Engine | Download Report | Detection | Info |
---|---|---|---|
|
malicious
Score: 100
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
IP | Country | Detection |
---|---|---|
115.186.131.16 | Pakistan | |
45.137.65.132 | Netherlands |
Name | IP | Detection |
---|---|---|
boele.duckdns.org | 45.137.65.132 | |
ask6.awt.com.pk | 115.186.131.16 |
Name | Detection |
---|---|
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exeC | |
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exeS | |
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exeooC: | |
Click to see the 6 hidden entries | |
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exe | |
boele.duckdns.org | |
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exedoC: | |
http://ask6.awt.com.pk/wordpress//wp-content/stanmac2.1.exej | |
http://nsis.sf.net/NSIS_ErrorError | |
http://google.com |
Name | File Type | Hashes | Detection |
---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\stanmac2.1[1].exe |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | # | |
C:\Users\user\AppData\Roaming\word.exe |
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive | # | |
C:\Users\user\AppData\Roaming\ilkqegcy\jfcarlsrvb.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
Click to see the 15 hidden entries | |||
C:\Users\user\AppData\Local\Temp\rnixgfly.exe |
PE32 executable (GUI) Intel 80386, for MS Windows | # | |
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat |
data | # | |
C:\Users\user\Desktop\~$ote No 2118013.doc |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
Generic INItialization configuration [doc] | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Quote No 2118013.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:45:59 2022, mtime=Tue Mar 8 15:45:59 2022, atime=Thu Feb 2 05:33:18 2023, length=715212, window=hide | # | |
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\storage.dat |
data | # | |
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\settings.bin |
data | # | |
C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\catalog.dat |
data | # | |
C:\Users\user\AppData\Local\Temp\vvnwaf.f |
data | # | |
C:\Users\user\AppData\Local\Temp\somvwkehjlp.rt |
data | # | |
C:\Users\user\AppData\Local\Temp\nsl3E1A.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E00A286F-D9E2-457B-B119-BAD556F2C91B}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D6D5F209-138C-443D-8A21-E23B722EB3AB}.tmp |
data | # | |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{0A4B3911-FEFD-4AA5-A41A-6550C2F96D9E}.tmp |
data | # |