Malware analysis PixelSee_id2937703id.exe Malicious activity

Add for printing

File name:	PixelSee_id2937703id.exe
Full analysis:	https://app.any.run/tasks/e48084af-6784-4365-a9c2-299f7e0ec556
Verdict:	Malicious activity
Analysis date:	December 23, 2023, 15:37:30
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	CC4805556AFBAD7A49B6D2D32770977E
SHA1:	0DC67AA9AABF25BC6920432FFD3F70FCFF532222
SHA256:	DC5FC727D8478BD4069E5FBC75044EF1166140AB5CBBE2CBB41520C66E0646A0
SSDEEP:	98304:Qs09dMO3/N0Kdbgnvr+DpGRoPct/uN7cZzb8m/3uji6eWYw9wNdlk8CyNShgyIfV:dfIxwn1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Actions looks like stealing of personal data
  - PixelSee_id2937703id.exe (PID: 2024)
- Creates a writable file in the system directory
  - net_updater32.exe (PID: 3064)
SUSPICIOUS
- Reads Microsoft Outlook installation path
  - PixelSee_id2937703id.exe (PID: 2024)
- Reads the Internet Settings
  - PixelSee_id2937703id.exe (PID: 2024)
  - lum_inst.tmp (PID: 2588)
  - luminati-m-controller.exe (PID: 984)
  - pixelsee.exe (PID: 3124)
  - luminati-m-controller.exe (PID: 3844)
- Reads Internet Explorer settings
  - PixelSee_id2937703id.exe (PID: 2024)
- Reads the Windows owner or organization settings
  - lum_inst.tmp (PID: 2588)
- Reads settings of System Certificates
  - luminati-m-controller.exe (PID: 984)
  - net_updater32.exe (PID: 1192)
  - pixelsee.exe (PID: 3124)
- Adds/modifies Windows certificates
  - luminati-m-controller.exe (PID: 984)
- Detected use of alternative data streams (AltDS)
  - luminati-m-controller.exe (PID: 984)
  - net_updater32.exe (PID: 3064)
  - luminati-m-controller.exe (PID: 3844)
- Checks Windows Trust Settings
  - net_updater32.exe (PID: 3064)
INFO
- Reads the machine GUID from the registry
  - PixelSee_id2937703id.exe (PID: 2024)
  - luminati-m-controller.exe (PID: 984)
  - test_wpf.exe (PID: 1424)
  - net_updater32.exe (PID: 1192)
  - net_updater32.exe (PID: 3064)
  - test_wpf.exe (PID: 880)
  - idle_report.exe (PID: 2460)
  - pixelsee.exe (PID: 3124)
  - brightdata.exe (PID: 3288)
  - luminati-m-controller.exe (PID: 3844)
  - test_wpf.exe (PID: 3380)
  - idle_report.exe (PID: 2124)
- Checks proxy server information
  - PixelSee_id2937703id.exe (PID: 2024)
  - luminati-m-controller.exe (PID: 984)
- Create files in a temporary directory
  - PixelSee_id2937703id.exe (PID: 2024)
  - lum_inst.exe (PID: 2560)
- Reads the computer name
  - PixelSee_id2937703id.exe (PID: 2024)
  - lum_inst.tmp (PID: 2588)
  - test_wpf.exe (PID: 1424)
  - luminati-m-controller.exe (PID: 984)
  - net_updater32.exe (PID: 1192)
  - net_updater32.exe (PID: 3064)
  - test_wpf.exe (PID: 880)
  - pixelsee.exe (PID: 3124)
  - idle_report.exe (PID: 2460)
  - brightdata.exe (PID: 3288)
  - luminati-m-controller.exe (PID: 3844)
  - test_wpf.exe (PID: 3380)
  - idle_report.exe (PID: 2124)
- Checks supported languages
  - PixelSee_id2937703id.exe (PID: 2024)
  - lum_inst.exe (PID: 2560)
  - lum_inst.tmp (PID: 2588)
  - luminati-m-controller.exe (PID: 984)
  - test_wpf.exe (PID: 1424)
  - net_updater32.exe (PID: 1192)
  - net_updater32.exe (PID: 3064)
  - test_wpf.exe (PID: 880)
  - idle_report.exe (PID: 2460)
  - pixelsee.exe (PID: 3124)
  - brightdata.exe (PID: 3288)
  - pixelsee_crashpad_handler.exe (PID: 3628)
  - luminati-m-controller.exe (PID: 3844)
  - idle_report.exe (PID: 2124)
  - test_wpf.exe (PID: 3380)
- Process drops legitimate windows executable
  - PixelSee_id2937703id.exe (PID: 2024)
  - luminati-m-controller.exe (PID: 984)
- Creates files or folders in the user directory
  - PixelSee_id2937703id.exe (PID: 2024)
  - luminati-m-controller.exe (PID: 984)
  - pixelsee.exe (PID: 3124)
  - pixelsee_crashpad_handler.exe (PID: 3628)
- Drops the executable file immediately after the start
  - lum_inst.exe (PID: 2560)
  - lum_inst.tmp (PID: 2588)
  - luminati-m-controller.exe (PID: 984)
  - PixelSee_id2937703id.exe (PID: 2024)
  - net_updater32.exe (PID: 3064)
  - luminati-m-controller.exe (PID: 3844)
- The process drops C-runtime libraries
  - PixelSee_id2937703id.exe (PID: 2024)
  - luminati-m-controller.exe (PID: 984)
- Creates files in the program directory
  - luminati-m-controller.exe (PID: 984)
  - net_updater32.exe (PID: 1192)
  - net_updater32.exe (PID: 3064)
  - brightdata.exe (PID: 3288)
  - luminati-m-controller.exe (PID: 3844)
- Process checks computer location settings
  - luminati-m-controller.exe (PID: 984)
  - net_updater32.exe (PID: 3064)
  - luminati-m-controller.exe (PID: 3844)
- Reads Environment values
  - luminati-m-controller.exe (PID: 984)
  - net_updater32.exe (PID: 3064)
  - brightdata.exe (PID: 3288)
  - pixelsee.exe (PID: 3124)
  - luminati-m-controller.exe (PID: 3844)
- Executes as Windows Service
  - net_updater32.exe (PID: 3064)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (76.4)
.exe	\|	Win32 Executable (generic) (12.4)
.exe	\|	Generic Win/DOS Executable (5.5)
.exe	\|	DOS Executable Generic (5.5)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2023:09:29 19:25:35+02:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14.29
CodeSize:	2723328
InitializedDataSize:	2256896
UninitializedDataSize:	-
EntryPoint:	0x263f3f
OSVersion:	6
ImageVersion:	-
SubsystemVersion:	6
Subsystem:	Windows GUI
FileVersionNumber:	13.0.0.0
ProductVersionNumber:	13.0.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
Comments:	PixelSee Player Installer
CompanyName:	SIA Circle Solutions
FileDescription:	PixelSee Player Installer
FileVersion:	13.0.0.0
InternalName:	pixelsee
LegalCopyright:	Copyright © 2022-2023 SIA Circle Solutions
OriginalFileName:	pixelsee
PrivateBuild:	-
ProductName:	PixelSee
ProductVersion:	13.0.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

880

C:\ProgramData\BrightData\b85f5ef603041f1fc4e7f943c177a0d440a01266\test_wpf.exe

—

net_updater32.exe

User:

SYSTEM

Company:

BrightData Ltd. (certified)

Integrity Level:

SYSTEM

Description:

test_wpf

Exit code:

Version:

1.418.267

Modules

Images
c:\programdata\brightdata\b85f5ef603041f1fc4e7f943c177a0d440a01266\test_wpf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

984

"C:\Users\admin\PixelSee\Luminati-m\luminati-m-controller.exe" switch_on

C:\Users\admin\PixelSee\Luminati-m\luminati-m-controller.exe

lum_inst.tmp

User:

admin

Integrity Level:

HIGH

Exit code:

101

Modules

Images
c:\users\admin\pixelsee\luminati-m\luminati-m-controller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\pixelsee\luminati-m\lum_sdk32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll

1192

"C:\Users\admin\PixelSee\Luminati-m\net_updater32.exe" --install win_pixelsee.app --no-cleanup

C:\Users\admin\PixelSee\Luminati-m\net_updater32.exe

luminati-m-controller.exe

User:

admin

Company:

BrightData Ltd. (certified)

Integrity Level:

HIGH

Description:

BrightData service allows free use of certain features in an app you installed

Exit code:

Version:

1.418.267

Modules

Images
c:\users\admin\pixelsee\luminati-m\net_updater32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll

1424

C:\ProgramData\BrightData\b85f5ef603041f1fc4e7f943c177a0d440a01266\test_wpf.exe

—

luminati-m-controller.exe

User:

admin

Company:

BrightData Ltd. (certified)

Integrity Level:

HIGH

Description:

test_wpf

Exit code:

Version:

1.418.267

Modules

Images
c:\programdata\brightdata\b85f5ef603041f1fc4e7f943c177a0d440a01266\test_wpf.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

2024

"C:\Users\admin\AppData\Local\Temp\PixelSee_id2937703id.exe"

C:\Users\admin\AppData\Local\Temp\PixelSee_id2937703id.exe

explorer.exe

User:

admin

Company:

SIA Circle Solutions

Integrity Level:

HIGH

Description:

PixelSee Player Installer

Exit code:

Version:

13.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\pixelsee_id2937703id.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll

2036

"C:\Users\admin\AppData\Local\Temp\PixelSee_id2937703id.exe"

C:\Users\admin\AppData\Local\Temp\PixelSee_id2937703id.exe

—

explorer.exe

User:

admin

Company:

SIA Circle Solutions

Integrity Level:

MEDIUM

Description:

PixelSee Player Installer

Exit code:

3221226540

Version:

13.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\pixelsee_id2937703id.exe
c:\windows\system32\ntdll.dll

2124

C:\ProgramData\BrightData\b85f5ef603041f1fc4e7f943c177a0d440a01266\idle_report.exe --id 64459

C:\ProgramData\BrightData\b85f5ef603041f1fc4e7f943c177a0d440a01266\idle_report.exe

—

net_updater32.exe

User:

admin

Company:

BrightData Ltd.

Integrity Level:

MEDIUM

Description:

idle_report

Exit code:

Version:

1.418.267

Modules

Images
c:\programdata\brightdata\b85f5ef603041f1fc4e7f943c177a0d440a01266\idle_report.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

2460

C:\ProgramData\BrightData\b85f5ef603041f1fc4e7f943c177a0d440a01266\idle_report.exe --id 88326 --screen

C:\ProgramData\BrightData\b85f5ef603041f1fc4e7f943c177a0d440a01266\idle_report.exe

—

net_updater32.exe

User:

admin

Company:

BrightData Ltd.

Integrity Level:

MEDIUM

Description:

idle_report

Exit code:

Version:

1.418.267

Modules

Images
c:\programdata\brightdata\b85f5ef603041f1fc4e7f943c177a0d440a01266\idle_report.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll

2560

"C:\Users\admin\AppData\Local\Temp\luminati\lum_inst.exe" /verysilent

C:\Users\admin\AppData\Local\Temp\luminati\lum_inst.exe

—

PixelSee_id2937703id.exe

User:

admin

Company:

luminati

Integrity Level:

HIGH

Description:

luminati Setup

Exit code:

101

Version:

Modules

Images
c:\users\admin\appdata\local\temp\luminati\lum_inst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll

2588

"C:\Users\admin\AppData\Local\Temp\is-CHHNP.tmp\lum_inst.tmp" /SL5="$20192,5623757,832512,C:\Users\admin\AppData\Local\Temp\luminati\lum_inst.exe" /verysilent

C:\Users\admin\AppData\Local\Temp\is-CHHNP.tmp\lum_inst.tmp

—

lum_inst.exe

User:

admin

Company:

luminati

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

101

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-chhnp.tmp\lum_inst.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

Add for printing

Total events

27 504

Read events

27 266

Write events

204

Delete events

Modification events


(PID) Process:	(2024) PixelSee_id2937703id.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2024) PixelSee_id2937703id.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2024) PixelSee_id2937703id.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2024) PixelSee_id2937703id.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0
(PID) Process:	(2024) PixelSee_id2937703id.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:	write	Name:	CachePrefix
Value: Cookie:
(PID) Process:	(2024) PixelSee_id2937703id.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:	write	Name:	CachePrefix
Value: Visited:
(PID) Process:	(2588) lum_inst.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1
(PID) Process:	(2588) lum_inst.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	IntranetName
Value: 1
(PID) Process:	(2588) lum_inst.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	UNCAsIntranet
Value: 1
(PID) Process:	(2588) lum_inst.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	AutoDetect
Value: 0

Add for printing

Executable files

465

Suspicious files

175

Text files

133

Unknown types

Dropped files

PID	Process	Filename		Type
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\bundles\bundle-opera.html		html
		MD5:A0FD3EC1D58F5805C3ECBD3628B21815	SHA256:0C94BD8D4EAB1C2B4CE4FC9A8BB3F8FD11524DC9F8C8B2FEBE5FBC132978B4DD
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\curl-ca-bundle.crt		text
		MD5:BE2B0736EA029FFF398559FA7DF4E646	SHA256:C05A79296D61E3B2A2EBAF5AF476839B976D69A5ACB6F581A667E60E681049A2
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\bundles\bundle-av360.html		html
		MD5:464131FD397126E3B60443F381C299D5	SHA256:B01A533DDDD6629DCDFBCE0816E553D5DB36A99A233DB33719BE0646476A7C0B
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\archive.7z		compressed
		MD5:6490FE5A120A08B44B563C7FF2ED3269	SHA256:A5D248B9A5C1CEAF8270829B0676A2DC101EADFC64CBE099ADEC24C92ECC4420
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\preloader.html		html
		MD5:37A05031BEC9D3E093388407848AF66F	SHA256:CF38F4F8663028BEFF3A7650A9D426B4116891E8547029B66B8D2A13FAD63A48
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\main-icon-big.png		image
		MD5:0E5FEA82CC4F4A8225532E5B2F45C6C8	SHA256:81B5F50491579127D13E050847EF6D817265AB4B70D2796FB74021463B778BB9
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\bundles\bundle-opera-friendly.html		html
		MD5:5FF70AC1AA57AD1E40649C8EB9F6FAEC	SHA256:75EACCB36D17B83EB30891AB9C5A3F99BBEEC1AFC82806E1CFE45076E6A94891
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\bundles\main-yandex.txt		html
		MD5:A33EF0E924EA81B15526E8C79585834F	SHA256:27BB937B5D16967A469F0766FEABF451F51D774BD3B38EF1C6C28765E96CE60E
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\bundles\bundle-coc.html		html
		MD5:9C040C5F4DB773934730C0471363B4A4	SHA256:794AA2B7DCC14CF1A7017A9568AB47A81DA2F2D81CE6DE5BB777EDAE21AEF189
2024	PixelSee_id2937703id.exe	C:\Users\admin\AppData\Local\Temp\pixelsee-installer-tmp\bundles\bundle-luminati-wait.html		text
		MD5:FEA427802F9F1505612945D97AAC9568	SHA256:B550D0875D5DC5292C979981400782FAE63AACFC002CA03911FDC44A7C28E58A

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
3064	net_updater32.exe	GET	304	23.216.77.44:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?cd65e23f7b0a582b	unknown	—	—	—
3064	net_updater32.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAdTF0YC22Gdh8cnyPwWxE0%3D	unknown	binary	727 b	—
3064	net_updater32.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D	unknown	binary	471 b	—
3064	net_updater32.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D	unknown	binary	727 b	—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	unknown
4	System	192.168.100.255:137	—	—	—	unknown
2024	PixelSee_id2937703id.exe	51.158.130.233:443	pixelsee.app	Online S.a.s.	FR	unknown
984	luminati-m-controller.exe	161.35.48.195:443	perr.lum-sdk.io	DIGITALOCEAN-ASN	US	unknown
984	luminati-m-controller.exe	206.189.231.23:443	perr.lum-sdk.io	DIGITALOCEAN-ASN	US	unknown
984	luminati-m-controller.exe	3.228.177.90:443	—	AMAZON-AES	US	unknown
984	luminati-m-controller.exe	159.223.133.120:443	perr.lum-sdk.io	DIGITALOCEAN-ASN	US	unknown
984	luminati-m-controller.exe	51.158.130.233:443	pixelsee.app	Online S.a.s.	FR	unknown
984	luminati-m-controller.exe	192.81.214.145:443	perr.lum-sdk.io	DIGITALOCEAN-ASN	US	unknown
1192	net_updater32.exe	161.35.48.195:443	perr.lum-sdk.io	DIGITALOCEAN-ASN	US	unknown

DNS requests

Domain	IP	Reputation
pixelsee.app	51.158.130.233	unknown
perr.lum-sdk.io	161.35.48.195 206.189.231.23 159.223.133.120 192.81.214.145	unknown
perr.l-err.biz	161.35.48.195 206.189.231.23 159.223.133.120 192.81.214.145	unknown
ctldl.windowsupdate.com	23.216.77.44 23.216.77.75	unknown
ocsp.digicert.com	192.229.221.95	unknown
www.dropbox.com	162.125.66.18	unknown
brdtest.com	3.94.40.55 3.94.72.89	unknown
uced66e0882166039f04da34b499.dl.dropboxusercontent.com	162.125.66.15	unknown
www.google-analytics.com	216.58.212.142	unknown
o612922.ingest.sentry.io	34.120.195.249	unknown

Threats

PID	Process	Class	Message
—	—	Potentially Bad Traffic	ET INFO Observed DNS Query to .biz TLD
—	—	Potential Corporate Privacy Violation	ET POLICY Dropbox.com Offsite File Backup in Use
—	—	Misc activity	ET INFO DropBox User Content Download Access over SSL M2

Add for printing

Process	Message
pixelsee.exe	QWindowsEGLStaticContext::create: Could not initialize EGL display: error 0x3001
pixelsee.exe	QWindowsEGLStaticContext::create: When using ANGLE, check if d3dcompiler_4x.dll is available
pixelsee.exe	> __thiscall Application::Application(int &,char *[])
pixelsee.exe	os version: "6.1.7601v" __ os name: "Windows 7 Version 6.1 (Build 7601: SP 1)"
pixelsee.exe	> int __thiscall Application::exec(void)
pixelsee.exe	> __thiscall PixelseeSettings::PixelseeSettings(void)
pixelsee.exe	INSTALL ID: "" _ OLD ID: ""
pixelsee.exe	> void __thiscall PixelseeSettings::flushSettings(void)
pixelsee.exe	reseller - "" installId ""
pixelsee.exe	main libvlc debug: revision 3.0.16-0-g5e70837d8d

General Info

PixelSee_id2937703id.exe

CC4805556AFBAD7A49B6D2D32770977E

0DC67AA9AABF25BC6920432FFD3F70FCFF532222

DC5FC727D8478BD4069E5FBC75044EF1166140AB5CBBE2CBB41520C66E0646A0

98304:Qs09dMO3/N0Kdbgnvr+DpGRoPct/uN7cZzb8m/3uji6eWYw9wNdlk8CyNShgyIfV:dfIxwn1

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Actions looks like stealing of personal data

Creates a writable file in the system directory

SUSPICIOUS

Reads Microsoft Outlook installation path

Reads the Internet Settings

Reads Internet Explorer settings

Reads the Windows owner or organization settings

Reads settings of System Certificates

Adds/modifies Windows certificates

Detected use of alternative data streams (AltDS)

Checks Windows Trust Settings

INFO

Reads the machine GUID from the registry

Checks proxy server information

Create files in a temporary directory

Reads the computer name

Checks supported languages

Process drops legitimate windows executable

Creates files or folders in the user directory

Drops the executable file immediately after the start

The process drops C-runtime libraries

Creates files in the program directory

Process checks computer location settings

Reads Environment values

Executes as Windows Service

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings