Malware analysis https://github.com/Cookie-Logger/IXWare-Image-Logger/raw/refs/heads/main/IXWare.exe Malicious activity

Add for printing

URL:	https://github.com/Cookie-Logger/IXWare-Image-Logger/raw/refs/heads/main/IXWare.exe
Full analysis:	https://app.any.run/tasks/66e9030d-b310-4264-8dba-6f6396b590dc
Verdict:	Malicious activity
Threats:	Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. Malware Trends Tracker >>>
Analysis date:	September 24, 2024, 06:35:26
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	github pyinstaller discordgrabber generic stealer ims-api
Indicators:
MD5:	1787E589739371E3AD3756BD4F003FBE
SHA1:	704DA27F644DC4C11B3DC7301F566629C455CD0F
SHA256:	2DC4318FEA779360E5C1FC0064E8BA25E961B03E42CC7A3BDA9DAA4AA04E971E
SSDEEP:	3:N8tEdjMoYkCAIk/X7MRLNKDEK:2urYk//X4RLNKDEK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 180 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 120 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- DISCORDGRABBER has been detected (YARA)
  - IXWare.exe (PID: 4976)
SUSPICIOUS
- Process drops python dynamic module
  - IXWare.exe (PID: 3464)
- Process drops legitimate windows executable
  - IXWare.exe (PID: 3464)
- Application launched itself
  - IXWare.exe (PID: 3464)
- The process drops C-runtime libraries
  - IXWare.exe (PID: 3464)
- Executable content was dropped or overwritten
  - IXWare.exe (PID: 3464)
- Starts CMD.EXE for commands execution
  - IXWare.exe (PID: 4976)
- Uses WMIC.EXE to obtain Windows Installer data
  - IXWare.exe (PID: 4976)
- Uses WMIC.EXE to obtain service application data
  - IXWare.exe (PID: 4976)
- There is functionality for taking screenshot (YARA)
  - IXWare.exe (PID: 4976)
- Possible usage of Discord/Telegram API has been detected (YARA)
  - IXWare.exe (PID: 4976)
INFO
- Executable content was dropped or overwritten
  - chrome.exe (PID: 1020)
- Application launched itself
  - chrome.exe (PID: 1020)
- Checks operating system version
  - IXWare.exe (PID: 4976)
- PyInstaller has been detected (YARA)
  - IXWare.exe (PID: 3464)
  - IXWare.exe (PID: 4976)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

ims-api

(PID) Process(4976) IXWare.exe

Discord-Webhook-Tokens (64)1710536897483921145/gkeOmGjmzpswspnG0-1Thv_3eC-qa2MsSkUhOy8ms8apDIMIwQgNIAj1nzflcebPQH1G

1717849993727969880/mc9WJcEAlZ03jgnm69hLtJsMIaOykr5h5AXSCUay-UJLSatgGLIFxULvfyGOcdaVZPps

1121185123822412395/fWm1TNU52pgGmQcS6ZTN3WZJz9Lc5dfJh9BOOdfOZx-rE4w9rjSlKsFLUb25thcqs6cH

1952616674381445522/a4bi-PJucZZdQo18xm5R57doEbJGugWO5oxDGCbNUvYOTODBnKG7F7D6Z9cNEIxnvrpw

1737210013703409678/wRO8ya23nx4ZlyE6Zct-mP294VOHo87yde7cHEbydQ6Ti6FqxY8oYZPco9ZtL9QZnE8X

1883791163292239760/IldB93mT7ZwltRAPYoMoiAJ2265lth2kMOo7M5vTYNgRBbq_tzScmwiDgXz8Kh_huKI7

1519442486964307946/wglg611ySg9J-t-_XLErZhMB1lCUvk5EMwPB4hQsnPvNmFoK2wRSQKZGdMHRR8IeSmg8

1285718609958585336/HA-Tp0QFc0qRHFWxEFs4H8VPKNfAON7ciI6q2PLvTKDECQBQoyb5MudmeaWaX9CRMttY

1260671451112553248/dT0V2aI9birFM4CeOQWiPwOGycwmH9xgfJXldQ39nssUQq5BWhIIMnTPOynJVxn0dDQ-

1225585087540959020/atj2vPdvZvgnJYvoa2uyrc-LntRpZ75a2gHGmyfcb-muKiVOVGrOcRDw4o5AVC1jEtDB

1366762430006267249/l6lfh1fP7kfsh1oTcy_JZPN4ptGceof-3g_XZtaLQOtOZ5uDVwcdjpaTYgYzP7H6bC1Y

1279013112748486556/gxf7YQvLxWeBUZG4lu4NmS4TaCRYvSkdrb9RHCJh_Duo7rUwZhyhvvpCpJAtHD9L-R-a

1696444545273607323/DczFPBWa-3RTF40z-23qHLWcv6OHGlW6DcLF8zG8TKyAyXa0JQ_OwBuW90Ik-_Zwy2mx

1266587026014834811/BxpFJ4HBB8z9tFiZa0O0zFrC4yXX7Bm1z7SE_5_34LWv_bRj9MRP99L0YiJOOjFdOnvC

1363257577908907052/su6vW7yf6M5gMuJ7vnbwZNYDfCdQNuIMANkzaTlPpqaTJ9rnwnJK0LD2UP1dhV5IPc-a

1089580632719097801/lsRAlQqRoYTYa_Dx18T3dEUXqyRVbRkmHXZV6vGbAYTqH4rF0nyrW4uyKMkE3VDwrztI

1992452604280990250/xK0sr1eQUpcmC6oxSKRppM-aNKeW4xp6qu9fdnZ4myDNpVPOXPzmbcVYNptk_Fv8cjXF

1597296022210320237/lTtcYfkavG5h6H_-sSgWeQErME50w_jf7FNDLNQJrloc2JXo-GbPKk42RFDeFu2xSzjm

1818875091956092023/ODVtE027KDEuFTf68pVf_U3a475xnqvSG4pOrPCurTbb7p2zolJz_WIloflxWOFrnOBp

1587314662780104612/dFmDpHrE12KGdZZgf26A0wHdsq8r0zWBOtEZyOMVcWSyFXw3ZCzLcuJteVLPXGtMi4vo

1916615078560787761/qBG04QhzB60Htp1n7HOsxFB3PeGslAbZ322t6-UDZbN2ma8KUE79BalPArVTLO-j_gb6

1449023134272397896/JKi2RQ3DCmCjD5cwssNbluT21Cdv2bqOZq9D2JhDQpJTRWPmRmqAx_FzPG_bI5UOxDf-

1137372444362865132/i99yhr11mM45d9k-vDXsGd5iPKdH3OeRVnn6wClQlpCEHBBeu4k2u_R3h_dEly_bsRN4

1717585716512267602/fnTPC7VVk_LS8VahPFLaO35UdQiYXKRYZuNFuVQIeEBNtNZnGaq7iW_SZKQ3XAc2Se04

1582936744809549519/XaHVmtTFFKJBd6_t4V2VUrvrD6KPDHVwQ4odQVJOfUkAAdw3XVvjs3horTYLNadidd8o

1535158296695607649/UV54ZzI0u1IFxw0e7d4yXZTemd1UUrCBg18P9618tqallz_Whwl9sGAuvYGgPyk36Soh

1960523010915179942/656cBEoVZWMXVmSvN_NlVZrDXS-w-x-u33fIWHrvHG1Y4g6OaH5NNhS7BYC_4aaURbgO

1634652365062157637/n4ALnqrWpwV-h1n_0R0clT5HCShO9PZkfgHvmjAtWBcopYQhDeHvhEi3DWZZpM3xPCIH

1767888817731514141/HbgINMuvAg_cBVEJX5pqqxozvvzoipjy7zhybGerhFET-YMSzchuvw4Y3ohPg36qR6BB

1401016275933588198/8B_TIgA32x7UpBz2Z2BwDVeEVMXBnOubo_gabpGFr0fpRoBOxSym3GkpLEPn7sboNq9t

1818939455874683151/svcmKdvHsJZ4S3Uu7IrsbDQj86uJ7z7dyWe7gH21K3mFCbCvrF5trjQDi17ngpxeqotT

1121045684663059367/vSXkMCkmooFdkImfHlhidQt16e60y2iSerUouFfOZFKz7Vd6H9JLDPb5baMGho0qD9dY

1525190933821991064/6gV_VZs2akChv0aQNrkd3JWVNxK4dBOlQvlyy-iMfeWMmlaLOKEIUJ2lXvgHeAYpjYAc

1350080844794590025/natsHzvYyOyuf6EIIDFD4FCoB5mS8qfepzd4HgF--9t8ZFaJURxntcAyqdBIjl2sOZ-w

1197529181669992736/eLmBd9dJkeC99MPtdwrpW4zLcQgOm5dr4pcNEJb56pCioXp1YJwj0CnQbnbpvfcoxhCr

1571767908108750866/2D2jGOYbfJbJOKqkdoKKu07rmzUt-gT0raw_-sKBjDCCpzbEtvd_tiLOOP00J05KzhfF

1494012705386405384/iNmutOpZEtgHI3TyqmquOerBlGFxNQcJGPIn8kBMHVCfJ35WjSxIeH0NB5c9OZxpTJ8b

1787978983805896064/27RY9VP9QXOxZf89C8WuxjXoLwu4RZFxxBAWM-hu3aHKE76VQOzUxjaMz0qJzB16Q0th

1218257292039600183/4VZFPIM4R02FLnNswA6JTh-Y6_HRIZfPMJtjBFoBoSxGZdOfWNRD6Z4Ghd97kuAjVzW-

1681120183670554076/Nr0geteIqSQktCJGR1zm85l0zdF3qCbVM0J_lHczrhuMnwkFkZi1oYIR1HpFdX6PCQoz

1831055628790426322/6ycmladzvJy9cZOTXEdEvF8iTMzX7C3Lv-sTCNEUs-BMDEPJAYu-su93KGS2iR7Bhx5j

1924877828657286454/NlSKpV5G1XDF6GiEOoWo7t89xLl7iqARSpi1Kro2L-1A0aiRQt7XcICvn3ksfuoIpWky

1786528053127740144/eBdWfRhQhm_X21-zuDderlk6YG-HCbMmXWOmyFI78OSvVOx-hUmS8EfESDcYjluY0tDQ

1561004944922566872/MHrp0HDt5jg_m2a4AhW8BNABEsWOqTnuS5g9JEhsfe38C4ZOntDJPFSXdyYx1qCRrdPU

1971934151157040025/k_XvZFEXTgh_GG6-jY43lTzxBaPRkjK8K98VxovAKJacHIdz8MjQ0UQum24zMEItI5_p

1479495480039078961/fZsq3AYKkwpT6FKDcBrF1Mfhx4n_AT8Dbn06OBLsuPkXN0PNHLHYK9huMyNf0FTZdvfz

1652116300328406265/sWA2Uy-5pncpTLYSOdM7oEoUodNg5_LvyU6bFzGzju3OqgAbzQQx6WPOFxDsORH3RYEb

1505050397739219522/9lDSr2yC6FeYsgwANPmSPUung-IjAzA1haXU6rGC64mFnZjYzwpq_DEkLlrWaN-GkR4D

1303479247954925644/OyyjzEAnD7V8Mip95Ms6Ip-pU01W_4DDFwknEK0iphnRDYfLmS-UYl3ADbaynhTgxrga

1250380213089475419/QjvhKwDJhHfBTh4R0HstxT3TqnVEQQCh6g7FuD2cyoCz3L8SKQd0yKEdUi4uHpzNVCGv

1977180672624147201/inpLmMCCRc__CuTx21vTPwrxEOts18NS8S82JrkmXDA5rC8k2F8ZCRX0Xzx9zjky3mWn

1216104401231931825/wJp5Z9IhUI5H7PMqE7wWCdS4p1gK_Gfz56eGToZvH0zeOZgcrEEet5rtdB0LsfkwQwkG

1181531646170793923/Y3Qv3nST6dxOQWW7nAyo4csSVc3cmN4jzXKcFBibOsa-DfBM4gG4AlNHnM7ERVBZtkRB

1489404916352672292/9XmEqOYMOojdHZKpgV78a4gIGk4pwVVVTsqs-prJqeOw017hcoLoGDUJnXhZNWxupIdM

1710691874562947422/nEZq-BhJun0OO58YZry4TkKOsMEf8KdEMGaCQhmS4PUmdwQvXwKwRcoeMpS2mK4k1if3

1696526068324069458/vGVlFfoX_WhnKT2y68Td84DwYW-NOdysq_-aazp8RJjwAzvxWYbyeJd56G3yXmILEZUv

1443366441988247068/kLJk3yVSgu4UIpkCLYbfWXlE46lrvHAO_RqZBjEOKvXItXK2_FWKAt157ouHonIcHJlT

1029303364856730941/5bgDOuvGib8Utpb1a5C5dpIG9O43uHb8GQVteoWsH-ZFq_HeLSS0EJLzKtycrf7Rdhct

1623867196033380666/_LXvoM4SJoajNTfK6k0a33ghshcZ461dLxi-0QNRg9524B3udeL0NbLO_bIeZ5ZFYsRY

1330337309047549141/dYM9xHllul-WVOOd3Tw5pyro_6WtU3IFfPT7QA7InuIfUyIqZEWoAc1PAUJ5zSePREaM

1870839986509421847/BHMcOZuogS0qu3UuFQvGw1NdPDxQAYgZrZtFODn9NpTUvb_OGNXY0e7amrQebea1GNa3

1078623105351688242/7jlGwHCqF_MsRITiRobX-V40AbAzBoUZaUTsjfphMCUR9WM506RfpO-QHUg-NmxGf7vO

1679619459764610577/x55__dKm9_yCQMlslI9A_6bnIMY6RLcBHIVChS89eZNWkSCwHuj3zjT9i4JY86_I5-FV

1916962543838346657/oasD9VF6M7jNNTow4wKLybioBO69X9-iFHGoNGCv-Z6WJHT6xXLdo6zUeArPL1yboXaD

Discord-Info-Links

1710536897483921145/gkeOmGjmzpswspnG0-1Thv_3eC-qa2MsSkUhOy8ms8apDIMIwQgNIAj1nzflcebPQH1G

Get Webhook Infohttps://discord.com/api/webhooks/1710536897483921145/gkeOmGjmzpswspnG0-1Thv_3eC-qa2MsSkUhOy8ms8apDIMIwQgNIAj1nzflcebPQH1G

1717849993727969880/mc9WJcEAlZ03jgnm69hLtJsMIaOykr5h5AXSCUay-UJLSatgGLIFxULvfyGOcdaVZPps

Get Webhook Infohttps://discord.com/api/webhooks/1717849993727969880/mc9WJcEAlZ03jgnm69hLtJsMIaOykr5h5AXSCUay-UJLSatgGLIFxULvfyGOcdaVZPps

1121185123822412395/fWm1TNU52pgGmQcS6ZTN3WZJz9Lc5dfJh9BOOdfOZx-rE4w9rjSlKsFLUb25thcqs6cH

Get Webhook Infohttps://discord.com/api/webhooks/1121185123822412395/fWm1TNU52pgGmQcS6ZTN3WZJz9Lc5dfJh9BOOdfOZx-rE4w9rjSlKsFLUb25thcqs6cH

1952616674381445522/a4bi-PJucZZdQo18xm5R57doEbJGugWO5oxDGCbNUvYOTODBnKG7F7D6Z9cNEIxnvrpw

Get Webhook Infohttps://discord.com/api/webhooks/1952616674381445522/a4bi-PJucZZdQo18xm5R57doEbJGugWO5oxDGCbNUvYOTODBnKG7F7D6Z9cNEIxnvrpw

1737210013703409678/wRO8ya23nx4ZlyE6Zct-mP294VOHo87yde7cHEbydQ6Ti6FqxY8oYZPco9ZtL9QZnE8X

Get Webhook Infohttps://discord.com/api/webhooks/1737210013703409678/wRO8ya23nx4ZlyE6Zct-mP294VOHo87yde7cHEbydQ6Ti6FqxY8oYZPco9ZtL9QZnE8X

1883791163292239760/IldB93mT7ZwltRAPYoMoiAJ2265lth2kMOo7M5vTYNgRBbq_tzScmwiDgXz8Kh_huKI7

Get Webhook Infohttps://discord.com/api/webhooks/1883791163292239760/IldB93mT7ZwltRAPYoMoiAJ2265lth2kMOo7M5vTYNgRBbq_tzScmwiDgXz8Kh_huKI7

1519442486964307946/wglg611ySg9J-t-_XLErZhMB1lCUvk5EMwPB4hQsnPvNmFoK2wRSQKZGdMHRR8IeSmg8

Get Webhook Infohttps://discord.com/api/webhooks/1519442486964307946/wglg611ySg9J-t-_XLErZhMB1lCUvk5EMwPB4hQsnPvNmFoK2wRSQKZGdMHRR8IeSmg8

1285718609958585336/HA-Tp0QFc0qRHFWxEFs4H8VPKNfAON7ciI6q2PLvTKDECQBQoyb5MudmeaWaX9CRMttY

Get Webhook Infohttps://discord.com/api/webhooks/1285718609958585336/HA-Tp0QFc0qRHFWxEFs4H8VPKNfAON7ciI6q2PLvTKDECQBQoyb5MudmeaWaX9CRMttY

1260671451112553248/dT0V2aI9birFM4CeOQWiPwOGycwmH9xgfJXldQ39nssUQq5BWhIIMnTPOynJVxn0dDQ-

Get Webhook Infohttps://discord.com/api/webhooks/1260671451112553248/dT0V2aI9birFM4CeOQWiPwOGycwmH9xgfJXldQ39nssUQq5BWhIIMnTPOynJVxn0dDQ-

1225585087540959020/atj2vPdvZvgnJYvoa2uyrc-LntRpZ75a2gHGmyfcb-muKiVOVGrOcRDw4o5AVC1jEtDB

Get Webhook Infohttps://discord.com/api/webhooks/1225585087540959020/atj2vPdvZvgnJYvoa2uyrc-LntRpZ75a2gHGmyfcb-muKiVOVGrOcRDw4o5AVC1jEtDB

1366762430006267249/l6lfh1fP7kfsh1oTcy_JZPN4ptGceof-3g_XZtaLQOtOZ5uDVwcdjpaTYgYzP7H6bC1Y

Get Webhook Infohttps://discord.com/api/webhooks/1366762430006267249/l6lfh1fP7kfsh1oTcy_JZPN4ptGceof-3g_XZtaLQOtOZ5uDVwcdjpaTYgYzP7H6bC1Y

1279013112748486556/gxf7YQvLxWeBUZG4lu4NmS4TaCRYvSkdrb9RHCJh_Duo7rUwZhyhvvpCpJAtHD9L-R-a

Get Webhook Infohttps://discord.com/api/webhooks/1279013112748486556/gxf7YQvLxWeBUZG4lu4NmS4TaCRYvSkdrb9RHCJh_Duo7rUwZhyhvvpCpJAtHD9L-R-a

1696444545273607323/DczFPBWa-3RTF40z-23qHLWcv6OHGlW6DcLF8zG8TKyAyXa0JQ_OwBuW90Ik-_Zwy2mx

Get Webhook Infohttps://discord.com/api/webhooks/1696444545273607323/DczFPBWa-3RTF40z-23qHLWcv6OHGlW6DcLF8zG8TKyAyXa0JQ_OwBuW90Ik-_Zwy2mx

1266587026014834811/BxpFJ4HBB8z9tFiZa0O0zFrC4yXX7Bm1z7SE_5_34LWv_bRj9MRP99L0YiJOOjFdOnvC

Get Webhook Infohttps://discord.com/api/webhooks/1266587026014834811/BxpFJ4HBB8z9tFiZa0O0zFrC4yXX7Bm1z7SE_5_34LWv_bRj9MRP99L0YiJOOjFdOnvC

1363257577908907052/su6vW7yf6M5gMuJ7vnbwZNYDfCdQNuIMANkzaTlPpqaTJ9rnwnJK0LD2UP1dhV5IPc-a

Get Webhook Infohttps://discord.com/api/webhooks/1363257577908907052/su6vW7yf6M5gMuJ7vnbwZNYDfCdQNuIMANkzaTlPpqaTJ9rnwnJK0LD2UP1dhV5IPc-a

1089580632719097801/lsRAlQqRoYTYa_Dx18T3dEUXqyRVbRkmHXZV6vGbAYTqH4rF0nyrW4uyKMkE3VDwrztI

Get Webhook Infohttps://discord.com/api/webhooks/1089580632719097801/lsRAlQqRoYTYa_Dx18T3dEUXqyRVbRkmHXZV6vGbAYTqH4rF0nyrW4uyKMkE3VDwrztI

1992452604280990250/xK0sr1eQUpcmC6oxSKRppM-aNKeW4xp6qu9fdnZ4myDNpVPOXPzmbcVYNptk_Fv8cjXF

Get Webhook Infohttps://discord.com/api/webhooks/1992452604280990250/xK0sr1eQUpcmC6oxSKRppM-aNKeW4xp6qu9fdnZ4myDNpVPOXPzmbcVYNptk_Fv8cjXF

1597296022210320237/lTtcYfkavG5h6H_-sSgWeQErME50w_jf7FNDLNQJrloc2JXo-GbPKk42RFDeFu2xSzjm

Get Webhook Infohttps://discord.com/api/webhooks/1597296022210320237/lTtcYfkavG5h6H_-sSgWeQErME50w_jf7FNDLNQJrloc2JXo-GbPKk42RFDeFu2xSzjm

1818875091956092023/ODVtE027KDEuFTf68pVf_U3a475xnqvSG4pOrPCurTbb7p2zolJz_WIloflxWOFrnOBp

Get Webhook Infohttps://discord.com/api/webhooks/1818875091956092023/ODVtE027KDEuFTf68pVf_U3a475xnqvSG4pOrPCurTbb7p2zolJz_WIloflxWOFrnOBp

1587314662780104612/dFmDpHrE12KGdZZgf26A0wHdsq8r0zWBOtEZyOMVcWSyFXw3ZCzLcuJteVLPXGtMi4vo

Get Webhook Infohttps://discord.com/api/webhooks/1587314662780104612/dFmDpHrE12KGdZZgf26A0wHdsq8r0zWBOtEZyOMVcWSyFXw3ZCzLcuJteVLPXGtMi4vo

1916615078560787761/qBG04QhzB60Htp1n7HOsxFB3PeGslAbZ322t6-UDZbN2ma8KUE79BalPArVTLO-j_gb6

Get Webhook Infohttps://discord.com/api/webhooks/1916615078560787761/qBG04QhzB60Htp1n7HOsxFB3PeGslAbZ322t6-UDZbN2ma8KUE79BalPArVTLO-j_gb6

1449023134272397896/JKi2RQ3DCmCjD5cwssNbluT21Cdv2bqOZq9D2JhDQpJTRWPmRmqAx_FzPG_bI5UOxDf-

Get Webhook Infohttps://discord.com/api/webhooks/1449023134272397896/JKi2RQ3DCmCjD5cwssNbluT21Cdv2bqOZq9D2JhDQpJTRWPmRmqAx_FzPG_bI5UOxDf-

1137372444362865132/i99yhr11mM45d9k-vDXsGd5iPKdH3OeRVnn6wClQlpCEHBBeu4k2u_R3h_dEly_bsRN4

Get Webhook Infohttps://discord.com/api/webhooks/1137372444362865132/i99yhr11mM45d9k-vDXsGd5iPKdH3OeRVnn6wClQlpCEHBBeu4k2u_R3h_dEly_bsRN4

1717585716512267602/fnTPC7VVk_LS8VahPFLaO35UdQiYXKRYZuNFuVQIeEBNtNZnGaq7iW_SZKQ3XAc2Se04

Get Webhook Infohttps://discord.com/api/webhooks/1717585716512267602/fnTPC7VVk_LS8VahPFLaO35UdQiYXKRYZuNFuVQIeEBNtNZnGaq7iW_SZKQ3XAc2Se04

1582936744809549519/XaHVmtTFFKJBd6_t4V2VUrvrD6KPDHVwQ4odQVJOfUkAAdw3XVvjs3horTYLNadidd8o

Get Webhook Infohttps://discord.com/api/webhooks/1582936744809549519/XaHVmtTFFKJBd6_t4V2VUrvrD6KPDHVwQ4odQVJOfUkAAdw3XVvjs3horTYLNadidd8o

1535158296695607649/UV54ZzI0u1IFxw0e7d4yXZTemd1UUrCBg18P9618tqallz_Whwl9sGAuvYGgPyk36Soh

Get Webhook Infohttps://discord.com/api/webhooks/1535158296695607649/UV54ZzI0u1IFxw0e7d4yXZTemd1UUrCBg18P9618tqallz_Whwl9sGAuvYGgPyk36Soh

1960523010915179942/656cBEoVZWMXVmSvN_NlVZrDXS-w-x-u33fIWHrvHG1Y4g6OaH5NNhS7BYC_4aaURbgO

Get Webhook Infohttps://discord.com/api/webhooks/1960523010915179942/656cBEoVZWMXVmSvN_NlVZrDXS-w-x-u33fIWHrvHG1Y4g6OaH5NNhS7BYC_4aaURbgO

1634652365062157637/n4ALnqrWpwV-h1n_0R0clT5HCShO9PZkfgHvmjAtWBcopYQhDeHvhEi3DWZZpM3xPCIH

Get Webhook Infohttps://discord.com/api/webhooks/1634652365062157637/n4ALnqrWpwV-h1n_0R0clT5HCShO9PZkfgHvmjAtWBcopYQhDeHvhEi3DWZZpM3xPCIH

1767888817731514141/HbgINMuvAg_cBVEJX5pqqxozvvzoipjy7zhybGerhFET-YMSzchuvw4Y3ohPg36qR6BB

Get Webhook Infohttps://discord.com/api/webhooks/1767888817731514141/HbgINMuvAg_cBVEJX5pqqxozvvzoipjy7zhybGerhFET-YMSzchuvw4Y3ohPg36qR6BB

1401016275933588198/8B_TIgA32x7UpBz2Z2BwDVeEVMXBnOubo_gabpGFr0fpRoBOxSym3GkpLEPn7sboNq9t

Get Webhook Infohttps://discord.com/api/webhooks/1401016275933588198/8B_TIgA32x7UpBz2Z2BwDVeEVMXBnOubo_gabpGFr0fpRoBOxSym3GkpLEPn7sboNq9t

1818939455874683151/svcmKdvHsJZ4S3Uu7IrsbDQj86uJ7z7dyWe7gH21K3mFCbCvrF5trjQDi17ngpxeqotT

Get Webhook Infohttps://discord.com/api/webhooks/1818939455874683151/svcmKdvHsJZ4S3Uu7IrsbDQj86uJ7z7dyWe7gH21K3mFCbCvrF5trjQDi17ngpxeqotT

1121045684663059367/vSXkMCkmooFdkImfHlhidQt16e60y2iSerUouFfOZFKz7Vd6H9JLDPb5baMGho0qD9dY

Get Webhook Infohttps://discord.com/api/webhooks/1121045684663059367/vSXkMCkmooFdkImfHlhidQt16e60y2iSerUouFfOZFKz7Vd6H9JLDPb5baMGho0qD9dY

1525190933821991064/6gV_VZs2akChv0aQNrkd3JWVNxK4dBOlQvlyy-iMfeWMmlaLOKEIUJ2lXvgHeAYpjYAc

Get Webhook Infohttps://discord.com/api/webhooks/1525190933821991064/6gV_VZs2akChv0aQNrkd3JWVNxK4dBOlQvlyy-iMfeWMmlaLOKEIUJ2lXvgHeAYpjYAc

1350080844794590025/natsHzvYyOyuf6EIIDFD4FCoB5mS8qfepzd4HgF--9t8ZFaJURxntcAyqdBIjl2sOZ-w

Get Webhook Infohttps://discord.com/api/webhooks/1350080844794590025/natsHzvYyOyuf6EIIDFD4FCoB5mS8qfepzd4HgF--9t8ZFaJURxntcAyqdBIjl2sOZ-w

1197529181669992736/eLmBd9dJkeC99MPtdwrpW4zLcQgOm5dr4pcNEJb56pCioXp1YJwj0CnQbnbpvfcoxhCr

Get Webhook Infohttps://discord.com/api/webhooks/1197529181669992736/eLmBd9dJkeC99MPtdwrpW4zLcQgOm5dr4pcNEJb56pCioXp1YJwj0CnQbnbpvfcoxhCr

1571767908108750866/2D2jGOYbfJbJOKqkdoKKu07rmzUt-gT0raw_-sKBjDCCpzbEtvd_tiLOOP00J05KzhfF

Get Webhook Infohttps://discord.com/api/webhooks/1571767908108750866/2D2jGOYbfJbJOKqkdoKKu07rmzUt-gT0raw_-sKBjDCCpzbEtvd_tiLOOP00J05KzhfF

1494012705386405384/iNmutOpZEtgHI3TyqmquOerBlGFxNQcJGPIn8kBMHVCfJ35WjSxIeH0NB5c9OZxpTJ8b

Get Webhook Infohttps://discord.com/api/webhooks/1494012705386405384/iNmutOpZEtgHI3TyqmquOerBlGFxNQcJGPIn8kBMHVCfJ35WjSxIeH0NB5c9OZxpTJ8b

1787978983805896064/27RY9VP9QXOxZf89C8WuxjXoLwu4RZFxxBAWM-hu3aHKE76VQOzUxjaMz0qJzB16Q0th

Get Webhook Infohttps://discord.com/api/webhooks/1787978983805896064/27RY9VP9QXOxZf89C8WuxjXoLwu4RZFxxBAWM-hu3aHKE76VQOzUxjaMz0qJzB16Q0th

1218257292039600183/4VZFPIM4R02FLnNswA6JTh-Y6_HRIZfPMJtjBFoBoSxGZdOfWNRD6Z4Ghd97kuAjVzW-

Get Webhook Infohttps://discord.com/api/webhooks/1218257292039600183/4VZFPIM4R02FLnNswA6JTh-Y6_HRIZfPMJtjBFoBoSxGZdOfWNRD6Z4Ghd97kuAjVzW-

1681120183670554076/Nr0geteIqSQktCJGR1zm85l0zdF3qCbVM0J_lHczrhuMnwkFkZi1oYIR1HpFdX6PCQoz

Get Webhook Infohttps://discord.com/api/webhooks/1681120183670554076/Nr0geteIqSQktCJGR1zm85l0zdF3qCbVM0J_lHczrhuMnwkFkZi1oYIR1HpFdX6PCQoz

1831055628790426322/6ycmladzvJy9cZOTXEdEvF8iTMzX7C3Lv-sTCNEUs-BMDEPJAYu-su93KGS2iR7Bhx5j

Get Webhook Infohttps://discord.com/api/webhooks/1831055628790426322/6ycmladzvJy9cZOTXEdEvF8iTMzX7C3Lv-sTCNEUs-BMDEPJAYu-su93KGS2iR7Bhx5j

1924877828657286454/NlSKpV5G1XDF6GiEOoWo7t89xLl7iqARSpi1Kro2L-1A0aiRQt7XcICvn3ksfuoIpWky

Get Webhook Infohttps://discord.com/api/webhooks/1924877828657286454/NlSKpV5G1XDF6GiEOoWo7t89xLl7iqARSpi1Kro2L-1A0aiRQt7XcICvn3ksfuoIpWky

1786528053127740144/eBdWfRhQhm_X21-zuDderlk6YG-HCbMmXWOmyFI78OSvVOx-hUmS8EfESDcYjluY0tDQ

Get Webhook Infohttps://discord.com/api/webhooks/1786528053127740144/eBdWfRhQhm_X21-zuDderlk6YG-HCbMmXWOmyFI78OSvVOx-hUmS8EfESDcYjluY0tDQ

1561004944922566872/MHrp0HDt5jg_m2a4AhW8BNABEsWOqTnuS5g9JEhsfe38C4ZOntDJPFSXdyYx1qCRrdPU

Get Webhook Infohttps://discord.com/api/webhooks/1561004944922566872/MHrp0HDt5jg_m2a4AhW8BNABEsWOqTnuS5g9JEhsfe38C4ZOntDJPFSXdyYx1qCRrdPU

1971934151157040025/k_XvZFEXTgh_GG6-jY43lTzxBaPRkjK8K98VxovAKJacHIdz8MjQ0UQum24zMEItI5_p

Get Webhook Infohttps://discord.com/api/webhooks/1971934151157040025/k_XvZFEXTgh_GG6-jY43lTzxBaPRkjK8K98VxovAKJacHIdz8MjQ0UQum24zMEItI5_p

1479495480039078961/fZsq3AYKkwpT6FKDcBrF1Mfhx4n_AT8Dbn06OBLsuPkXN0PNHLHYK9huMyNf0FTZdvfz

Get Webhook Infohttps://discord.com/api/webhooks/1479495480039078961/fZsq3AYKkwpT6FKDcBrF1Mfhx4n_AT8Dbn06OBLsuPkXN0PNHLHYK9huMyNf0FTZdvfz

1652116300328406265/sWA2Uy-5pncpTLYSOdM7oEoUodNg5_LvyU6bFzGzju3OqgAbzQQx6WPOFxDsORH3RYEb

Get Webhook Infohttps://discord.com/api/webhooks/1652116300328406265/sWA2Uy-5pncpTLYSOdM7oEoUodNg5_LvyU6bFzGzju3OqgAbzQQx6WPOFxDsORH3RYEb

1505050397739219522/9lDSr2yC6FeYsgwANPmSPUung-IjAzA1haXU6rGC64mFnZjYzwpq_DEkLlrWaN-GkR4D

Get Webhook Infohttps://discord.com/api/webhooks/1505050397739219522/9lDSr2yC6FeYsgwANPmSPUung-IjAzA1haXU6rGC64mFnZjYzwpq_DEkLlrWaN-GkR4D

1303479247954925644/OyyjzEAnD7V8Mip95Ms6Ip-pU01W_4DDFwknEK0iphnRDYfLmS-UYl3ADbaynhTgxrga

Get Webhook Infohttps://discord.com/api/webhooks/1303479247954925644/OyyjzEAnD7V8Mip95Ms6Ip-pU01W_4DDFwknEK0iphnRDYfLmS-UYl3ADbaynhTgxrga

1250380213089475419/QjvhKwDJhHfBTh4R0HstxT3TqnVEQQCh6g7FuD2cyoCz3L8SKQd0yKEdUi4uHpzNVCGv

Get Webhook Infohttps://discord.com/api/webhooks/1250380213089475419/QjvhKwDJhHfBTh4R0HstxT3TqnVEQQCh6g7FuD2cyoCz3L8SKQd0yKEdUi4uHpzNVCGv

1977180672624147201/inpLmMCCRc__CuTx21vTPwrxEOts18NS8S82JrkmXDA5rC8k2F8ZCRX0Xzx9zjky3mWn

Get Webhook Infohttps://discord.com/api/webhooks/1977180672624147201/inpLmMCCRc__CuTx21vTPwrxEOts18NS8S82JrkmXDA5rC8k2F8ZCRX0Xzx9zjky3mWn

1216104401231931825/wJp5Z9IhUI5H7PMqE7wWCdS4p1gK_Gfz56eGToZvH0zeOZgcrEEet5rtdB0LsfkwQwkG

Get Webhook Infohttps://discord.com/api/webhooks/1216104401231931825/wJp5Z9IhUI5H7PMqE7wWCdS4p1gK_Gfz56eGToZvH0zeOZgcrEEet5rtdB0LsfkwQwkG

1181531646170793923/Y3Qv3nST6dxOQWW7nAyo4csSVc3cmN4jzXKcFBibOsa-DfBM4gG4AlNHnM7ERVBZtkRB

Get Webhook Infohttps://discord.com/api/webhooks/1181531646170793923/Y3Qv3nST6dxOQWW7nAyo4csSVc3cmN4jzXKcFBibOsa-DfBM4gG4AlNHnM7ERVBZtkRB

1489404916352672292/9XmEqOYMOojdHZKpgV78a4gIGk4pwVVVTsqs-prJqeOw017hcoLoGDUJnXhZNWxupIdM

Get Webhook Infohttps://discord.com/api/webhooks/1489404916352672292/9XmEqOYMOojdHZKpgV78a4gIGk4pwVVVTsqs-prJqeOw017hcoLoGDUJnXhZNWxupIdM

1710691874562947422/nEZq-BhJun0OO58YZry4TkKOsMEf8KdEMGaCQhmS4PUmdwQvXwKwRcoeMpS2mK4k1if3

Get Webhook Infohttps://discord.com/api/webhooks/1710691874562947422/nEZq-BhJun0OO58YZry4TkKOsMEf8KdEMGaCQhmS4PUmdwQvXwKwRcoeMpS2mK4k1if3

1696526068324069458/vGVlFfoX_WhnKT2y68Td84DwYW-NOdysq_-aazp8RJjwAzvxWYbyeJd56G3yXmILEZUv

Get Webhook Infohttps://discord.com/api/webhooks/1696526068324069458/vGVlFfoX_WhnKT2y68Td84DwYW-NOdysq_-aazp8RJjwAzvxWYbyeJd56G3yXmILEZUv

1443366441988247068/kLJk3yVSgu4UIpkCLYbfWXlE46lrvHAO_RqZBjEOKvXItXK2_FWKAt157ouHonIcHJlT

Get Webhook Infohttps://discord.com/api/webhooks/1443366441988247068/kLJk3yVSgu4UIpkCLYbfWXlE46lrvHAO_RqZBjEOKvXItXK2_FWKAt157ouHonIcHJlT

1029303364856730941/5bgDOuvGib8Utpb1a5C5dpIG9O43uHb8GQVteoWsH-ZFq_HeLSS0EJLzKtycrf7Rdhct

Get Webhook Infohttps://discord.com/api/webhooks/1029303364856730941/5bgDOuvGib8Utpb1a5C5dpIG9O43uHb8GQVteoWsH-ZFq_HeLSS0EJLzKtycrf7Rdhct

1623867196033380666/_LXvoM4SJoajNTfK6k0a33ghshcZ461dLxi-0QNRg9524B3udeL0NbLO_bIeZ5ZFYsRY

Get Webhook Infohttps://discord.com/api/webhooks/1623867196033380666/_LXvoM4SJoajNTfK6k0a33ghshcZ461dLxi-0QNRg9524B3udeL0NbLO_bIeZ5ZFYsRY

1330337309047549141/dYM9xHllul-WVOOd3Tw5pyro_6WtU3IFfPT7QA7InuIfUyIqZEWoAc1PAUJ5zSePREaM

Get Webhook Infohttps://discord.com/api/webhooks/1330337309047549141/dYM9xHllul-WVOOd3Tw5pyro_6WtU3IFfPT7QA7InuIfUyIqZEWoAc1PAUJ5zSePREaM

1870839986509421847/BHMcOZuogS0qu3UuFQvGw1NdPDxQAYgZrZtFODn9NpTUvb_OGNXY0e7amrQebea1GNa3

Get Webhook Infohttps://discord.com/api/webhooks/1870839986509421847/BHMcOZuogS0qu3UuFQvGw1NdPDxQAYgZrZtFODn9NpTUvb_OGNXY0e7amrQebea1GNa3

1078623105351688242/7jlGwHCqF_MsRITiRobX-V40AbAzBoUZaUTsjfphMCUR9WM506RfpO-QHUg-NmxGf7vO

Get Webhook Infohttps://discord.com/api/webhooks/1078623105351688242/7jlGwHCqF_MsRITiRobX-V40AbAzBoUZaUTsjfphMCUR9WM506RfpO-QHUg-NmxGf7vO

1679619459764610577/x55__dKm9_yCQMlslI9A_6bnIMY6RLcBHIVChS89eZNWkSCwHuj3zjT9i4JY86_I5-FV

Get Webhook Infohttps://discord.com/api/webhooks/1679619459764610577/x55__dKm9_yCQMlslI9A_6bnIMY6RLcBHIVChS89eZNWkSCwHuj3zjT9i4JY86_I5-FV

1916962543838346657/oasD9VF6M7jNNTow4wKLybioBO69X9-iFHGoNGCv-Z6WJHT6xXLdo6zUeArPL1yboXaD

Get Webhook Infohttps://discord.com/api/webhooks/1916962543838346657/oasD9VF6M7jNNTow4wKLybioBO69X9-iFHGoNGCv-Z6WJHT6xXLdo6zUeArPL1yboXaD

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

153

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

644

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4728 --field-trial-handle=1896,i,5494958871958777155,2190915397506468061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Version:

122.0.6261.70

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

1020

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints "https://github.com/Cookie-Logger/IXWare-Image-Logger/raw/refs/heads/main/IXWare.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

explorer.exe

User:

admin

Company:

Google LLC

Integrity Level:

MEDIUM

Description:

Google Chrome

Version:

122.0.6261.70

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

1084

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5364 --field-trial-handle=1896,i,5494958871958777155,2190915397506468061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

MEDIUM

Description:

Google Chrome

Exit code:

Version:

122.0.6261.70

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

1288

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

WMIC.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2540

C:\WINDOWS\system32\cmd.exe /c "ver"

C:\Windows\System32\cmd.exe

—

IXWare.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Command Processor

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll

2584

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4648 --field-trial-handle=1896,i,5494958871958777155,2190915397506468061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

MEDIUM

Description:

Google Chrome

Exit code:

Version:

122.0.6261.70

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

2944

wmic path softwarelicensingservice get OA3xOriginalProductKey

C:\Windows\System32\wbem\WMIC.exe

—

IXWare.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

WMI Commandline Utility

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll

3464

"C:\Users\admin\Downloads\IXWare.exe"

C:\Users\admin\Downloads\IXWare.exe

chrome.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

Modules

Images
c:\users\admin\downloads\ixware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll

4296

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

WMIC.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

4492

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2180 --field-trial-handle=1896,i,5494958871958777155,2190915397506468061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

—

chrome.exe

User:

admin

Company:

Google LLC

Integrity Level:

LOW

Description:

Google Chrome

Version:

122.0.6261.70

Modules

Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll

Add for printing

Total events

4 684

Read events

4 678

Write events

Delete events

Modification events


(PID) Process:	(1020) chrome.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:	write	Name:	failed_count
Value: 0
(PID) Process:	(1020) chrome.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:	write	Name:	state
Value: 2
(PID) Process:	(1020) chrome.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:	write	Name:	state
Value: 1
(PID) Process:	(1020) chrome.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:	write	Name:	user_experience_metrics.stability.exited_cleanly
Value: 0
(PID) Process:	(1020) chrome.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:	write	Name:	usagestats
Value: 0
(PID) Process:	(1084) chrome.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:	write	Name:	{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value: 010000000000000035BF3BFE4B0EDB01

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old		—
		MD5:—	SHA256:—
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old		—
		MD5:—	SHA256:—
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old		—
		MD5:—	SHA256:—
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old		—
		MD5:—	SHA256:—
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF1fb956.TMP		—
		MD5:—	SHA256:—
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old		—
		MD5:—	SHA256:—
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF1fb956.TMP		—
		MD5:—	SHA256:—
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old		—
		MD5:—	SHA256:—
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat		binary
		MD5:FC81892AC822DCBB09441D3B58B47125	SHA256:FB077C966296D02D50CCBF7F761D2A3311A206A784A7496F331C2B0D6AD205C8
1020	chrome.exe	C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\2d7ea4df-2c07-4741-b779-645383bc13db.tmp		binary
		MD5:5058F1AF8388633F609CADB75A75DC9D	SHA256:—

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
6604	svchost.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
4048	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
6584	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
6584	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
3800	RUXIMICS.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
2120	MoUsoCoreWorker.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6604	svchost.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	40.79.189.58:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	JP	whitelisted
—	—	92.123.104.36:443	—	Akamai International B.V.	DE	unknown
3888	svchost.exe	239.255.255.250:1900	—	—	—	whitelisted
7160	chrome.exe	142.250.110.84:443	accounts.google.com	GOOGLE	US	whitelisted
1020	chrome.exe	239.255.255.250:1900	—	—	—	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	4.231.128.59 52.185.211.133 51.104.136.2 20.73.194.208	whitelisted
google.com	172.217.18.14	whitelisted
github.com	140.82.121.3	shared
accounts.google.com	142.250.110.84	whitelisted
raw.githubusercontent.com	185.199.110.133 185.199.111.133 185.199.108.133 185.199.109.133	shared
www.microsoft.com	95.101.149.131	whitelisted
www.google.com	172.217.16.196	whitelisted
sb-ssl.google.com	216.58.206.46	whitelisted
login.live.com	40.126.32.74 20.190.160.22 40.126.32.76 20.190.160.17 20.190.160.14 40.126.32.134 20.190.160.20 40.126.32.68	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted

Threats

PID	Process	Class	Message
7160	chrome.exe	Not Suspicious Traffic	INFO [ANY.RUN] Attempting to access raw user content on GitHub
7160	chrome.exe	Not Suspicious Traffic	INFO [ANY.RUN] Attempting to access raw user content on GitHub

Add for printing

No debug info

General Info

https://github.com/Cookie-Logger/IXWare-Image-Logger/raw/refs/heads/main/IXWare.exe

1787E589739371E3AD3756BD4F003FBE

704DA27F644DC4C11B3DC7301F566629C455CD0F

2DC4318FEA779360E5C1FC0064E8BA25E961B03E42CC7A3BDA9DAA4AA04E971E

3:N8tEdjMoYkCAIk/X7MRLNKDEK:2urYk//X4RLNKDEK

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

DISCORDGRABBER has been detected (YARA)

SUSPICIOUS

Process drops python dynamic module

Process drops legitimate windows executable

Application launched itself

The process drops C-runtime libraries

Executable content was dropped or overwritten

Starts CMD.EXE for commands execution

Uses WMIC.EXE to obtain Windows Installer data

Uses WMIC.EXE to obtain service application data

There is functionality for taking screenshot (YARA)

Possible usage of Discord/Telegram API has been detected (YARA)

INFO

Executable content was dropped or overwritten

Application launched itself

Checks operating system version

PyInstaller has been detected (YARA)

Malware configuration

ims-api

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings