Analysis Date2018-03-17 13:21:50
MD56f50c59e7d5ede0e94de7992394591cf
SHA190038b876eec0d3d7ae610a2066455064337b629

Static Details:

AVArcabit (arcavir)No Virus
AVAuthentiumNo Virus
AVGrisoft (avg)No Virus
AVAvira (antivir)No Virus
AVAlwil (avast)No Virus
AVAd-AwareNo Virus
AVBitDefenderNo Virus
AVBullGuardNo Virus
AVClamAVError Scanning File
AVDr. WebNo Virus
AVEmsisoftNo Virus
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)Error Scanning File
AVFortinetNo Virus
AVFrisk (f-prot)No Virus
AVF-SecureNo Virus
AVIkarusError Scanning File
AVK7No Virus
AVKasperskyNo Virus
AVMalwareBytesNo Virus
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANONo Virus
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates File\??\Nsi
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Temp\Low
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Windows\System32\url.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8604458-2999-11E8-91C4-52540061CBA8}.dat
Creates FileC:\Windows\Fonts\staticcache.dat
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF64791F52C174F6FF.TMP
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FEC16F28-2999-11E8-91C4-52540061CBA8}.dat
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFBA2720D8047EF86E.TMP
Creates FileC:\Windows\System32\ieframe.dll
Creates FileC:\Windows\System32\stdole2.tlb
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\Suggested Sites.url
Creates FileC:\Users\Phil\Favorites\Links\Web Slice Gallery.url
Creates FileC:\Users\Phil\Favorites\Links for United States\GobiernoUSA.gov.url
Creates FileC:\Users\Phil\Favorites\Links for United States\USA.gov.url
Creates FileC:\Users\Phil\Favorites\Microsoft Websites\IE Add-on site.url
Creates FileC:\Users\Phil\Favorites\Microsoft Websites\IE site on Microsoft.com.url
Creates FileC:\Users\Phil\Favorites\Microsoft Websites\Microsoft At Home.url
Creates FileC:\Users\Phil\Favorites\Microsoft Websites\Microsoft At Work.url
Creates FileC:\Users\Phil\Favorites\Microsoft Websites\Microsoft Store.url
Creates FileC:\Users\Phil\Favorites\MSN Websites\MSN Autos.url
Creates FileC:\Users\Phil\Favorites\MSN Websites\MSN Entertainment.url
Creates FileC:\Users\Phil\Favorites\MSN Websites\MSN Money.url
Creates FileC:\Users\Phil\Favorites\MSN Websites\MSN Sports.url
Creates FileC:\Users\Phil\Favorites\MSN Websites\MSN.url
Creates FileC:\Users\Phil\Favorites\MSN Websites\MSNBC News.url
Creates FileC:\Users\Phil\Favorites\Windows Live\Get Windows Live.url
Creates FileC:\Users\Phil\Favorites\Windows Live\Windows Live Gallery.url
Creates FileC:\Users\Phil\Favorites\Windows Live\Windows Live Mail.url
Creates FileC:\Users\Phil\Favorites\Windows Live\Windows Live Spaces.url
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil\Favorites\Links\Suggested Sites.url
Creates FileC:\Windows\System32\url.dll
Creates FileC:\Users\Phil\Favorites\Links\Web Slice Gallery.url
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STN7NUQY\favicon[1].ico
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\Windows\System32\rsaenh.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Windows\AppPatch\AppPatch64\sysmain.sdb
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\Windows\Media\Windows Information Bar.wav
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Windows\System32\en-US\wdmaud.drv.mui
Creates FileC:\Windows\System32\en-US\MMDevAPI.DLL.mui
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates File\??\Nsi
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\css[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\css[1].htm
Creates FileC:\site_templates\template2\assets_template\dist\css\bootstrap.css
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\site_templates\template2\assets_template\font-awesome\css\font-awesome.css
Creates FileC:\site_templates\template2\assets_template\css\style.css
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\site_templates\template2\assets_template\assets\js\jquery.js
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\Windows\System32\en-US\jscript.dll.mui
Creates FileC:\site_templates\template2\assets_template\dist\js\bootstrap.js
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\css[1].htm
Creates FileC:\uploads\site\15\site_config\logo\0c42b6de1c65ca58a7b09b71e12b8eb82ef9b418.gif
Creates FileC:\uploads\site\15\site_config\header\827d847355f5bbd76ff570f116bf37d85e9df0a0.jpg
Creates FileC:\cache\images\c\d\0\a\3\cd0a354ec56a117bd53430009fff7c1c936e4f61.jpg
Creates FileC:\cache\images\7\a\1\4\b\7a14b827c5050595c6ffa10ef2532a713d9c6704.jpg
Creates FileC:\cache\images\f\b\7\0\4\fb704468ff827f67bba694696326cb90f6c9b98e.jpg
Creates FileC:\cache\images\8\4\d\3\9\84d39817938f40325ec019386357aa1b883686cc.jpg
Creates FileC:\cache\images\8\6\f\e\5\86fe57311eeeb028967f871db2522ceca1a06c37.jpg
Creates FileC:\cache\images\9\d\b\d\a\9dbda948fc234bd865fb365e5e4823ea939a1271.jpg
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STN7NUQY\homostat[1].jpg
Creates FileC:\Windows\System32\en-US\MLANG.dll.mui
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\Users\Phil\AppData\Local\Temp\90038b876eec0d3d7ae610a2066455064337b629.html
Creates FileC:\uploads\banner\name.jpg
Creates FileC:\uploads\banner\2d3d3_8.png
Creates FileC:\uploads\users\87\images\Untitled.png
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018030520180306\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018030520180312\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018030520180312\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018030520180312\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018031720180318\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018031720180318\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018031720180318\index.dat
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f637373 3f66616d 696c793d   GET /css?family=
0x00000010 (00016)   4f70656e 2b53616e 732b436f 6e64656e   Open+Sans+Conden
0x00000020 (00032)   7365643a 3330302c 33303069 74616c69   sed:300,300itali
0x00000030 (00048)   632c3730 30267375 62736574 3d6c6174   c,700&subset=lat
0x00000040 (00064)   696e2c63 7972696c 6c69632d 6578742c   in,cyrillic-ext,
0x00000050 (00080)   63797269 6c6c6963 20485454 502f312e   cyrillic HTTP/1.
0x00000060 (00096)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000070 (00112)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000080 (00128)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000090 (00144)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x000000a0 (00160)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x000000b0 (00176)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x000000c0 (00192)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x000000d0 (00208)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000e0 (00224)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000f0 (00240)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x00000100 (00256)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x00000110 (00272)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x00000120 (00288)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x00000130 (00304)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000140 (00320)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000150 (00336)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000160 (00352)   65666c61 74650d0a 486f7374 3a20666f   eflate..Host: fo
0x00000170 (00368)   6e74732e 676f6f67 6c656170 69732e63   nts.googleapis.c
0x00000180 (00384)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000190 (00400)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f637373 3f66616d 696c793d   GET /css?family=
0x00000010 (00016)   4f70656e 2b53616e 732b436f 6e64656e   Open+Sans+Conden
0x00000020 (00032)   7365643a 3330302c 33303069 74616c69   sed:300,300itali
0x00000030 (00048)   632c3730 30267375 62736574 3d6c6174   c,700&subset=lat
0x00000040 (00064)   696e2c63 7972696c 6c69632d 6578742c   in,cyrillic-ext,
0x00000050 (00080)   63797269 6c6c6963 20485454 502f312e   cyrillic HTTP/1.
0x00000060 (00096)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000070 (00112)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000080 (00128)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000090 (00144)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x000000a0 (00160)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x000000b0 (00176)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x000000c0 (00192)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x000000d0 (00208)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000e0 (00224)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000f0 (00240)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x00000100 (00256)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x00000110 (00272)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x00000120 (00288)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x00000130 (00304)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000140 (00320)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000150 (00336)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000160 (00352)   65666c61 74650d0a 486f7374 3a20666f   eflate..Host: fo
0x00000170 (00368)   6e74732e 676f6f67 6c656170 69732e63   nts.googleapis.c
0x00000180 (00384)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000190 (00400)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a0d0a41 63636570 743a202a 2f2a0d0a   ...Accept: */*..
0x00000070 (00112)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000080 (00128)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000090 (00144)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x000000a0 (00160)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x000000b0 (00176)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x000000c0 (00192)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x000000d0 (00208)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000e0 (00224)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000f0 (00240)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x00000100 (00256)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x00000110 (00272)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x00000120 (00288)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x00000130 (00304)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000140 (00320)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000150 (00336)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000160 (00352)   65666c61 74650d0a 486f7374 3a20666f   eflate..Host: fo
0x00000170 (00368)   6e74732e 676f6f67 6c656170 69732e63   nts.googleapis.c
0x00000180 (00384)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000190 (00400)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f696d61 6765732f 686f6d6f   GET /images/homo
0x00000010 (00016)   73746174 2e6a7067 20485454 502f312e   stat.jpg HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a207777   eflate..Host: ww
0x00000130 (00304)   772e6e73 6f2e6d6e 0d0a436f 6e6e6563   w.nso.mn..Connec
0x00000140 (00320)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x00000150 (00336)   0d0a0d0a 696e673a 20677a69 702c2064   ....ing: gzip, d
0x00000160 (00352)   65666c61 74650d0a 486f7374 3a20666f   eflate..Host: fo
0x00000170 (00368)   6e74732e 676f6f67 6c656170 69732e63   nts.googleapis.c
0x00000180 (00384)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000190 (00400)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....


Strings