Analysis Date2018-04-21 13:48:12
MD52c9644184b720a74e1fce1a0ca3ad209
SHA1fb27fe129757c6a75f034be42bbb2b168c990bef

Static Details:

File typeHTML document, Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
PEhash
AVArcabit (arcavir)Trojan.HTML.Ramnit.A
AVAuthentiumVBS/Ramnit.B
AVGrisoft (avg)VBS/Dropper
AVAvira (antivir)VBS/Ramnit.abcd
AVAlwil (avast)Dropper-AQ [Trj]
AVAd-AwareTrojan.HTML.Ramnit.A
AVBitDefenderTrojan.HTML.Ramnit.A
AVBullGuardTrojan.HTML.Ramnit.A
AVClamAVLegacy.Trojan.Agent-1388596
AVDr. WebVBS.Rmnet.5
AVEmsisoftTrojan.HTML.Ramnit.A
AVMicroWorld (escan)Trojan.HTML.Ramnit.A
AVCA (E-Trust Ino)Trojan.HTML.Ramnit.A
AVFortinetVBS/Ramnit.4D5
AVFrisk (f-prot)VBS/Ramnit.B
AVF-SecureTrojan.HTML.Ramnit.A
AVIkarusVirus.VBS.Ramnit
AVK7Trojan ( 001bb56b1 )
AVKasperskyTrojan-Dropper.VBS.Agent.bp
AVMalwareBytesNo Virus
AVMcafeeW32/Ramnit.a!htm
AVMicrosoft Security EssentialsVirus:VBS/Ramnit.gen!C
AVNANOTrojan.Script.Agent.bfcghy
AVNANOTrojan.Script.Dropper.eahqhd
AVNANOTrojan.Script.Inor.lbdq
AVNANOTrojan.Script.Rmnet.dsnprg
AVEset (nod32)Win32/Ramnit.A virus
AVPadvishNo Virus
AVCAT (quickheal)VBS.Dropper.A
AVRisingScript.VBS.Ramnit.a
AV360 Safevirus.vbs.writebin.a
AVSUPERAntiSpywareNo Virus
AVSymantecW32.Ramnit!html
AVTrend MicroVBS_RAMNIT.SMC
AVTwisterNo Virus
AVVirusBlokAda (vba32)Trojan.HTML.Ramnit.A
AVWindows DefenderVirus:VBS/Ramnit.gen!C
AVZillya!Dropper.Inor.VBS.1

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates File\??\Nsi
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Temp\Low
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates File\DEVICE\NETBT_TCPIP_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
Creates File\DEVICE\NETBT_TCPIP_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\DEVICE\NETBT_TCPIP_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
Creates File\DEVICE\NETBT_TCPIP_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Windows\System32\url.dll
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CF38FE3C-4521-11E8-89C3-525400FED42D}.dat
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF05782AA8061A41FC.TMP
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\Device\NetBT_Tcpip_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\Device\NetBT_Tcpip6_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\Device\NetBT_Tcpip6_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CF38FE3D-4521-11E8-89C3-525400FED42D}.dat
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFC359BDD8D74673E9.TMP
Creates FileC:\Windows\System32\ieframe.dll
Creates FileC:\Windows\System32\stdole2.tlb
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links\Suggested Sites.url
Creates FileC:\Users\Phil\Favorites\Links\Web Slice Gallery.url
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF49D6C47B9D59CC97.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFD52DB40A243F8E5F.TMP

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Windows\System32\rsaenh.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Windows\AppPatch\AppPatch64\sysmain.sdb
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\Windows\Media\Windows Information Bar.wav
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Windows\System32\en-US\wdmaud.drv.mui
Creates FileC:\Windows\System32\en-US\MMDevAPI.DLL.mui
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Windows\System32\en-US\MLANG.dll.mui
Creates FileC:\Users\Phil\AppData\Local\Temp\css\style.css
Creates FileC:\js\jquery.min.js
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\Windows\System32\en-US\jscript.dll.mui
Creates FileC:\tj\gg.js
Creates FileC:\Users\Phil\AppData\Local\xuanchuan\1.jpg
Creates FileC:\Users\Phil\AppData\Local\xuanchuan\2.jpg
Creates FileC:\Users\Phil\AppData\Local\xuanchuan\logo.jpg
Creates FileC:\images\1394.jpg
Creates FileC:\images\190.jpg
Creates FileC:\images\217.jpg
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
Creates FileC:\js\index.js
Creates FileC:\Users\Phil\AppData\Local\xuanchuan\3.jpg
Creates FileC:\Users\Phil\AppData\Local\xuanchuan\4.jpg
Creates FileC:\images\111.jpg
Creates FileC:\images\bg1.png
Creates FileC:\images\0567.jpg
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\images\112.jpg
Creates FileC:\images\218.jpg
Creates FileC:\images\288.jpg
Creates FileC:\images\272.jpg
Creates FileC:\images\245.jpg
Creates FileC:\images\0711.jpg
Creates FileC:\images\140.jpg
Creates FileC:\images\1270[1].bmp
Creates FileC:\images\0484.jpg
Creates FileC:\images\0559.jpg
Creates FileC:\images\0696.jpg
Creates FileC:\images\80.jpg
Creates FileC:\tj\tj.js
Creates FileC:\images\noavatar_small.gif
Creates File\Device\Afd\Endpoint
Creates File\??\Nsi
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\push[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\push[1].htm
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html
Creates FileC:\Users\Phil\AppData\Local\Temp\fb27fe129757c6a75f034be42bbb2b168c990bef.html

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f707573 682e6a73 20485454   GET /push.js HTT
0x00000010 (00016)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000020 (00032)   2f2a0d0a 41636365 70742d4c 616e6775   /*..Accept-Langu
0x00000030 (00048)   6167653a 20656e2d 55530d0a 55736572   age: en-US..User
0x00000040 (00064)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000050 (00080)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000060 (00096)   204d5349 4520382e 303b2057 696e646f    MSIE 8.0; Windo
0x00000070 (00112)   7773204e 5420362e 313b2057 696e3634   ws NT 6.1; Win64
0x00000080 (00128)   3b207836 343b2054 72696465 6e742f34   ; x64; Trident/4
0x00000090 (00144)   2e303b20 2e4e4554 20434c52 20322e30   .0; .NET CLR 2.0
0x000000a0 (00160)   2e353037 32373b20 534c4343 323b202e   .50727; SLCC2; .
0x000000b0 (00176)   4e455420 434c5220 332e352e 33303732   NET CLR 3.5.3072
0x000000c0 (00192)   393b202e 4e455420 434c5220 332e302e   9; .NET CLR 3.0.
0x000000d0 (00208)   33303732 393b204d 65646961 2043656e   30729; Media Cen
0x000000e0 (00224)   74657220 50432036 2e30290d 0a55412d   ter PC 6.0)..UA-
0x000000f0 (00240)   4350553a 20414d44 36340d0a 41636365   CPU: AMD64..Acce
0x00000100 (00256)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000110 (00272)   702c2064 65666c61 74650d0a 486f7374   p, deflate..Host
0x00000120 (00288)   3a207075 73682e7a 68616e7a 68616e67   : push.zhanzhang
0x00000130 (00304)   2e626169 64752e63 6f6d0d0a 436f6e6e   .baidu.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a4d5349 4520382e 303b2057 696e646f   .MSIE 8.0; Windo
0x00000070 (00112)   7773204e 5420362e 313b2057 696e3634   ws NT 6.1; Win64
0x00000080 (00128)   3b207836 343b2054 72696465 6e742f34   ; x64; Trident/4
0x00000090 (00144)   2e303b20 2e4e4554 20434c52 20322e30   .0; .NET CLR 2.0
0x000000a0 (00160)   2e353037 32373b20 534c4343 323b202e   .50727; SLCC2; .
0x000000b0 (00176)   4e455420 434c5220 332e352e 33303732   NET CLR 3.5.3072
0x000000c0 (00192)   393b202e 4e455420 434c5220 332e302e   9; .NET CLR 3.0.
0x000000d0 (00208)   33303732 393b204d 65646961 2043656e   30729; Media Cen
0x000000e0 (00224)   74657220 50432036 2e30290d 0a55412d   ter PC 6.0)..UA-
0x000000f0 (00240)   4350553a 20414d44 36340d0a 41636365   CPU: AMD64..Acce
0x00000100 (00256)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000110 (00272)   702c2064 65666c61 74650d0a 486f7374   p, deflate..Host
0x00000120 (00288)   3a207075 73682e7a 68616e7a 68616e67   : push.zhanzhang
0x00000130 (00304)   2e626169 64752e63 6f6d0d0a 436f6e6e   .baidu.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....


Strings