Engine | Download Report | Detection | Info |
---|---|---|---|
|
clean
Score: 2
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
|
|
|
malicious
Score: 52
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass
|
IP | Country | Detection |
---|---|---|
191.252.51.12 | Brazil |
Name | IP | Detection |
---|---|---|
anydesk10.hospedagemdesites.ws | 191.252.51.12 |
Name | Detection |
---|---|
https://discord.com/DDiscordBot | |
https://docs.rs/getrandom#nodejs-es-module-supportCalling | |
https://discord.com/api/v10/stage-instanceshttps://discord.com/api/v10/stage-instances/ | |
Click to see the 27 hidden entries | |
http://anydesk10.hospedagemdesites.ws/UIServices.jpg-oC: | |
http://canonicalizer.ucsuri.tcs/680074007400700073003a002f002f00700069006e0067002e002e00630068006500 | |
https://discord.com/api/v10/applications//commands/ | |
https://freegeoip.app/json/ | |
http://ip-api.com/json/ | |
https://discord.com/api/v10/sticker-packshttps://discord.com/api/v10/users/ | |
https://discord.com/api/v10/channels/ | |
http://canonicalizer.ucsuri.tcs/680074007400700073003a002f002f00700069006e0067002e002e006e0061007600 | |
https://freegeoip.app/json/X | |
https://discord.com/api/v10/oauth2/applications/ | |
https://curl.se/docs/hsts.html | |
https://status.discord.com/api/v2/incidents/unresolved.jsonhttps://status.discord.com/api/v2/schedul | |
https://discord.com/api/v10/users/ | |
http://anydesk10.hospedagemdesites.ws/UIServices.jpg | |
https://ipapi.co//json/ | |
https://discord.com/api/v10/interactions//callback | |
https://discord.com/api/v10/guilds/iconbannerjoined_atstring | |
https://curl.se/docs/alt-svc.html | |
https://discord.com/ | |
https://discord.com/api/v10/voice/regionshttps://discord.com/api/v10/webhooks/ | |
http://anydesk10.hospedagemdesites.ws/UIServices.jpg-o%temp% | |
http://ipwhois.app/json/ | |
https://github.com/serenity-rs/serenity | |
https://discord.com/api/v10/guildshttps://discord.com/api/v10/invites/ | |
https://discord.com/api/v10/gatewayhttps://discord.com/api/v10/gateway/bot | |
https://curl.se/docs/http-cookies.html | |
https://api.telegram.org/bot |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\UIServices.exe (copy) |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\UIServices.exe (copy) |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\UIServices.exe (copy) |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
Click to see the 53 hidden entries | |||
C:\Windows\Temp\~DF4DE7771CC64A5A9A.TMP |
data | # | |
C:\Windows\Installer\MSIC14D.tmp |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Windows\Installer\MSIECC4.tmp |
data | # | |
C:\Windows\Installer\MSIECF4.tmp |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Windows\Installer\SourceHash{F73CE0E6-78CF-454D-9161-7ECE19A3E9D5} |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Windows\Installer\inprogressinstallinfo.ipi |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Windows\Logs\DPX\setupact.log |
CSV text | # | |
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log |
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | # | |
C:\Windows\Temp\~DF08EC10C6FA1D2184.TMP |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Windows\Temp\~DF0E992ED88844D6C1.TMP |
data | # | |
C:\Windows\Temp\~DF17A798673345C078.TMP |
data | # | |
C:\Windows\Temp\~DF25B15AEE30697DAD.TMP |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Windows\Temp\~DF36464CBF16E54E06.TMP |
data | # | |
C:\Windows\Temp\~DF49A8548405E9067B.TMP |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Windows\Installer\MSI8CB0.tmp |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Windows\Temp\~DF4F91D2AF9D4E15DB.TMP |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Windows\Temp\~DF62C5956E9BC9E586.TMP |
data | # | |
C:\Windows\Temp\~DF7B2A307C8AA17666.TMP |
data | # | |
C:\Windows\Temp\~DF83A0503CF199010F.TMP |
data | # | |
C:\Windows\Temp\~DF8F3DF616D8AE56F9.TMP |
data | # | |
C:\Windows\Temp\~DFB2ED7D6DF90FC402.TMP |
data | # | |
C:\Windows\Temp\~DFC0DF350B38604086.TMP |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Windows\Temp\~DFCBACE4E1BA405D3C.TMP |
data | # | |
C:\Windows\Temp\~DFCCBD8EB92D670390.TMP |
data | # | |
C:\Windows\Temp\~DFCE0B9ADDDB293763.TMP |
Composite Document File V2 Document, Cannot read section info | # | |
C:\Windows\Temp\~DFF7B6CD3F78D0E5AF.TMP |
data | # | |
\Device\ConDrv |
ASCII text, with CRLF, CR, LF line terminators | # | |
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\1305f6fe679b4fa294331bb6eb899bc4$dpx$.tmp\0eae52cd25d2e54183e98bebd14ba490.tmp |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MSIbc4f7.LOG |
Unicode text, UTF-16, little-endian text, with CRLF line terminators | # | |
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files.cab |
Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression | # | |
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\537a39cd2c1b400e9f1169024b13d68d$dpx$.tmp\29b46379382ed74d83879371e86987c8.tmp |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\537a39cd2c1b400e9f1169024b13d68d$dpx$.tmp\3439ecd5563108439a8db68236176daf.tmp |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\files\vcruntime140.dll (copy) |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-41c173f9-8798-494b-aa19-9db46f28a6d1\msiwrapper.ini |
data | # | |
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files.cab |
Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression | # | |
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\c52dbbfefebf4f3e88ce36e5881f78eb$dpx$.tmp\67fcf2e8352ef94eab64e4a4d4509680.tmp |
PE32+ executable (GUI) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\c52dbbfefebf4f3e88ce36e5881f78eb$dpx$.tmp\fcfd202f570ae346b7d75b811246e386.tmp |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\files\vcruntime140.dll (copy) |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-44114562-6760-4a4c-97c1-6b4491c709b3\msiwrapper.ini |
data | # | |
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files.cab |
Microsoft Cabinet archive data, many, 2465794 bytes, 2 files, at 0x2c +A "UIServices.exe" +A "vcruntime140.dll", ID 29986, number 1, 175 datablocks, 0x1503 compression | # | |
C:\Windows\Installer\MSI931A.tmp |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\1305f6fe679b4fa294331bb6eb899bc4$dpx$.tmp\30833088ae6bfb4abc107567083083c9.tmp |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\files\vcruntime140.dll (copy) |
PE32+ executable (DLL) (console) x86-64, for MS Windows | # | |
C:\Users\user\AppData\Local\Temp\MW-83846a6a-5335-49c7-a64d-3215771defa9\msiwrapper.ini |
data | # | |
C:\Users\user\AppData\Local\Temp\spclwow78x.msi |
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…) | # | |
C:\Windows\Installer\3bbba0.msi |
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…) | # | |
C:\Windows\Installer\3bbba1.msi |
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…) | # | |
C:\Windows\Installer\3bbba2.msi |
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject: (…) | # | |
C:\Windows\Installer\MSI1F1E.tmp |
data | # | |
C:\Windows\Installer\MSI1F4D.tmp |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Windows\Installer\MSI24FC.tmp |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | # | |
C:\Windows\Installer\MSI8C81.tmp |
data | # | |
C:\Users\user\AppData\Local\Temp\MSIbbb33.LOG |
Unicode text, UTF-16, little-endian text, with CRLF line terminators | # |