'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-11-08 15:30:08.963489 2016-11-08 15:33:14.271019 185 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-11-08 15:30:10 2016-11-08 15:33:14

File Details

File name 55858ab8e1befc2ee4877f1a445f1cf243ec987a.zip
File size 1106 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 A15220EC
MD5 7808816c5fa62cbdac0adfa29adc7fc9
SHA1 55858ab8e1befc2ee4877f1a445f1cf243ec987a
SHA256 1e1eb4e9227b854038d38040b8791286f9cdb530813fcf2d1e65287a14af30d1
SHA512 90a7d0749efa239cb49ac2ad1ade780308ea5ed7b4a3df974a88bc3e2c62786a7e394605cea713f326fa21b8b2d5f9e96938a0d1c45a0ab983486c897422ca6e
Ssdeep 24:9cu37JVKMZYgjWT8JBEM9d7kW1DX/jscdMxstItRSYscMVm3bI:9cu3VJeAMM9df/YPWtIticMVm3U
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-11-08 13:38:28
Detection Rate: 7/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=125, Anomalies=0, PEiD=0, Yara=2, VT[1478619237]=100): Snort Events=1, AV Events=2
Total Score=125

SNORT EVENTS:
ET POLICY PE EXE or DLL Windows file download HTTP

CLAMAV DETECTED:
Sanesecurity.Malware.26447.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - NRV_F0615I1F_.js: Sanesecurity.Malware.26447.JsHeur.UNOFFICIAL FOUND

Dropped File/Buffer Yara Signatures:
c16bf5017e27cc4f2988cb5ae4bcbb6c97be1baa [BUFFER]: Str_Win32_Http_API

Signatures

antivm_queries_computername details
recon_fingerprint details
antivm_memory_available details
dumped_buffer details
creates_doc details
antivm_network_adapters details
dumped_buffer2 details
antivm_vbox_files details
Windows_Proxy_Tinkering details
network_wscript_downloader details
persistence_ads details
antiav_detectfile details
exploit_heapspray details
malicious_document_urls details
network_document_file details
network_downloader_exe details
antivm_vbox_devices details
antivm_vbox_files details
modifies_files details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

71cd61f3b1a827f6_gizcrygp-7am0-rxjf-1cea-496281a1911b.thor

ccd6d5dad2864acf_gizcrygp-7am0-rxjf-e554-2355c696652c.thor

fbaf55f3ec8f7f3e_gizcrygp-7am0-rxjf-7a62-2d9a29692fa9.thor

a9a32fed962f7340_gizcrygp-7am0-rxjf-fc2a-8e4cdca396bc.thor

51b1c0555b338a22_gizcrygp-7am0-rxjf-61b8-7a5c3a6c6497.thor

03568196c12aa5b6_gizcrygp-7am0-rxjf-5a08-6e3da8b56b01.thor

faf021b3c06abc41_tasks.xml

a192be91df5d84f7_gizcrygp-7am0-rxjf-adb4-a264b61d2b26.thor

45c70a884dca38ef_gizcrygp-7am0-rxjf-544c-0295ed721705.thor

43f73ad5b70b9e0c_gizcrygp-7am0-rxjf-6966-640ab82cb03f.thor

7f7ff011dbc6ee93_gizcrygp-7am0-rxjf-2f00-8a4daa9db961.thor

f284a32f66c550e4_gizcrygp-7am0-rxjf-d2c1-a559ef24adef.thor

3572349a28d62d0f_gizcrygp-7am0-rxjf-1a16-7d93124a3904.thor

f3b0071e6ce9de05_gizcrygp-7am0-rxjf-1393-802e018ae888.thor

6c8451d1e1feaf58_gizcrygp-7am0-rxjf-c01a-008b2c625a8e.thor

ec1e9ea44811d4c7_gizcrygp-7am0-rxjf-bc53-4c19d8d8e08c.thor

5740b1389f7b83ef_gizcrygp-7am0-rxjf-60ba-a99b28c4683f.thor

714242da3b273f1d_gizcrygp-7am0-rxjf-d674-e214446ac34e.thor

3185cdce95e1172a_gizcrygp-7am0-rxjf-172d-15cfcb38d150.thor

f6c263dcdd8924b4_gizcrygp-7am0-rxjf-2098-f4a6d0af571a.thor

4a3a73a75f000201_gizcrygp-7am0-rxjf-2158-f330e52ef887.thor

05f48f0e13da3d5c_gizcrygp-7am0-rxjf-7a6f-ca2b624b87c7.thor

5b67c8d2267e36e4_gizcrygp-7am0-rxjf-9f26-febcb116c527.thor

40b4e3655fc5276b_gizcrygp-7am0-rxjf-4984-6289c16bff87.thor

659e3707e38930da_gizcrygp-7am0-rxjf-8fca-79f7e64dae62.thor

8c2f717d133ae54d_gizcrygp-7am0-rxjf-35f6-8aa011cf09bd.thor

d1d7a6a14b748172_gizcrygp-7am0-rxjf-8bcb-807267626a06.thor

7a4919a44d217a79_gizcrygp-7am0-rxjf-cf2d-4dc96cd40b68.thor

b2c90bc0192a2a76_gizcrygp-7am0-rxjf-3028-b5f53499bd61.thor

fd5f68b59aa2b3e8_resource.xml

fdff5521f2354f27_gizcrygp-7am0-rxjf-340a-ec7b73da9696.thor

eaff08b85384541f_gizcrygp-7am0-rxjf-9bf1-b5dcc577a684.thor

5086b53f90540ac7_gizcrygp-7am0-rxjf-ea95-18025b4853aa.thor

6d8276cdb3e6351f_gizcrygp-7am0-rxjf-4654-0341ceb86b61.thor

7d8fdbbd53874cdc_gizcrygp-7am0-rxjf-70b8-4e79b702343b.thor

cb20ff1814c73503_gizcrygp-7am0-rxjf-7984-a393e6a28860.thor

262f89ea806eaa9a_gizcrygp-7am0-rxjf-09c9-e25fa445dd8d.thor

fe05e275c22a79d7_gizcrygp-7am0-rxjf-5a67-cdc30b4a0580.thor

37f998f50873315d_gizcrygp-7am0-rxjf-f47c-26a9ab5e55f1.thor

6e4c9415ced35713_gizcrygp-7am0-rxjf-02a0-1a06729bd0a6.thor

c9a22263559e340d_gizcrygp-7am0-rxjf-9581-ea7349be9ff2.thor

f2d8ac74eba6b730_gizcrygp-7am0-rxjf-304c-36f8d85e685c.thor

49854b843bc26d22_gizcrygp-7am0-rxjf-ad35-90071c4dae97.thor

e440f8d7b60c99dc_gizcrygp-7am0-rxjf-0af4-36108b6c4cea.thor

55ddf07b1eee01c3_gizcrygp-7am0-rxjf-1c4e-fc6a198ce9bd.thor

6496abe44a6a048a_gizcrygp-7am0-rxjf-67b6-3d92c8fe4d77.thor

ac2d0d1d25e976be_gizcrygp-7am0-rxjf-a53d-103c8372cb1c.thor

1cb79929af0fc4ce_gizcrygp-7am0-rxjf-6c94-10cc1225ea61.thor

962445ce352d80de_gizcrygp-7am0-rxjf-7c44-ed1700d2ebe5.thor

276c0a22f70da4c9_gizcrygp-7am0-rxjf-6a46-7f9fca9ab6b8.thor

e71f98fb081d7764_gizcrygp-7am0-rxjf-1e32-8d37d41433d6.thor

f7f77fadb7f02dff_gizcrygp-7am0-rxjf-c6a2-6eaefeafd145.thor

1c1e4406482ac78d_gizcrygp-7am0-rxjf-c2c6-4b66839b367f.thor

93996d0aaeef20fa_gizcrygp-7am0-rxjf-e70b-0838bfb2468b.thor

af7a12135db48bf2_resource.xml

17aeeea4085a0be0_gizcrygp-7am0-rxjf-38b4-85f130cb9d19.thor

8e2dd38dbd687ec2_gizcrygp-7am0-rxjf-5ab1-3dcc4f98a8b4.thor

db9e86a8ab39c312_gizcrygp-7am0-rxjf-05a2-5c3475ebec6a.thor

dc416733fd5554c4_gizcrygp-7am0-rxjf-619f-78c3ea22ec2f.thor

880ce0958ac90410_gizcrygp-7am0-rxjf-ff94-c46665477db6.thor

9eadd29c23a26636_gizcrygp-7am0-rxjf-1581-65db38b1c706.thor

782c31a397b124dc_gizcrygp-7am0-rxjf-f082-5b347c7ee367.thor

4027778a644c2f4d_gizcrygp-7am0-rxjf-2b19-28c0c4005682.thor

79b369abf632735e_gizcrygp-7am0-rxjf-5dfa-a52b2aaa5040.thor

4f16854966b5a11d_gizcrygp-7am0-rxjf-6004-8ff8ebd9b3fa.thor

879695c523dbe215_gizcrygp-7am0-rxjf-4ffe-ae94e9679260.thor

f0e3f23aee4a0b9f_gizcrygp-7am0-rxjf-aa5e-5abfb569c543.thor

4c571056974269a8_gizcrygp-7am0-rxjf-453e-6e5cfee88a33.thor

f56341783223d1ce_gizcrygp-7am0-rxjf-74ac-d8af9605e1c5.thor

18234a153ae534e9_gizcrygp-7am0-rxjf-3887-2cf5670e2e21.thor

da399fd33a025fb2_gizcrygp-7am0-rxjf-8529-2b9bdd0fa2b1.thor

84f759016baee6a6_gizcrygp-7am0-rxjf-cf5a-5a1df57bc7f0.thor

cae169e4b1401922_gizcrygp-7am0-rxjf-b710-2b4da7843858.thor

f4f419328bdd9f62_gizcrygp-7am0-rxjf-381a-0378ad2e87c8.thor

5eba676e905bd662_gizcrygp-7am0-rxjf-4d5d-5448efe53e49.thor

8d64afed7e0e3f7c_gizcrygp-7am0-rxjf-a46a-013d09b0e977.thor

f2ffe95797501f0a_gizcrygp-7am0-rxjf-5ecf-c2ae23291757.thor

906d67c9818cbbcf_gizcrygp-7am0-rxjf-d6bf-f2c9b6e75646.thor

7db06e50a6450df9_gizcrygp-7am0-rxjf-20a9-d19cd0f5b94a.thor

55634378b7340168_gizcrygp-7am0-rxjf-030b-29d2d5709cf6.thor

b21d1add351e95aa_gizcrygp-7am0-rxjf-8917-0da72a0f5872.thor

86c05252eacc2b5d_tasks.xml

c12f61b771bda535_gizcrygp-7am0-rxjf-c959-142523d77e9e.thor

9f0500844e5f2358_gizcrygp-7am0-rxjf-a84b-c7075eda1809.thor

e7f1059289be2929_gizcrygp-7am0-rxjf-b9b6-28eed1df9908.thor

b2d0fd779a0f0ca9_gizcrygp-7am0-rxjf-aece-2879979227cb.thor

1a3b40d252d26dff_gizcrygp-7am0-rxjf-99fe-d13f630e92fb.thor

af7bff4a7e8b18ee_gizcrygp-7am0-rxjf-ea7e-77e5b09cd988.thor

9f589ddd4d933b88_gizcrygp-7am0-rxjf-48ce-e9649a0f6347.thor

e73b2dc250eb7313_gizcrygp-7am0-rxjf-7df7-e76b61a040b8.thor

9e1dfa09ec127b8c_obd7zc6o1.dll

ecdd0101914f5c17_gizcrygp-7am0-rxjf-8628-5eea6b6eb285.thor

ad2ead57834ed729_gizcrygp-7am0-rxjf-bb7e-4411aadcb15a.thor

ba092aa1f1a04a48_gizcrygp-7am0-rxjf-a994-a50fa2825710.thor

a6ea92dd6ae36db2_gizcrygp-7am0-rxjf-f3b7-add6e5bad3bf.thor

7fdce60c6de3d7f5_gizcrygp-7am0-rxjf-7185-ccc74fc16984.thor

c56df399abe0d1df_gizcrygp-7am0-rxjf-993e-e1111ac688bc.thor

e6b9171b3544d7a9_gizcrygp-7am0-rxjf-d896-b670e8832912.thor

9f272e2126e07bef_gizcrygp-7am0-rxjf-28d0-7b5005b27b68.thor

1a7cb28a1c198783_gizcrygp-7am0-rxjf-ccbd-5208756c6912.thor

cb7f2cf3b999de18_gizcrygp-7am0-rxjf-7d5e-7b45ad91858e.thor

e97ee11092e4d8c3_gizcrygp-7am0-rxjf-43b5-d678597f4419.thor

6050f897aa73e2f3_gizcrygp-7am0-rxjf-8482-55f8b64d50a9.thor

bcda38b17766242c_gizcrygp-7am0-rxjf-994c-c8f90b51c0ce.thor

cf7a1e3b61c51b31_gizcrygp-7am0-rxjf-b482-3c884ca0d9bd.thor

7cdc2ee86dab059f_gizcrygp-7am0-rxjf-15b8-a68ed741b279.thor

ab8d73c576b7d681_gizcrygp-7am0-rxjf-3b7a-f63a28ffe455.thor

e91c6eeaa31384fb_gizcrygp-7am0-rxjf-1d63-14b484270792.thor

f0f1f3d486cfb466_gizcrygp-7am0-rxjf-a65b-2649e8d51fe4.thor

3186b56b27eafc9d_gizcrygp-7am0-rxjf-51ba-6552f7f8ecec.thor

5c5361bee0f779b2_gizcrygp-7am0-rxjf-6087-e59b6f11db93.thor

ce09a2d1673cbdda_gizcrygp-7am0-rxjf-1f26-3168bc6b14af.thor

19914a952697f0a3_gizcrygp-7am0-rxjf-477c-3ca65b0afb89.thor

c2451dc206173fda_gizcrygp-7am0-rxjf-6ef4-20247e328bfa.thor

73d91bc02f717c33_gizcrygp-7am0-rxjf-61e2-c4e2718b1f35.thor

3ab5d9dd6435525e_gizcrygp-7am0-rxjf-3634-77062b94b1d9.thor

094eaacdd55da295_gizcrygp-7am0-rxjf-a223-f22de740965a.thor

e98afba74873799d_gizcrygp-7am0-rxjf-9a82-32f249c09102.thor

e1f1b856d869bac7_gizcrygp-7am0-rxjf-5300-a828d93db706.thor

5afd41eb371dd593_gizcrygp-7am0-rxjf-0357-a8e33d3ba20f.thor

ee2a519220970042_gizcrygp-7am0-rxjf-7898-c4faaf983266.thor

a890f1b3e54fb213_gizcrygp-7am0-rxjf-529d-d4fc6ad4b33b.thor

037ead9d88d7aa26_gizcrygp-7am0-rxjf-29b0-e56e2efa5f0d.thor

e831b294cbea7dc8_gizcrygp-7am0-rxjf-2283-b0c0dc471830.thor

dded987a5aa61036_gizcrygp-7am0-rxjf-969c-35dfbc6d8a6f.thor

028cea425efff51d_gizcrygp-7am0-rxjf-5860-1fb901e2e2ea.thor

6fe6c2f34bae180e_gizcrygp-7am0-rxjf-d1c4-147ff8a83831.thor

e5c49d549ab7e53d_gizcrygp-7am0-rxjf-51b0-2be4c3d67cd4.thor

06fe62ab5b1d9f1b_gizcrygp-7am0-rxjf-cc78-f6f31bf3b670.thor

35493257974bc6b7_gizcrygp-7am0-rxjf-00ab-1adc02f41b2a.thor

032a4ba47fb633ff_gizcrygp-7am0-rxjf-bf18-de04755826c4.thor

47cd8232e3cb3063_gizcrygp-7am0-rxjf-f0c8-1654ef7f7591.thor

17e4d666146a8011_gizcrygp-7am0-rxjf-7ac0-c22cde0f10bd.thor

ffae9d72202094de_gizcrygp-7am0-rxjf-4919-201f79c10c1c.thor

264690d189175ad6_gizcrygp-7am0-rxjf-6a87-94a6a11ab80f.thor

f8137a4f47dd83d8_gizcrygp-7am0-rxjf-9041-ac19cbbcdd55.thor

2de0ae45dfcbe7b8_gizcrygp-7am0-rxjf-f496-931e64f00d97.thor

cf750d6f51b84509_gizcrygp-7am0-rxjf-d92f-672d94efe208.thor

520181d6a3645055_gizcrygp-7am0-rxjf-145e-5e171eca589e.thor

0e34215c0445c377_gizcrygp-7am0-rxjf-8b8e-9c1f5348421b.thor

925cae76e1708741_gizcrygp-7am0-rxjf-5084-0a8c979faf38.thor

147cbfe9adf95dc2_gizcrygp-7am0-rxjf-cdf5-c7795b8ea467.thor

970bf3fecd61af62_gizcrygp-7am0-rxjf-46af-596bb9596bb0.thor

a164a5c1edc27af3_gizcrygp-7am0-rxjf-0cc8-df1e14f21bc1.thor

a8e3a5fdfc2b9561_gizcrygp-7am0-rxjf-7821-09c788cde7ca.thor

02a21f9bfcee52f3_gizcrygp-7am0-rxjf-f31f-cdfe1a198f6a.thor

33832a1fba349c5e_gizcrygp-7am0-rxjf-6608-5a6895ba227e.thor

6932883ec9717a32_gizcrygp-7am0-rxjf-3a6b-4e67281e0e84.thor

970b127ca7545c1f_gizcrygp-7am0-rxjf-c0d8-a0da2b5f4747.thor

12b560842967a68a_gizcrygp-7am0-rxjf-89f5-6080f30c88c1.thor

ea90967041298d74_gizcrygp-7am0-rxjf-c132-f3b429a5d85e.thor

d06b9c81b40609ec_gizcrygp-7am0-rxjf-1149-fdbf91488d7b.thor

de84081c185a2339_gizcrygp-7am0-rxjf-497e-a8e25551e01d.thor

0f76eacc04ae0f14_gizcrygp-7am0-rxjf-dc71-7b570725a96e.thor

866a9db2dde02c54_gizcrygp-7am0-rxjf-6ac0-eb9bac8fd4c8.thor

86a2c79c52e54c2e_gizcrygp-7am0-rxjf-0eae-d8cdc52dbd8b.thor

5bab9e873f34e5e4_gizcrygp-7am0-rxjf-ff0d-83dffb3046f5.thor

34f3c498cc752c46_gizcrygp-7am0-rxjf-c11b-f275aae9b1f9.thor

bcb1a4c1a873e7bf_gizcrygp-7am0-rxjf-b70f-5c1d4771db8b.thor

9580e05fbb4a6604_gizcrygp-7am0-rxjf-9c26-9e622463b58b.thor

68008ac5d443a6ea_gizcrygp-7am0-rxjf-c9d8-39712489049d.thor

cf7f3ae2080911e2_gizcrygp-7am0-rxjf-9fba-0827cf82ccdc.thor

6a1f3e6fe3d82ff7_gizcrygp-7am0-rxjf-5c8a-1d17be801798.thor

b6de30bf689d3ca0_gizcrygp-7am0-rxjf-353d-f71f3a4672b9.thor

7c5a27e1c39938f5_gizcrygp-7am0-rxjf-1a6f-b86e8098c3dd.thor

8aa31e77802b69b2_gizcrygp-7am0-rxjf-b647-89f028f6dc81.thor

e88cec2b44de2e9c_gizcrygp-7am0-rxjf-94a3-e5247914203d.thor

53c7dfbfd9fd10d6_gizcrygp-7am0-rxjf-9be3-5b75d0e9b512.thor

a39d924fe558a8f7_gizcrygp-7am0-rxjf-842c-2e7105731b6e.thor

e21fcbd4a6479c86_gizcrygp-7am0-rxjf-e951-7e8845d9c3f9.thor

2e14b72be70095db_gizcrygp-7am0-rxjf-731f-32a0ceffa2fa.thor

ce5e2422505a9c65_gizcrygp-7am0-rxjf-4ff2-654eb6067eb3.thor

91bbe2df5ed44d3f_gizcrygp-7am0-rxjf-2448-01888f70bad5.thor

97a04936ad30c00a_gizcrygp-7am0-rxjf-1a34-6ce56ab6a7a8.thor

ac98940d6a8bd603_gizcrygp-7am0-rxjf-1974-2b029057d736.thor

a98e65a240b23771_gizcrygp-7am0-rxjf-a40f-fb39adb018c1.thor

82b1716e9a86e6a5_gizcrygp-7am0-rxjf-111d-0c19b0991c7a.thor

2102537d69bb1592_gizcrygp-7am0-rxjf-0a08-c872abbe82d5.thor

90da330df279f871_gizcrygp-7am0-rxjf-d084-b68562cf5ffb.thor

0b39de525586aaf8_gizcrygp-7am0-rxjf-4351-08f282a845ca.thor

5b4ba06eb1d8794e_gizcrygp-7am0-rxjf-ebae-467dee2a5fd2.thor

b7c962f13f77e4e4_gizcrygp-7am0-rxjf-b66a-f85c885d4ebd.thor

d78f4b6107b6b084_gizcrygp-7am0-rxjf-2ab3-ae915ffcd65c.thor

0e781f4aa3de44ac_gizcrygp-7am0-rxjf-ee83-2829801fb6d0.thor

8931d34acc2d60b8_behavior.xml

59281da6c7d628cd_gizcrygp-7am0-rxjf-3c87-b596194a96bc.thor

157e7b0c93166c64_gizcrygp-7am0-rxjf-149a-5cf1a3151f6a.thor

01fa44e222061ca7_gizcrygp-7am0-rxjf-2d9e-b970fa1f7833.thor

803164ea79fe2b0c_gizcrygp-7am0-rxjf-312b-9df240713e81.thor

296d62e575a6cffa_gizcrygp-7am0-rxjf-dc1f-ea316220da7f.thor

d3ac6843025682af_gizcrygp-7am0-rxjf-a35e-7117acb42564.thor

de3c3fe19aa83326_gizcrygp-7am0-rxjf-4993-b0cb92c780dd.thor

ffb7e52f0f97ffb4_gizcrygp-7am0-rxjf-04d6-7d4e500b3063.thor

0e9429ac88bc0871_gizcrygp-7am0-rxjf-f5a1-05d693b9bdf4.thor

69c4a32ece8a64e3_gizcrygp-7am0-rxjf-28af-03e982f5f0e8.thor

f6085c532d173a20_gizcrygp-7am0-rxjf-dc60-b7a94f3c64a8.thor

9017ac56e8cedd47__13_what_is.html

a6a6c9ae66591fa3_gizcrygp-7am0-rxjf-cfc8-89e82b4fa9c7.thor

e1b849456106c584_gizcrygp-7am0-rxjf-cb94-ce7a29244b2b.thor

76acbfbe897fe45b_gizcrygp-7am0-rxjf-6787-308c4ff9f8e6.thor

7a7e7dea4fa7cfd7_gizcrygp-7am0-rxjf-17d9-2b7ebfc49957.thor

8c26776923a296bc_gizcrygp-7am0-rxjf-f5eb-0036e48d868a.thor

8e97efb328f291e5_gizcrygp-7am0-rxjf-8e5e-0d90a5e38720.thor

abe7d607c6a33f36_gizcrygp-7am0-rxjf-83f5-8d241c9a58d1.thor

aea96a99090db831_gizcrygp-7am0-rxjf-d430-d8ce04d896ff.thor

b30f5b41286b3e23_gizcrygp-7am0-rxjf-e6e1-5785caeed40c.thor

ebbcb11252150983_gizcrygp-7am0-rxjf-2701-8855108aecc7.thor

955b10d978a02ea8_gizcrygp-7am0-rxjf-9e76-5d233b3f7bb6.thor

745a199cd8d01008_gizcrygp-7am0-rxjf-2b5a-76ebdc2fc4da.thor

105325ce7cc9cc16_gizcrygp-7am0-rxjf-0e68-64a6926e6fa4.thor

7ffd2bed2bc7c7fa_gizcrygp-7am0-rxjf-525c-3ec15fbf65bb.thor

1c0f6dc8763335a6_gizcrygp-7am0-rxjf-bd6c-f809a354a255.thor

e31ef200a0467cca_gizcrygp-7am0-rxjf-65a1-26ef4f5d997e.thor

51a73dc8275f3c2a_gizcrygp-7am0-rxjf-0f34-d80aa7c6a13c.thor

64c5ba5c8c40d7dd_gizcrygp-7am0-rxjf-27f5-0e10909de449.thor

c9189c718ca837a0_gizcrygp-7am0-rxjf-211b-61570df7b9d0.thor

7b1fa1a16a5d09c2_gizcrygp-7am0-rxjf-a616-93d5745a1e98.thor

9b71c28ecd1ef0cc_gizcrygp-7am0-rxjf-953c-2650f8eebbd1.thor

54f1afb17bd0e460_gizcrygp-7am0-rxjf-f508-bd0f6bf0dd72.thor

a81bcb279dc72667_gizcrygp-7am0-rxjf-d0e8-64df0799715f.thor

d607ac0e6c28880d_gizcrygp-7am0-rxjf-cec5-210e7ded8b2b.thor

e680283d40e96548_gizcrygp-7am0-rxjf-4c18-fa7b3935e0e5.thor

66bcf8a78c472576_gizcrygp-7am0-rxjf-867e-6bd63808779c.thor

9a233ad7e82ec7bd_gizcrygp-7am0-rxjf-fc40-0c21077f7af9.thor

fd27c7c0d1caf619_gizcrygp-7am0-rxjf-d669-50177fcfa679.thor

3b5fccc5c6eb7c43_gizcrygp-7am0-rxjf-7488-6404ca58c25d.thor

14bb7b5c80461458_gizcrygp-7am0-rxjf-96d6-d454a777516b.thor

d3d51afe7dbcd736_gizcrygp-7am0-rxjf-44fc-46bef7115c9b.thor

df5029b91f151912_gizcrygp-7am0-rxjf-2300-dce8f4794bc5.thor

1efd575d88e6e77a_gizcrygp-7am0-rxjf-8fa3-055e0b54caef.thor

939fac607117ce9b_gizcrygp-7am0-rxjf-035a-6e2d924a5ed3.thor

94ed3969f2a7fa38_gizcrygp-7am0-rxjf-0f7a-0f3a290057f5.thor

8a4352dc08ae802d_gizcrygp-7am0-rxjf-d5aa-a3ef3102f75e.thor

7aee9bd3fbc1cf90_gizcrygp-7am0-rxjf-ed46-65c2fa7d6998.thor

7127cc12131f5b00_gizcrygp-7am0-rxjf-9150-56b49d7dc068.thor

44fdebf3c0f57168_gizcrygp-7am0-rxjf-f328-bf540c9d55f6.thor

7349aaf6143a5174_gizcrygp-7am0-rxjf-1fab-cd02c89064ae.thor

3a95df73b848ded8_gizcrygp-7am0-rxjf-7ec3-59cfb38c93e8.thor

59052971821ee3ca_gizcrygp-7am0-rxjf-75ca-4570b735b842.thor

2bc828b6a5ce71df_gizcrygp-7am0-rxjf-ba07-18797eb0c620.thor

4630d2d38ac5b343_gizcrygp-7am0-rxjf-1370-c31bd8cf99a6.thor

05e6136f47f9159b_gizcrygp-7am0-rxjf-cde7-6d5ac387938f.thor

dcf85acbae8d08d9_gizcrygp-7am0-rxjf-79da-1af5ce79d23f.thor

2aba566381a71076_gizcrygp-7am0-rxjf-bebd-220c4f0118b5.thor

74e94fb657e537d7_gizcrygp-7am0-rxjf-ebcd-c35211a903a3.thor

f0572b5708c83015_behavior.xml

7f05caa87851e268_gizcrygp-7am0-rxjf-bc4d-079d9867f625.thor

912532775c611908_gizcrygp-7am0-rxjf-ce44-b35301e45ae2.thor

5c24bfd2535fa44b_gizcrygp-7am0-rxjf-f908-bfadfeaaa493.thor

0f410800461dc836_gizcrygp-7am0-rxjf-aca8-e5996b21fb0f.thor

2d9c5a3ca7d0dc52_gizcrygp-7am0-rxjf-99d7-76609e44f1c1.thor

178b21b6992e6528_gizcrygp-7am0-rxjf-9d31-58a612fb52a6.thor

17cda875ed35a25f_gizcrygp-7am0-rxjf-11e5-549bdef4ac95.thor

aff9321307d44c9a_gizcrygp-7am0-rxjf-d7af-1b867b316cb8.thor

d6912a03a0a29e56_gizcrygp-7am0-rxjf-86a3-525e51e0b7c3.thor

8115ee2626d0a6bb_gizcrygp-7am0-rxjf-d0a8-1189d5220881.thor

c3803a68ef4df858_gizcrygp-7am0-rxjf-4619-f3c9ed847aae.thor

c3418c8abea7fcf6_gizcrygp-7am0-rxjf-1914-33cb2ed35ccf.thor

d59fbe71e9f72cbd_gizcrygp-7am0-rxjf-8623-252a772d7433.thor

37fe7cc8bbc25311_gizcrygp-7am0-rxjf-b97a-19750a8d217a.thor

42fbc3ef42f23831_gizcrygp-7am0-rxjf-1a62-f5be5c1b82e3.thor

41dcdc837884f833_gizcrygp-7am0-rxjf-197f-509b5a4e4059.thor

eae81a7970976621_gizcrygp-7am0-rxjf-2ffd-63c201b6eb2f.thor

c6aa8cb9df15c8f9_gizcrygp-7am0-rxjf-6185-3da54cbc8b10.thor

09b0747b5bb1a96e_gizcrygp-7am0-rxjf-a540-c15640eaaae4.thor

432610cc615e4907_gizcrygp-7am0-rxjf-f854-a61502217d0e.thor

327a97f58e33c552_gizcrygp-7am0-rxjf-9c67-567ca0065a34.thor

af6da739296ffa5c_gizcrygp-7am0-rxjf-d877-a21db8d7b183.thor

a5ed43655dc8b508_gizcrygp-7am0-rxjf-8634-129613ecfeb8.thor

be0934086dee47b9_gizcrygp-7am0-rxjf-8ac4-069bcdde2023.thor

8182063303242d0e_gizcrygp-7am0-rxjf-35e9-0073767ae9d4.thor

b95b70836f7221f9_gizcrygp-7am0-rxjf-e96e-259c25bf7096.thor

67ce314ad4c7b899_gizcrygp-7am0-rxjf-474e-79bfdec8cf9d.thor

f0f078f46fea5fe9_gizcrygp-7am0-rxjf-bd42-16b2b5f82b22.thor

2b1e342215b5695f_gizcrygp-7am0-rxjf-a385-4aaf660c88d3.thor

b919473516804fb1_gizcrygp-7am0-rxjf-a62f-8fcead617fe7.thor

a6f319c005f60698_gizcrygp-7am0-rxjf-7dcd-21145e2b6788.thor

32f3e34b040fe6af_gizcrygp-7am0-rxjf-e2a7-059dd65d5a83.thor

32f364de6c3a4593_gizcrygp-7am0-rxjf-e949-baf06b90f8ab.thor

53421912407642ce_gizcrygp-7am0-rxjf-3ba3-1cb4743ef33d.thor

892fb32c7b631375_gizcrygp-7am0-rxjf-ce7a-921e25a04273.thor

22ee2806aa9614cc_gizcrygp-7am0-rxjf-4d23-98bbee29267f.thor

e41161d6dad6f372_gizcrygp-7am0-rxjf-0bc5-9859fdf7c1a1.thor

ff54df94c29c465b_gizcrygp-7am0-rxjf-5754-643072ffc283.thor

3b00425e1481d6da_gizcrygp-7am0-rxjf-6c62-64afe25dc66e.thor

4c621cde7fe9ff8f_gizcrygp-7am0-rxjf-a74e-54a7ce79ee11.thor

0b8442080a01f93e_gizcrygp-7am0-rxjf-8030-b6903a3af850.thor

4bf76859fe9f4844_gizcrygp-7am0-rxjf-d762-bcb20e4e7a5e.thor

72905275da143053_gizcrygp-7am0-rxjf-6849-b5791bb22137.thor

8eaad17d4a043473_gizcrygp-7am0-rxjf-88f6-864025b48b26.thor

d3809f28d362a11e_gizcrygp-7am0-rxjf-4b02-0844dd977664.thor

dd35eaac0a5585b4_gizcrygp-7am0-rxjf-b8b4-3511c9b3ac6d.thor

d465ab46f3beaf3e_gizcrygp-7am0-rxjf-8610-9bda7ab5a8be.thor

ab3e5ca49c9db228_gizcrygp-7am0-rxjf-15be-c8ad72e85862.thor

e89e7bf875046ab7_gizcrygp-7am0-rxjf-5587-73ea39973bbc.thor

ec3d62b4d54cb0f5_gizcrygp-7am0-rxjf-15a0-91a271cc8afc.thor

8e4e3b4734e47dbf_gizcrygp-7am0-rxjf-ef15-c3d2dcc3e6f9.thor

8958fdfebeb5b235_gizcrygp-7am0-rxjf-a6f7-caae2ee014c4.thor

256159ebb4c4b626_gizcrygp-7am0-rxjf-7a41-169022c322ec.thor

73d10f2180c0443f_gizcrygp-7am0-rxjf-f211-4121246a8360.thor

e1a1af54119913f3_gizcrygp-7am0-rxjf-d5c7-21d74dbe7afd.thor

8bd47a89f690a2b4_gizcrygp-7am0-rxjf-d85b-404f8be19522.thor

cdf8da633f7c116a_gizcrygp-7am0-rxjf-9120-0a040c6a0ce1.thor

3680bd959dcc3f6e_gizcrygp-7am0-rxjf-866b-0c2a0072c997.thor

7109692215e8aed6_gizcrygp-7am0-rxjf-eee5-d0707df3ecb5.thor

6c032f5fbcea3be8_gizcrygp-7am0-rxjf-cd51-36afa52f9447.thor

450616796706bcd4_gizcrygp-7am0-rxjf-7a54-f4809325733a.thor

b6acc1aedd915f45_gizcrygp-7am0-rxjf-2e1d-4615363f0eb7.thor

1cca863b64342f41_gizcrygp-7am0-rxjf-6221-a93cc0122cef.thor

8490d71584e87d18_gizcrygp-7am0-rxjf-fc78-6e69bb14769c.thor

330cee4bdcfd4269_gizcrygp-7am0-rxjf-0a17-3dd98cf292b6.thor

3ea1a8a93706249a_gizcrygp-7am0-rxjf-c054-d54ed0994044.thor

9624e68da435e7f5_gizcrygp-7am0-rxjf-691c-85b5c64ed598.thor

d91a24f987decec0_gizcrygp-7am0-rxjf-ddf7-c18c9019b793.thor

NRV_F0615I1F_.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • C:\Users\Harry Dresden\Desktop\desktop.ini
  • C:\Users\Harry Dresden\AppData\Local\Temp\NRV_F0615I1F_.js
  • C:\Windows\System32\wscript.exe
  • C:\Windows\System32\msxml3.dll
  • C:\Windows\System32\wshom.ocx
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Edit and reflow paragraphs in PDF files.bmp
  • c:\Python27\Lib\email\test\data\msg_45.txt
  • c:\Python27\include\ast.h
  • c:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml
  • c:\Python27\include\pyexpat.h
  • c:\Python27\include\tupleobject.h
  • c:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
  • c:\Python27\include\descrobject.h
  • c:\Python27\Lib\test\cjkencodings\iso2022_kr.txt
  • c:\Python27\Lib\test\cjkencodings\gb2312.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Integrate PDF into your mobile apps.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\classic-16.png
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\body_bg.jpg
  • c:\Python27\tcl\tix8.4.3\pref\SGIGray.cs
  • c:\Python27\include\grammar.h
  • c:\Python27\include\import.h
  • \\?\PIPE\browser
  • c:\Python27\Lib\email\test\data\msg_30.txt
  • c:\6cdeacda242012e0e5b593e657\1040\eula.rtf
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Create PDF from Office-convert PDF to office.bmp
  • c:\6cdeacda242012e0e5b593e657\1043\eula.rtf
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml
  • c:\6cdeacda242012e0e5b593e657\1032\LocalizedData.xml
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Desert.jpg
  • c:\Python27\tcl\tix8.4.3\pref\Blue.cs
  • c:\Python27\Lib\email\test\data\msg_36.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\show_con_bg.jpg
  • c:\6cdeacda242012e0e5b593e657\1042\eula.rtf
  • c:\Python27\Lib\test\cjkencodings\johab.txt
  • c:\Python27\Lib\idlelib\TODO.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\Profile.xml
  • c:\Python27\include\marshal.h
  • c:\Python27\Lib\email\test\data\msg_23.txt
  • UNC\KIDSROOM\Users\Public\Videos\Sample Videos\Wildlife.wmv
  • c:\Python27\Lib\email\test\data\msg_19.txt
  • c:\Python27\Lib\idlelib\extend.txt
  • c:\Python27\Lib\test\badcert.pem
  • c:\Python27\Lib\test\cjkencodings\euc_kr.txt
  • c:\Python27\include\pgen.h
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
  • c:\Python27\Lib\test\floating_points.txt
  • c:\Python27\Lib\test\wrongcert.pem
  • c:\Python27\include\objimpl.h
  • c:\Python27\Lib\test\math_testcases.txt
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Enterprise PDF Reader.bmp
  • c:\inetpub\history\CFGHISTORY_0000000005\schema\NetFx45_IIS_schema_update.xml
  • c:\Python27\Lib\idlelib\idle_test\README.txt
  • c:\Python27\include\abstract.h
  • c:\ProgramData\WebEx\WebEx\12_1324\gpc.php
  • c:\Python27\Lib\test\keycert.passwd.pem
  • c:\Python27\Lib\test\cjkencodings\gb18030-utf8.txt
  • c:\Python27\include\object.h
  • c:\6cdeacda242012e0e5b593e657\1036\eula.rtf
  • c:\Python27\Lib\test\cjkencodings\shift_jis.txt
  • c:\Python27\Lib\test\cjkencodings\euc_jisx0213.txt
  • c:\Python27\tcl\tclConfig.sh
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\ribbon-16-open.png
  • c:\Python27\include\pyport.h
  • c:\6cdeacda242012e0e5b593e657\1045\eula.rtf
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\skin.css
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\EDotIUnAuPMk.docm
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Create PDF from Office-convert PDF to office.bmp
  • c:\6cdeacda242012e0e5b593e657\1030\eula.rtf
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml
  • c:\Python27\include\code.h
  • c:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml
  • c:\Python27\Lib\test\exception_hierarchy.txt
  • c:\Python27\include\dtoa.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\css\tabs.css
  • c:\Python27\include\asdl.h
  • c:\Python27\Lib\test\empty.vbs
  • c:\6cdeacda242012e0e5b593e657\1030\LocalizedData.xml
  • c:\ProgramData\Microsoft\IlsCache\ilrcache.xml
  • c:\Python27\Lib\email\test\data\msg_12.txt
  • c:\Python27\include\complexobject.h
  • c:\Python27\Lib\email\test\data\msg_13.txt
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\OUSiifiHhev.pptx
  • c:\6cdeacda242012e0e5b593e657\3082\eula.rtf
  • c:\6cdeacda242012e0e5b593e657\1031\LocalizedData.xml
  • c:\Python27\Lib\lib2to3\Grammar.txt
  • c:\Python27\include\pystrtod.h
  • c:\Python27\include\longobject.h
  • c:\Python27\tcl\tix8.4.3\pref\Bisque.cs
  • c:\Python27\include\pyctype.h
  • c:\Python27\Lib\email\test\data\msg_02.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\phantomPDF_s.png
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Integrate PDF into your mobile apps.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Integrate PDF into your application.bmp
  • c:\Python27\Lib\test\nokia.pem
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\phantomPDF_b.png
  • c:\Python27\include\pydebug.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\right_over_bg.jpg
  • c:\Python27\include\fileobject.h
  • c:\Python27\Lib\email\test\data\msg_11.txt
  • c:\Python27\include\enumobject.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Design form fields easily.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal create pdf from scanner documents.bmp
  • UNC\KIDSROOM\Users\Default\NTUSER.DAT.LOG
  • c:\Python27\include\pyfpe.h
  • c:\Python27\include\compile.h
  • c:\Python27\tcl\tix8.4.3\pref\WmDefault.cs
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml
  • c:\Python27\Lib\test\https_svn_python_org_root.pem
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml
  • c:\Python27\Lib\test\cjkencodings\shift_jisx0213-utf8.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\version.xml
  • c:\Python27\include\cobject.h
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\OuxLGuvNNo.ppt
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.onenotemui.msi.16.en-us.xml
  • c:\Python27\Lib\test\cjkencodings\hz.txt
  • c:\Python27\Lib\email\test\data\msg_22.txt
  • c:\Python27\include\pgenheaders.h
  • c:\Python27\include\pythread.h
  • c:\Python27\Lib\email\test\data\msg_31.txt
  • c:\Python27\Lib\email\test\data\msg_14.txt
  • c:\Python27\Lib\email\test\data\msg_39.txt
  • c:\Python27\Lib\site-packages\setuptools\command\launcher manifest.xml
  • c:\Python27\Lib\email\test\data\msg_40.txt
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.powerpointmui.msi.16.en-us.xml
  • c:\Python27\include\opcode.h
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg
  • UNC\KIDSROOM\Users\Public\Music\Sample Music\Sleep Away.mp3
  • c:\6cdeacda242012e0e5b593e657\1038\LocalizedData.xml
  • c:\ProgramData\Microsoft\ClickToRun\ProductReleases\53955D98-F46F-4906-AE49-9B6F52BA18A9\en-us.16\MasterDescriptor.en-us.xml
  • c:\6cdeacda242012e0e5b593e657\1025\eula.rtf
  • c:\Python27\include\memoryobject.h
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\tQevLvwKXN.docm
  • c:\Python27\include\moduleobject.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\history_winbg.jpg
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml
  • c:\Python27\Lib\email\test\data\msg_25.txt
  • c:\Python27\include\boolobject.h
  • c:\Python27\Lib\site-packages\setuptools-16.0.dist-info\dependency_links.txt
  • c:\Python27\include\token.h
  • c:\Python27\include\bitset.h
  • c:\Python27\include\warnings.h
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg
  • c:\Python27\include\pycapsule.h
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Access.Access.x-none.msi.16.x-none.xml
  • c:\Python27\Lib\email\test\data\msg_27.txt
  • c:\Python27\Lib\idlelib\NEWS.txt
  • c:\Python27\Lib\email\test\data\msg_42.txt
  • c:\Python27\include\modsupport.h
  • c:\Python27\tcl\tix8.4.3\pref\TixGray.cs
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\tpl\history.txt
  • c:\Python27\Lib\idlelib\help.txt
  • c:\6cdeacda242012e0e5b593e657\2052\eula.rtf
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.excelmui.msi.16.en-us.xml
  • c:\Python27\include\ucnhash.h
  • c:\Python27\Lib\test\check_soundcard.vbs
  • c:\Python27\Lib\test\keycert4.pem
  • c:\Python27\Lib\test\cjkencodings\cp949-utf8.txt
  • c:\Python27\Lib\email\test\data\msg_16.txt
  • c:\Python27\include\symtable.h
  • c:\Python27\include\node.h
  • c:\inetpub\history\CFGHISTORY_0000000004\schema\NetFx40_IIS_schema_update.xml
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\js\nor.js
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal View and annotate PDFs.bmp
  • c:\Python27\Lib\idlelib\HISTORY.txt
  • c:\Python27\Lib\test\cjkencodings\iso2022_kr-utf8.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\css\base.css
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\top_tb_bg.jpg
  • c:\Python27\Lib\test\cjkencodings\gb2312-utf8.txt
  • UNC\KIDSROOM\Users\Harry Dresden\Contacts\Harry Dresden.contact
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\blank.gif
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\line.jpg
  • c:\Python27\Lib\email\test\data\msg_41.txt
  • c:\Python27\include\cStringIO.h
  • c:\Python27\Lib\test\cjkencodings\euc_jp.txt
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml
  • c:\ProgramData\Sun\Java\Java Update\jaureglist.xml
  • c:\Python27\Lib\email\test\data\msg_29.txt
  • c:\Python27\Lib\email\test\data\msg_01.txt
  • \\?\PIPE\lsarpc
  • c:\Python27\include\metagrammar.h
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\ZTSwsXxRDxyeJFoR.txt
  • c:\Python27\Lib\test\formatfloat_testcases.txt
  • c:\Python27\Lib\test\sha256.pem
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml
  • c:\Python27\include\classobject.h
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg
  • c:\Python27\include\datetime.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\js\DD_belatedPNG.js
  • c:\6cdeacda242012e0e5b593e657\1028\LocalizedData.xml
  • c:\Python27\Lib\test\cjkencodings\hz-utf8.txt
  • c:\Python27\Lib\email\test\data\msg_18.txt
  • c:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml
  • c:\Python27\include\errcode.h
  • c:\Python27\Lib\site-packages\pip-7.0.1.dist-info\top_level.txt
  • c:\Python27\Lib\test\keycert3.pem
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon create pdf from scanner documents.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\buy_phantom.png
  • c:\Python27\Lib\email\test\data\msg_09.txt
  • c:\Python27\include\pyerrors.h
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml
  • c:\Python27\include\Python-ast.h
  • c:\Python27\Lib\email\test\data\msg_21.txt
  • c:\Python27\include\ceval.h
  • c:\Python27\Lib\lib2to3\PatternGrammar.txt
  • c:\Python27\include\pythonrun.h
  • c:\Python27\include\structmember.h
  • c:\Python27\Lib\idlelib\README.txt
  • c:\Python27\include\pygetopt.h
  • UNC\KIDSROOM\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3
  • c:\Python27\include\codecs.h
  • c:\Python27\Lib\email\test\data\msg_10.txt
  • c:\Python27\Lib\email\test\data\msg_33.txt
  • c:\Python27\Lib\test\cjkencodings\euc_jisx0213-utf8.txt
  • UNC\KIDSROOM\Users\Harry Dresden\Downloads\big-hero-6-2.jpg
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Integrate PDF into your application.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Powerful Word Processor.bmp
  • c:\Python27\include\patchlevel.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\tab.png
  • c:\Python27\include\bytes_methods.h
  • c:\6cdeacda242012e0e5b593e657\1035\eula.rtf
  • c:\inetpub\history\CFGHISTORY_0000000005\schema\NetFx40_IIS_schema_update.xml
  • c:\Python27\Lib\test\cjkencodings\cp949.txt
  • c:\6cdeacda242012e0e5b593e657\1031\eula.rtf
  • c:\Python27\Lib\test\keycert.pem
  • c:\Python27\include\traceback.h
  • c:\6cdeacda242012e0e5b593e657\1028\eula.rtf
  • c:\6cdeacda242012e0e5b593e657\1044\eula.rtf
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\tpl\index.html
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Protect your PDF files with AD RMS.bmp
  • c:\Python27\include\longintrepr.h
  • c:\Python27\Lib\email\test\data\msg_17.txt
  • c:\6cdeacda242012e0e5b593e657\1041\LocalizedData.xml
  • c:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\UserDeploymentConfiguration.xml
  • c:\Python27\Lib\test\cjkencodings\shift_jis-utf8.txt
  • c:\6cdeacda242012e0e5b593e657\1040\LocalizedData.xml
  • c:\Python27\include\Python.h
  • c:\Python27\Lib\email\test\data\msg_34.txt
  • c:\Python27\Lib\site-packages\setuptools-16.0.dist-info\entry_points.txt
  • c:\6cdeacda242012e0e5b593e657\1041\eula.rtf
  • c:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\index.html
  • c:\Python27\Lib\test\cjkencodings\iso2022_jp-utf8.txt
  • c:\Python27\include\pystate.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Fastest PDF Search and Index.bmp
  • c:\Python27\Lib\test\ieee754.txt
  • c:\Python27\Lib\test\cjkencodings\shift_jisx0213.txt
  • c:\Python27\include\pyconfig.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ProfileRibbon.xml
  • c:\Python27\include\pymacconfig.h
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.shared.Office.x-none.msi.16.x-none.xml
  • c:\Python27\include\bufferobject.h
  • c:\Python27\include\timefuncs.h
  • c:\Python27\Lib\email\test\data\msg_37.txt
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml
  • c:\6cdeacda242012e0e5b593e657\1037\eula.rtf
  • c:\Python27\include\pystrcmp.h
  • c:\Python27\include\floatobject.h
  • c:\Python27\Lib\email\test\data\msg_26.txt
  • c:\Python27\Lib\test\pycacert.pem
  • c:\Python27\Lib\test\badkey.pem
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Design form fields easily.bmp
  • c:\Python27\Lib\test\cjkencodings\big5.txt
  • c:\Python27\Lib\site-packages\setuptools-16.0.dist-info\top_level.txt
  • c:\6cdeacda242012e0e5b593e657\1036\LocalizedData.xml
  • c:\Python27\Lib\test\cjkencodings\euc_jp-utf8.txt
  • c:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Penguins.jpg
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.publishermui.msi.16.en-us.xml
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\ribbon-16.png
  • c:\Python27\include\bytesobject.h
  • c:\Python27\include\sysmodule.h
  • c:\Python27\include\pymactoolbox.h
  • c:\Python27\Lib\email\test\data\msg_35.txt
  • c:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon View PDFs on mobile devices.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\right_move_bg.jpg
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmui.msi.16.en-us.xml
  • c:\6cdeacda242012e0e5b593e657\1033\LocalizedData.xml
  • c:\Python27\Lib\test\185test.db
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal View PDFs on mobile devices.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\content_showbg.jpg
  • UNC\KIDSROOM\Users\Public\Music\Sample Music\Kalimba.mp3
  • c:\Python27\Lib\email\test\data\msg_08.txt
  • c:\Python27\include\eval.h
  • c:\Python27\Lib\email\test\data\msg_15.txt
  • c:\Python27\Lib\site-packages\README.txt
  • c:\Python27\include\genobject.h
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\nHFjgifYlgHN.docx
  • c:\6cdeacda242012e0e5b593e657\1029\LocalizedData.xml
  • c:\Python27\Lib\test\cjkencodings\big5hkscs.txt
  • c:\Python27\Lib\email\test\data\msg_28.txt
  • c:\Python27\Lib\test\ssl_cert.pem
  • c:\Python27\include\parsetok.h
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\ukzXmoQPrT.doc
  • c:\Python27\include\osdefs.h
  • c:\6cdeacda242012e0e5b593e657\1025\LocalizedData.xml
  • \\?\PIPE\wkssvc
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\classic-16-open.png
  • c:\Python27\Lib\test\leakers\README.txt
  • c:\Python27\include\pymem.h
  • c:\Python27\Lib\site-packages\pip\_vendor\requests\cacert.pem
  • c:\Python27\include\pyarena.h
  • c:\6cdeacda242012e0e5b593e657\1033\eula.rtf
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\byRwFgrdKIJ.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Protect Sensitive PDF Documents.bmp
  • c:\Python27\Lib\test\selfsigned_pythontestdotnet.pem
  • c:\Python27\Lib\email\test\data\msg_46.txt
  • c:\6cdeacda242012e0e5b593e657\1029\eula.rtf
  • c:\Python27\include\rangeobject.h
  • c:\6cdeacda242012e0e5b593e657\2070\eula.rtf
  • c:\Python27\include\iterobject.h
  • c:\Python27\include\funcobject.h
  • c:\Python27\include\listobject.h
  • c:\Python27\Lib\email\test\data\msg_44.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\tpl\index_ori.html
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\config.css
  • c:\Python27\Lib\test\dh1024.pem
  • c:\Python27\include\frameobject.h
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64ww.msi.16.x-none.xml
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Koala.jpg
  • c:\Python27\include\sliceobject.h
  • c:\Python27\tcl\tix8.4.3\pref\TK.cs
  • c:\Python27\Lib\email\test\data\msg_43.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Protect Sensitive PDF Documents.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\css\tabs-ie.css
  • c:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml
  • c:\Python27\include\stringobject.h
  • c:\6cdeacda242012e0e5b593e657\1053\eula.rtf
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\NLeRDrMQUGiiE.docm
  • c:\Python27\include\intobject.h
  • c:\Python27\Lib\email\test\data\msg_20.txt
  • c:\Python27\tcl\tix8.4.3\pref\Gray.cs
  • c:\Python27\Lib\test\cjkencodings\johab-utf8.txt
  • c:\Python27\Lib\test\ssl_key.pem
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemuiset.msi.16.en-us.xml
  • c:\Python27\include\methodobject.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Edit and reflow paragraphs in PDF files.bmp
  • c:\Python27\include\structseq.h
  • c:\Python27\Lib\test\cmath_testcases.txt
  • c:\Python27\Lib\test\cjkencodings\gb18030.txt
  • c:\Python27\include\pymath.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Fastest PDF Search and Index.bmp
  • c:\6cdeacda242012e0e5b593e657\1038\eula.rtf
  • c:\Python27\Lib\email\test\data\msg_32.txt
  • c:\Python27\Lib\email\test\data\msg_24.txt
  • c:\6cdeacda242012e0e5b593e657\1037\LocalizedData.xml
  • c:\Python27\Lib\test\ssl_key.passwd.pem
  • c:\Python27\Lib\test\keycert2.pem
  • c:\Python27\include\py_curses.h
  • c:\ProgramData\WebEx\WebEx\atsdk.xml
  • c:\Python27\Lib\test\cjkencodings\gbk-utf8.txt
  • c:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.2.xml
  • c:\Python27\include\setobject.h
  • c:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml
  • c:\Python27\Lib\test\cjkencodings\big5-utf8.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Protect your PDF files with AD RMS.bmp
  • c:\Python27\Lib\test\cjkencodings\gbk.txt
  • c:\Python27\include\graminit.h
  • c:\6cdeacda242012e0e5b593e657\1046\eula.rtf
  • c:\6cdeacda242012e0e5b593e657\1049\eula.rtf
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Tulips.jpg
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Enterprise PDF Reader.bmp
  • c:\Python27\tcl\tix8.4.3\pref\TkWin.cs
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Powerful Word Processor.bmp
  • c:\6cdeacda242012e0e5b593e657\1035\LocalizedData.xml
  • c:\Python27\include\bytearrayobject.h
  • c:\Python27\Lib\email\test\data\msg_12a.txt
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.fr-fr.xml
  • UNC\KIDSROOM\Users\Harry Dresden\Downloads\cleandesktop.py.txt
  • c:\Python27\Lib\idlelib\CREDITS.txt
  • c:\Python27\include\dictobject.h
  • c:\Python27\Lib\test\cjkencodings\big5hkscs-utf8.txt
  • c:\Python27\include\intrcheck.h
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\rNwrsyMDLXhVJ.pptx
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml
  • c:\Python27\Lib\email\test\data\msg_38.txt
  • c:\Python27\Lib\test\cjkencodings\euc_kr-utf8.txt
  • c:\ProgramData\Microsoft\IlsCache\imcrcache.xml
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64mui.msi.16.en-us.xml
  • c:\Python27\Lib\test\nullbytecert.pem
  • c:\ProgramData\Microsoft\ClickToRun\ProductReleases\53955D98-F46F-4906-AE49-9B6F52BA18A9\x-none.16\MasterDescriptor.x-none.xml
  • c:\6cdeacda242012e0e5b593e657\1032\eula.rtf
  • c:\dskhvxe\bin\cert.p12
  • c:\6cdeacda242012e0e5b593e657\1055\eula.rtf
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office64muiset.msi.16.en-us.xml
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon View and annotate PDFs.bmp
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.accessmuiset.msi.16.en-us.xml
  • c:\Python27\Lib\site-packages\pip-7.0.1.dist-info\entry_points.txt
  • c:\Python27\include\weakrefobject.h
  • c:\Python27\Lib\idlelib\idle.bat
  • c:\inetpub\history\CFGHISTORY_0000000004\schema\NetFx45_IIS_schema_update.xml
  • c:\Python27\include\unicodeobject.h
  • c:\Python27\include\cellobject.h
  • c:\Python27\Lib\test\cjkencodings\iso2022_jp.txt
File-Written
  • C:\Users\Harry Dresden\AppData\Local\Temp\Obd7Zc6O1.dll
  • C:\Users\Harry Dresden\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YLC2QM2Y\ay5v52r1[1]
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Edit and reflow paragraphs in PDF files.bmp
  • c:\6cdeacda242012e0e5b593e657\1033\_25_WHAT_is.html
  • c:\Python27\Lib\email\test\data\msg_45.txt
  • c:\Python27\include\ast.h
  • c:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml
  • c:\Python27\include\pyexpat.h
  • c:\Python27\include\tupleobject.h
  • c:\Python27\tcl\tix8.4.3\pref\_29_WHAT_is.html
  • c:\Python27\include\descrobject.h