a9427d47bf1cfadd009990ca09feb2af88823f5908b17e2afa70c8c49c95b3eb

Resubmissions

22-04-2024 16:18

240422-tr6jlade4x 6

22-04-2024 16:15

240422-tqh2xadd9x 6

22-04-2024 16:08

240422-tlnftsdc28 6

Analysis

max time kernel
269s
max time network
266s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-04-2024 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PixelSee_id94944id.exe
Size

4.8MB
MD5

39490d6ae5b10a8cdffecd71d05141dd
SHA1

450da6260c6817aca8d9444831a48439ba45785c
SHA256

a9427d47bf1cfadd009990ca09feb2af88823f5908b17e2afa70c8c49c95b3eb
SHA512

7ffb9cb6a53cf233b6ff396eeb6193e683aed75001b3f73a1bbadaeec3ff7dcbce9b7e215d1743a4374e488185b824b90dde4afe93a8d93608b6340af07c14fb
SSDEEP

98304:rcAf/HlqfEBwysMKalG8zzgg+t2TIJIX3gGKV0wMa8/FJjVBl5+pEs:rr/lqfEBwlMllPzzp+t2540w0jjVP5A

Score

6^/10

bootkit discovery evasion persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

pixelsee.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Windows\CurrentVersion\Run\PixelSee = "C:\\Users\\Admin\\PixelSee\\pixelsee.exe --minimized"	pixelsee.exe

Checks for any installed AV software in registry 1 TTPs 5 IoCs

Security Software Discovery

T1518.001

Processes:

PixelSee_id94944id.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\AVAST Software\Avast	PixelSee_id94944id.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast\Version	PixelSee_id94944id.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	PixelSee_id94944id.exe
Key opened	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Avira	PixelSee_id94944id.exe
Key opened	\REGISTRY\MACHINE\Software\Wow6432Node\Avira	PixelSee_id94944id.exe

Downloads MZ/PE file
Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

2692 netsh.exe
2032 netsh.exe
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

antivirus360.exe360TS_Setup.exe

description ioc process

File opened for modification \??\PhysicalDrive0 antivirus360.exe
File opened for modification \??\PhysicalDrive0 360TS_Setup.exe

pid	process
2692	netsh.exe
2032	netsh.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	antivirus360.exe
File opened for modification	\??\PhysicalDrive0	360TS_Setup.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

luminati-m-controller.exeluminati-m-controller.exe360TS_Setup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	luminati-m-controller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	luminati-m-controller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Control Panel\International\Geo\Nation	360TS_Setup.exe

Drops file in System32 directory 16 IoCs

Processes:

net_updater32.exebrightdata.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_7BC6BAD757FCD9C147D141E8A9D5A2A0	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT	brightdata.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT	net_updater32.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C86BD7751D53F10F65AAAD66BBDF33C7	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C86BD7751D53F10F65AAAD66BBDF33C7	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_7BC6BAD757FCD9C147D141E8A9D5A2A0	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\BrightData	net_updater32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 3 IoCs

Processes:

360TS_Setup.exe360TS_Setup.exe

description	ioc	process
File created	C:\Program Files (x86)\1713802975_0\360TS_Setup.exe	360TS_Setup.exe
File opened for modification	C:\Program Files (x86)\1713802975_0\360TS_Setup.exe	360TS_Setup.exe
File created	C:\Program Files (x86)\360\Total Security\writeable_test_259656285.dat	360TS_Setup.exe

Executes dropped EXE 18 IoCs

Processes:

lum_inst.exelum_inst.tmpluminati-m-controller.exetest_wpf.exenet_updater32.exenet_updater32.exepixelsee.exetest_wpf.exepixelsee_crashpad_handler.exeidle_report.exeluminati-m-controller.exetest_wpf.exeopera_binst.exeantivirus360.exebrightdata.exeidle_report.exe360TS_Setup.exe360TS_Setup.exe

pid	process
2696	lum_inst.exe
2376	lum_inst.tmp
1416	luminati-m-controller.exe
2056	test_wpf.exe
1364	net_updater32.exe
1580	net_updater32.exe
2772	pixelsee.exe
1904	test_wpf.exe
1264	pixelsee_crashpad_handler.exe
3036	idle_report.exe
2388	luminati-m-controller.exe
2016	test_wpf.exe
2172	opera_binst.exe
2044	antivirus360.exe
2848	brightdata.exe
880	idle_report.exe
2492	360TS_Setup.exe
1876	360TS_Setup.exe

Loads dropped DLL 64 IoCs

Processes:

PixelSee_id94944id.exelum_inst.exelum_inst.tmpluminati-m-controller.exepixelsee.exenet_updater32.exe

pid	process
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
2696	lum_inst.exe
2376	lum_inst.tmp
1416	luminati-m-controller.exe
1416	luminati-m-controller.exe
1416	luminati-m-controller.exe
1416	luminati-m-controller.exe
1416	luminati-m-controller.exe
1416	luminati-m-controller.exe
1416	luminati-m-controller.exe
1976	PixelSee_id94944id.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
2772	pixelsee.exe
2772	pixelsee.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

PixelSee_id94944id.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	PixelSee_id94944id.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	PixelSee_id94944id.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	PixelSee_id94944id.exe

Modifies data under HKEY_USERS 45 IoCs

Processes:

net_updater32.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	net_updater32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\GDIPlus\FontCachePath = "C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local"	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\GDIPlus	net_updater32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	net_updater32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	net_updater32.exe

Modifies registry class 59 IoCs

Processes:

pixelsee.exePixelSee_id94944id.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.3g2\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mp4	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.flv	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.m2v\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpeg2	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.ts\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpeg1	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.ogg	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.ogv	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.dv	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpeg\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.asx\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.asf	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpeg1\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.3gp\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.flv\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.m2v	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.m4v\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.3gp	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mkv\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.ogm\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.divx	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.ts	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.wmv\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.divx\	pixelsee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\PlayWithPixelSee\command\ = "\"C:\\Users\\Admin\\PixelSee\\pixelsee.exe\" \"%1.playdir\""	PixelSee_id94944id.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpeg	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.m1v\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mts\	pixelsee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\PlayWithPixelSee	PixelSee_id94944id.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.avi\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpeg4	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.m4v	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.3g2	pixelsee.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\PlayWithPixelSee\command	PixelSee_id94944id.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.avi	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.asx	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.asf\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mov	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.m1v	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.ogm	pixelsee.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\PlayWithPixelSee\ = "Play in PixelSee"	PixelSee_id94944id.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shell\PlayWithPixelSee\Icon = "C:\\Users\\Admin\\PixelSee\\pixelsee.exe"	PixelSee_id94944id.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mkv	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.vob	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.wmv	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.ogv\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpg\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mp4\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpeg4\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mts	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mov\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.m2ts\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.m2ts	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.ogg\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.dv\	pixelsee.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpg	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.vob\	pixelsee.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\.mpeg2\	pixelsee.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

luminati-m-controller.exenet_updater32.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	luminati-m-controller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	net_updater32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	net_updater32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	net_updater32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	net_updater32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	net_updater32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	luminati-m-controller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	luminati-m-controller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	net_updater32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	luminati-m-controller.exe

NTFS ADS 1 IoCs

Processes:

luminati-m-controller.exe

description	ioc	process
File opened for modification	C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\lum_sdk_session_id:LUM:$DATA	luminati-m-controller.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

pixelsee.exe

pid process

2772 pixelsee.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

PixelSee_id94944id.exelum_inst.tmpluminati-m-controller.exepixelsee.exenet_updater32.exeluminati-m-controller.exeantivirus360.exetaskmgr.exe

pid	process
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
2376	lum_inst.tmp
2376	lum_inst.tmp
1416	luminati-m-controller.exe
1416	luminati-m-controller.exe
1416	luminati-m-controller.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
2772	pixelsee.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
2772	pixelsee.exe
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
2772	pixelsee.exe
2388	luminati-m-controller.exe
2388	luminati-m-controller.exe
2388	luminati-m-controller.exe
2772	pixelsee.exe
1976	PixelSee_id94944id.exe
2772	pixelsee.exe
2044	antivirus360.exe
2044	antivirus360.exe
1976	PixelSee_id94944id.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1880	taskmgr.exe
1880	taskmgr.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1880	taskmgr.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe
1580	net_updater32.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

pixelsee.exetaskmgr.exe

pid process

2772 pixelsee.exe
1880 taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

luminati-m-controller.exenet_updater32.exeluminati-m-controller.exeantivirus360.exe

description	pid	process
Token: SeDebugPrivilege	1416	luminati-m-controller.exe
Token: SeDebugPrivilege	1580	net_updater32.exe
Token: SeShutdownPrivilege	1580	net_updater32.exe
Token: SeShutdownPrivilege	1580	net_updater32.exe
Token: SeDebugPrivilege	2388	luminati-m-controller.exe
Token: SeShutdownPrivilege	1580	net_updater32.exe
Token: SeShutdownPrivilege	1580	net_updater32.exe
Token: SeManageVolumePrivilege	2044	antivirus360.exe
Token: SeBackupPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe
Token: SeSecurityPrivilege	1580	net_updater32.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

lum_inst.tmppixelsee.exetaskmgr.exebrightdata.exeantivirus360.exe

pid	process
2376	lum_inst.tmp
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
2848	brightdata.exe
2848	brightdata.exe
1880	taskmgr.exe
1880	taskmgr.exe
2848	brightdata.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
2044	antivirus360.exe
1880	taskmgr.exe
1880	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

pixelsee.exetaskmgr.exebrightdata.exeantivirus360.exe

pid	process
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
2848	brightdata.exe
2848	brightdata.exe
1880	taskmgr.exe
1880	taskmgr.exe
2848	brightdata.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
2044	antivirus360.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe

Suspicious use of SetWindowsHookEx 40 IoCs

Processes:

PixelSee_id94944id.exepixelsee.exe

pid	process
1976	PixelSee_id94944id.exe
1976	PixelSee_id94944id.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe
2772	pixelsee.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

PixelSee_id94944id.exelum_inst.exelum_inst.tmpluminati-m-controller.exenet_updater32.exepixelsee.exeluminati-m-controller.exe

description	pid	process	target process
PID 1976 wrote to memory of 2696	1976	PixelSee_id94944id.exe	lum_inst.exe
PID 1976 wrote to memory of 2696	1976	PixelSee_id94944id.exe	lum_inst.exe
PID 1976 wrote to memory of 2696	1976	PixelSee_id94944id.exe	lum_inst.exe
PID 1976 wrote to memory of 2696	1976	PixelSee_id94944id.exe	lum_inst.exe
PID 1976 wrote to memory of 2696	1976	PixelSee_id94944id.exe	lum_inst.exe
PID 1976 wrote to memory of 2696	1976	PixelSee_id94944id.exe	lum_inst.exe
PID 1976 wrote to memory of 2696	1976	PixelSee_id94944id.exe	lum_inst.exe
PID 2696 wrote to memory of 2376	2696	lum_inst.exe	lum_inst.tmp
PID 2696 wrote to memory of 2376	2696	lum_inst.exe	lum_inst.tmp
PID 2696 wrote to memory of 2376	2696	lum_inst.exe	lum_inst.tmp
PID 2696 wrote to memory of 2376	2696	lum_inst.exe	lum_inst.tmp
PID 2696 wrote to memory of 2376	2696	lum_inst.exe	lum_inst.tmp
PID 2696 wrote to memory of 2376	2696	lum_inst.exe	lum_inst.tmp
PID 2696 wrote to memory of 2376	2696	lum_inst.exe	lum_inst.tmp
PID 2376 wrote to memory of 1416	2376	lum_inst.tmp	luminati-m-controller.exe
PID 2376 wrote to memory of 1416	2376	lum_inst.tmp	luminati-m-controller.exe
PID 2376 wrote to memory of 1416	2376	lum_inst.tmp	luminati-m-controller.exe
PID 2376 wrote to memory of 1416	2376	lum_inst.tmp	luminati-m-controller.exe
PID 1416 wrote to memory of 2056	1416	luminati-m-controller.exe	test_wpf.exe
PID 1416 wrote to memory of 2056	1416	luminati-m-controller.exe	test_wpf.exe
PID 1416 wrote to memory of 2056	1416	luminati-m-controller.exe	test_wpf.exe
PID 1416 wrote to memory of 2056	1416	luminati-m-controller.exe	test_wpf.exe
PID 1416 wrote to memory of 1364	1416	luminati-m-controller.exe	net_updater32.exe
PID 1416 wrote to memory of 1364	1416	luminati-m-controller.exe	net_updater32.exe
PID 1416 wrote to memory of 1364	1416	luminati-m-controller.exe	net_updater32.exe
PID 1416 wrote to memory of 1364	1416	luminati-m-controller.exe	net_updater32.exe
PID 1416 wrote to memory of 1364	1416	luminati-m-controller.exe	net_updater32.exe
PID 1416 wrote to memory of 1364	1416	luminati-m-controller.exe	net_updater32.exe
PID 1416 wrote to memory of 1364	1416	luminati-m-controller.exe	net_updater32.exe
PID 1976 wrote to memory of 2032	1976	PixelSee_id94944id.exe	netsh.exe
PID 1976 wrote to memory of 2032	1976	PixelSee_id94944id.exe	netsh.exe
PID 1976 wrote to memory of 2032	1976	PixelSee_id94944id.exe	netsh.exe
PID 1976 wrote to memory of 2032	1976	PixelSee_id94944id.exe	netsh.exe
PID 1976 wrote to memory of 2692	1976	PixelSee_id94944id.exe	netsh.exe
PID 1976 wrote to memory of 2692	1976	PixelSee_id94944id.exe	netsh.exe
PID 1976 wrote to memory of 2692	1976	PixelSee_id94944id.exe	netsh.exe
PID 1976 wrote to memory of 2692	1976	PixelSee_id94944id.exe	netsh.exe
PID 1976 wrote to memory of 2772	1976	PixelSee_id94944id.exe	pixelsee.exe
PID 1976 wrote to memory of 2772	1976	PixelSee_id94944id.exe	pixelsee.exe
PID 1976 wrote to memory of 2772	1976	PixelSee_id94944id.exe	pixelsee.exe
PID 1976 wrote to memory of 2772	1976	PixelSee_id94944id.exe	pixelsee.exe
PID 1580 wrote to memory of 1904	1580	net_updater32.exe	test_wpf.exe
PID 1580 wrote to memory of 1904	1580	net_updater32.exe	test_wpf.exe
PID 1580 wrote to memory of 1904	1580	net_updater32.exe	test_wpf.exe
PID 1580 wrote to memory of 1904	1580	net_updater32.exe	test_wpf.exe
PID 2772 wrote to memory of 1264	2772	pixelsee.exe	pixelsee_crashpad_handler.exe
PID 2772 wrote to memory of 1264	2772	pixelsee.exe	pixelsee_crashpad_handler.exe
PID 2772 wrote to memory of 1264	2772	pixelsee.exe	pixelsee_crashpad_handler.exe
PID 2772 wrote to memory of 1264	2772	pixelsee.exe	pixelsee_crashpad_handler.exe
PID 1580 wrote to memory of 3036	1580	net_updater32.exe	idle_report.exe
PID 1580 wrote to memory of 3036	1580	net_updater32.exe	idle_report.exe
PID 1580 wrote to memory of 3036	1580	net_updater32.exe	idle_report.exe
PID 1580 wrote to memory of 3036	1580	net_updater32.exe	idle_report.exe
PID 2772 wrote to memory of 2388	2772	pixelsee.exe	luminati-m-controller.exe
PID 2772 wrote to memory of 2388	2772	pixelsee.exe	luminati-m-controller.exe
PID 2772 wrote to memory of 2388	2772	pixelsee.exe	luminati-m-controller.exe
PID 2772 wrote to memory of 2388	2772	pixelsee.exe	luminati-m-controller.exe
PID 2388 wrote to memory of 2016	2388	luminati-m-controller.exe	test_wpf.exe
PID 2388 wrote to memory of 2016	2388	luminati-m-controller.exe	test_wpf.exe
PID 2388 wrote to memory of 2016	2388	luminati-m-controller.exe	test_wpf.exe
PID 2388 wrote to memory of 2016	2388	luminati-m-controller.exe	test_wpf.exe
PID 1976 wrote to memory of 2044	1976	PixelSee_id94944id.exe	antivirus360.exe
PID 1976 wrote to memory of 2044	1976	PixelSee_id94944id.exe	antivirus360.exe
PID 1976 wrote to memory of 2044	1976	PixelSee_id94944id.exe	antivirus360.exe

C:\Users\Admin\AppData\Local\Temp\PixelSee_id94944id.exe
"C:\Users\Admin\AppData\Local\Temp\PixelSee_id94944id.exe"
1⤵
- Checks for any installed AV software in registry
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976

C:\Users\Admin\AppData\Local\Temp\luminati\lum_inst.exe
"C:\Users\Admin\AppData\Local\Temp\luminati\lum_inst.exe" /verysilent
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\is-MFELN.tmp\lum_inst.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MFELN.tmp\lum_inst.tmp" /SL5="$401E2,5681168,832512,C:\Users\Admin\AppData\Local\Temp\luminati\lum_inst.exe" /verysilent
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2376

C:\Users\Admin\PixelSee\Luminati-m\luminati-m-controller.exe
"C:\Users\Admin\PixelSee\Luminati-m\luminati-m-controller.exe" switch_on
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1416

C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\test_wpf.exe
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\test_wpf.exe
5⤵
- Executes dropped EXE
PID:2056

C:\Users\Admin\PixelSee\Luminati-m\net_updater32.exe
"C:\Users\Admin\PixelSee\Luminati-m\net_updater32.exe" --install win_pixelsee.app --no-cleanup
5⤵
- Executes dropped EXE
PID:1364

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="PixelSee" dir=in action=allow program="C:\Users\Admin\pixelsee\pixelsee.exe"
2⤵
- Modifies Windows Firewall
PID:2032

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="PixelSee" dir=in action=allow program="C:\Users\Admin\pixelsee\qtwebengineprocess.exe"
2⤵
- Modifies Windows Firewall
PID:2692

C:\Users\Admin\PixelSee\pixelsee.exe
"C:\Users\Admin\PixelSee\pixelsee.exe" --installer
2⤵
- Adds Run key to start application
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772

C:\Users\Admin\PixelSee\pixelsee_crashpad_handler.exe
C:\Users\Admin\PixelSee\pixelsee_crashpad_handler.exe --no-rate-limit "--database=C:\Users\Admin\AppData\Local\PixelSee LLC\PixelSee\crashdumps" "--metrics-dir=C:\Users\Admin\AppData\Local\PixelSee LLC\PixelSee\crashdumps" --url=https://o612922.ingest.sentry.io:443/api/6420364/minidump/?sentry_client=sentry.native/0.4.6&sentry_key=297ce3230e5f4bcf957dbf23e9597dc9 "--attachment=C:/Users/Admin/AppData/Local/PixelSee LLC/PixelSee/crashdumps/logs/log" "--attachment=C:\Users\Admin\AppData\Local\PixelSee LLC\PixelSee\crashdumps\7081f5e6-3321-4957-363d-932adc510a84.run\__sentry-event" "--attachment=C:\Users\Admin\AppData\Local\PixelSee LLC\PixelSee\crashdumps\7081f5e6-3321-4957-363d-932adc510a84.run\__sentry-breadcrumb1" "--attachment=C:\Users\Admin\AppData\Local\PixelSee LLC\PixelSee\crashdumps\7081f5e6-3321-4957-363d-932adc510a84.run\__sentry-breadcrumb2" --initial-client-data=0x3ec,0x3f0,0x3f4,0x3c0,0x3f8,0x70887b7c,0x70887b90,0x70887ba0
3⤵
- Executes dropped EXE
PID:1264

C:\Users\Admin\PixelSee\Luminati-m\luminati-m-controller.exe
C:\Users\Admin\PixelSee\Luminati-m\luminati-m-controller.exe is_switch_on
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2388

C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\test_wpf.exe
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\test_wpf.exe
4⤵
- Executes dropped EXE
PID:2016

C:\Users\Admin\AppData\Local\Temp\opera\opera_binst.exe
"C:\Users\Admin\AppData\Local\Temp\opera\opera_binst.exe" --silent --allusers=0
2⤵
- Executes dropped EXE
PID:2172

C:\Users\Admin\AppData\Local\Temp\antivirus360\antivirus360.exe
"C:\Users\Admin\AppData\Local\Temp\antivirus360\antivirus360.exe" /s
2⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2044

C:\Users\Admin\AppData\Local\Temp\antivirus360\360TS_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\antivirus360\360TS_Setup.exe" /c:WW.Mediaget.CPI202309 /pmode:2 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /s
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
PID:2492

C:\Program Files (x86)\1713802975_0\360TS_Setup.exe
"C:\Program Files (x86)\1713802975_0\360TS_Setup.exe" /c:WW.Mediaget.CPI202309 /pmode:2 /promo:eyJib290dGltZSI6IjciLCJtZWRhbCI6IjciLCJuZXdzIjoiMCIsIm9wZXJhIjoiNyIsIm9wZXJhX2lucyI6IjAiLCJwb3B1cCI6IjciLCJyZW1pbmRlciI6IjciLCJ1cGdyYWRlX25vdyI6IjAifQo= /s /TSinstall
4⤵
- Writes to the Master Boot Record (MBR)
- Checks computer location settings
- Drops file in Program Files directory
- Executes dropped EXE
PID:1876

C:\Users\Admin\PixelSee\Luminati-m\net_updater32.exe
"C:/Users/Admin/PixelSee/Luminati-m/net_updater32.exe" --updater win_pixelsee.app
1⤵
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1580

C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\test_wpf.exe
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\test_wpf.exe
2⤵
- Executes dropped EXE
PID:1904

C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\idle_report.exe
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\idle_report.exe --id 28197 --screen
2⤵
- Executes dropped EXE
PID:3036

C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\brightdata.exe
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\brightdata.exe --appid win_pixelsee.app
2⤵
- Drops file in System32 directory
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2848

C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\idle_report.exe
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\idle_report.exe --id 18620
2⤵
- Executes dropped EXE
PID:880

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1880

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\20240422_162108_perr_04_04_start_dialog.jslog
Filesize
1KB

MD5
b2f7ba3e2e042d3fd51cc3a4c158363e

SHA1
1f17fc07d41903d9d8f4ce7d10ec9e2857b5affd

SHA256
e82f1909f8c452d7079437ec41dfd64c8c4b5e3099e3a522a4286a1a0e143e4f

SHA512
3f84990b3ef4617cd29b53a02c5a468f839f151133d76ccea38d41b65bcf20a1340ad489fac39055fb182f681264e8d75d2cc4b653218906cdaef1887ddd7bf4

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\20240422_162108_perr_04_05_show_dialog.jslog
Filesize
1KB

MD5
d44f50db02209d85d3921bb59d9cc60a

SHA1
bb825361bc34f0467a9699cc4e82bcc3d5773a71

SHA256
0b5521d0486753458160ab5abf1092165af063735c1301abec084591cc171419

SHA512
810a2515c55dbe1364551c7072b2bdc8dbdeb695edcf8230f745f8943de6bfb0cad4ddc839baaa83bb718706cc864acf12ac4e37614dacfa06f156f4e4a5eaea

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\20240422_162108_perr_choice_change.jslog
Filesize
1KB

MD5
8d2844600c063bd78b8c8755b7475f5e

SHA1
d92ff85aa6966672edd1963bc3d26bfb5c64c726

SHA256
918bec149e30e678590a6400468918fa8263f13602b60e60578f2f57dab9230e

SHA512
19477da15c3690a7fb20e2146308f6d34f31f76080becb633ee9aa5176dcd5b1136dff51156cbb1894ae63decd28bf1e125a9c276be8c1e92c1aa5cad95c306e

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\20240422_162108_perr_user_chose_peer.jslog
Filesize
1KB

MD5
c4ad3114afdb7e079c0314b95c042ba8

SHA1
d8af970b1c324705b596b6a1c51bd5e37cb01fa5

SHA256
6d36c1498fff5a62f447f809bc44eb91c41d221115ffc6c85788e1e711270ed0

SHA512
811aef0bb71ce1d680b7bcf2417c5292eda37d083847191f71991bdac5a01a120ceb1d9bd6530228e7829fcfcd4b843d5b74064e8450f37f163d94fcaeb47568

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\20240422_162124_once_07_service_stop_1.435.904.log
Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\brightdata.exe
Filesize
1.5MB

MD5
dee75704acbe514c6ad8727d550f79fa

SHA1
86cdf7d6ee950b62f4e88b2f8614231f713d848d

SHA256
e65c40b86331ad24cccdcef0581e48e6212cd78a2a09bfdfd11ba15819881fb3

SHA512
dfafedfd695a6e9cd9fbd6058d0da59521dfaef9636bb92e69244b5a24f6a1c582704a0dd3be8e49cb104b0717834acd2e8d14c3d21a464d34d7d9d849387969

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\idle_report.exe
Filesize
30KB

MD5
c77677366a2e5ae6bff987cf1409a077

SHA1
f28416863519092ec182c30eb1889a5ebfc2e2ac

SHA256
bd94fdbe50b8369c2c7fabed65f60cdb73419ca61574d143fb9e41466f850341

SHA512
b719c905beceb438c01fb584a1ee77d38ff65fe50540736c15231e03742aa19f271bb8980cbccc85a3f8d0b76857d18390422f3a56f5b94cc932a664f55e77b2

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\lum_sdk_install_id
Filesize
33B

MD5
6a13ab9efb9a27063a108c22ce78a711

SHA1
2385ae93bd3edb962d44b34717d6d2b6d6352144

SHA256
d94354c9513b86d95e54a592bb653b246e66bf650fa645c2b530557975843aef

SHA512
2cac032ecb5ea716929718e7e7738f7af598717c6e55e90b9988f17e19887d9ebc0f12db18e8e1732c8a8797a00fe8ce7e3fd003a502596dcd8c7695a334fa92

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\lum_sdk_session_id
Filesize
131B

MD5
592c5433c7c35e6e411cbfba7a4b990a

SHA1
07ce601531c0760734045e16d06dc460fa91a4fa

SHA256
b175b866e1379284780d42ac7dceb7cfd762917afabb475df919393e62566268

SHA512
eca336b5bf14432001ebafcd65289905320e912d2eeb8d240a29376f82ed1058655a0c15ef47e3c195968a97b4a724c3d33277e7ebd4e2b3d92ec7dd953afd56

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\lum_sdk_session_id:LUM
Filesize
216B

MD5
21c639ea329ccea32d4f2fa7baaad852

SHA1
3d4122276050d411f634a53b64278408d5d90d68

SHA256
c79fdedd5d724dbeac7db1aac0861f578847c3d9152a59135d602289c7908142

SHA512
0825387641bba61d06dbce218f0d2f5668f834e329307577d312f04dacae581a9d8934250b35737a559904deb7248e861e067dc5ed7030a608acbdc65180dc8a

Download Submit
C:\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\test_wpf.exe
Filesize
30KB

MD5
d6d6ddc6f5d18806e4b68745f4f72980

SHA1
c7f20c868d40cf557c27c084dea63910ca54466d

SHA256
e83cdf912e8d89e311738cf6d511d48e7846331c7f8135ee2786502af428f7be

SHA512
37fdb02440517f44db01b6b17bea93a9637ed5f929c36194dbc2ec860b62f7cea3767066dc2d826d4abc75147685e8766bd6bb8adf1d236b2a86f065314a5571

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\PixelSee LLC\PixelSee\crashdumps\logs\log
Filesize
5KB

MD5
b37db634f6a8e576e8ea215e74ea681b

SHA1
a2c5b47e75e18df360682a7369014b26f7dc4458

SHA256
9ac0b7ca5e39e67ba01810c67bee411cd89f1c30eb8e56bd43a1431be954e38a

SHA512
d5b5d18c0c45f7e98636defe5bf4fee37b400546b7f4bed9efa5d951848976b2e5dbbab2578679d63718a07399488c8ce6de6587ac4c3274c54ea81b4bca5e2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]
Filesize
655B

MD5
221347e561553ca15f425f0c339f6d2a

SHA1
113b27109b71235d47fb0f0dabd768c373afc92c

SHA256
1e7111eca4eaf28e07dc55c9f0aaa18751978acecd2aea9628472251b82ce95f

SHA512
ef8bb1566ab6a844a05158fa725bb68cb9baaf2edbdf54ec8cc9729f2ebc07977e99e53e1ae2424976f0b237ac6e7e39cec0267d33bda3621247dac4142f0cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]\setup.ini
Filesize
830B

MD5
a78c8cda43a8bd21ed73c2e8e74b32aa

SHA1
994584166233363e26dce5d8de717e10ca5d677f

SHA256
3ce606ddd340eb72ea585442f4fbecb56c215f729473f535eef6906edc2f7dd7

SHA512
261f25a55c06666ab630ac9b15c32449884a2f08dd44fdee62bed04d8658a0e52444bb2897b4e4274960e526e74ba180802010ae314cbcfc54f6ca3eee870248

Download Submit
C:\Users\Admin\AppData\Local\Temp\1713802975_00000000_base\360base.dll
Filesize
1.0MB

MD5
b192f34d99421dc3207f2328ffe62bd0

SHA1
e4bbbba20d05515678922371ea787b39f064cd2c

SHA256
58f13d919f44d194827b609b6b267246abc47134bb202472c0dfe033b9d7ed73

SHA512
00d4c7a0a0097eb4b31a71a0eaf6ff0d44619f77a335c75688565e34e6d7f4fb6c258917457d560c6b0a5077603845ce012e01d9862e87fb5327d7f8da970f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\config\lang\de\SysSweeper.ui.dat
Filesize
102KB

MD5
98a38dfe627050095890b8ed217aa0c5

SHA1
3da96a104940d0ef2862b38e65c64a739327e8f8

SHA256
794331c530f22c2390dd44d18e449c39bb7246868b07bdf4ff0be65732718b13

SHA512
fb417aa5de938aaf01bb9a07a3cd42c338292438f5a6b17ef1b8d800a5605c72df81d3bae582e17162f6b1c5008fd63035fa7a637e07e2697cb1b34f9197a0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\es\deepscan\dsurls.dat
Filesize
1KB

MD5
69d457234e76bc479f8cc854ccadc21e

SHA1
7f129438445bb1bde6b5489ec518cc8f6c80281b

SHA256
b0355da8317155646eba806991c248185cb830fe5817562c50af71d297f269ee

SHA512
200de0ffce7294266491811c6c29c870a5bc21cdf29aa626fc7a41d24faf1bfe054920bd8862784feaba75ba866b8ab5fd65df4df1e3968f78795ab1f4ad0d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\es\ipc\360ipc.dat
Filesize
1KB

MD5
ea5fdb65ac0c5623205da135de97bc2a

SHA1
9ca553ad347c29b6bf909256046dd7ee0ecdfe37

SHA256
0ba4355035fb69665598886cb35359ab4b07260032ba6651a9c1fcea2285726d

SHA512
bb9123069670ac10d478ba3aed6b6587af0f077d38ca1e2f341742eaf642a6605862d3d4dbf687eb7cb261643cf8c95be3fba1bfa0ee691e8e1ed17cc487b11e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\es\ipc\360netd.dat
Filesize
43KB

MD5
d89ff5c92b29c77500f96b9490ea8367

SHA1
08dd1a3231f2d6396ba73c2c4438390d748ac098

SHA256
3b5837689b4339077ed90cfeb937d3765dda9bc8a6371d25c640dfcee296090a

SHA512
88206a195cd3098b46eec2c8368ddc1f90c86998d7f6a8d8ec1e57ae201bc5939b6fe6551b205647e20e9a2d144abd68f64b75edd721342861acb3e12450060d

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\es\ipc\360netr.dat
Filesize
1KB

MD5
db5227079d3ca5b34f11649805faae4f

SHA1
de042c40919e4ae3ac905db6f105e1c3f352fb92

SHA256
912102c07fcabe6d8a018de20b2ad97ea5f775dcb383cd3376168b7ebf8f9238

SHA512
519ab81d0c3391f88050e5d7a2e839913c45c68f26dabad34c06c461ddb84c781bf7224e4d093462c475700e706eef562d1210cee3dba00a985d8dadbf165c5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\es\ipc\filemon.dat
Filesize
15KB

MD5
bfed06980072d6f12d4d1e848be0eb49

SHA1
bb5dd7aa1b6e4242b307ea7fabac7bc666a84e3d

SHA256
b065e3e3440e1c83d6a4704acddf33e69b111aad51f6d4194d6abc160eccfdc2

SHA512
62908dd2335303da5ab41054d3278fe613ed9031f955215f892f0c2bb520ce1d26543fa53c75ce5da4e4ecf07fd47d4795fafbdb6673fac767b37a4fa7412d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\es\ipc\regmon.dat
Filesize
30KB

MD5
9f2a98bad74e4f53442910e45871fc60

SHA1
7bce8113bbe68f93ea477a166c6b0118dd572d11

SHA256
1c743d2e319cd63426f05a3c51dfea4c4f5b923c96f9ecce7fcf8d4d46a8c687

SHA512
a8267905058170ed42ba20fe9e0a6274b83dcda0dd8afa77cbff8801ed89b1f108cfe00a929f2e7bbae0fc079321a16304d69c16ec9552c80325db9d6d332d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\es\libdefa.dat
Filesize
319KB

MD5
aeb5fab98799915b7e8a7ff244545ac9

SHA1
49df429015a7086b3fb6bb4a16c72531b13db45f

SHA256
19fa3cbec353223c9e376b7e06f050cc27b3c12d255fdcb5c36342fa3febbec4

SHA512
2d98ed2e9c26a61eb2f1a7beb8bd005eb4d3d0dac297c93faaf61928a05fb1c6343bb7a6b2c073c6520c81befdb51c87383eab8e7ca49bb060b344f2cf08f4d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\es\safemon\drvmon.dat
Filesize
5KB

MD5
c2a0ebc24b6df35aed305f680e48021f

SHA1
7542a9d0d47908636d893788f1e592e23bb23f47

SHA256
5ee31b5ada283f63ac19f79b3c3efc9f9e351182fcabf47ffccdd96060bfa2cf

SHA512
ea83e770ad03b8f9925654770c5fd7baf2592d6d0dd5b22970f38b0a690dfd7cb135988548547e62cca5f09cb737224bbb8f2c15fe3b9b02b996c319f6e271ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\fr\deepscan\art.dat
Filesize
38KB

MD5
0297d7f82403de0bb5cef53c35a1eba1

SHA1
e94e31dcd5c4b1ff78df86dbef7cd4e992b5d8a8

SHA256
81adb709eec2dfb3e7b261e3e279adf33de00e4d9729f217662142f591657374

SHA512
ce8983e3af798f336e34343168a14dc04e4be933542254ce14ff755d5eb2bcb6e745eda488bc24be2b323119006cf0bdb392c7b48558ca30f7f2e170a061a75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\fr\deepscan\dsr.dat
Filesize
58KB

MD5
504461531300efd4f029c41a83f8df1d

SHA1
2466e76730121d154c913f76941b7f42ee73c7ae

SHA256
4649eedc3bafd98c562d4d1710f44de19e8e93e3638bc1566e1da63d90cb04ad

SHA512
f7dd16173120dbfe2dabeab0c171d7d5868fd3107f13c2967183582fd23fd96c7eeca8107463a4084ad9f8560cd6447c35dc18b331fd3f748521518ac8e46632

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\hi\deepscan\dsconz.dat
Filesize
18KB

MD5
a426e61b47a4cd3fd8283819afd2cc7e

SHA1
1e192ba3e63d24c03cee30fc63af19965b5fb5e2

SHA256
bbabbf0df0d9b09cf348c83f8926fef859474e5c728936e75c88cd0ac15d9060

SHA512
8cc7ff3d5a0841174f5852ba37dbc31a2041cdcba400a30a51d3af9caf4595af3ffe4db7f6fe9502008eb8c2c186fe8fa3afd633aac38c3d6b0ad9bc9bc11eec

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\it\safemon\bp.dat
Filesize
2KB

MD5
1b5647c53eadf0a73580d8a74d2c0cb7

SHA1
92fb45ae87f0c0965125bf124a5564e3c54e7adb

SHA256
d81e7765dacef70a07c2d77e3ab1c953abd4c8b0c74f53df04c3ee4adf192106

SHA512
439738f2cdd0024e4d4f0da9668714fd369fb939424e865a29fc78725459b98c3f8ac746c65e7d338073374ab695c58d52b86aea72865496cd4b20fcd1aa9295

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\it\safemon\wd.ini
Filesize
8KB

MD5
bbcd2bd46f45a882a56d4ea27e6aca88

SHA1
69ec4e9df7648feff4905af2651abff6f6f9cc00

SHA256
dfe29bbd5fa9d1a9aac3efbef341ef02a44fcdf5b826cfa1fdd646bf27fa6655

SHA512
0619a5e55e479da2085602a91d7077ada2892e345a080adcb759fbcf9c51e1d1d07f362c02218ce880ad7858c9c262432b13979a2ff0ba4122a492479c748dd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\ipc\NetDefender.dll.locale
Filesize
24KB

MD5
cd37f1dbeef509b8b716794a8381b4f3

SHA1
3c343b99ec5af396f3127d1c9d55fd5cfa099dcf

SHA256
4d1a978e09c6dafdcf8d1d315191a9fb8c0d2695e75c7b8650817d027008d1c1

SHA512
178b73ed00bfd8241cc9191dbdd631ae28b5c7e76661863b326efde2dc2cb438716c0b70896ee313436ccd90f61db5226a3484169176f5a4b79ead1fb4451419

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\ipc\Sxin.dll.locale
Filesize
48KB

MD5
3e88c42c6e9fa317102c1f875f73d549

SHA1
156820d9f3bf6b24c7d24330eb6ef73fe33c7f72

SHA256
7e885136a20c3ab48cdead810381dccb10761336a62908ce78fe7f7d397cde0e

SHA512
58341734fb0cf666dfe9032a52674a645306a93430ebb2c6e5ad987e66ce19c8a91f3feebf9bba54b981d62127613dec3c939ef4168054d124b855a511b6d59c

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\ipc\Sxin64.dll.locale
Filesize
46KB

MD5
dc4a1c5b62580028a908f63d712c4a99

SHA1
5856c971ad3febe92df52db7aadaad1438994671

SHA256
ee05002e64e561777ea43ac5b9857141dabb7c9eed007a0d57c30924f61af91e

SHA512
45da43ac5b0321ddc5ec599818287bd87b7b6822c8dd6d790b5bbf1232000092afa695774cd3d9c787919ad02ca9846f7200970e273a99bfbe2aa6bebfe7e8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\ipc\appd.dll.locale
Filesize
25KB

MD5
9cbd0875e7e9b8a752e5f38dad77e708

SHA1
815fdfa852515baf8132f68eafcaf58de3caecfc

SHA256
86506ad8b30fc115f19ea241299f000bce38626fe1332601c042ee6109031e89

SHA512
973801758415f10462445e9b284a3c5991ced2279674a6658d4b96c5f2d74aea31ce324ac0a3f20406df3594fbe8939483dce11b8d302e65db97f7bb513d1624

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\ipc\filemgr.dll.locale
Filesize
21KB

MD5
3917cbd4df68d929355884cf0b8eb486

SHA1
917a41b18fcab9fadda6666868907a543ebd545d

SHA256
463916c13812228c4fb990a765cbb5d0ee8bb7a1e27de9bdcea1a63cc5095a6a

SHA512
072939985caa724ee5d078c32d41e60543027e23cce67b6f51c95e65ac16abaf2a1d6dce1692395c206c404f077219d30e9551c6d7592be3a0738c44e0627417

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\ipc\yhregd.dll.locale
Filesize
18KB

MD5
8a6421b4e9773fb986daf675055ffa5a

SHA1
33e5c4c943df418b71ce1659e568f30b63450eec

SHA256
02e934cbf941d874ba0343587a1e674f21fd2edef8b4a0cc0354c068ec6fe58b

SHA512
1bb85909a5f00c4d2bf42c0cb7e325982c200babb815df888c913083aebd2c61020225beedda1e7861f7786a9f99179199ec6412d63dd1a3f1b8c8c9634e77ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\safemon\360SPTool.exe.locale
Filesize
31KB

MD5
9259b466481a1ad9feed18f6564a210b

SHA1
ceaaa84daeab6b488aad65112e0c07b58ab21c4c

SHA256
15164d3600abd6b8f36ac9f686e965cfb2868025a01cded4f7707b1ae5008964

SHA512
b7b06367ba9aa0c52ac5cfc49d66e220232d5482b085287c43de2ef8131f5ee703ffeb4d7bef0e5d9a430c0146bb2ab69c36174982184a0c06e6beda14e808b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\safemon\360procmon.dll.locale
Filesize
106KB

MD5
7bdac7623fb140e69d7a572859a06457

SHA1
e094b2fe3418d43179a475e948a4712b63dec75b

SHA256
51475f2fa4cf26dfc0b6b27a42b324a109f95f33156618172544db97cbf4dddd

SHA512
fbed994a360ecff425728b1a465c14ffe056c9b227c2eb33f221e0614984fd21670eddb3681c20e31234a57bfe26bcf02c6a3b5e335d18610d09b4ed14aa5fb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\safemon\Safemon64.dll.locale
Filesize
52KB

MD5
a891bba335ebd828ff40942007fef970

SHA1
39350b39b74e3884f5d1a64f1c747936ad053d57

SHA256
129a7ba4915d44a475ed953d62627726b9aa4048ffcc316c47f7f533b68af58b

SHA512
91d1b04d550eda698b92d64f222ec59c29b5842115b3c3f1159313b620975bc8475b27151c23f21a78f60abd6c7fa9ce5cb1ea45f9349942338f9bf0c8cfc99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\safemon\SelfProtectAPI2.dll.locale
Filesize
21KB

MD5
9d8db959ff46a655a3cd9ccada611926

SHA1
99324fdc3e26e58e4f89c1c517bf3c3d3ec308e9

SHA256
a71e57cafb118f29740cd80527b094813798e880de682eca33bfe97aaa20b509

SHA512
9a2f2d88968470b49d9d13569263050b463570c3cce1b9821909e910a8a358e64ad428b86095a18f596d2b3ed77e0e21d40f9c24543e4a0872e6b35c5103bede

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\safemon\safemon.dll.locale
Filesize
53KB

MD5
770107232cb5200df2cf58cf278aa424

SHA1
2340135eef24d2d1c88f8ac2d9a2c2f5519fcb86

SHA256
110914328d4bf85058efa99db13bfec2c73e3b175b91dfd6b41c6fa72ebaa103

SHA512
0f8b98ded900d9421eb90cffd527d8218b14354d90b172d592c4945c482191d5e512f2678217c6214addb38da0b9bb9287f84963a50447cf232962bd99b0c3e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\safemon\spsafe.dll.locale
Filesize
9KB

MD5
22a6711f3196ae889c93bd3ba9ad25a9

SHA1
90c701d24f9426f551fd3e93988c4a55a1af92c4

SHA256
61c130d1436efba0a4975bc3f1c5f9fdf094a097d8182119193b44150344940e

SHA512
33db4f9474df53ce434f6e22f6883da100473d1b819984171356eeef523ba534c4abaf2536596b8758358e755e5d9f3793d85be12d2d8d5284fc7d13f6c005cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\safemon\spsafe64.dll.locale
Filesize
9KB

MD5
5823e8466b97939f4e883a1c6bc7153a

SHA1
eb39e7c0134d4e58a3c5b437f493c70eae5ec284

SHA256
9327e539134100aa8f61947da7415750f131c4e03bbb7edb61b0fab53ea34075

SHA512
e4ea824314151115592b3b2ad8cd423dc2a7183292aa165f74f8e35da4f142d84d296d34506f503d448c7bd423be6bf04da2412b7daf474fbf4ef6a2af142bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pl\safemon\webprotection_firefox\plugins\nptswp.dll.locale
Filesize
10KB

MD5
5efd82b0e517230c5fcbbb4f02936ed0

SHA1
9f3ea7c0778fedf87a6ed5345e6f45fb1bd173fb

SHA256
09d58a2f0656a777a66288ac4068aa94a2d58d0534328862b8371709eab2003b

SHA512
12775c718f24daa20ec8e4f3bdede4199c478900b12addcb068ae7b20806850fdc903e01c82e6b54e94363725dcff343aeac39c3512f5ea58d1ba8d46712ad33

Download Submit
C:\Users\Admin\AppData\Local\Temp\360_install_20240422162300_259656285\temp_files\i18n\pt\ipc\appmon.dat
Filesize
28KB

MD5
3aacd65ed261c428f6f81835aa8565a9

SHA1
a4c87c73d62146307fe0b98491d89aa329b7b22e

SHA256
f635978ce8fc3a30589f20fd9129737585cc29e59d5170ec0d50f1be6aca14c4

SHA512
74cf2ac111c5c159e4f039f31a2aab676c7d212948fa36ee99209d927db22fab625341de3435d7fbd19306a35b24a2a55a30adf9cefd81e0699529ba18c806e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6639.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\antivirus360\360TS_Setup.exe
Filesize
99.0MB

MD5
2262d2aa7ca436888e23d88b15b19383

SHA1
0d7f6fd75f71b8861718d79593f1930c40123b47

SHA256
bc120ec00d03c2d1c8be5053d48b9be4dac058a9ad8db8ce39e99174199b0100

SHA512
126a15f796d2814e6da92aeda1c9e336b8f078d76e8fa96956608e4b094fcbf290951ad0a07f8041d935d5cc64e36df535d2e6e253261ff567fa482227f8752e

Download Submit
C:\Users\Admin\AppData\Local\Temp\antivirus360\antivirus360.exe
Filesize
1.4MB

MD5
16de0dd53fcb7ed02b58e5d3e9ab6d25

SHA1
7b87440c2ff30ad47ecd2a459e487ce3efec1877

SHA256
2934cb7607c686e378b78f684ae3837abf2791b503a1165b28d915defd09b9c4

SHA512
a07692835e6bc9058b82364a44e3619a96ab6cd11d881645e57e6f6a68d66831e9af1b68c39ecb6e3f08969c5caa71fef788fb8272fb1b0f15515eac246966ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\Montserrat-Bold.eot
Filesize
256KB

MD5
0f722e725ac50271f9d6db477e8c0d17

SHA1
d34259cfe05b2ba9c9e5256a3ce513d4bc5afbe8

SHA256
7615a4bb88a5680cfead49c1774013ce48c4c7343cb82d7585f7935c705400b0

SHA512
9a58e7d1537f28f19dc6e63b36d422748d851b68a8b3eedf69f531d502d9163e41f4d9cc9d782fd6fc70fab269f04dc9907422bd80f5dd265edcc0ae6bddc77a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\Montserrat-Regular.eot
Filesize
314KB

MD5
2dd0a1de870af34d48d43b7cad82b8d9

SHA1
440f4f1fdf17a5c8b426ac6bd4535b8fe5258c7e

SHA256
057bc6c47c47aaccdf31adc48a6b401f6090a02c28e354099eff80907dc2af32

SHA512
83df193ab984037b940876bf6371020b4bb13af74e988abb8ad6a30d48ab6cd9dc5c08937e58abab93278cc85c9d79c373688b2c51c035fdeffed639c933e8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\Roboto-Regular.eot
Filesize
176KB

MD5
b9077621ce786b55c176a61456bfc077

SHA1
5f164e1bc0b6573bac876e38ca1bb2e60ff0627e

SHA256
6cedf381d59fa4caabfb836e9a3720420645cbcea32491a5ac5f07cf274ceac6

SHA512
b1f2c599804a2d0ac51d3adfe7b2d0a21c5fa1e3d8d83d932f42d30bfd26aad5972d96555097a60f8fdc4d34ed24bad2876a89cf0b27b8cd01c72c0ba8f4d02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\curl-ca-bundle.crt
Filesize
221KB

MD5
be2b0736ea029fff398559fa7df4e646

SHA1
70fc16edf57e15567cd70f4d919c93dbbb072dbc

SHA256
c05a79296d61e3b2a2ebaf5af476839b976d69a5acb6f581a667e60e681049a2

SHA512
c6dd35579b664e37721d470b2e3c4d8ab681a1bc32c4994b1ca9e5e042fbc21a78f4a3ba775d01b919f8dbbaad08f9eecf6f8dbb7f0224fb72b819b615993011

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\img2\main-icon-big.png
Filesize
975B

MD5
0e5fea82cc4f4a8225532e5b2f45c6c8

SHA1
b163d952a4a5b0c3ea40da2b47f95e624e344c96

SHA256
81b5f50491579127d13e050847ef6d817265ab4b70d2796fb74021463b778bb9

SHA512
051507296cd4d51ce4d34f0d1dd0a078f7598645ec42321335cec5719152c05dc611c663c67b3265e3baf14fd6e0c93788e2d0b04c6e5c16f4203dbd206b3f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\index.html
Filesize
33KB

MD5
10626eb43a0b5d515cff38b6ae4086d2

SHA1
1272a651ff81cf4e03c0489f74dabc275883d773

SHA256
22d1cd282fc08a22d387202d21ce5803683b12d77ef693b3fb0bffc692feec31

SHA512
1aa8f0f5cb2e3843237671dc4a22568432bf62637c0019c04345ffbcab2ae2bd40b7c85bff62527dd52e0d02a8b11b34316f9a70d45c043122b542e32a7dedfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\js\jquery-ui.min.1.8.0.js
Filesize
202KB

MD5
a4fdd77e182bd2fabe300a47b5617a35

SHA1
e002b335c75b5edefcd251962f61f53a2ab8e0f2

SHA256
8b59592d67eadc703af6cdd5ba8d077f9f9485d01fb6405555614335f89be99b

SHA512
ddcccde1c129f8f71fb39685abc615c4202b8b3dfc12cedd7d9cca2f97b308fc14b64497826421fa9df3d1cf54bdae9c085051af0a8d393cd3d556a6578d4085

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\js\jquery.min.1.6.4.js
Filesize
89KB

MD5
ea75b2a8f1b4241a872b1cbddbaed154

SHA1
18678dd78c1f5a3525127b442bc70375faf09c16

SHA256
4a62927a380e201c4ee51321dcc1e6b1f7dfbf82049cf349df990629e01e9178

SHA512
dc69cd4703dcba3c8f4a52058c44a34fa7c0b6096bed20f30ce3dab872461eb6dda9d0d381137b9cb022219ad92ca7f5f25d3964ed33d5f41e9fc05efa5330fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\pixelsee-installer-tmp\preloader.html
Filesize
826B

MD5
37a05031bec9d3e093388407848af66f

SHA1
5b48a5b72097ad98eacf54e956e94d26710a0493

SHA256
cf38f4f8663028beff3a7650a9d426b4116891e8547029b66b8d2a13fad63a48

SHA512
db3af55b93e901778a74f462af1f80a3e4181b251b061f858a3a6dadc77f2eaf4760c30f4ef9ae5560418eadb6133d474289c3b84c0e89615670af722d8dab9f

Download Submit
C:\Users\Admin\PixelSee\Luminati-m\brd_config.json
Filesize
64B

MD5
a4db174f480872e2ec0b15cfb5e64571

SHA1
b877d344709096c35529fb14776e7a55a8472acd

SHA256
a9992a0afc4660bf61537614f6aa4afa739739601cc02bf7aa1b2deb87e4cb8c

SHA512
475e6706276a996dc654245a4606f325ac9a0b9646d5bd4562cff7635f7fcd063999ec3e94a8ad4f74a7491fbf7f102ee787cd69ff43547108d396e2c7bee4f7

Download Submit
C:\Users\Admin\PixelSee\Luminati-m\lum_sdk32.dll
Filesize
6.7MB

MD5
29a3de4627fff3d2b3ea113f7a71e184

SHA1
3caff820b16e19f89d68ff6daac82a5df0e6a6cb

SHA256
9a38889aa4c84dbf654a12d8b1c381bc9ba228ad4a66cb31a627ac04d3907731

SHA512
03d21838c202f21fe7ebc85cc1566f07fa8115662a7f849a39cfbe6d7a6cfcdd5b67ef1d5e09752567a652639c94c41bfb1997c725cd612fbf0950d5e15ef8df

Download Submit
C:\Users\Admin\PixelSee\api-ms-win-crt-heap-l1-1-0.dll
Filesize
19KB

MD5
39d81596a7308e978d67ad6fdccdd331

SHA1
a0b2d43dd1c27d8244d11495e16d9f4f889e34c4

SHA256
3d109fd01f6684414d8a1d0d2f5e6c5b4e24de952a0695884744a6cbd44a8ec7

SHA512
0ef6578de4e6ba55eda64691892d114e154d288c419d05d6cff0ef4240118c20a4ce7f4174eec1a33397c6cd0135d13798dc91cc97416351775f9abf60fcae76

Download Submit
\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\brd_sdk32_clr.dll
Filesize
5.5MB

MD5
b9142b1e9907aed2bb96b554466310cf

SHA1
2633cf3fcaf18072592efa4ea39b56ae25a4d022

SHA256
a6bae2d81237e0e65c03e326d03a4978eaeb844394825fa0bd1b3cef6878c625

SHA512
99be3d79830548fa2c265e0a2f765c74d4acd5fe00f9ccb7ab6b71d1c3d35af56fe099f8e3885702a2904e49eec9619974e920333587eb160e5f611b939b4ce2

Download Submit
\ProgramData\BrightData\537fe92663a1ddca21c19e8c696cb5c463365a5c\msvcr120.dll
Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
\Users\Admin\AppData\Local\Temp\is-MFELN.tmp\lum_inst.tmp
Filesize
3.1MB

MD5
4fa5fd32b5aa9b6c6b110d3a184c69c6

SHA1
d055925af4efc2784c52784792d6dc3b5ea4a793

SHA256
d285137ffc9fab917dc5781085fa3a50b12faa1d69d491c69c2ba6c5db214c6a

SHA512
b233119d160709e03e434431f31a8cb1001f4bb2d31f917ebe7f6dbd7b40e94bb8369cd799b55b97c46897e4711f2cf5c964131afcf5898c169a9185d110047d

Download Submit
\Users\Admin\AppData\Local\Temp\luminati\lum_inst.exe
Filesize
6.2MB

MD5
204545b6cd87f571332ae5d815c9f144

SHA1
a172ec360305d7ebe13031b0a18138142535d214

SHA256
f17b04bf55bbbd590db33569611895e29e98fa4b16f8e12a28365b1d83ac3432

SHA512
2d7afa95fb728f06ce0d5e40d9205c10ee5ef558a58130015d70f065a5cf3dba2ff9ed93061db1f0b5cbaa953f9a3d943723ae73329e887ddfcc66666093a66e

Download Submit
\Users\Admin\PixelSee\Luminati-m\luminati-m-controller.exe
Filesize
198KB

MD5
e1c0207c368fe71324485f3dd84bd07d

SHA1
7c6c1744fdfe6290717cff7cc558d6a673a25c65

SHA256
3014265a9d1f9c2e1f4354f759369f913b7c34a0319fe4f4d796453b4fb5b399

SHA512
25c09a0f07a9161d8dd7fe348029ebd24ec5adb11da307bc01daeffe16609d241162fea4d03ce8ba480d0960ac33cd864ad5898055427686a06ae384983d910f

Download Submit
\Users\Admin\PixelSee\Luminati-m\net_updater32.exe
Filesize
8.8MB

MD5
96e6fc58e0279dd47be865a4301d4942

SHA1
9d0827a377a49ebedaeda7a099606d4b6b6eb677

SHA256
a857d0e5f1e2e3ddb14a33e9947382c15cdf02655d5c03e95b5cd5a98c1ae432

SHA512
e716526a83438770d25715a1315529452bbec2b67e87a78a5c088d21ed5f5fc48b15094ee79b7bb664723b089abc5620fe9a3e1735f36f0a5519eb0f0a83382f

Download Submit
\Users\Admin\PixelSee\api-ms-win-core-file-l1-2-0.dll
Filesize
18KB

MD5
f6d1216e974fb76585fd350ebdc30648

SHA1
f8f73aa038e49d9fcf3bd05a30dc2e8cbbe54a7c

SHA256
348b70e57ae0329ac40ac3d866b8e896b0b8fef7e8809a09566f33af55d33271

SHA512
756ee21ba895179a5b6836b75aeefb75389b0fe4ae2aaff9ed84f33075094663117133c810ab2e697ec04eaffd54ff03efa3b9344e467a847acea9f732935843

Download Submit
\Users\Admin\PixelSee\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfb08fb09e8d68673f2f0213c59e2b97

SHA1
e1e5ff4e7dd1c902afbe195d3e9fd2a7d4a539f2

SHA256
6d5881719e9599bf10a4193c8e2ded2a38c10de0ba8904f48c67f2da6e84ed3e

SHA512
e4f33306f3d06ea5c8e539ebdb6926d5f818234f481ff4605a9d5698ae8f2afdf79f194acd0e55ac963383b78bb4c9311ee97f3a188e12fbf2ee13b35d409900

Download Submit
\Users\Admin\PixelSee\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
3b9d034ca8a0345bc8f248927a86bf22

SHA1
95faf5007daf8ba712a5d17f865f0e7938da662b

SHA256
a7ac7ece5e626c0b4e32c13299e9a44c8c380c8981ce4965cbe4c83759d2f52d

SHA512
04f0830878e0166ffd1220536592d0d7ec8aacd3f04340a8d91df24d728f34fbbd559432e5c35f256d231afe0ae926139d7503107cea09bfd720ad65e19d1cdc

Download Submit
\Users\Admin\PixelSee\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
c2ead5fcce95a04d31810768a3d44d57

SHA1
96e791b4d217b3612b0263e8df2f00009d5af8d8

SHA256
42a9a3d8a4a7c82cb6ec42c62d3a522daa95beb01ecb776aac2bfd4aa1e58d62

SHA512
c90048481d8f0a5eda2eb6e7703b5a064f481bb7d8c78970408b374cb82e89febc2e36633f1f3e28323fb633d6a95aa1050a626cb0cb5ec62e9010491aae91f4

Download Submit
\Users\Admin\PixelSee\api-ms-win-core-synch-l1-2-0.dll
Filesize
18KB

MD5
f6b4d8d403d22eb87a60bf6e4a3e7041

SHA1
b51a63f258b57527549d5331c405eacc77969433

SHA256
25687e95b65d0521f8c737df301bf90db8940e1c0758bb6ea5c217cf7d2f2270

SHA512
1acd8f7bc5d3ae1db46824b3a5548b33e56c9bac81dcd2e7d90fdbd1d3dd76f93cdf4d52a5f316728f92e623f73bc2ccd0bc505a259dff20c1a5a2eb2f12e41b

Download Submit
\Users\Admin\PixelSee\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
a20084f41b3f1c549d6625c790b72268

SHA1
e3669b8d89402a047bfbf9775d18438b0d95437e

SHA256
0fa42237fd1140fd125c6edb728d4c70ad0276c72fa96c2faabf7f429fa7e8f1

SHA512
ddf294a47dd80b3abfb3a0d82bc5f2b510d3734439f5a25da609edbbd9241ed78045114d011925d61c3d80b1ccd0283471b1dad4cf16e2194e9bc22e8abf278f

Download Submit
\Users\Admin\PixelSee\api-ms-win-crt-convert-l1-1-0.dll
Filesize
22KB

MD5
5245f303e96166b8e625dd0a97e2d66a

SHA1
1c9ed748763f1ff5b14b8c791a4c29de753a96ab

SHA256
90a63611d9169a8cd7d030cd2b107b6e290e50e2beba6fa640a7497a8599aff5

SHA512
af51f341670f925449e69c4b5f0a82f4fc4eb32913943272c32e3f3f18ee43b4afb78c0d7d2f965c1abe6a0f3a368616dd7a4fb74d83d22d1b69b405aef1e043

Download Submit
\Users\Admin\PixelSee\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
22KB

MD5
ae3fa6bf777b0429b825fb6b028f8a48

SHA1
b53dbfdb7c8deaa9a05381f5ac2e596830039838

SHA256
66b86ed0867fe22e80b9b737f3ee428be71f5e98d36f774abbf92e3aaca71bfb

SHA512
1339e7ce01916573e7fdd71e331eeee5e27b1ddd968cadfa6cbc73d58070b9c9f8d9515384af004e5e015bd743c7a629eb0c62a6c0fa420d75b069096c5d1ece

Download Submit
\Users\Admin\PixelSee\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
24KB

MD5
32d7b95b1bce23db9fbd0578053ba87f

SHA1
7e14a34ac667a087f66d576c65cd6fe6c1dfdd34

SHA256
104a76b41cbd9a945dba43a6ffa8c6de99db2105d4ce93a717729a9bd020f728

SHA512
7dad74a0e3820a8237bab48f4962fe43e5b60b00f003a5de563b4cf61ee206353c9689a639566dc009f41585b54b915ff04f014230f0f38416020e08c8a44cb4

Download Submit
\Users\Admin\PixelSee\api-ms-win-crt-string-l1-1-0.dll
Filesize
24KB

MD5
5e72659b38a2977984bbc23ed274f007

SHA1
ea622d608cc942bdb0fad118c8060b60b2e985c9

SHA256
44a4db6080f6bdae6151f60ae5dc420faa3be50902e88f8f14ad457dec3fe4ea

SHA512
ed3cb656a5f5aee2cc04dd1f25b1390d52f3e85f0c7742ed0d473a117d2ac49e225a0cb324c31747d221617abcd6a9200c16dd840284bb29155726a3aa749bb1

Download Submit
\Users\Admin\PixelSee\msvcp140.dll
Filesize
438KB

MD5
1fb93933fd087215a3c7b0800e6bb703

SHA1
a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb

SHA256
2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01

SHA512
79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

Download Submit
\Users\Admin\PixelSee\pixelsee.exe
Filesize
3.6MB

MD5
39ac0b1da37f1c2b521e3da09e82ae28

SHA1
a5d8b4968692e904858d89fe1d2af9010eabe168

SHA256
1d75842198ab950daa78817c9e4cfffb2b5bf14ba415836df941852c154cb4d0

SHA512
1aba4557ea56950befa9ded74b33f47af86bd161b4d03a94c608f3844850698a801957a2e3a2b8d7c5250cf8ae848222d2135700ec35ca2fbbbdea526cd99369

Download Submit
\Users\Admin\PixelSee\sentry.dll
Filesize
375KB

MD5
231c11192fa58f32794dc7fa6fec9f8c

SHA1
7bf5f9364a4251b91a274188f504d839e9b4c428

SHA256
9288b5cbc3f1287a40adc794766abc74e5ff5edb8e271c075b39c596d6859a5d

SHA512
6699ba3f71d48a733a37102f53ac702d3b77b6608f96a4495f6a570606a29366b76552b3a5bfc9370ae4883c9af31282c468cb6a7c359d25c7731997217ec867

Download Submit
\Users\Admin\PixelSee\ucrtbase.dll
Filesize
879KB

MD5
3e0303f978818e5c944f5485792696fd

SHA1
3b6e3ea9f5a6bbdeda20d68b84e4b51dc48deb1d

SHA256
7041885b2a8300bf12a46510228ce8d103d74e83b1baf696b84ff3e5ab785dd1

SHA512
c2874029bd269e6b9f7000c48d0710c52664c44e91c3086df366c3456b8bce0ed4d7e5bcfe4bdd3d03b11b8245c65f4b848b6dc58e6ea7b1de9b3ca2fb3348bc

Download Submit
\Users\Admin\PixelSee\vcruntime140.dll
Filesize
78KB

MD5
1b171f9a428c44acf85f89989007c328

SHA1
6f25a874d6cbf8158cb7c491dcedaa81ceaebbae

SHA256
9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c

SHA512
99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

Download Submit
memory/880-3663-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download
memory/1416-1591-0x0000000005D80000-0x00000000062E4000-memory.dmp

Filesize
5.4MB

Download
memory/1416-1592-0x0000000002440000-0x0000000002480000-memory.dmp

Filesize
256KB

Download
memory/1416-1585-0x0000000002440000-0x0000000002480000-memory.dmp

Filesize
256KB

Download
memory/1416-1679-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/1416-1626-0x0000000002A00000-0x0000000002A0A000-memory.dmp

Filesize
40KB

Download
memory/1416-1675-0x0000000002440000-0x0000000002480000-memory.dmp

Filesize
256KB

Download
memory/1416-1685-0x0000000002440000-0x0000000002480000-memory.dmp

Filesize
256KB

Download
memory/1416-1723-0x0000000002440000-0x0000000002480000-memory.dmp

Filesize
256KB

Download
memory/1416-1722-0x000000006F6E0000-0x000000006FDCE000-memory.dmp

Filesize
6.9MB

Download
memory/1416-1590-0x000000006F6E0000-0x000000006FDCE000-memory.dmp

Filesize
6.9MB

Download
memory/1416-1589-0x0000000005800000-0x0000000005D79000-memory.dmp

Filesize
5.5MB

Download
memory/1580-1948-0x00000000030E0000-0x0000000003120000-memory.dmp

Filesize
256KB

Download
memory/1580-1846-0x00000000030E0000-0x0000000003120000-memory.dmp

Filesize
256KB

Download
memory/1580-1832-0x0000000010000000-0x00000000106AF000-memory.dmp

Filesize
6.7MB

Download
memory/1580-1847-0x0000000005A90000-0x0000000006009000-memory.dmp

Filesize
5.5MB

Download
memory/1580-1972-0x00000000030E0000-0x0000000003120000-memory.dmp

Filesize
256KB

Download
memory/1580-1954-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download
memory/1580-1848-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download
memory/1580-1849-0x00000000030E0000-0x0000000003120000-memory.dmp

Filesize
256KB

Download
memory/1876-3728-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1880-3659-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3655-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3664-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3705-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3660-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3648-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3658-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3665-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3653-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1880-3649-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1904-1842-0x0000000001100000-0x0000000001108000-memory.dmp

Filesize
32KB

Download
memory/1904-1843-0x0000000068C10000-0x00000000692FE000-memory.dmp

Filesize
6.9MB

Download
memory/1904-1915-0x0000000068C10000-0x00000000692FE000-memory.dmp

Filesize
6.9MB

Download
memory/1976-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2016-1987-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2016-1985-0x0000000001090000-0x0000000001098000-memory.dmp

Filesize
32KB

Download
memory/2044-3529-0x0000000002CF0000-0x0000000002CF1000-memory.dmp

Filesize
4KB

Download
memory/2056-1560-0x0000000000E30000-0x0000000000E38000-memory.dmp

Filesize
32KB

Download
memory/2056-1563-0x000000006FD60000-0x000000007044E000-memory.dmp

Filesize
6.9MB

Download
memory/2056-1562-0x0000000000480000-0x00000000004C0000-memory.dmp

Filesize
256KB

Download
memory/2056-1561-0x000000006FD60000-0x000000007044E000-memory.dmp

Filesize
6.9MB

Download
memory/2376-1533-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2376-1678-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2376-1684-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2376-1725-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2388-2080-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2696-1527-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2696-1524-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2696-1674-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2696-1727-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2772-2002-0x000000005EE60000-0x000000005EE8A000-memory.dmp

Filesize
168KB

Download
memory/2772-1998-0x00000000682D0000-0x000000006830D000-memory.dmp

Filesize
244KB

Download
memory/2772-2036-0x000000005E1E0000-0x000000005E4F9000-memory.dmp

Filesize
3.1MB

Download
memory/2772-2033-0x000000005E570000-0x000000005E590000-memory.dmp

Filesize
128KB

Download
memory/2772-2038-0x000000005E1B0000-0x000000005E1C5000-memory.dmp

Filesize
84KB

Download
memory/2772-2039-0x000000005E190000-0x000000005E1A1000-memory.dmp

Filesize
68KB

Download
memory/2772-2041-0x000000005E170000-0x000000005E180000-memory.dmp

Filesize
64KB

Download
memory/2772-2040-0x000000005E180000-0x000000005E18F000-memory.dmp

Filesize
60KB

Download
memory/2772-2043-0x000000005E140000-0x000000005E157000-memory.dmp

Filesize
92KB

Download
memory/2772-2044-0x000000005E130000-0x000000005E13E000-memory.dmp

Filesize
56KB

Download
memory/2772-2042-0x000000005E160000-0x000000005E16E000-memory.dmp

Filesize
56KB

Download
memory/2772-2037-0x000000005E1D0000-0x000000005E1DF000-memory.dmp

Filesize
60KB

Download
memory/2772-2020-0x000000005E9B0000-0x000000005E9BF000-memory.dmp

Filesize
60KB

Download
memory/2772-2032-0x000000005E590000-0x000000005E621000-memory.dmp

Filesize
580KB

Download
memory/2772-2012-0x0000000069CA0000-0x0000000069CB0000-memory.dmp

Filesize
64KB

Download
memory/2772-2381-0x0000000000E10000-0x0000000000E1A000-memory.dmp

Filesize
40KB

Download
memory/2772-2382-0x0000000000E10000-0x0000000000E1A000-memory.dmp

Filesize
40KB

Download
memory/2772-3512-0x0000000000280000-0x0000000000290000-memory.dmp

Filesize
64KB

Download
memory/2772-2011-0x000000005EA80000-0x000000005EA96000-memory.dmp

Filesize
88KB

Download
memory/2772-2010-0x000000005EAA0000-0x000000005EB2D000-memory.dmp

Filesize
564KB

Download
memory/2772-2009-0x000000005EB30000-0x000000005EB51000-memory.dmp

Filesize
132KB

Download
memory/2772-2007-0x000000005EBB0000-0x000000005EC3F000-memory.dmp

Filesize
572KB

Download
memory/2772-2005-0x0000000069D80000-0x0000000069D8E000-memory.dmp

Filesize
56KB

Download
memory/2772-2008-0x000000005EB60000-0x000000005EBA7000-memory.dmp

Filesize
284KB

Download
memory/2772-2019-0x000000005E9C0000-0x000000005EA7A000-memory.dmp

Filesize
744KB

Download
memory/2772-2021-0x000000005E990000-0x000000005E9A4000-memory.dmp

Filesize
80KB

Download
memory/2772-2006-0x000000005EC40000-0x000000005EE31000-memory.dmp

Filesize
1.9MB

Download
memory/2772-2003-0x000000005EE40000-0x000000005EE56000-memory.dmp

Filesize
88KB

Download
memory/2772-2004-0x0000000069E10000-0x0000000069E1E000-memory.dmp

Filesize
56KB

Download
memory/2772-2023-0x000000005E960000-0x000000005E974000-memory.dmp

Filesize
80KB

Download
memory/2772-2013-0x0000000069430000-0x000000006943E000-memory.dmp

Filesize
56KB

Download
memory/2772-2024-0x000000005E950000-0x000000005E95F000-memory.dmp

Filesize
60KB

Download
memory/2772-2001-0x0000000066E20000-0x0000000066E42000-memory.dmp

Filesize
136KB

Download
memory/2772-2000-0x0000000066E50000-0x0000000066E64000-memory.dmp

Filesize
80KB

Download
memory/2772-1999-0x00000000682A0000-0x00000000682CC000-memory.dmp

Filesize
176KB

Download
memory/2772-2034-0x000000005E500000-0x000000005E56F000-memory.dmp

Filesize
444KB

Download
memory/2772-1997-0x000000005EE90000-0x000000005EF6F000-memory.dmp

Filesize
892KB

Download
memory/2772-1996-0x000000005EF70000-0x000000005F055000-memory.dmp

Filesize
916KB

Download
memory/2772-1995-0x000000005F060000-0x000000005F2D9000-memory.dmp

Filesize
2.5MB

Download
memory/2772-1994-0x0000000068390000-0x00000000683C1000-memory.dmp

Filesize
196KB

Download
memory/2772-1993-0x000000006A440000-0x000000006A44E000-memory.dmp

Filesize
56KB

Download
memory/2772-1992-0x0000000069440000-0x0000000069452000-memory.dmp

Filesize
72KB

Download
memory/2772-1990-0x0000000069A70000-0x0000000069A97000-memory.dmp

Filesize
156KB

Download
memory/2772-1991-0x000000005F2E0000-0x000000005F5F9000-memory.dmp

Filesize
3.1MB

Download
memory/2772-1989-0x0000000069CB0000-0x0000000069CCD000-memory.dmp

Filesize
116KB

Download
memory/2772-1988-0x000000006A450000-0x000000006A467000-memory.dmp

Filesize
92KB

Download
memory/2772-1986-0x000000006A470000-0x000000006A47F000-memory.dmp

Filesize
60KB

Download
memory/2772-1984-0x0000000070280000-0x0000000070515000-memory.dmp

Filesize
2.6MB

Download
memory/2772-1983-0x0000000070580000-0x00000000705AF000-memory.dmp

Filesize
188KB

Download
memory/2772-1917-0x0000000000E10000-0x0000000000E1A000-memory.dmp

Filesize
40KB

Download
memory/2772-1916-0x0000000000E10000-0x0000000000E1A000-memory.dmp

Filesize
40KB

Download
memory/2772-2025-0x000000005E930000-0x000000005E94F000-memory.dmp

Filesize
124KB

Download
memory/2772-2027-0x000000005E910000-0x000000005E92E000-memory.dmp

Filesize
120KB

Download
memory/2772-2028-0x000000005E660000-0x000000005E906000-memory.dmp

Filesize
2.6MB

Download
memory/2772-2022-0x000000005E980000-0x000000005E98E000-memory.dmp

Filesize
56KB

Download
memory/2772-1905-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/2772-1807-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/2772-1806-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/2772-1805-0x0000000000280000-0x0000000000290000-memory.dmp

Filesize
64KB

Download
memory/2772-2030-0x000000005E640000-0x000000005E64F000-memory.dmp

Filesize
60KB

Download
memory/2772-2031-0x000000005E630000-0x000000005E63F000-memory.dmp

Filesize
60KB

Download
memory/2772-2029-0x000000005E650000-0x000000005E65E000-memory.dmp

Filesize
56KB

Download
memory/2848-3656-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2848-3654-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2848-3644-0x0000000004D60000-0x0000000004DA0000-memory.dmp

Filesize
256KB

Download
memory/2848-3643-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2848-3642-0x0000000000BE0000-0x0000000000D64000-memory.dmp

Filesize
1.5MB

Download
memory/3036-1904-0x0000000001060000-0x0000000001068000-memory.dmp

Filesize
32KB

Download
memory/3036-1906-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download
memory/3036-1907-0x0000000004860000-0x00000000048A0000-memory.dmp

Filesize
256KB

Download
memory/3036-1912-0x0000000068690000-0x0000000068D7E000-memory.dmp

Filesize
6.9MB

Download