Analysis Date2018-04-01 13:24:29
MD5d9b31508ee47df46db71b59a8e669e84
SHA141ba953ab9ea02c6062a4ab6d31b8dad5049d3ac

Static Details:

File typeHTML document, Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
PEhash

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates File\??\Nsi
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Temp\Low
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Windows\System32\url.dll
Creates FileC:\Windows\Fonts\staticcache.dat
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0BEA96FA-357E-11E8-81D9-5254003E2481}.dat
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF64240709A11600BD.TMP
Creates FileC:\Windows\System32\ieframe.dll
Creates FileC:\Windows\System32\stdole2.tlb
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BEA96FB-357E-11E8-81D9-5254003E2481}.dat
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFCB5F6E95F358C371.TMP
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links\Suggested Sites.url
Creates FileC:\Users\Phil\Favorites\Links\Web Slice Gallery.url
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF5026401144BD9374.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFEB0F82048F4926BF.TMP
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF3496A8D598CBAECB.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF113205B1A8C07A6B.TMP
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
Creates FileC:\Users\Phil\Favorites\Links

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Windows\System32\rsaenh.dll
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Windows\AppPatch\AppPatch64\sysmain.sdb
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Windows\Media\Windows Information Bar.wav
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Windows\System32\en-US\wdmaud.drv.mui
Creates FileC:\Windows\System32\en-US\MMDevAPI.DLL.mui
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Windows\System32\en-US\MLANG.dll.mui
Creates FileC:\js\nr.css
Creates FileC:\js\jquery.min.js
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Windows\System32\en-US\jscript.dll.mui
Creates FileC:\tj\gg.js
Creates FileC:\Users\Phil\AppData\Local\js\xuanchuan\logo.jpg
Creates FileC:\images\196.jpg
Creates FileC:\images\95.jpg
Creates FileC:\images\80.jpg
Creates FileC:\images\106.jpg
Creates FileC:\images\74.jpg
Creates FileC:\images\79.jpg
Creates FileC:\images\1025.jpg
Creates FileC:\images\273.jpg
Creates FileC:\images\275.jpg
Creates FileC:\images\211.jpg
Creates FileC:\images\1471.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\191.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\0484.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\134.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\1x186.png
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\0954.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\162.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\283.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\89.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\images\263.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
Creates File\Device\Afd\Endpoint
Creates File\??\Nsi
Creates FileC:\iimages\
Creates FileC:\images\1315.jpg
Creates FileC:\images\0250.jpg
Creates FileC:\images\58.jpg
Creates FileC:\images\140.jpg
Creates FileC:\tj\tj.js
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\share[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\share[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\share[1].htm
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41ba953ab9ea02c6062a4ab6d31b8dad5049d3ac.html

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f737461 7469632f 6170692f   GET /static/api/
0x00000010 (00016)   6a732f73 68617265 2e6a733f 763d3839   js/share.js?v=89
0x00000020 (00032)   38363035 39332e6a 733f6364 6e766572   860593.js?cdnver
0x00000030 (00048)   73696f6e 3d343232 39333420 48545450   sion=422934 HTTP
0x00000040 (00064)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000050 (00080)   2a0d0a41 63636570 742d4c61 6e677561   *..Accept-Langua
0x00000060 (00096)   67653a20 656e2d55 530d0a55 7365722d   ge: en-US..User-
0x00000070 (00112)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000080 (00128)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000090 (00144)   4d534945 20382e30 3b205769 6e646f77   MSIE 8.0; Window
0x000000a0 (00160)   73204e54 20362e31 3b205769 6e36343b   s NT 6.1; Win64;
0x000000b0 (00176)   20783634 3b205472 6964656e 742f342e    x64; Trident/4.
0x000000c0 (00192)   303b202e 4e455420 434c5220 322e302e   0; .NET CLR 2.0.
0x000000d0 (00208)   35303732 373b2053 4c434332 3b202e4e   50727; SLCC2; .N
0x000000e0 (00224)   45542043 4c522033 2e352e33 30373239   ET CLR 3.5.30729
0x000000f0 (00240)   3b202e4e 45542043 4c522033 2e302e33   ; .NET CLR 3.0.3
0x00000100 (00256)   30373239 3b204d65 64696120 43656e74   0729; Media Cent
0x00000110 (00272)   65722050 4320362e 30290d0a 55412d43   er PC 6.0)..UA-C
0x00000120 (00288)   50553a20 414d4436 340d0a41 63636570   PU: AMD64..Accep
0x00000130 (00304)   742d456e 636f6469 6e673a20 677a6970   t-Encoding: gzip
0x00000140 (00320)   2c206465 666c6174 650d0a48 6f73743a   , deflate..Host:
0x00000150 (00336)   20626469 6d672e73 68617265 2e626169    bdimg.share.bai
0x00000160 (00352)   64752e63 6f6d0d0a 436f6e6e 65637469   du.com..Connecti
0x00000170 (00368)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x00000180 (00384)   0d0a                                  ..

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a653a20 656e2d55 530d0a55 7365722d   .e: en-US..User-
0x00000070 (00112)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000080 (00128)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000090 (00144)   4d534945 20382e30 3b205769 6e646f77   MSIE 8.0; Window
0x000000a0 (00160)   73204e54 20362e31 3b205769 6e36343b   s NT 6.1; Win64;
0x000000b0 (00176)   20783634 3b205472 6964656e 742f342e    x64; Trident/4.
0x000000c0 (00192)   303b202e 4e455420 434c5220 322e302e   0; .NET CLR 2.0.
0x000000d0 (00208)   35303732 373b2053 4c434332 3b202e4e   50727; SLCC2; .N
0x000000e0 (00224)   45542043 4c522033 2e352e33 30373239   ET CLR 3.5.30729
0x000000f0 (00240)   3b202e4e 45542043 4c522033 2e302e33   ; .NET CLR 3.0.3
0x00000100 (00256)   30373239 3b204d65 64696120 43656e74   0729; Media Cent
0x00000110 (00272)   65722050 4320362e 30290d0a 55412d43   er PC 6.0)..UA-C
0x00000120 (00288)   50553a20 414d4436 340d0a41 63636570   PU: AMD64..Accep
0x00000130 (00304)   742d456e 636f6469 6e673a20 677a6970   t-Encoding: gzip
0x00000140 (00320)   2c206465 666c6174 650d0a48 6f73743a   , deflate..Host:
0x00000150 (00336)   20626469 6d672e73 68617265 2e626169    bdimg.share.bai
0x00000160 (00352)   64752e63 6f6d0d0a 436f6e6e 65637469   du.com..Connecti
0x00000170 (00368)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x00000180 (00384)   0d0a                                  ..


Strings