URL:

https://github.com/Cookie-Logger/IXWare-Image-Logger/raw/refs/heads/main/IXWare.exe

Full analysis: https://app.any.run/tasks/66e9030d-b310-4264-8dba-6f6396b590dc
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: September 24, 2024, 06:35:26
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
pyinstaller
discordgrabber
generic
stealer
ims-api
Indicators:
MD5:

1787E589739371E3AD3756BD4F003FBE

SHA1:

704DA27F644DC4C11B3DC7301F566629C455CD0F

SHA256:

2DC4318FEA779360E5C1FC0064E8BA25E961B03E42CC7A3BDA9DAA4AA04E971E

SSDEEP:

3:N8tEdjMoYkCAIk/X7MRLNKDEK:2urYk//X4RLNKDEK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • DISCORDGRABBER has been detected (YARA)

      • IXWare.exe (PID: 4976)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • IXWare.exe (PID: 3464)

    • Application launched itself

      • IXWare.exe (PID: 3464)

    • Uses WMIC.EXE to obtain Windows Installer data

      • IXWare.exe (PID: 4976)

    • Process drops python dynamic module

      • IXWare.exe (PID: 3464)

    • Uses WMIC.EXE to obtain service application data

      • IXWare.exe (PID: 4976)

    • The process drops C-runtime libraries

      • IXWare.exe (PID: 3464)

    • Starts CMD.EXE for commands execution

      • IXWare.exe (PID: 4976)

    • There is functionality for taking screenshot (YARA)

      • IXWare.exe (PID: 4976)

    • Possible usage of Discord/Telegram API has been detected (YARA)

      • IXWare.exe (PID: 4976)

    • Process drops legitimate windows executable

      • IXWare.exe (PID: 3464)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 1020)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 1020)

    • Checks operating system version

      • IXWare.exe (PID: 4976)

    • PyInstaller has been detected (YARA)

      • IXWare.exe (PID: 3464)
      • IXWare.exe (PID: 4976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

ims-api

(PID) Process(4976) IXWare.exe
Discord-Webhook-Tokens (64)1710536897483921145/gkeOmGjmzpswspnG0-1Thv_3eC-qa2MsSkUhOy8ms8apDIMIwQgNIAj1nzflcebPQH1G
1717849993727969880/mc9WJcEAlZ03jgnm69hLtJsMIaOykr5h5AXSCUay-UJLSatgGLIFxULvfyGOcdaVZPps
1121185123822412395/fWm1TNU52pgGmQcS6ZTN3WZJz9Lc5dfJh9BOOdfOZx-rE4w9rjSlKsFLUb25thcqs6cH
1952616674381445522/a4bi-PJucZZdQo18xm5R57doEbJGugWO5oxDGCbNUvYOTODBnKG7F7D6Z9cNEIxnvrpw
1737210013703409678/wRO8ya23nx4ZlyE6Zct-mP294VOHo87yde7cHEbydQ6Ti6FqxY8oYZPco9ZtL9QZnE8X
1883791163292239760/IldB93mT7ZwltRAPYoMoiAJ2265lth2kMOo7M5vTYNgRBbq_tzScmwiDgXz8Kh_huKI7
1519442486964307946/wglg611ySg9J-t-_XLErZhMB1lCUvk5EMwPB4hQsnPvNmFoK2wRSQKZGdMHRR8IeSmg8
1285718609958585336/HA-Tp0QFc0qRHFWxEFs4H8VPKNfAON7ciI6q2PLvTKDECQBQoyb5MudmeaWaX9CRMttY
1260671451112553248/dT0V2aI9birFM4CeOQWiPwOGycwmH9xgfJXldQ39nssUQq5BWhIIMnTPOynJVxn0dDQ-
1225585087540959020/atj2vPdvZvgnJYvoa2uyrc-LntRpZ75a2gHGmyfcb-muKiVOVGrOcRDw4o5AVC1jEtDB
1366762430006267249/l6lfh1fP7kfsh1oTcy_JZPN4ptGceof-3g_XZtaLQOtOZ5uDVwcdjpaTYgYzP7H6bC1Y
1279013112748486556/gxf7YQvLxWeBUZG4lu4NmS4TaCRYvSkdrb9RHCJh_Duo7rUwZhyhvvpCpJAtHD9L-R-a
1696444545273607323/DczFPBWa-3RTF40z-23qHLWcv6OHGlW6DcLF8zG8TKyAyXa0JQ_OwBuW90Ik-_Zwy2mx
1266587026014834811/BxpFJ4HBB8z9tFiZa0O0zFrC4yXX7Bm1z7SE_5_34LWv_bRj9MRP99L0YiJOOjFdOnvC
1363257577908907052/su6vW7yf6M5gMuJ7vnbwZNYDfCdQNuIMANkzaTlPpqaTJ9rnwnJK0LD2UP1dhV5IPc-a
1089580632719097801/lsRAlQqRoYTYa_Dx18T3dEUXqyRVbRkmHXZV6vGbAYTqH4rF0nyrW4uyKMkE3VDwrztI
1992452604280990250/xK0sr1eQUpcmC6oxSKRppM-aNKeW4xp6qu9fdnZ4myDNpVPOXPzmbcVYNptk_Fv8cjXF
1597296022210320237/lTtcYfkavG5h6H_-sSgWeQErME50w_jf7FNDLNQJrloc2JXo-GbPKk42RFDeFu2xSzjm
1818875091956092023/ODVtE027KDEuFTf68pVf_U3a475xnqvSG4pOrPCurTbb7p2zolJz_WIloflxWOFrnOBp
1587314662780104612/dFmDpHrE12KGdZZgf26A0wHdsq8r0zWBOtEZyOMVcWSyFXw3ZCzLcuJteVLPXGtMi4vo
1916615078560787761/qBG04QhzB60Htp1n7HOsxFB3PeGslAbZ322t6-UDZbN2ma8KUE79BalPArVTLO-j_gb6
1449023134272397896/JKi2RQ3DCmCjD5cwssNbluT21Cdv2bqOZq9D2JhDQpJTRWPmRmqAx_FzPG_bI5UOxDf-
1137372444362865132/i99yhr11mM45d9k-vDXsGd5iPKdH3OeRVnn6wClQlpCEHBBeu4k2u_R3h_dEly_bsRN4
1717585716512267602/fnTPC7VVk_LS8VahPFLaO35UdQiYXKRYZuNFuVQIeEBNtNZnGaq7iW_SZKQ3XAc2Se04
1582936744809549519/XaHVmtTFFKJBd6_t4V2VUrvrD6KPDHVwQ4odQVJOfUkAAdw3XVvjs3horTYLNadidd8o
1535158296695607649/UV54ZzI0u1IFxw0e7d4yXZTemd1UUrCBg18P9618tqallz_Whwl9sGAuvYGgPyk36Soh
1960523010915179942/656cBEoVZWMXVmSvN_NlVZrDXS-w-x-u33fIWHrvHG1Y4g6OaH5NNhS7BYC_4aaURbgO
1634652365062157637/n4ALnqrWpwV-h1n_0R0clT5HCShO9PZkfgHvmjAtWBcopYQhDeHvhEi3DWZZpM3xPCIH
1767888817731514141/HbgINMuvAg_cBVEJX5pqqxozvvzoipjy7zhybGerhFET-YMSzchuvw4Y3ohPg36qR6BB
1401016275933588198/8B_TIgA32x7UpBz2Z2BwDVeEVMXBnOubo_gabpGFr0fpRoBOxSym3GkpLEPn7sboNq9t
1818939455874683151/svcmKdvHsJZ4S3Uu7IrsbDQj86uJ7z7dyWe7gH21K3mFCbCvrF5trjQDi17ngpxeqotT
1121045684663059367/vSXkMCkmooFdkImfHlhidQt16e60y2iSerUouFfOZFKz7Vd6H9JLDPb5baMGho0qD9dY
1525190933821991064/6gV_VZs2akChv0aQNrkd3JWVNxK4dBOlQvlyy-iMfeWMmlaLOKEIUJ2lXvgHeAYpjYAc
1350080844794590025/natsHzvYyOyuf6EIIDFD4FCoB5mS8qfepzd4HgF--9t8ZFaJURxntcAyqdBIjl2sOZ-w
1197529181669992736/eLmBd9dJkeC99MPtdwrpW4zLcQgOm5dr4pcNEJb56pCioXp1YJwj0CnQbnbpvfcoxhCr
1571767908108750866/2D2jGOYbfJbJOKqkdoKKu07rmzUt-gT0raw_-sKBjDCCpzbEtvd_tiLOOP00J05KzhfF
1494012705386405384/iNmutOpZEtgHI3TyqmquOerBlGFxNQcJGPIn8kBMHVCfJ35WjSxIeH0NB5c9OZxpTJ8b
1787978983805896064/27RY9VP9QXOxZf89C8WuxjXoLwu4RZFxxBAWM-hu3aHKE76VQOzUxjaMz0qJzB16Q0th
1218257292039600183/4VZFPIM4R02FLnNswA6JTh-Y6_HRIZfPMJtjBFoBoSxGZdOfWNRD6Z4Ghd97kuAjVzW-
1681120183670554076/Nr0geteIqSQktCJGR1zm85l0zdF3qCbVM0J_lHczrhuMnwkFkZi1oYIR1HpFdX6PCQoz
1831055628790426322/6ycmladzvJy9cZOTXEdEvF8iTMzX7C3Lv-sTCNEUs-BMDEPJAYu-su93KGS2iR7Bhx5j
1924877828657286454/NlSKpV5G1XDF6GiEOoWo7t89xLl7iqARSpi1Kro2L-1A0aiRQt7XcICvn3ksfuoIpWky
1786528053127740144/eBdWfRhQhm_X21-zuDderlk6YG-HCbMmXWOmyFI78OSvVOx-hUmS8EfESDcYjluY0tDQ
1561004944922566872/MHrp0HDt5jg_m2a4AhW8BNABEsWOqTnuS5g9JEhsfe38C4ZOntDJPFSXdyYx1qCRrdPU
1971934151157040025/k_XvZFEXTgh_GG6-jY43lTzxBaPRkjK8K98VxovAKJacHIdz8MjQ0UQum24zMEItI5_p
1479495480039078961/fZsq3AYKkwpT6FKDcBrF1Mfhx4n_AT8Dbn06OBLsuPkXN0PNHLHYK9huMyNf0FTZdvfz
1652116300328406265/sWA2Uy-5pncpTLYSOdM7oEoUodNg5_LvyU6bFzGzju3OqgAbzQQx6WPOFxDsORH3RYEb
1505050397739219522/9lDSr2yC6FeYsgwANPmSPUung-IjAzA1haXU6rGC64mFnZjYzwpq_DEkLlrWaN-GkR4D
1303479247954925644/OyyjzEAnD7V8Mip95Ms6Ip-pU01W_4DDFwknEK0iphnRDYfLmS-UYl3ADbaynhTgxrga
1250380213089475419/QjvhKwDJhHfBTh4R0HstxT3TqnVEQQCh6g7FuD2cyoCz3L8SKQd0yKEdUi4uHpzNVCGv
1977180672624147201/inpLmMCCRc__CuTx21vTPwrxEOts18NS8S82JrkmXDA5rC8k2F8ZCRX0Xzx9zjky3mWn
1216104401231931825/wJp5Z9IhUI5H7PMqE7wWCdS4p1gK_Gfz56eGToZvH0zeOZgcrEEet5rtdB0LsfkwQwkG
1181531646170793923/Y3Qv3nST6dxOQWW7nAyo4csSVc3cmN4jzXKcFBibOsa-DfBM4gG4AlNHnM7ERVBZtkRB
1489404916352672292/9XmEqOYMOojdHZKpgV78a4gIGk4pwVVVTsqs-prJqeOw017hcoLoGDUJnXhZNWxupIdM
1710691874562947422/nEZq-BhJun0OO58YZry4TkKOsMEf8KdEMGaCQhmS4PUmdwQvXwKwRcoeMpS2mK4k1if3
1696526068324069458/vGVlFfoX_WhnKT2y68Td84DwYW-NOdysq_-aazp8RJjwAzvxWYbyeJd56G3yXmILEZUv
1443366441988247068/kLJk3yVSgu4UIpkCLYbfWXlE46lrvHAO_RqZBjEOKvXItXK2_FWKAt157ouHonIcHJlT
1029303364856730941/5bgDOuvGib8Utpb1a5C5dpIG9O43uHb8GQVteoWsH-ZFq_HeLSS0EJLzKtycrf7Rdhct
1623867196033380666/_LXvoM4SJoajNTfK6k0a33ghshcZ461dLxi-0QNRg9524B3udeL0NbLO_bIeZ5ZFYsRY
1330337309047549141/dYM9xHllul-WVOOd3Tw5pyro_6WtU3IFfPT7QA7InuIfUyIqZEWoAc1PAUJ5zSePREaM
1870839986509421847/BHMcOZuogS0qu3UuFQvGw1NdPDxQAYgZrZtFODn9NpTUvb_OGNXY0e7amrQebea1GNa3
1078623105351688242/7jlGwHCqF_MsRITiRobX-V40AbAzBoUZaUTsjfphMCUR9WM506RfpO-QHUg-NmxGf7vO
1679619459764610577/x55__dKm9_yCQMlslI9A_6bnIMY6RLcBHIVChS89eZNWkSCwHuj3zjT9i4JY86_I5-FV
1916962543838346657/oasD9VF6M7jNNTow4wKLybioBO69X9-iFHGoNGCv-Z6WJHT6xXLdo6zUeArPL1yboXaD
Discord-Info-Links
1710536897483921145/gkeOmGjmzpswspnG0-1Thv_3eC-qa2MsSkUhOy8ms8apDIMIwQgNIAj1nzflcebPQH1G
Get Webhook Infohttps://discord.com/api/webhooks/1710536897483921145/gkeOmGjmzpswspnG0-1Thv_3eC-qa2MsSkUhOy8ms8apDIMIwQgNIAj1nzflcebPQH1G
1717849993727969880/mc9WJcEAlZ03jgnm69hLtJsMIaOykr5h5AXSCUay-UJLSatgGLIFxULvfyGOcdaVZPps
Get Webhook Infohttps://discord.com/api/webhooks/1717849993727969880/mc9WJcEAlZ03jgnm69hLtJsMIaOykr5h5AXSCUay-UJLSatgGLIFxULvfyGOcdaVZPps
1121185123822412395/fWm1TNU52pgGmQcS6ZTN3WZJz9Lc5dfJh9BOOdfOZx-rE4w9rjSlKsFLUb25thcqs6cH
Get Webhook Infohttps://discord.com/api/webhooks/1121185123822412395/fWm1TNU52pgGmQcS6ZTN3WZJz9Lc5dfJh9BOOdfOZx-rE4w9rjSlKsFLUb25thcqs6cH
1952616674381445522/a4bi-PJucZZdQo18xm5R57doEbJGugWO5oxDGCbNUvYOTODBnKG7F7D6Z9cNEIxnvrpw
Get Webhook Infohttps://discord.com/api/webhooks/1952616674381445522/a4bi-PJucZZdQo18xm5R57doEbJGugWO5oxDGCbNUvYOTODBnKG7F7D6Z9cNEIxnvrpw
1737210013703409678/wRO8ya23nx4ZlyE6Zct-mP294VOHo87yde7cHEbydQ6Ti6FqxY8oYZPco9ZtL9QZnE8X
Get Webhook Infohttps://discord.com/api/webhooks/1737210013703409678/wRO8ya23nx4ZlyE6Zct-mP294VOHo87yde7cHEbydQ6Ti6FqxY8oYZPco9ZtL9QZnE8X
1883791163292239760/IldB93mT7ZwltRAPYoMoiAJ2265lth2kMOo7M5vTYNgRBbq_tzScmwiDgXz8Kh_huKI7
Get Webhook Infohttps://discord.com/api/webhooks/1883791163292239760/IldB93mT7ZwltRAPYoMoiAJ2265lth2kMOo7M5vTYNgRBbq_tzScmwiDgXz8Kh_huKI7
1519442486964307946/wglg611ySg9J-t-_XLErZhMB1lCUvk5EMwPB4hQsnPvNmFoK2wRSQKZGdMHRR8IeSmg8
Get Webhook Infohttps://discord.com/api/webhooks/1519442486964307946/wglg611ySg9J-t-_XLErZhMB1lCUvk5EMwPB4hQsnPvNmFoK2wRSQKZGdMHRR8IeSmg8
1285718609958585336/HA-Tp0QFc0qRHFWxEFs4H8VPKNfAON7ciI6q2PLvTKDECQBQoyb5MudmeaWaX9CRMttY
Get Webhook Infohttps://discord.com/api/webhooks/1285718609958585336/HA-Tp0QFc0qRHFWxEFs4H8VPKNfAON7ciI6q2PLvTKDECQBQoyb5MudmeaWaX9CRMttY
1260671451112553248/dT0V2aI9birFM4CeOQWiPwOGycwmH9xgfJXldQ39nssUQq5BWhIIMnTPOynJVxn0dDQ-
Get Webhook Infohttps://discord.com/api/webhooks/1260671451112553248/dT0V2aI9birFM4CeOQWiPwOGycwmH9xgfJXldQ39nssUQq5BWhIIMnTPOynJVxn0dDQ-
1225585087540959020/atj2vPdvZvgnJYvoa2uyrc-LntRpZ75a2gHGmyfcb-muKiVOVGrOcRDw4o5AVC1jEtDB
Get Webhook Infohttps://discord.com/api/webhooks/1225585087540959020/atj2vPdvZvgnJYvoa2uyrc-LntRpZ75a2gHGmyfcb-muKiVOVGrOcRDw4o5AVC1jEtDB
1366762430006267249/l6lfh1fP7kfsh1oTcy_JZPN4ptGceof-3g_XZtaLQOtOZ5uDVwcdjpaTYgYzP7H6bC1Y
Get Webhook Infohttps://discord.com/api/webhooks/1366762430006267249/l6lfh1fP7kfsh1oTcy_JZPN4ptGceof-3g_XZtaLQOtOZ5uDVwcdjpaTYgYzP7H6bC1Y
1279013112748486556/gxf7YQvLxWeBUZG4lu4NmS4TaCRYvSkdrb9RHCJh_Duo7rUwZhyhvvpCpJAtHD9L-R-a
Get Webhook Infohttps://discord.com/api/webhooks/1279013112748486556/gxf7YQvLxWeBUZG4lu4NmS4TaCRYvSkdrb9RHCJh_Duo7rUwZhyhvvpCpJAtHD9L-R-a
1696444545273607323/DczFPBWa-3RTF40z-23qHLWcv6OHGlW6DcLF8zG8TKyAyXa0JQ_OwBuW90Ik-_Zwy2mx
Get Webhook Infohttps://discord.com/api/webhooks/1696444545273607323/DczFPBWa-3RTF40z-23qHLWcv6OHGlW6DcLF8zG8TKyAyXa0JQ_OwBuW90Ik-_Zwy2mx
1266587026014834811/BxpFJ4HBB8z9tFiZa0O0zFrC4yXX7Bm1z7SE_5_34LWv_bRj9MRP99L0YiJOOjFdOnvC
Get Webhook Infohttps://discord.com/api/webhooks/1266587026014834811/BxpFJ4HBB8z9tFiZa0O0zFrC4yXX7Bm1z7SE_5_34LWv_bRj9MRP99L0YiJOOjFdOnvC
1363257577908907052/su6vW7yf6M5gMuJ7vnbwZNYDfCdQNuIMANkzaTlPpqaTJ9rnwnJK0LD2UP1dhV5IPc-a
Get Webhook Infohttps://discord.com/api/webhooks/1363257577908907052/su6vW7yf6M5gMuJ7vnbwZNYDfCdQNuIMANkzaTlPpqaTJ9rnwnJK0LD2UP1dhV5IPc-a
1089580632719097801/lsRAlQqRoYTYa_Dx18T3dEUXqyRVbRkmHXZV6vGbAYTqH4rF0nyrW4uyKMkE3VDwrztI
Get Webhook Infohttps://discord.com/api/webhooks/1089580632719097801/lsRAlQqRoYTYa_Dx18T3dEUXqyRVbRkmHXZV6vGbAYTqH4rF0nyrW4uyKMkE3VDwrztI
1992452604280990250/xK0sr1eQUpcmC6oxSKRppM-aNKeW4xp6qu9fdnZ4myDNpVPOXPzmbcVYNptk_Fv8cjXF
Get Webhook Infohttps://discord.com/api/webhooks/1992452604280990250/xK0sr1eQUpcmC6oxSKRppM-aNKeW4xp6qu9fdnZ4myDNpVPOXPzmbcVYNptk_Fv8cjXF
1597296022210320237/lTtcYfkavG5h6H_-sSgWeQErME50w_jf7FNDLNQJrloc2JXo-GbPKk42RFDeFu2xSzjm
Get Webhook Infohttps://discord.com/api/webhooks/1597296022210320237/lTtcYfkavG5h6H_-sSgWeQErME50w_jf7FNDLNQJrloc2JXo-GbPKk42RFDeFu2xSzjm
1818875091956092023/ODVtE027KDEuFTf68pVf_U3a475xnqvSG4pOrPCurTbb7p2zolJz_WIloflxWOFrnOBp
Get Webhook Infohttps://discord.com/api/webhooks/1818875091956092023/ODVtE027KDEuFTf68pVf_U3a475xnqvSG4pOrPCurTbb7p2zolJz_WIloflxWOFrnOBp
1587314662780104612/dFmDpHrE12KGdZZgf26A0wHdsq8r0zWBOtEZyOMVcWSyFXw3ZCzLcuJteVLPXGtMi4vo
Get Webhook Infohttps://discord.com/api/webhooks/1587314662780104612/dFmDpHrE12KGdZZgf26A0wHdsq8r0zWBOtEZyOMVcWSyFXw3ZCzLcuJteVLPXGtMi4vo
1916615078560787761/qBG04QhzB60Htp1n7HOsxFB3PeGslAbZ322t6-UDZbN2ma8KUE79BalPArVTLO-j_gb6
Get Webhook Infohttps://discord.com/api/webhooks/1916615078560787761/qBG04QhzB60Htp1n7HOsxFB3PeGslAbZ322t6-UDZbN2ma8KUE79BalPArVTLO-j_gb6
1449023134272397896/JKi2RQ3DCmCjD5cwssNbluT21Cdv2bqOZq9D2JhDQpJTRWPmRmqAx_FzPG_bI5UOxDf-
Get Webhook Infohttps://discord.com/api/webhooks/1449023134272397896/JKi2RQ3DCmCjD5cwssNbluT21Cdv2bqOZq9D2JhDQpJTRWPmRmqAx_FzPG_bI5UOxDf-
1137372444362865132/i99yhr11mM45d9k-vDXsGd5iPKdH3OeRVnn6wClQlpCEHBBeu4k2u_R3h_dEly_bsRN4
Get Webhook Infohttps://discord.com/api/webhooks/1137372444362865132/i99yhr11mM45d9k-vDXsGd5iPKdH3OeRVnn6wClQlpCEHBBeu4k2u_R3h_dEly_bsRN4
1717585716512267602/fnTPC7VVk_LS8VahPFLaO35UdQiYXKRYZuNFuVQIeEBNtNZnGaq7iW_SZKQ3XAc2Se04
Get Webhook Infohttps://discord.com/api/webhooks/1717585716512267602/fnTPC7VVk_LS8VahPFLaO35UdQiYXKRYZuNFuVQIeEBNtNZnGaq7iW_SZKQ3XAc2Se04
1582936744809549519/XaHVmtTFFKJBd6_t4V2VUrvrD6KPDHVwQ4odQVJOfUkAAdw3XVvjs3horTYLNadidd8o
Get Webhook Infohttps://discord.com/api/webhooks/1582936744809549519/XaHVmtTFFKJBd6_t4V2VUrvrD6KPDHVwQ4odQVJOfUkAAdw3XVvjs3horTYLNadidd8o
1535158296695607649/UV54ZzI0u1IFxw0e7d4yXZTemd1UUrCBg18P9618tqallz_Whwl9sGAuvYGgPyk36Soh
Get Webhook Infohttps://discord.com/api/webhooks/1535158296695607649/UV54ZzI0u1IFxw0e7d4yXZTemd1UUrCBg18P9618tqallz_Whwl9sGAuvYGgPyk36Soh
1960523010915179942/656cBEoVZWMXVmSvN_NlVZrDXS-w-x-u33fIWHrvHG1Y4g6OaH5NNhS7BYC_4aaURbgO
Get Webhook Infohttps://discord.com/api/webhooks/1960523010915179942/656cBEoVZWMXVmSvN_NlVZrDXS-w-x-u33fIWHrvHG1Y4g6OaH5NNhS7BYC_4aaURbgO
1634652365062157637/n4ALnqrWpwV-h1n_0R0clT5HCShO9PZkfgHvmjAtWBcopYQhDeHvhEi3DWZZpM3xPCIH
Get Webhook Infohttps://discord.com/api/webhooks/1634652365062157637/n4ALnqrWpwV-h1n_0R0clT5HCShO9PZkfgHvmjAtWBcopYQhDeHvhEi3DWZZpM3xPCIH
1767888817731514141/HbgINMuvAg_cBVEJX5pqqxozvvzoipjy7zhybGerhFET-YMSzchuvw4Y3ohPg36qR6BB
Get Webhook Infohttps://discord.com/api/webhooks/1767888817731514141/HbgINMuvAg_cBVEJX5pqqxozvvzoipjy7zhybGerhFET-YMSzchuvw4Y3ohPg36qR6BB
1401016275933588198/8B_TIgA32x7UpBz2Z2BwDVeEVMXBnOubo_gabpGFr0fpRoBOxSym3GkpLEPn7sboNq9t
Get Webhook Infohttps://discord.com/api/webhooks/1401016275933588198/8B_TIgA32x7UpBz2Z2BwDVeEVMXBnOubo_gabpGFr0fpRoBOxSym3GkpLEPn7sboNq9t
1818939455874683151/svcmKdvHsJZ4S3Uu7IrsbDQj86uJ7z7dyWe7gH21K3mFCbCvrF5trjQDi17ngpxeqotT
Get Webhook Infohttps://discord.com/api/webhooks/1818939455874683151/svcmKdvHsJZ4S3Uu7IrsbDQj86uJ7z7dyWe7gH21K3mFCbCvrF5trjQDi17ngpxeqotT
1121045684663059367/vSXkMCkmooFdkImfHlhidQt16e60y2iSerUouFfOZFKz7Vd6H9JLDPb5baMGho0qD9dY
Get Webhook Infohttps://discord.com/api/webhooks/1121045684663059367/vSXkMCkmooFdkImfHlhidQt16e60y2iSerUouFfOZFKz7Vd6H9JLDPb5baMGho0qD9dY
1525190933821991064/6gV_VZs2akChv0aQNrkd3JWVNxK4dBOlQvlyy-iMfeWMmlaLOKEIUJ2lXvgHeAYpjYAc
Get Webhook Infohttps://discord.com/api/webhooks/1525190933821991064/6gV_VZs2akChv0aQNrkd3JWVNxK4dBOlQvlyy-iMfeWMmlaLOKEIUJ2lXvgHeAYpjYAc
1350080844794590025/natsHzvYyOyuf6EIIDFD4FCoB5mS8qfepzd4HgF--9t8ZFaJURxntcAyqdBIjl2sOZ-w
Get Webhook Infohttps://discord.com/api/webhooks/1350080844794590025/natsHzvYyOyuf6EIIDFD4FCoB5mS8qfepzd4HgF--9t8ZFaJURxntcAyqdBIjl2sOZ-w
1197529181669992736/eLmBd9dJkeC99MPtdwrpW4zLcQgOm5dr4pcNEJb56pCioXp1YJwj0CnQbnbpvfcoxhCr
Get Webhook Infohttps://discord.com/api/webhooks/1197529181669992736/eLmBd9dJkeC99MPtdwrpW4zLcQgOm5dr4pcNEJb56pCioXp1YJwj0CnQbnbpvfcoxhCr
1571767908108750866/2D2jGOYbfJbJOKqkdoKKu07rmzUt-gT0raw_-sKBjDCCpzbEtvd_tiLOOP00J05KzhfF
Get Webhook Infohttps://discord.com/api/webhooks/1571767908108750866/2D2jGOYbfJbJOKqkdoKKu07rmzUt-gT0raw_-sKBjDCCpzbEtvd_tiLOOP00J05KzhfF
1494012705386405384/iNmutOpZEtgHI3TyqmquOerBlGFxNQcJGPIn8kBMHVCfJ35WjSxIeH0NB5c9OZxpTJ8b
Get Webhook Infohttps://discord.com/api/webhooks/1494012705386405384/iNmutOpZEtgHI3TyqmquOerBlGFxNQcJGPIn8kBMHVCfJ35WjSxIeH0NB5c9OZxpTJ8b
1787978983805896064/27RY9VP9QXOxZf89C8WuxjXoLwu4RZFxxBAWM-hu3aHKE76VQOzUxjaMz0qJzB16Q0th
Get Webhook Infohttps://discord.com/api/webhooks/1787978983805896064/27RY9VP9QXOxZf89C8WuxjXoLwu4RZFxxBAWM-hu3aHKE76VQOzUxjaMz0qJzB16Q0th
1218257292039600183/4VZFPIM4R02FLnNswA6JTh-Y6_HRIZfPMJtjBFoBoSxGZdOfWNRD6Z4Ghd97kuAjVzW-
Get Webhook Infohttps://discord.com/api/webhooks/1218257292039600183/4VZFPIM4R02FLnNswA6JTh-Y6_HRIZfPMJtjBFoBoSxGZdOfWNRD6Z4Ghd97kuAjVzW-
1681120183670554076/Nr0geteIqSQktCJGR1zm85l0zdF3qCbVM0J_lHczrhuMnwkFkZi1oYIR1HpFdX6PCQoz
Get Webhook Infohttps://discord.com/api/webhooks/1681120183670554076/Nr0geteIqSQktCJGR1zm85l0zdF3qCbVM0J_lHczrhuMnwkFkZi1oYIR1HpFdX6PCQoz
1831055628790426322/6ycmladzvJy9cZOTXEdEvF8iTMzX7C3Lv-sTCNEUs-BMDEPJAYu-su93KGS2iR7Bhx5j
Get Webhook Infohttps://discord.com/api/webhooks/1831055628790426322/6ycmladzvJy9cZOTXEdEvF8iTMzX7C3Lv-sTCNEUs-BMDEPJAYu-su93KGS2iR7Bhx5j
1924877828657286454/NlSKpV5G1XDF6GiEOoWo7t89xLl7iqARSpi1Kro2L-1A0aiRQt7XcICvn3ksfuoIpWky
Get Webhook Infohttps://discord.com/api/webhooks/1924877828657286454/NlSKpV5G1XDF6GiEOoWo7t89xLl7iqARSpi1Kro2L-1A0aiRQt7XcICvn3ksfuoIpWky
1786528053127740144/eBdWfRhQhm_X21-zuDderlk6YG-HCbMmXWOmyFI78OSvVOx-hUmS8EfESDcYjluY0tDQ
Get Webhook Infohttps://discord.com/api/webhooks/1786528053127740144/eBdWfRhQhm_X21-zuDderlk6YG-HCbMmXWOmyFI78OSvVOx-hUmS8EfESDcYjluY0tDQ
1561004944922566872/MHrp0HDt5jg_m2a4AhW8BNABEsWOqTnuS5g9JEhsfe38C4ZOntDJPFSXdyYx1qCRrdPU
Get Webhook Infohttps://discord.com/api/webhooks/1561004944922566872/MHrp0HDt5jg_m2a4AhW8BNABEsWOqTnuS5g9JEhsfe38C4ZOntDJPFSXdyYx1qCRrdPU
1971934151157040025/k_XvZFEXTgh_GG6-jY43lTzxBaPRkjK8K98VxovAKJacHIdz8MjQ0UQum24zMEItI5_p
Get Webhook Infohttps://discord.com/api/webhooks/1971934151157040025/k_XvZFEXTgh_GG6-jY43lTzxBaPRkjK8K98VxovAKJacHIdz8MjQ0UQum24zMEItI5_p
1479495480039078961/fZsq3AYKkwpT6FKDcBrF1Mfhx4n_AT8Dbn06OBLsuPkXN0PNHLHYK9huMyNf0FTZdvfz
Get Webhook Infohttps://discord.com/api/webhooks/1479495480039078961/fZsq3AYKkwpT6FKDcBrF1Mfhx4n_AT8Dbn06OBLsuPkXN0PNHLHYK9huMyNf0FTZdvfz
1652116300328406265/sWA2Uy-5pncpTLYSOdM7oEoUodNg5_LvyU6bFzGzju3OqgAbzQQx6WPOFxDsORH3RYEb
Get Webhook Infohttps://discord.com/api/webhooks/1652116300328406265/sWA2Uy-5pncpTLYSOdM7oEoUodNg5_LvyU6bFzGzju3OqgAbzQQx6WPOFxDsORH3RYEb
1505050397739219522/9lDSr2yC6FeYsgwANPmSPUung-IjAzA1haXU6rGC64mFnZjYzwpq_DEkLlrWaN-GkR4D
Get Webhook Infohttps://discord.com/api/webhooks/1505050397739219522/9lDSr2yC6FeYsgwANPmSPUung-IjAzA1haXU6rGC64mFnZjYzwpq_DEkLlrWaN-GkR4D
1303479247954925644/OyyjzEAnD7V8Mip95Ms6Ip-pU01W_4DDFwknEK0iphnRDYfLmS-UYl3ADbaynhTgxrga
Get Webhook Infohttps://discord.com/api/webhooks/1303479247954925644/OyyjzEAnD7V8Mip95Ms6Ip-pU01W_4DDFwknEK0iphnRDYfLmS-UYl3ADbaynhTgxrga
1250380213089475419/QjvhKwDJhHfBTh4R0HstxT3TqnVEQQCh6g7FuD2cyoCz3L8SKQd0yKEdUi4uHpzNVCGv
Get Webhook Infohttps://discord.com/api/webhooks/1250380213089475419/QjvhKwDJhHfBTh4R0HstxT3TqnVEQQCh6g7FuD2cyoCz3L8SKQd0yKEdUi4uHpzNVCGv
1977180672624147201/inpLmMCCRc__CuTx21vTPwrxEOts18NS8S82JrkmXDA5rC8k2F8ZCRX0Xzx9zjky3mWn
Get Webhook Infohttps://discord.com/api/webhooks/1977180672624147201/inpLmMCCRc__CuTx21vTPwrxEOts18NS8S82JrkmXDA5rC8k2F8ZCRX0Xzx9zjky3mWn
1216104401231931825/wJp5Z9IhUI5H7PMqE7wWCdS4p1gK_Gfz56eGToZvH0zeOZgcrEEet5rtdB0LsfkwQwkG
Get Webhook Infohttps://discord.com/api/webhooks/1216104401231931825/wJp5Z9IhUI5H7PMqE7wWCdS4p1gK_Gfz56eGToZvH0zeOZgcrEEet5rtdB0LsfkwQwkG
1181531646170793923/Y3Qv3nST6dxOQWW7nAyo4csSVc3cmN4jzXKcFBibOsa-DfBM4gG4AlNHnM7ERVBZtkRB
Get Webhook Infohttps://discord.com/api/webhooks/1181531646170793923/Y3Qv3nST6dxOQWW7nAyo4csSVc3cmN4jzXKcFBibOsa-DfBM4gG4AlNHnM7ERVBZtkRB
1489404916352672292/9XmEqOYMOojdHZKpgV78a4gIGk4pwVVVTsqs-prJqeOw017hcoLoGDUJnXhZNWxupIdM
Get Webhook Infohttps://discord.com/api/webhooks/1489404916352672292/9XmEqOYMOojdHZKpgV78a4gIGk4pwVVVTsqs-prJqeOw017hcoLoGDUJnXhZNWxupIdM
1710691874562947422/nEZq-BhJun0OO58YZry4TkKOsMEf8KdEMGaCQhmS4PUmdwQvXwKwRcoeMpS2mK4k1if3
Get Webhook Infohttps://discord.com/api/webhooks/1710691874562947422/nEZq-BhJun0OO58YZry4TkKOsMEf8KdEMGaCQhmS4PUmdwQvXwKwRcoeMpS2mK4k1if3
1696526068324069458/vGVlFfoX_WhnKT2y68Td84DwYW-NOdysq_-aazp8RJjwAzvxWYbyeJd56G3yXmILEZUv
Get Webhook Infohttps://discord.com/api/webhooks/1696526068324069458/vGVlFfoX_WhnKT2y68Td84DwYW-NOdysq_-aazp8RJjwAzvxWYbyeJd56G3yXmILEZUv
1443366441988247068/kLJk3yVSgu4UIpkCLYbfWXlE46lrvHAO_RqZBjEOKvXItXK2_FWKAt157ouHonIcHJlT
Get Webhook Infohttps://discord.com/api/webhooks/1443366441988247068/kLJk3yVSgu4UIpkCLYbfWXlE46lrvHAO_RqZBjEOKvXItXK2_FWKAt157ouHonIcHJlT
1029303364856730941/5bgDOuvGib8Utpb1a5C5dpIG9O43uHb8GQVteoWsH-ZFq_HeLSS0EJLzKtycrf7Rdhct
Get Webhook Infohttps://discord.com/api/webhooks/1029303364856730941/5bgDOuvGib8Utpb1a5C5dpIG9O43uHb8GQVteoWsH-ZFq_HeLSS0EJLzKtycrf7Rdhct
1623867196033380666/_LXvoM4SJoajNTfK6k0a33ghshcZ461dLxi-0QNRg9524B3udeL0NbLO_bIeZ5ZFYsRY
Get Webhook Infohttps://discord.com/api/webhooks/1623867196033380666/_LXvoM4SJoajNTfK6k0a33ghshcZ461dLxi-0QNRg9524B3udeL0NbLO_bIeZ5ZFYsRY
1330337309047549141/dYM9xHllul-WVOOd3Tw5pyro_6WtU3IFfPT7QA7InuIfUyIqZEWoAc1PAUJ5zSePREaM
Get Webhook Infohttps://discord.com/api/webhooks/1330337309047549141/dYM9xHllul-WVOOd3Tw5pyro_6WtU3IFfPT7QA7InuIfUyIqZEWoAc1PAUJ5zSePREaM
1870839986509421847/BHMcOZuogS0qu3UuFQvGw1NdPDxQAYgZrZtFODn9NpTUvb_OGNXY0e7amrQebea1GNa3
Get Webhook Infohttps://discord.com/api/webhooks/1870839986509421847/BHMcOZuogS0qu3UuFQvGw1NdPDxQAYgZrZtFODn9NpTUvb_OGNXY0e7amrQebea1GNa3
1078623105351688242/7jlGwHCqF_MsRITiRobX-V40AbAzBoUZaUTsjfphMCUR9WM506RfpO-QHUg-NmxGf7vO
Get Webhook Infohttps://discord.com/api/webhooks/1078623105351688242/7jlGwHCqF_MsRITiRobX-V40AbAzBoUZaUTsjfphMCUR9WM506RfpO-QHUg-NmxGf7vO
1679619459764610577/x55__dKm9_yCQMlslI9A_6bnIMY6RLcBHIVChS89eZNWkSCwHuj3zjT9i4JY86_I5-FV
Get Webhook Infohttps://discord.com/api/webhooks/1679619459764610577/x55__dKm9_yCQMlslI9A_6bnIMY6RLcBHIVChS89eZNWkSCwHuj3zjT9i4JY86_I5-FV
1916962543838346657/oasD9VF6M7jNNTow4wKLybioBO69X9-iFHGoNGCv-Z6WJHT6xXLdo6zUeArPL1yboXaD
Get Webhook Infohttps://discord.com/api/webhooks/1916962543838346657/oasD9VF6M7jNNTow4wKLybioBO69X9-iFHGoNGCv-Z6WJHT6xXLdo6zUeArPL1yboXaD
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
23
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs THREAT ixware.exe THREAT ixware.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs sppextcomobj.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
644"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4728 --field-trial-handle=1896,i,5494958871958777155,2190915397506468061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1020"C:\Program Files\Google\Chrome\Application\chrome.exe" --disk-cache-dir=null --disk-cache-size=1 --media-cache-size=1 --disable-gpu-shader-disk-cache --disable-background-networking --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints "https://github.com/Cookie-Logger/IXWare-Image-Logger/raw/refs/heads/main/IXWare.exe"C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1084"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5364 --field-trial-handle=1896,i,5494958871958777155,2190915397506468061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1288\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2540C:\WINDOWS\system32\cmd.exe /c "ver"C:\Windows\System32\cmd.exeIXWare.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2584"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=4648 --field-trial-handle=1896,i,5494958871958777155,2190915397506468061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2944wmic path softwarelicensingservice get OA3xOriginalProductKeyC:\Windows\System32\wbem\WMIC.exeIXWare.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
3464"C:\Users\admin\Downloads\IXWare.exe" C:\Users\admin\Downloads\IXWare.exe
chrome.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\downloads\ixware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4296\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4492"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2180 --field-trial-handle=1896,i,5494958871958777155,2190915397506468061,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
Total events
4 684
Read events
4 678
Write events
6
Delete events
0

Modification events

(PID) Process:(1020) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(1020) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1020) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(1020) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(1020) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(1084) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
010000000000000035BF3BFE4B0EDB01
Executable files
87
Suspicious files
33
Text files
37
Unknown types
2

Dropped files

PID
Process
Filename
Type
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF1fb956.TMP
MD5:
SHA256:
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF1fb956.TMP
MD5:
SHA256:
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
1020chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF1fb937.TMPtext
MD5:8F45965291AB2DA10EEB049FB6E917C6
SHA256:8A0DE526945B27CDBBD87357C85FDDD37B572370F894CB0A5AC533FD465D2166
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
36
DNS requests
27
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6604
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6584
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4048
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6584
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
3800
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6604
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
40.79.189.58:443
MICROSOFT-CORP-MSN-AS-BLOCK
JP
whitelisted
92.123.104.36:443
Akamai International B.V.
DE
unknown
3888
svchost.exe
239.255.255.250:1900
whitelisted
7160
chrome.exe
142.250.110.84:443
accounts.google.com
GOOGLE
US
whitelisted
1020
chrome.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 52.185.211.133
  • 51.104.136.2
  • 20.73.194.208
whitelisted
google.com
  • 172.217.18.14
whitelisted
github.com
  • 140.82.121.3
shared
accounts.google.com
  • 142.250.110.84
whitelisted
raw.githubusercontent.com
  • 185.199.110.133
  • 185.199.111.133
  • 185.199.108.133
  • 185.199.109.133
shared
www.microsoft.com
  • 95.101.149.131
whitelisted
www.google.com
  • 172.217.16.196
whitelisted
sb-ssl.google.com
  • 216.58.206.46
whitelisted
login.live.com
  • 40.126.32.74
  • 20.190.160.22
  • 40.126.32.76
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.134
  • 20.190.160.20
  • 40.126.32.68
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

PID
Process
Class
Message
7160
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
7160
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/Cookie-Logger/IXWare-Image-Logger/raw/refs/heads/main/IXWare.exe