

37 822

Read events

37 108

Write events

582

Delete events

132

Modification events


(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtBMP
Value:
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:	write	Name:	ShellExtIcon
Value:
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\AppData\Local\Temp\PixelSee_id247007id.exe.7z
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(3512) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120

Add for printing

Executable files

930

Suspicious files

108

Text files

242

Unknown types

256

Dropped files

PID	Process	Filename		Type
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\img2\cancel-page-new-ru.png		image
		MD5:53F92F8D3853C33CF2166CE534F64A1F	SHA256:147797DBB6FBFFB245130DE1A4DD80F52C787548F18DFCAB27383D1CC4122717
3512	WinRAR.exe	C:\Users\admin\Desktop\PixelSee_id247007id.exe		executable
		MD5:60849A8FF219BE4BEC52709173984455	SHA256:B2A96537B627CC5F7ED63B4B9491B9EA15B08C88DFDD5AEB7A00D903DD4D0176
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\preloader.html		html
		MD5:37A05031BEC9D3E093388407848AF66F	SHA256:CF38F4F8663028BEFF3A7650A9D426B4116891E8547029B66B8D2A13FAD63A48
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\curl-ca-bundle.crt		text
		MD5:BE2B0736EA029FFF398559FA7DF4E646	SHA256:C05A79296D61E3B2A2EBAF5AF476839B976D69A5ACB6F581A667E60E681049A2
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\img2\bundle1-check-off.png		image
		MD5:A5E92D07D4F8804726D7D8429791DD48	SHA256:F2541446FDD1AA134A66B9A6F91EBF7F880F0A6120E0BFBC85E7BEE3A6D49DB7
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\img2\bundle2-check-off.png		image
		MD5:32B3447C944FEBD3927E607FF60C7FA6	SHA256:FFC40BD54DD7A0010B1FEE3270133A0E9B917B925F461E5E09C0B3FBC0B638F6
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\main-icon-big.png		image
		MD5:0E5FEA82CC4F4A8225532E5B2F45C6C8	SHA256:81B5F50491579127D13E050847EF6D817265AB4B70D2796FB74021463B778BB9
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\img2\cancel-page-new1-ru.png		image
		MD5:E5A8DCB5948856CC1ADBC95E9ABCDEA9	SHA256:9B89878B847BDAD03A4024AD4C78DCC3C1F8174B4803130105A7C275B0E52966
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\img2\close-gray.png		image
		MD5:73E7C4077BD552293A5DB1754DDAC2EF	SHA256:9BA220B02676F499296B258227582E7F9347890E530D0E6795AA476150D909C3
3524	PixelSee_id247007id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\img2\bundle2-check-on.png		image
		MD5:0B5B7C97006E28013557CEE9E922D7DB	SHA256:3EBD2BEA7B3E1D9A09EDF27B3AAE63195D5DAE08D6581713BEC25C193C6A04CB

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	200	172.64.155.188:80	http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEB2iSDBvmyYY0ILgln0z02o%3D	US	der	2.18 Kb	whitelisted
—	—	GET	200	104.18.32.68:80	http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D	US	der	1.42 Kb	whitelisted
—	—	GET	200	3.94.72.89:80	http://lumtest.com/myip.json	US	binary	263 b	suspicious
—	—	GET	200	104.18.32.68:80	http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQ5suEceKjAJbxseAmHFkQ9FrhTWQQUDuE6qFM6MdWKvsG7rWcaA4WtNA4CEQDvy%2BOQ74w4P7l1LJtfioaI	US	der	510 b	whitelisted
3380	net_updater32.exe	GET	200	23.216.77.69:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?608170ec6df1bff7	US	compressed	4.70 Kb	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
3524	PixelSee_id247007id.exe	51.158.190.232:443	pixelsee.app	Online S.a.s.	FR	suspicious
3504	net_updater32.exe	3.228.177.90:443	clientsdk.lum-sdk.io	AMAZON-AES	US	suspicious
3504	net_updater32.exe	192.81.214.145:443	perr.l-err.biz	DIGITALOCEAN-ASN	US	suspicious
3504	net_updater32.exe	161.35.48.195:443	perr.l-err.biz	DIGITALOCEAN-ASN	US	unknown
2120	net_updater32.exe	161.35.48.195:443	perr.l-err.biz	DIGITALOCEAN-ASN	US	unknown
3504	net_updater32.exe	51.158.190.232:443	pixelsee.app	Online S.a.s.	FR	suspicious
2120	net_updater32.exe	162.125.66.18:443	www.dropbox.com	DROPBOX	DE	suspicious
3380	net_updater32.exe	161.35.48.195:443	perr.l-err.biz	DIGITALOCEAN-ASN	US	unknown
—	—	51.158.190.232:443	pixelsee.app	Online S.a.s.	FR	suspicious
—	—	172.64.155.188:80	ocsp.comodoca.com	CLOUDFLARENET	US	suspicious

DNS requests

Domain	IP	Reputation
pixelsee.app	51.158.190.232	suspicious
www.dropbox.com	162.125.66.18	shared
perr.l-err.biz	161.35.48.195 192.81.214.145 206.189.231.23 159.223.133.120	suspicious
perr.lum-sdk.io	192.81.214.145 161.35.48.195 206.189.231.23 159.223.133.120	suspicious
clientsdk.lum-sdk.io	3.228.177.90 3.228.36.186	suspicious
ctldl.windowsupdate.com	23.216.77.69 23.216.77.80	whitelisted
ocsp.comodoca.com	104.18.32.68 172.64.155.188	whitelisted
ocsp.usertrust.com	172.64.155.188 104.18.32.68	whitelisted
ocsp.sectigo.com	104.18.32.68 172.64.155.188	whitelisted
www.google-analytics.com	142.250.74.206	whitelisted

Threats

PID	Process	Class	Message
—	—	Potential Corporate Privacy Violation	ET POLICY Dropbox.com Offsite File Backup in Use
—	—	Potentially Bad Traffic	ET INFO Observed DNS Query to .biz TLD
—	—	Potentially Bad Traffic	ET INFO TLS Handshake Failure

3 ETPRO signatures available at the full report

Add for printing

Process	Message
pixelsee.exe	QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
pixelsee.exe	QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available
pixelsee.exe	QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
pixelsee.exe	QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available
pixelsee.exe	> __thiscall Application::Application(int &,char *[])
pixelsee.exe	> __thiscall Application::Application(int &,char *[])
pixelsee.exe	os version: "6.1.7601v" __ os name: "Windows 7 Version 6.1 (Build 7601: SP 1)"
pixelsee.exe	os version: "6.1.7601v" __ os name: "Windows 7 Version 6.1 (Build 7601: SP 1)"
pixelsee.exe	> int __thiscall Application::exec(void)
pixelsee.exe	> __thiscall PixelseeSettings::PixelseeSettings(void)

General Info

PixelSee_id247007id.exe.7z

310B37601E5E3B8F8D1C1941A2E231F0

32A6753337E5D382D3FEBB343AB818A021B4581A

0D1E143AB85DD44AC7AB62EDE9C13B72145B4958704ECF5FBB7294011C945091

49152:D3ndVb+FtwUY7juHVJrBWe2yqXZBBAbVa70IA:7d1+jl66VBBL2nwK0V

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Actions looks like stealing of personal data

The DLL Hijacking

Drops the executable file immediately after the start

Changes the autorun value in the registry

SUSPICIOUS

Reads the Internet Settings

Reads Microsoft Outlook installation path

Reads Internet Explorer settings

Reads the Windows owner or organization settings

Executable content was dropped or overwritten

Creates a software uninstall entry

The process drops C-runtime libraries

Reads settings of System Certificates

Drops a file with too old compile date

Checks Windows Trust Settings

Adds/modifies Windows certificates

Reads security settings of Internet Explorer

Changes default file association

Executes as Windows Service

Application launched itself

Detected use of alternative data streams (AltDS)

INFO

Checks supported languages

Reads the computer name

Checks proxy server information

The process checks LSA protection

Drops the executable file immediately after the start

Manual execution by a user

Executable content was dropped or overwritten

Create files in a temporary directory

Reads the machine GUID from the registry

Creates files or folders in the user directory

Drops a file that was compiled in debug mode

Application was dropped or rewritten from another process

Reads Environment values

Creates files in the program directory

Malware configuration

Static information

TRiD

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files