URL:

https://devuploads.com/18bu91i41vyj

Full analysis: https://app.any.run/tasks/419ecdc0-4d44-4a1b-b907-d978c8e05446
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 23, 2025, 20:58:45
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
obfuscated-js
stealer
autorun-download
mentalmentor
adware
loader
opera
tool
evasion
Indicators:
MD5:

359D17B0ABD951838101134137989CB4

SHA1:

814BDE8D2BACE84A3D6B91116E3C98B35D6D0AE9

SHA256:

5A244279DDF4A80696074B335E607272AF8A6BCF05C671A6BE469F5D94254FE6

SSDEEP:

3:N8YkJfOKl5P:2Yk9R

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • PixelSee_id4040758id.exe (PID: 5728)
      • setup.exe (PID: 2800)
      • setup.exe (PID: 8440)
      • setup.exe (PID: 1600)
      • setup.exe (PID: 6516)
      • assistant_installer.exe (PID: 7896)
      • assistant_installer.exe (PID: 7924)
      • installer.exe (PID: 7948)
      • installer.exe (PID: 6760)
      • assistant_installer.exe (PID: 8980)
      • assistant_installer.exe (PID: 1912)
      • assistant_installer.exe (PID: 8944)
      • assistant_installer.exe (PID: 5800)
      • opera.exe (PID: 3968)
      • opera_crashreporter.exe (PID: 4728)
      • opera.exe (PID: 7716)
      • opera_crashreporter.exe (PID: 5744)
      • opera.exe (PID: 8456)
      • opera_crashreporter.exe (PID: 7264)
      • opera.exe (PID: 6384)
      • opera.exe (PID: 9164)
      • opera.exe (PID: 8160)
      • opera.exe (PID: 8744)
      • browser_assistant.exe (PID: 7100)
      • opera_crashreporter.exe (PID: 7740)
      • opera.exe (PID: 4976)
      • opera_crashreporter.exe (PID: 9012)
      • opera_crashreporter.exe (PID: 7904)
      • opera.exe (PID: 8056)
      • browser_assistant.exe (PID: 5344)
      • opera_crashreporter.exe (PID: 2616)
      • opera_crashreporter.exe (PID: 7748)
      • opera.exe (PID: 4736)
      • opera.exe (PID: 7264)
      • opera.exe (PID: 8012)
      • opera.exe (PID: 684)
      • opera.exe (PID: 4528)
      • opera.exe (PID: 3968)
      • opera.exe (PID: 7052)
      • opera.exe (PID: 4724)
      • opera.exe (PID: 2596)
      • opera.exe (PID: 8076)
      • opera.exe (PID: 3012)
      • opera.exe (PID: 8456)
      • opera.exe (PID: 7988)
      • opera.exe (PID: 9988)
      • opera.exe (PID: 9960)
      • opera.exe (PID: 9968)
      • opera.exe (PID: 10100)
      • opera.exe (PID: 10068)
      • opera.exe (PID: 10232)
      • opera.exe (PID: 10208)
      • opera.exe (PID: 9888)
      • opera.exe (PID: 9640)
      • opera.exe (PID: 9396)
      • opera.exe (PID: 9616)
      • opera.exe (PID: 9348)
      • opera.exe (PID: 9468)
      • opera.exe (PID: 9692)
      • opera.exe (PID: 9948)
      • opera.exe (PID: 9036)
      • opera.exe (PID: 10024)
      • opera.exe (PID: 9368)
      • opera.exe (PID: 9664)
      • opera.exe (PID: 9356)
      • opera.exe (PID: 9420)
      • opera.exe (PID: 9388)
      • opera.exe (PID: 9360)
      • opera.exe (PID: 9884)
      • opera.exe (PID: 9916)
      • opera.exe (PID: 7916)
      • opera.exe (PID: 9220)
      • opera.exe (PID: 3100)
      • opera.exe (PID: 9636)
      • opera.exe (PID: 9540)
      • opera.exe (PID: 10676)
      • 360TS_Setup.exe (PID: 9952)
      • opera.exe (PID: 10836)
      • opera.exe (PID: 9712)
      • opera.exe (PID: 11164)
      • opera.exe (PID: 11156)
      • installer.exe (PID: 11240)
      • installer.exe (PID: 11088)
      • opera_autoupdate.exe (PID: 9644)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 10304)
      • opera_autoupdate.exe (PID: 10928)
      • opera.exe (PID: 10296)
      • opera.exe (PID: 10244)
      • opera.exe (PID: 10268)
      • opera.exe (PID: 11024)
      • opera.exe (PID: 9232)
      • opera.exe (PID: 9192)
      • opera.exe (PID: 11000)
      • opera.exe (PID: 11004)
      • opera.exe (PID: 10376)
      • opera.exe (PID: 9616)
      • opera.exe (PID: 9884)
      • opera.exe (PID: 11160)
      • opera.exe (PID: 7748)
      • opera.exe (PID: 9620)

    • MENTALMENTOR mutex has been found

      • luminati-m-controller.exe (PID: 5640)
      • luminati-m-controller.exe (PID: 6712)
      • luminati-m-controller.exe (PID: 10444)

    • Changes the autorun value in the registry

      • pixelsee.exe (PID: 5796)
      • assistant_installer.exe (PID: 8980)
      • opera.exe (PID: 3968)
      • opera.exe (PID: 7264)

    • Steals credentials from Web Browsers

      • setup.exe (PID: 2800)
      • setup.exe (PID: 8440)
      • setup.exe (PID: 1600)
      • setup.exe (PID: 6516)
      • assistant_installer.exe (PID: 7924)
      • assistant_installer.exe (PID: 7896)
      • installer.exe (PID: 7948)
      • installer.exe (PID: 6760)
      • assistant_installer.exe (PID: 1912)
      • assistant_installer.exe (PID: 8980)
      • assistant_installer.exe (PID: 5800)
      • assistant_installer.exe (PID: 8944)
      • opera.exe (PID: 7716)
      • opera.exe (PID: 3968)
      • opera_crashreporter.exe (PID: 4728)
      • opera_crashreporter.exe (PID: 5744)
      • opera_crashreporter.exe (PID: 7264)
      • opera.exe (PID: 8456)
      • opera_crashreporter.exe (PID: 9012)
      • opera.exe (PID: 8744)
      • browser_assistant.exe (PID: 7100)
      • opera_crashreporter.exe (PID: 7740)
      • opera.exe (PID: 9164)
      • browser_assistant.exe (PID: 5344)
      • opera.exe (PID: 8056)
      • opera.exe (PID: 4976)
      • opera_crashreporter.exe (PID: 7904)
      • opera_crashreporter.exe (PID: 2616)
      • opera_crashreporter.exe (PID: 7748)
      • opera.exe (PID: 4736)
      • opera.exe (PID: 7264)
      • opera.exe (PID: 684)
      • opera.exe (PID: 3968)
      • installer.exe (PID: 11088)
      • installer.exe (PID: 11240)
      • opera_autoupdate.exe (PID: 9644)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 10304)
      • opera_autoupdate.exe (PID: 10928)

  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • PixelSee_id4040758id.exe (PID: 5728)

    • Reads security settings of Internet Explorer

      • PixelSee_id4040758id.exe (PID: 5728)
      • lum_inst.tmp (PID: 1196)
      • luminati-m-controller.exe (PID: 5640)
      • bdvpn_setup.exe (PID: 5124)
      • pixelsee.exe (PID: 5796)
      • brightvpn_installer.exe (PID: 4572)
      • antivirus360.exe (PID: 8812)
      • net_updater32.exe (PID: 5544)
      • setup.exe (PID: 8440)
      • update.exe (PID: 7940)
      • pixelsee.exe (PID: 3884)
      • installer.exe (PID: 6760)
      • luminati-m-controller.exe (PID: 6712)
      • browser_assistant.exe (PID: 5344)
      • 360TS_Setup.exe (PID: 9952)

    • Reads Internet Explorer settings

      • PixelSee_id4040758id.exe (PID: 5728)

    • Process drops legitimate windows executable

      • PixelSee_id4040758id.exe (PID: 5728)
      • luminati-m-controller.exe (PID: 5640)
      • net_updater32.exe (PID: 5544)
      • update.exe (PID: 7940)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 8740)
      • assistant_installer.exe (PID: 8980)

    • Executable content was dropped or overwritten

      • lum_inst.exe (PID: 8940)
      • lum_inst.tmp (PID: 1196)
      • PixelSee_id4040758id.exe (PID: 5728)
      • luminati-m-controller.exe (PID: 5640)
      • bdvpn_setup.exe (PID: 5124)
      • pixelsee.exe (PID: 5796)
      • antivirus360.exe (PID: 8812)
      • opera_binst.exe (PID: 8016)
      • setup.exe (PID: 2800)
      • setup.exe (PID: 8440)
      • net_updater32.exe (PID: 5544)
      • setup.exe (PID: 8796)
      • setup.exe (PID: 1600)
      • setup.exe (PID: 6516)
      • update.exe (PID: 7940)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 8740)
      • pixelsee.exe (PID: 8540)
      • luminati-m-controller.exe (PID: 6712)
      • installer.exe (PID: 7948)
      • installer.exe (PID: 6760)
      • assistant_installer.exe (PID: 8980)
      • 360TS_Setup.exe (PID: 9700)
      • net_updater32.exe (PID: 9748)
      • 360TS_Setup.exe (PID: 9952)
      • installer.exe (PID: 11088)
      • installer.exe (PID: 11240)
      • luminati-m-controller.exe (PID: 10444)
      • opera_autoupdate.exe (PID: 10928)
      • installer.exe (PID: 11108)

    • Reads the Windows owner or organization settings

      • lum_inst.tmp (PID: 1196)

    • The process drops C-runtime libraries

      • luminati-m-controller.exe (PID: 5640)
      • PixelSee_id4040758id.exe (PID: 5728)
      • net_updater32.exe (PID: 5544)
      • update.exe (PID: 7940)

    • Creates a software uninstall entry

      • PixelSee_id4040758id.exe (PID: 5728)
      • installer.exe (PID: 6760)

    • Detected use of alternative data streams (AltDS)

      • luminati-m-controller.exe (PID: 5640)
      • net_updater32.exe (PID: 5544)
      • luminati-m-controller.exe (PID: 6712)
      • net_updater32.exe (PID: 9748)
      • luminati-m-controller.exe (PID: 10444)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • PixelSee_id4040758id.exe (PID: 5728)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • bdvpn_setup.exe (PID: 5124)

    • The process creates files with name similar to system file names

      • bdvpn_setup.exe (PID: 5124)

    • Application launched itself

      • net_updater32.exe (PID: 1012)
      • setup.exe (PID: 8440)
      • setup.exe (PID: 1600)
      • pixelsee.exe (PID: 5796)
      • assistant_installer.exe (PID: 7896)
      • installer.exe (PID: 6760)
      • assistant_installer.exe (PID: 8980)
      • assistant_installer.exe (PID: 8944)
      • browser_assistant.exe (PID: 5344)
      • opera.exe (PID: 3968)
      • opera.exe (PID: 7264)
      • installer.exe (PID: 11088)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 10928)

    • Potential Corporate Privacy Violation

      • antivirus360.exe (PID: 8812)

    • Process requests binary or script from the Internet

      • antivirus360.exe (PID: 8812)

    • Starts itself from another location

      • setup.exe (PID: 8440)
      • 360TS_Setup.exe (PID: 9700)

    • There is functionality for taking screenshot (YARA)

      • pixelsee.exe (PID: 5796)

    • Uses TASKKILL.EXE to kill process

      • update.exe (PID: 7940)

    • Searches for installed software

      • installer.exe (PID: 6760)
      • browser_assistant.exe (PID: 5344)

    • Reads the date of Windows installation

      • installer.exe (PID: 6760)
      • opera.exe (PID: 7264)

    • Executes as Windows Service

      • net_updater32.exe (PID: 9748)
      • WmiApSrv.exe (PID: 11100)

    • Reads Mozilla Firefox installation path

      • opera.exe (PID: 7264)

    • Creates file in the systems drive root

      • 360TS_Setup.exe (PID: 9952)

    • The process executes via Task Scheduler

      • opera_autoupdate.exe (PID: 10928)

    • The process verifies whether the antivirus software is installed

      • 360TS_Setup.exe (PID: 9952)

    • The process checks if it is being run in the virtual environment

      • opera.exe (PID: 7264)
      • net_updater32.exe (PID: 9748)

    • Drops 7-zip archiver for unpacking

      • 360TS_Setup.exe (PID: 9952)

    • Checks for external IP

      • net_updater32.exe (PID: 9748)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 8848)
      • PixelSee_id4040758id.exe (PID: 5728)
      • lum_inst.exe (PID: 8940)
      • lum_inst.tmp (PID: 1196)
      • luminati-m-controller.exe (PID: 5640)
      • pixelsee.exe (PID: 5796)
      • test_wpf.exe (PID: 9060)
      • pixelsee_crashpad_handler.exe (PID: 8248)
      • QtWebEngineProcess.exe (PID: 7660)
      • bdvpn_setup.exe (PID: 5124)
      • antivirus360.exe (PID: 8812)
      • brightvpn_installer.exe (PID: 4572)
      • net_updater32.exe (PID: 5544)
      • net_updater32.exe (PID: 1012)
      • opera_binst.exe (PID: 8016)
      • setup.exe (PID: 2800)
      • setup.exe (PID: 8440)
      • setup.exe (PID: 8796)
      • setup.exe (PID: 6516)
      • setup.exe (PID: 1600)
      • update.exe (PID: 7940)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 8740)
      • pixelsee.exe (PID: 3884)
      • assistant_installer.exe (PID: 7924)
      • assistant_installer.exe (PID: 7896)
      • pixelsee.exe (PID: 8540)
      • test_wpf.exe (PID: 2344)
      • installer.exe (PID: 6760)
      • luminati-m-controller.exe (PID: 6712)
      • pixelsee_crashpad_handler.exe (PID: 8008)
      • QtWebEngineProcess.exe (PID: 896)
      • installer.exe (PID: 7948)
      • assistant_installer.exe (PID: 1912)
      • assistant_installer.exe (PID: 5800)
      • browser_assistant.exe (PID: 5344)
      • opera.exe (PID: 7716)
      • opera.exe (PID: 3968)
      • assistant_installer.exe (PID: 8980)
      • assistant_installer.exe (PID: 8944)
      • browser_assistant.exe (PID: 7100)
      • opera.exe (PID: 8456)
      • opera.exe (PID: 6384)
      • opera.exe (PID: 8160)
      • opera_crashreporter.exe (PID: 4728)
      • opera_crashreporter.exe (PID: 5744)
      • opera_crashreporter.exe (PID: 7264)
      • opera.exe (PID: 4976)
      • opera.exe (PID: 9164)
      • opera.exe (PID: 8744)
      • opera_crashreporter.exe (PID: 7740)
      • opera_crashreporter.exe (PID: 9012)
      • opera_crashreporter.exe (PID: 7904)
      • opera.exe (PID: 8056)
      • opera.exe (PID: 4736)
      • opera_crashreporter.exe (PID: 7748)
      • opera_crashreporter.exe (PID: 2616)
      • opera.exe (PID: 7264)
      • opera.exe (PID: 3968)
      • opera.exe (PID: 7052)
      • opera.exe (PID: 8076)
      • opera.exe (PID: 3012)
      • opera.exe (PID: 8012)
      • opera.exe (PID: 684)
      • opera.exe (PID: 4724)
      • opera.exe (PID: 2596)
      • opera_gx_splash.exe (PID: 9340)
      • opera.exe (PID: 4528)
      • opera.exe (PID: 8456)
      • opera.exe (PID: 7988)
      • 360TS_Setup.exe (PID: 9700)
      • net_updater32.exe (PID: 9748)
      • test_wpf.exe (PID: 9808)
      • net_updater32.exe (PID: 9540)
      • opera.exe (PID: 9988)
      • opera.exe (PID: 9960)
      • opera.exe (PID: 9968)
      • opera.exe (PID: 10100)
      • opera.exe (PID: 10232)
      • idle_report.exe (PID: 10224)
      • opera.exe (PID: 10208)
      • brightdata.exe (PID: 6244)
      • opera.exe (PID: 10068)
      • 360TS_Setup.exe (PID: 9952)
      • opera.exe (PID: 9388)
      • opera.exe (PID: 9468)
      • opera.exe (PID: 9692)
      • opera.exe (PID: 9640)
      • opera.exe (PID: 9616)
      • opera.exe (PID: 9636)
      • opera.exe (PID: 9420)
      • opera.exe (PID: 9348)
      • opera.exe (PID: 9356)
      • opera.exe (PID: 9396)
      • opera.exe (PID: 9360)
      • opera.exe (PID: 9888)
      • opera.exe (PID: 9948)
      • opera.exe (PID: 9036)
      • opera.exe (PID: 9916)
      • opera.exe (PID: 10024)
      • opera.exe (PID: 9664)
      • opera.exe (PID: 3100)
      • opera.exe (PID: 7916)
      • opera.exe (PID: 9884)
      • opera.exe (PID: 9368)
      • opera.exe (PID: 9220)
      • opera.exe (PID: 10676)
      • opera.exe (PID: 9540)
      • opera.exe (PID: 9712)
      • opera.exe (PID: 10836)
      • opera.exe (PID: 11156)
      • installer.exe (PID: 11088)
      • opera.exe (PID: 11164)
      • installer.exe (PID: 11240)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 9644)
      • opera_autoupdate.exe (PID: 10928)
      • opera_autoupdate.exe (PID: 10304)
      • luminati-m-controller.exe (PID: 10444)
      • test_wpf.exe (PID: 10772)
      • opera.exe (PID: 10296)
      • opera.exe (PID: 10268)
      • opera.exe (PID: 9192)
      • opera.exe (PID: 9232)
      • opera.exe (PID: 11000)
      • opera.exe (PID: 11004)
      • opera.exe (PID: 10376)
      • opera.exe (PID: 11024)
      • opera.exe (PID: 10244)
      • opera.exe (PID: 9616)
      • opera.exe (PID: 9620)
      • installer.exe (PID: 11108)
      • opera.exe (PID: 9884)
      • opera.exe (PID: 11160)
      • opera.exe (PID: 7748)
      • identity_helper.exe (PID: 10856)

    • Reads Environment values

      • identity_helper.exe (PID: 8848)
      • identity_helper.exe (PID: 10856)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7360)
      • msedge.exe (PID: 4452)
      • msedge.exe (PID: 1812)

    • Reads the computer name

      • identity_helper.exe (PID: 8848)
      • PixelSee_id4040758id.exe (PID: 5728)
      • lum_inst.tmp (PID: 1196)
      • test_wpf.exe (PID: 9060)
      • luminati-m-controller.exe (PID: 5640)
      • pixelsee.exe (PID: 5796)
      • QtWebEngineProcess.exe (PID: 7660)
      • bdvpn_setup.exe (PID: 5124)
      • brightvpn_installer.exe (PID: 4572)
      • antivirus360.exe (PID: 8812)
      • net_updater32.exe (PID: 5544)
      • setup.exe (PID: 8440)
      • setup.exe (PID: 1600)
      • update.exe (PID: 7940)
      • pixelsee.exe (PID: 3884)
      • assistant_installer.exe (PID: 7896)
      • pixelsee.exe (PID: 8540)
      • QtWebEngineProcess.exe (PID: 896)
      • test_wpf.exe (PID: 2344)
      • luminati-m-controller.exe (PID: 6712)
      • installer.exe (PID: 6760)
      • assistant_installer.exe (PID: 8980)
      • assistant_installer.exe (PID: 8944)
      • opera.exe (PID: 7716)
      • opera.exe (PID: 3968)
      • browser_assistant.exe (PID: 5344)
      • opera.exe (PID: 8456)
      • opera.exe (PID: 6384)
      • opera.exe (PID: 8160)
      • opera.exe (PID: 8744)
      • opera.exe (PID: 9164)
      • opera.exe (PID: 8056)
      • opera.exe (PID: 4736)
      • opera.exe (PID: 7264)
      • opera.exe (PID: 8012)
      • opera.exe (PID: 3968)
      • 360TS_Setup.exe (PID: 9700)
      • net_updater32.exe (PID: 9748)
      • opera_gx_splash.exe (PID: 9340)
      • net_updater32.exe (PID: 9540)
      • test_wpf.exe (PID: 9808)
      • opera.exe (PID: 10232)
      • idle_report.exe (PID: 10224)
      • brightdata.exe (PID: 6244)
      • 360TS_Setup.exe (PID: 9952)
      • opera.exe (PID: 9468)
      • installer.exe (PID: 11088)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 10928)
      • test_wpf.exe (PID: 10772)
      • luminati-m-controller.exe (PID: 10444)
      • identity_helper.exe (PID: 10856)

    • Application launched itself

      • msedge.exe (PID: 4452)

    • The sample compiled with english language support

      • msedge.exe (PID: 7360)
      • msedge.exe (PID: 4452)
      • PixelSee_id4040758id.exe (PID: 5728)
      • luminati-m-controller.exe (PID: 5640)
      • lum_inst.tmp (PID: 1196)
      • msedge.exe (PID: 1812)
      • bdvpn_setup.exe (PID: 5124)
      • antivirus360.exe (PID: 8812)
      • opera_binst.exe (PID: 8016)
      • setup.exe (PID: 2800)
      • setup.exe (PID: 8440)
      • net_updater32.exe (PID: 5544)
      • setup.exe (PID: 8796)
      • setup.exe (PID: 1600)
      • setup.exe (PID: 6516)
      • update.exe (PID: 7940)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 8740)
      • installer.exe (PID: 6760)
      • pixelsee.exe (PID: 8540)
      • installer.exe (PID: 7948)
      • assistant_installer.exe (PID: 8980)
      • 360TS_Setup.exe (PID: 9952)
      • installer.exe (PID: 11088)
      • installer.exe (PID: 11240)
      • opera_autoupdate.exe (PID: 10928)
      • installer.exe (PID: 11108)

    • Autorun file from Downloads

      • msedge.exe (PID: 4452)
      • msedge.exe (PID: 8388)

    • Create files in a temporary directory

      • PixelSee_id4040758id.exe (PID: 5728)
      • lum_inst.exe (PID: 8940)
      • lum_inst.tmp (PID: 1196)
      • bdvpn_setup.exe (PID: 5124)
      • antivirus360.exe (PID: 8812)
      • opera_binst.exe (PID: 8016)
      • setup.exe (PID: 2800)
      • setup.exe (PID: 8440)
      • setup.exe (PID: 1600)
      • setup.exe (PID: 8796)
      • setup.exe (PID: 6516)
      • update.exe (PID: 7940)
      • Assistant_117.0.5408.35_Setup.exe_sfx.exe (PID: 8740)
      • installer.exe (PID: 7948)
      • installer.exe (PID: 6760)
      • opera.exe (PID: 7264)
      • 360TS_Setup.exe (PID: 9700)
      • 360TS_Setup.exe (PID: 9952)
      • installer.exe (PID: 11088)
      • installer.exe (PID: 11240)
      • installer.exe (PID: 11108)
      • opera_autoupdate.exe (PID: 10928)

    • Checks proxy server information

      • PixelSee_id4040758id.exe (PID: 5728)
      • luminati-m-controller.exe (PID: 5640)
      • bdvpn_setup.exe (PID: 5124)
      • pixelsee.exe (PID: 5796)
      • brightvpn_installer.exe (PID: 4572)
      • antivirus360.exe (PID: 8812)
      • net_updater32.exe (PID: 5544)
      • setup.exe (PID: 8440)
      • slui.exe (PID: 5244)
      • update.exe (PID: 7940)
      • pixelsee.exe (PID: 8540)
      • luminati-m-controller.exe (PID: 6712)
      • opera.exe (PID: 3968)
      • opera.exe (PID: 7264)
      • browser_assistant.exe (PID: 5344)
      • 360TS_Setup.exe (PID: 9952)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 10928)

    • Reads the software policy settings

      • slui.exe (PID: 1132)
      • luminati-m-controller.exe (PID: 5640)
      • bdvpn_setup.exe (PID: 5124)
      • pixelsee.exe (PID: 5796)
      • brightvpn_installer.exe (PID: 4572)
      • net_updater32.exe (PID: 5544)
      • setup.exe (PID: 8440)
      • slui.exe (PID: 5244)
      • update.exe (PID: 7940)
      • installer.exe (PID: 6760)
      • luminati-m-controller.exe (PID: 6712)
      • browser_assistant.exe (PID: 5344)
      • net_updater32.exe (PID: 9540)
      • net_updater32.exe (PID: 9748)
      • 360TS_Setup.exe (PID: 9952)
      • luminati-m-controller.exe (PID: 10444)

    • Process checks computer location settings

      • lum_inst.tmp (PID: 1196)
      • PixelSee_id4040758id.exe (PID: 5728)
      • luminati-m-controller.exe (PID: 5640)
      • net_updater32.exe (PID: 5544)
      • pixelsee.exe (PID: 3884)
      • update.exe (PID: 7940)
      • luminati-m-controller.exe (PID: 6712)
      • opera.exe (PID: 3968)
      • opera.exe (PID: 7264)
      • opera.exe (PID: 3012)
      • antivirus360.exe (PID: 8812)
      • net_updater32.exe (PID: 9748)
      • opera.exe (PID: 9960)
      • opera.exe (PID: 9988)
      • opera.exe (PID: 9968)
      • opera.exe (PID: 10100)
      • opera.exe (PID: 10068)
      • opera.exe (PID: 10208)
      • 360TS_Setup.exe (PID: 9952)
      • opera.exe (PID: 9664)
      • opera.exe (PID: 9220)
      • opera.exe (PID: 9540)
      • opera.exe (PID: 10836)
      • luminati-m-controller.exe (PID: 10444)
      • opera.exe (PID: 11160)
      • opera.exe (PID: 9620)

    • Reads the machine GUID from the registry

      • luminati-m-controller.exe (PID: 5640)
      • test_wpf.exe (PID: 9060)
      • pixelsee.exe (PID: 5796)
      • bdvpn_setup.exe (PID: 5124)
      • brightvpn_installer.exe (PID: 4572)
      • antivirus360.exe (PID: 8812)
      • net_updater32.exe (PID: 5544)
      • setup.exe (PID: 8440)
      • update.exe (PID: 7940)
      • pixelsee.exe (PID: 3884)
      • pixelsee.exe (PID: 8540)
      • test_wpf.exe (PID: 2344)
      • luminati-m-controller.exe (PID: 6712)
      • installer.exe (PID: 6760)
      • opera.exe (PID: 3968)
      • opera.exe (PID: 7264)
      • browser_assistant.exe (PID: 5344)
      • net_updater32.exe (PID: 9748)
      • test_wpf.exe (PID: 9808)
      • idle_report.exe (PID: 10224)
      • brightdata.exe (PID: 6244)
      • 360TS_Setup.exe (PID: 9952)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 9644)
      • opera_autoupdate.exe (PID: 10928)
      • opera_autoupdate.exe (PID: 10304)
      • luminati-m-controller.exe (PID: 10444)
      • test_wpf.exe (PID: 10772)

    • Creates files or folders in the user directory

      • PixelSee_id4040758id.exe (PID: 5728)
      • luminati-m-controller.exe (PID: 5640)
      • pixelsee.exe (PID: 5796)
      • pixelsee_crashpad_handler.exe (PID: 8248)
      • QtWebEngineProcess.exe (PID: 7660)
      • bdvpn_setup.exe (PID: 5124)
      • antivirus360.exe (PID: 8812)
      • setup.exe (PID: 2800)
      • net_updater32.exe (PID: 5544)
      • setup.exe (PID: 8440)
      • update.exe (PID: 7940)
      • pixelsee.exe (PID: 3884)
      • setup.exe (PID: 1600)
      • pixelsee.exe (PID: 8540)
      • QtWebEngineProcess.exe (PID: 896)
      • installer.exe (PID: 6760)
      • assistant_installer.exe (PID: 8980)
      • opera.exe (PID: 3968)
      • browser_assistant.exe (PID: 5344)
      • opera.exe (PID: 7264)
      • opera.exe (PID: 3968)
      • 360TS_Setup.exe (PID: 9952)
      • opera_autoupdate.exe (PID: 9644)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 10928)

    • Creates files in the program directory

      • luminati-m-controller.exe (PID: 5640)
      • brightvpn_installer.exe (PID: 4572)
      • bdvpn_setup.exe (PID: 5124)
      • net_updater32.exe (PID: 5544)
      • luminati-m-controller.exe (PID: 6712)
      • net_updater32.exe (PID: 9540)
      • 360TS_Setup.exe (PID: 9700)
      • net_updater32.exe (PID: 9748)
      • brightdata.exe (PID: 6244)
      • 360TS_Setup.exe (PID: 9952)
      • luminati-m-controller.exe (PID: 10444)

    • Disables trace logs

      • luminati-m-controller.exe (PID: 5640)
      • brightvpn_installer.exe (PID: 4572)
      • antivirus360.exe (PID: 8812)
      • net_updater32.exe (PID: 5544)
      • luminati-m-controller.exe (PID: 6712)
      • net_updater32.exe (PID: 9748)

    • Manual execution by a user

      • assistant_installer.exe (PID: 8944)
      • opera.exe (PID: 7264)

    • OPERA mutex has been found

      • opera.exe (PID: 3968)
      • opera.exe (PID: 7264)
      • browser_assistant.exe (PID: 5344)
      • opera_autoupdate.exe (PID: 9412)
      • opera_autoupdate.exe (PID: 10928)

    • The sample compiled with chinese language support

      • 360TS_Setup.exe (PID: 9700)
      • 360TS_Setup.exe (PID: 9952)

    • Reads CPU info

      • net_updater32.exe (PID: 9748)

    • Reads the time zone

      • net_updater32.exe (PID: 9748)

    • The sample compiled with turkish language support

      • 360TS_Setup.exe (PID: 9952)

    • The sample compiled with russian language support

      • 360TS_Setup.exe (PID: 9952)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
377
Monitored processes
231
Malicious processes
57
Suspicious processes
64

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs pixelsee_id4040758id.exe no specs pixelsee_id4040758id.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs lum_inst.exe lum_inst.tmp msedge.exe no specs #MENTALMENTOR luminati-m-controller.exe test_wpf.exe no specs msedge.exe netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs pixelsee.exe pixelsee_crashpad_handler.exe no specs qtwebengineprocess.exe no specs bdvpn_setup.exe brightvpn_installer.exe antivirus360.exe opera_binst.exe net_updater32.exe no specs conhost.exe no specs setup.exe msedge.exe no specs net_updater32.exe setup.exe setup.exe setup.exe setup.exe msedge.exe no specs pixelsee.exe no specs msedge.exe no specs update.exe msedge.exe no specs assistant_117.0.5408.35_setup.exe_sfx.exe assistant_installer.exe assistant_installer.exe taskkill.exe no specs conhost.exe no specs pixelsee.exe pixelsee_crashpad_handler.exe no specs qtwebengineprocess.exe no specs msedge.exe no specs msedge.exe no specs #MENTALMENTOR luminati-m-controller.exe test_wpf.exe no specs installer.exe installer.exe UIAutomationCrossBitnessHook32 Class no specs assistant_installer.exe assistant_installer.exe assistant_installer.exe assistant_installer.exe browser_assistant.exe opera.exe opera.exe opera_crashreporter.exe opera_crashreporter.exe browser_assistant.exe opera.exe opera.exe opera.exe opera_crashreporter.exe opera.exe opera.exe opera_crashreporter.exe opera.exe opera_crashreporter.exe opera.exe opera_crashreporter.exe opera.exe unsecapp.exe no specs opera_crashreporter.exe opera.exe opera_crashreporter.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera_gx_splash.exe no specs msedge.exe no specs net_updater32.exe conhost.exe no specs 360ts_setup.exe net_updater32.exe test_wpf.exe no specs 360ts_setup.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe idle_report.exe no specs opera.exe conhost.exe no specs brightdata.exe no specs conhost.exe no specs opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera_autoupdate.exe installer.exe wmiapsrv.exe no specs opera.exe opera.exe installer.exe opera_autoupdate.exe opera_autoupdate.exe opera_autoupdate.exe #MENTALMENTOR luminati-m-controller.exe test_wpf.exe no specs opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe installer.exe identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
660"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6488 --field-trial-handle=2340,i,3198347655326005938,9004525624209131005,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
684"C:\Users\admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:address-bar-dropdown-autocompleted-domains=on --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:bluesky-in-sidebar=on --with-feature:cashback-assistant=off --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-amazon-us-associates=off --with-feature:continue-shopping-explore=off --with-feature:continue-shopping-structured-partners=on --with-feature:discord-in-sidebar=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:new-personal-news-backend=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:realtime-impressions-reporting=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:sitecheck-age=on --with-feature:slack-in-sidebar=on --with-feature:specific-keywords=on --with-feature:startpage-opening-animation=off --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --field-trial-handle=2432,i,13970220514285059442,18091685761183317355,262144 --disable-features=CertificateTransparencyAskBeforeEnabling,PlatformSoftwareH264EncoderInGpu --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:8C:\Users\admin\AppData\Local\Programs\Opera\opera.exe
opera.exe
User:
admin
Company:
Opera Software
Integrity Level:
LOW
Description:
Opera Internet Browser
Version:
117.0.5408.142
Modules
Images
c:\users\admin\appdata\local\programs\opera\opera.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\programs\opera\117.0.5408.142\opera_elf.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5484 --field-trial-handle=2340,i,3198347655326005938,9004525624209131005,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
896"C:\Users\admin\PixelSee\QtWebEngineProcess.exe" --type=utility --enable-features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRefresh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebUSB --lang=en-US --service-sandbox-type=network --use-gl=angle --application-name=PixelSee --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=2756 /prefetch:8C:\Users\admin\PixelSee\QtWebEngineProcess.exepixelsee.exe
User:
admin
Company:
The Qt Company Ltd.
Integrity Level:
HIGH
Description:
C++ Application Development Framework
Version:
5.15.2.0
Modules
Images
c:\users\admin\pixelsee\qtwebengineprocess.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1012"C:\Program Files (x86)\Bright VPN\net_updater32.exe" --install-ui win_brightvpn.comC:\Program Files (x86)\Bright VPN\net_updater32.exebdvpn_setup.exe
User:
admin
Company:
BrightData Ltd. (certified)
Integrity Level:
HIGH
Description:
BrightData service allows free use of certain features in an app you installed
Version:
1.530.981
Modules
Images
c:\program files (x86)\bright vpn\net_updater32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wldap32.dll
1056"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5708 --field-trial-handle=2340,i,3198347655326005938,9004525624209131005,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6272 --field-trial-handle=2340,i,3198347655326005938,9004525624209131005,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1188C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
1196"C:\Users\admin\AppData\Local\Temp\is-CIOL3.tmp\lum_inst.tmp" /SL5="$40250,4539921,832512,C:\Users\admin\AppData\Local\Temp\luminati\lum_inst.exe" /verysilentC:\Users\admin\AppData\Local\Temp\is-CIOL3.tmp\lum_inst.tmp
lum_inst.exe
User:
admin
Company:
SIA Circle Solutions
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
100
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ciol3.tmp\lum_inst.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
Total events
75 795
Read events
73 963
Write events
1 738
Delete events
94

Modification events

(PID) Process:(4452) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4452) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4452) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4452) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4452) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
2CB89C099F8F2F00
(PID) Process:(4452) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
35C7A5099F8F2F00
(PID) Process:(4452) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262990
Operation:writeName:WindowTabManagerFileMappingId
Value:
{71A96424-6ED8-4834-94AA-7E892CB87FF9}
(PID) Process:(4452) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262990
Operation:writeName:WindowTabManagerFileMappingId
Value:
{DB6F6ACC-A155-4BF2-AF44-30068868C7AD}
(PID) Process:(4452) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262990
Operation:writeName:WindowTabManagerFileMappingId
Value:
{FFB6A51D-B4DA-4941-A051-A99C7A1CB2B9}
(PID) Process:(4452) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\262990
Operation:writeName:WindowTabManagerFileMappingId
Value:
{995551CA-862E-477A-ACBA-1C72CAE84542}
Executable files
1 311
Suspicious files
1 880
Text files
924
Unknown types
0

Dropped files

PID
Process
Filename
Type
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF10b9eb.TMP
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF10b9eb.TMP
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF10b9fb.TMP
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF10b9fb.TMP
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF10b9fb.TMP
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
4452msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
93
TCP/UDP connections
532
DNS requests
383
Threats
17

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.48.23.194:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
6544
svchost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
8116
backgroundTaskHost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
5352
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
8544
svchost.exe
HEAD
200
217.20.57.36:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c269ced-c74b-4e70-9b58-6e7999b292c0?P1=1742971746&P2=404&P3=2&P4=DxH7mcTDgItyURctHKvR7meSc7I0GTfL4JTfhwiwhFGCEBaDqNBGZnn1YnXqKajUne5xEfbPZU2b2qReVBRUFA%3d%3d
unknown
5352
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
8544
svchost.exe
GET
206
217.20.57.36:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c269ced-c74b-4e70-9b58-6e7999b292c0?P1=1742971746&P2=404&P3=2&P4=DxH7mcTDgItyURctHKvR7meSc7I0GTfL4JTfhwiwhFGCEBaDqNBGZnn1YnXqKajUne5xEfbPZU2b2qReVBRUFA%3d%3d
unknown
8544
svchost.exe
GET
206
217.20.57.36:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c269ced-c74b-4e70-9b58-6e7999b292c0?P1=1742971746&P2=404&P3=2&P4=DxH7mcTDgItyURctHKvR7meSc7I0GTfL4JTfhwiwhFGCEBaDqNBGZnn1YnXqKajUne5xEfbPZU2b2qReVBRUFA%3d%3d
unknown
8544
svchost.exe
GET
206
217.20.57.36:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c269ced-c74b-4e70-9b58-6e7999b292c0?P1=1742971746&P2=404&P3=2&P4=DxH7mcTDgItyURctHKvR7meSc7I0GTfL4JTfhwiwhFGCEBaDqNBGZnn1YnXqKajUne5xEfbPZU2b2qReVBRUFA%3d%3d
unknown
8544
svchost.exe
GET
206
217.20.57.36:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0c269ced-c74b-4e70-9b58-6e7999b292c0?P1=1742971746&P2=404&P3=2&P4=DxH7mcTDgItyURctHKvR7meSc7I0GTfL4JTfhwiwhFGCEBaDqNBGZnn1YnXqKajUne5xEfbPZU2b2qReVBRUFA%3d%3d
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
5496
MoUsoCoreWorker.exe
23.48.23.194:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
6488
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
7360
msedge.exe
104.21.112.1:443
devuploads.com
unknown
7360
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
4452
msedge.exe
239.255.255.250:1900
unknown
7360
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
7360
msedge.exe
13.107.6.158:443
business.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
7360
msedge.exe
13.107.246.44:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
unknown
settings-win.data.microsoft.com
  • 51.124.78.146
unknown
crl.microsoft.com
  • 23.48.23.194
  • 23.48.23.138
  • 23.48.23.139
  • 23.48.23.137
  • 23.48.23.156
  • 23.48.23.145
  • 23.48.23.150
  • 23.48.23.143
  • 23.48.23.193
unknown
config.edge.skype.com
  • 13.107.42.16
unknown
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
  • 150.171.27.11
  • 150.171.28.11
unknown
devuploads.com
  • 104.21.112.1
  • 104.21.48.1
  • 104.21.16.1
  • 104.21.80.1
  • 104.21.64.1
  • 104.21.96.1
  • 104.21.32.1
unknown
business.bing.com
  • 13.107.6.158
unknown
edge-mobile-static.azureedge.net
  • 13.107.246.44
unknown
bzib.nelreports.net
  • 23.50.131.74
  • 23.50.131.78
  • 2.16.10.182
  • 2.16.10.175
unknown
www.bing.com
  • 2.16.204.149
  • 2.16.204.148
  • 2.16.204.153
  • 2.16.204.156
  • 2.16.204.158
  • 2.16.204.151
  • 2.16.204.150
  • 2.16.204.135
  • 2.16.204.146
  • 2.16.204.155
  • 2.16.204.142
  • 2.16.204.161
  • 2.16.204.134
  • 2.16.204.157
  • 2.16.204.138
  • 2.16.204.160
  • 2.16.204.145
  • 2.16.204.141
unknown

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev)
Misc activity
ET INFO DNS Query to Cloudflare Page Developer Domain (pages .dev)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Pages platform for frontend developers to collaborate and deploy websites (pages .dev)
Misc activity
ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://devuploads.com/18bu91i41vyj