'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-11-08 12:29:33.477743 2016-11-08 12:33:06.934994 213 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-11-08 12:29:33 2016-11-08 12:33:02

File Details

File name b63c0a5bab74c1c41d37c3ebcc529060bbc5bf79.zip
File size 1107 bytes
File type Zip archive data, at least v2.0 to extract
CRC32 74F1596D
MD5 cca42525d20a860c86c4153304b3b828
SHA1 b63c0a5bab74c1c41d37c3ebcc529060bbc5bf79
SHA256 3380203001407531b7fbdebc0f3dc5367c960da9b86dfaefb69c2e6711e83360
SHA512 7a71deab7a1c2f534a88bdcf150dba744c65c9f23459440d930458a9bdbc8ab676657cc9ceb0e4ef573e8f19a077e35fc9e5b8b6529147006e30f9ce93277696
Ssdeep 24:9gbUCvQxmU/mMoPnNrtcQ4NLYcUWPRs2Y1yTTKO5TT+:9gVSjWNrORs3yTw
PEiD None matched
Yara
  • PM_Zip_with_js ()
VirusTotal Permalink
VirusTotal Scan Date: 2016-11-08 11:59:37
Detection Rate: 8/56 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=125, Anomalies=0, PEiD=0, Yara=2, VT[1478608430]=100): Snort Events=2, AV Events=2
Total Score=125

SNORT EVENTS:
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Possible Windows executable sent when remote host claims to send a Text File

CLAMAV DETECTED:
Sanesecurity.Malware.26447.JsHeur.UNOFFICIAL FOUND
DROPPED FILE - NRV_MLB91954_.js: Sanesecurity.Malware.26447.JsHeur.UNOFFICIAL FOUND

Dropped File/Buffer Yara Signatures:
4793cb553dfaef1d7b9718dd860d5b71a7024856 [BUFFER]: Str_Win32_Http_API
5861a54477e76cab4b8f3459f40f2e8a9a3092c3 [BUFFER]: shellcode

Signatures

antivm_queries_computername details
recon_fingerprint details
antivm_memory_available details
dumped_buffer details
creates_doc details
antivm_network_adapters details
dumped_buffer2 details
antivm_vbox_files details
Windows_Proxy_Tinkering details
network_wscript_downloader details
persistence_ads details
antiav_detectfile details
exploit_heapspray details
malicious_document_urls details
network_document_file details
network_downloader_exe details
antivm_vbox_devices details
antivm_vbox_files details
modifies_files details

Screenshots

No screenshots available.

Static Analysis

Nothing to display.

Dropped Files

86a4b7181093ced6__52_what_is.html

6680f83d6f92664c_gizcrygx-7am0-fmm8-90c1-09002643075c.thor

83a7cfeede3329ec_gizcrygx-7am0-fmm8-919d-0177cc3f712f.thor

f8f17fae04c09334_gizcrygx-7am0-fmm8-ee82-a9807e1450a7.thor

c1faa125c9c07e8b_gizcrygx-7am0-fmm8-2e64-fa830433d5f1.thor

a55f3ec5d717fbd6_gizcrygx-7am0-fmm8-0b61-ed4d394beb93.thor

faf021b3c06abc41_tasks.xml

580f0c5679ef2d52_gizcrygx-7am0-fmm8-b432-1a4936e8bb7c.thor

687ea25370720610_gizcrygx-7am0-fmm8-bb71-a4e5b00a5980.thor

faf61ea5f7849bcc_gizcrygx-7am0-fmm8-8157-131e411d3334.thor

a391c52453ca01bc_gizcrygx-7am0-fmm8-66b3-50d5e5dbd9e9.thor

8a3df5ea3ad2ada1_gizcrygx-7am0-fmm8-336e-f29a3a22e7b7.thor

85ad94f191287ac2_gizcrygx-7am0-fmm8-d508-7e206a86b7d2.thor

57a0151a72106913_gizcrygx-7am0-fmm8-c5bc-ba236ce8209d.thor

93ec26e4a832cc29_gizcrygx-7am0-fmm8-ac64-365f6f996be9.thor

9dcfedddcbeba00d_gizcrygx-7am0-fmm8-dbf5-c4d543f1e62b.thor

9c7a7d19f02171f5_gizcrygx-7am0-fmm8-cad5-2adb9af92d3f.thor

7043f617a98f9c65_gizcrygx-7am0-fmm8-de6d-1c12d3e912f3.thor

44363381f18312eb_gizcrygx-7am0-fmm8-27de-93a77e270044.thor

208aed0f251a6284_gizcrygx-7am0-fmm8-b710-cd0747836c11.thor

c2812be2d70fcf74_gizcrygx-7am0-fmm8-2c3b-c8f39d3e0694.thor

1a1e94594bc457f2_gizcrygx-7am0-fmm8-ac9a-8cfea863520a.thor

311fd193f5e84dc4_gizcrygx-7am0-fmm8-4309-169897f072b0.thor

7e8851acc9037a48_gizcrygx-7am0-fmm8-f58e-3ddfa34833cf.thor

1f8df530eb396bbe_gizcrygx-7am0-fmm8-7028-2d52a2e2f980.thor

e45088649d027afd_gizcrygx-7am0-fmm8-1512-c07731716d2a.thor

8b1399d68df37c6d_gizcrygx-7am0-fmm8-75c1-854f424300d7.thor

fd5f68b59aa2b3e8_resource.xml

69d7f38bbdfb656e_gizcrygx-7am0-fmm8-c749-b4da1c5bc2ed.thor

eef74d694b2d6d37_gizcrygx-7am0-fmm8-ae64-3be611531916.thor

b249fb5cf0f56f88_gizcrygx-7am0-fmm8-01e9-ab7e1df16403.thor

1c0c08eb875e4060_gizcrygx-7am0-fmm8-5dca-af72c5520e91.thor

ff74a5e1c12c40b5_gizcrygx-7am0-fmm8-17a2-a0fbba3f450d.thor

524640adc561f0ef_gizcrygx-7am0-fmm8-8b59-55fe52399c78.thor

5bd70cc230e2876e_gizcrygx-7am0-fmm8-208a-3843f483ed5a.thor

e3ff7e507645bf94_gizcrygx-7am0-fmm8-4ba0-e231904a85cb.thor

6d6d09983c0cc8b6_gizcrygx-7am0-fmm8-61f5-9839e0cf9d8b.thor

6d1a929c6f70e7c6_gizcrygx-7am0-fmm8-9898-d7e3b32f75f2.thor

dfdf8b82c253d7af_gizcrygx-7am0-fmm8-f1e5-92312bb7a599.thor

427e1b1f75bbee12_gizcrygx-7am0-fmm8-3d3f-3c87e3e46a68.thor

cf1ba7ab66439abd_gizcrygx-7am0-fmm8-8305-d2cf5e55d839.thor

9da0781c1fdc92fa_gizcrygx-7am0-fmm8-ca41-784a1a715cb6.thor

96b5126d986bbbf4_gizcrygx-7am0-fmm8-275f-2684272aa9e0.thor

af7a12135db48bf2_resource.xml

2f1220c45ed94b87_gizcrygx-7am0-fmm8-abae-7ddd9793dc62.thor

4a19eb41c49bdd23_gizcrygx-7am0-fmm8-a405-640e82ebf6be.thor

28bff7dedbfed816_gizcrygx-7am0-fmm8-4640-fa9a9f6776d1.thor

335ef0ddddafa7b2_gizcrygx-7am0-fmm8-481d-e580ad5ab275.thor

70b88b4ed4fd158b_gizcrygx-7am0-fmm8-e4d5-0c92ad304a69.thor

c9a85ffbcc37ce8a_gizcrygx-7am0-fmm8-ef92-fa9313f82cd8.thor

dcc7ae4dde4fa4f5_gizcrygx-7am0-fmm8-5c79-423c97a3c26b.thor

1ea8a5fe7d2bb00a_gizcrygx-7am0-fmm8-5946-7fc44fac035f.thor

fb77a2f02efb50b7_gizcrygx-7am0-fmm8-e9e6-6349fe0e6cf6.thor

7fb23e820f977dc7_gizcrygx-7am0-fmm8-893d-60763e40a002.thor

939196560a192426_gizcrygx-7am0-fmm8-fb3c-a95a7ef17205.thor

442ce524a3258ec3_gizcrygx-7am0-fmm8-5eb2-bfd48c7c0c40.thor

4966fa0887acebe5_gizcrygx-7am0-fmm8-73c2-f5a8a0d32868.thor

c1bfe1f8cffd0519_gizcrygx-7am0-fmm8-ba02-e1117b43ac68.thor

0243bc7faf04e534_gizcrygx-7am0-fmm8-ffa4-fa71818739ff.thor

9ef7be43c40e22b8_gizcrygx-7am0-fmm8-e362-8369ddc3b52d.thor

e68b9f6678adbee5_gizcrygx-7am0-fmm8-fe2e-c1cdcc7c844b.thor

f94e1edaf3c4f1f7_gizcrygx-7am0-fmm8-c16c-f53433c7d28a.thor

141f2af406c7e0f2_gizcrygx-7am0-fmm8-97b8-9ae63ff89dd7.thor

9a507b407681ea2c_gizcrygx-7am0-fmm8-10e0-f9260011195f.thor

e50e16f50a144c23_gizcrygx-7am0-fmm8-48fd-e47d28dcbed1.thor

e23211d8237df8b3_gizcrygx-7am0-fmm8-f121-7e0ff3437091.thor

9efa0c972cee3af0_gizcrygx-7am0-fmm8-3c55-8fa98b8c99d1.thor

49d721c6f267d6e2_gizcrygx-7am0-fmm8-81ef-c72f4580d08d.thor

24ef1bd680b15234_gizcrygx-7am0-fmm8-8dad-4afbf90b475d.thor

e043a69e0f683a67_gizcrygx-7am0-fmm8-609e-748f7928cb53.thor

d9609512d8a5dc0f_gizcrygx-7am0-fmm8-67d6-62e8df417e65.thor

332eaeac9fb329f1_gizcrygx-7am0-fmm8-5d21-53a920d833da.thor

4c3dcfad0b5dbd5a_gizcrygx-7am0-fmm8-37d8-9431aaf438ac.thor

f10b018204ab8581_gizcrygx-7am0-fmm8-727d-8cfa28aba62c.thor

61ab831a9f28f961_gizcrygx-7am0-fmm8-15a0-4f37023837e3.thor

c790b581a42b6558_gizcrygx-7am0-fmm8-8889-431b9fa9aba6.thor

94c0fb5b59a6ec63_gizcrygx-7am0-fmm8-d256-536b3ee0e8d2.thor

ee7091c507fa3f39_gizcrygx-7am0-fmm8-1d6b-15e033933cd2.thor

97a8066c786834c2_gizcrygx-7am0-fmm8-0750-b2270333e479.thor

86c05252eacc2b5d_tasks.xml

3799ec9fcd38096e_gizcrygx-7am0-fmm8-916e-1968a95c1f9f.thor

067ed27ddb061988_gizcrygx-7am0-fmm8-2af8-43f988d4ab33.thor

a98f008f71ec86d7_gizcrygx-7am0-fmm8-aedc-3cbee0bf3e14.thor

4d9cefacd2b8cdd2_gizcrygx-7am0-fmm8-21fb-40f575b97f35.thor

1ee7fa923c681542_gizcrygx-7am0-fmm8-c46c-a146832ed413.thor

127f5ff04b76a54f_gizcrygx-7am0-fmm8-38c3-88d4620ae491.thor

6c750393ecc2be88_gizcrygx-7am0-fmm8-9b5e-47f0f12fbeb9.thor

3107576140217238_gizcrygx-7am0-fmm8-1d23-02945c2ad6a3.thor

e4a52e85625afbc3_gizcrygx-7am0-fmm8-ee08-c72d2d4daf20.thor

395040411f25429c_gizcrygx-7am0-fmm8-8542-59b5554bbc23.thor

2a435399496a0d09_gizcrygx-7am0-fmm8-e0e9-7e8e60435c97.thor

ae13da0e6cf8eb74_gizcrygx-7am0-fmm8-be38-ba6d13b66e31.thor

553ebafa171b7884_gizcrygx-7am0-fmm8-f590-9a1c14c5e084.thor

9ce41c3c970e82d7_gizcrygx-7am0-fmm8-3988-b4b0ce799266.thor

ffa20ec7d12f5b4f_gizcrygx-7am0-fmm8-b6dc-b89bcca44afc.thor

af0cc8d34bb4c562_gizcrygx-7am0-fmm8-ad4d-25d5b4f4e15f.thor

f6b8f36d9e4900bc_gizcrygx-7am0-fmm8-3a56-bbcdd13c918e.thor

8aae7827523ae046_gizcrygx-7am0-fmm8-2fc1-e8f5ea823d72.thor

35e0c3accaabe4f8_gizcrygx-7am0-fmm8-3224-6da0c5055f26.thor

40d7c8cb9ef62d62_gizcrygx-7am0-fmm8-df21-4b2ae5e0f5a3.thor

34fda7cf43819482_gizcrygx-7am0-fmm8-9722-42271332410e.thor

10bf44aff2225b45_gizcrygx-7am0-fmm8-98ad-fc0b8a2d7195.thor

42707fc0c08b2a7b_gizcrygx-7am0-fmm8-d150-81a084774c38.thor

dc00399facb99aee_gizcrygx-7am0-fmm8-d663-4d512494d112.thor

5f0639f918c8aaa4_gizcrygx-7am0-fmm8-5e0e-4b28543a9892.thor

2f81a17127988bbd_gizcrygx-7am0-fmm8-67b3-9979d9975de1.thor

c26c7b3fc4e46036_gizcrygx-7am0-fmm8-291c-31358c22ef86.thor

d120e0eedcb5e4c7_gizcrygx-7am0-fmm8-d00f-b4bc3aa527db.thor

e94eccb26986a253_gizcrygx-7am0-fmm8-4a5f-d0195062f42d.thor

90a64d8d8be81740_gizcrygx-7am0-fmm8-7053-2f3d199934da.thor

c08ebcfa17c54085_gizcrygx-7am0-fmm8-960a-bff6c0bae8b6.thor

da8b3f564cb99c9e_gizcrygx-7am0-fmm8-3e54-fb8dde403b22.thor

cac094fa6c3745ff_gizcrygx-7am0-fmm8-c2e3-260bdd668c2b.thor

d3c64794b78c73fe_gizcrygx-7am0-fmm8-327d-4cb8dd5eb5d9.thor

ad2705869e34ac79_gizcrygx-7am0-fmm8-6bed-508293c9f158.thor

fbb190b7d45839d6_gizcrygx-7am0-fmm8-e0cb-3cf6e3c36403.thor

090998691168b2a8_gizcrygx-7am0-fmm8-5e08-d34d71734b23.thor

cb40a84b91859bd8_gizcrygx-7am0-fmm8-7ee9-d8b45f032716.thor

609099fcb7103966_twnyr1s[1].txt

3fcde0f58b67159c_gizcrygx-7am0-fmm8-f105-8b38057a9893.thor

13214076607c379c_gizcrygx-7am0-fmm8-7b8d-da0f22be1e08.thor

ead2bfff9e297eae_gizcrygx-7am0-fmm8-47c2-0a092177509d.thor

f5925bb0f6e8be45_gizcrygx-7am0-fmm8-f920-e3a5bd8dc0a8.thor

22adbec43667eb30_gizcrygx-7am0-fmm8-382f-abb010383fc7.thor

d75f75cd118d1367_gizcrygx-7am0-fmm8-e85a-10c06d56727c.thor

1291177faa96b142_gizcrygx-7am0-fmm8-1c48-37073b81b408.thor

6254713e00859687_gizcrygx-7am0-fmm8-d613-24f3bdb757f7.thor

40149d8a23527680_gizcrygx-7am0-fmm8-97f7-0e29b609dcc0.thor

b742a09b9aa53ab9_gizcrygx-7am0-fmm8-d419-dace4dcde775.thor

4f972506dd5b2248_gizcrygx-7am0-fmm8-5896-86e68274ba38.thor

5f65b4a0e7d79c78_gizcrygx-7am0-fmm8-cfee-11535ad430b0.thor

01eebadfba8cc931_gizcrygx-7am0-fmm8-7875-2ffe36004fec.thor

28a9cb67a91601e8_gizcrygx-7am0-fmm8-a68b-ad6c71f388f8.thor

dd44b7179da40b3c_gizcrygx-7am0-fmm8-822c-823d92927393.thor

aafacee6cc127b2f_gizcrygx-7am0-fmm8-1c4b-f19024431f55.thor

c3934764071cdb02_gizcrygx-7am0-fmm8-9955-69f1e9b00cd5.thor

ca373bacec65b2c4_gizcrygx-7am0-fmm8-22e5-6dffb059ebd3.thor

4c93352750e37670_gizcrygx-7am0-fmm8-4448-c2da3119db8a.thor

96cf2264bed25d03_gizcrygx-7am0-fmm8-c0b4-98f26e164ea8.thor

37d8a729009b55e5_gizcrygx-7am0-fmm8-5bce-ddf66ada1bdc.thor

ed8203441015b7dc_gizcrygx-7am0-fmm8-b06b-5bc0721ac942.thor

f90e2fd3feb34f0f_gizcrygx-7am0-fmm8-2699-5caa46309da9.thor

412d3c3dcc99d9ca_gizcrygx-7am0-fmm8-a61f-e83b54d24516.thor

9e97a709d009f7e3_gizcrygx-7am0-fmm8-d012-607998694479.thor

a9c304edf2154dfb_gizcrygx-7am0-fmm8-502e-451513d87004.thor

782a3e349406c105_gizcrygx-7am0-fmm8-24d6-145ff76c1cc8.thor

b7cca722c7932b83_gizcrygx-7am0-fmm8-c2e6-cc76581fba4f.thor

18f48e78e4205f3d_gizcrygx-7am0-fmm8-f028-add9cb40f370.thor

63144414ee46ac15_gizcrygx-7am0-fmm8-35e6-e7d866b36935.thor

0a79265603978f89_gizcrygx-7am0-fmm8-fbe6-ef9d27cef3a4.thor

ff70d2a5ddab2de8_gizcrygx-7am0-fmm8-ac0f-eb5ea7462701.thor

d6b0452058b78aea_gizcrygx-7am0-fmm8-e4e4-621e10c1c16d.thor

e3213efcad20bff4_gizcrygx-7am0-fmm8-733c-cc93c875c78c.thor

9c5bf70cbf4a8f03_gizcrygx-7am0-fmm8-bdbb-840ece2e2015.thor

f23ab270c427e597_gizcrygx-7am0-fmm8-8df8-b86380cad7af.thor

5afc6b621b23e0b2_gizcrygx-7am0-fmm8-4835-70b2b4259705.thor

2b2687e4744b70b9_gizcrygx-7am0-fmm8-b296-7d16d7bdbd4b.thor

c10bd42773e2a18d_gizcrygx-7am0-fmm8-39fa-6a3afb64a92e.thor

4b0be730578c831e_gizcrygx-7am0-fmm8-e8d2-1d882322e7be.thor

32f76d2a5e5fe845_gizcrygx-7am0-fmm8-b0ca-139041e10032.thor

4b910a61e69664a4_gizcrygx-7am0-fmm8-0415-dcda75779efb.thor

e471bc6e1ab62bfe_gizcrygx-7am0-fmm8-8894-1ebff0dded8f.thor

55cc749da4fce7ec_gizcrygx-7am0-fmm8-d379-373f0b00995c.thor

be3595e8fdf83bfe_gizcrygx-7am0-fmm8-f552-42d6324b6cca.thor

54505606dfc9e691_gizcrygx-7am0-fmm8-bb13-00110488e506.thor

f7eed501fed70427_gizcrygx-7am0-fmm8-47b7-b81e90950bc0.thor

cd6a426338fe0bb2_gizcrygx-7am0-fmm8-d6c8-26b743be6611.thor

82d837ac36b1eafa_gizcrygx-7am0-fmm8-fc1b-51804d674cd2.thor

1f4e71508ab46838_gizcrygx-7am0-fmm8-d313-77d7022402a5.thor

dc67a6b4b53e127b_gizcrygx-7am0-fmm8-af2d-9c3064e25166.thor

69fa9353c9e07221_gizcrygx-7am0-fmm8-d7d3-833e2df39930.thor

c7b66196dd543c6c_gizcrygx-7am0-fmm8-65b4-1f55befa59c1.thor

6ef0341241a7e802_gizcrygx-7am0-fmm8-f42b-22c65b25dfb6.thor

859c66cf39031748_gizcrygx-7am0-fmm8-20a5-e4012ba35801.thor

18dff53c83263475_gizcrygx-7am0-fmm8-2337-a8fc821e59bc.thor

130aa25eac22294b_gizcrygx-7am0-fmm8-31de-74974ca7961f.thor

9c898a94f852abb6_gizcrygx-7am0-fmm8-9500-deb8f0aa11f1.thor

70da05dcf69c3eb0_gizcrygx-7am0-fmm8-cfcb-c89b33f121d8.thor

d97abfc1e50db72e_gizcrygx-7am0-fmm8-b5e9-8b090b7bf4d2.thor

17407cde10474c42_gizcrygx-7am0-fmm8-f18c-6dca179ef873.thor

d53a5de011d6fc1c_gizcrygx-7am0-fmm8-0417-7be09f498c3e.thor

bf9f7acaf0e1df50_gizcrygx-7am0-fmm8-ad84-10570da53ef9.thor

2f28249b885d7533_gizcrygx-7am0-fmm8-a8ee-72ca8eaa0d19.thor

7ee37a29574f13a4_gizcrygx-7am0-fmm8-0744-b081a094da6b.thor

8b99d2aa23f0ef7f_gizcrygx-7am0-fmm8-df87-9be15cfcbaa1.thor

6441e1a98e935d21_gizcrygx-7am0-fmm8-b93e-0e9eaa96e21b.thor

9ac2e102c06543ba_gizcrygx-7am0-fmm8-3171-b754f11151f0.thor

eb489a356f1f5496_gizcrygx-7am0-fmm8-f3d4-735551a68b40.thor

63ab6ca8750bcf0e_gizcrygx-7am0-fmm8-da41-2480efaeb5e5.thor

c16339cd763e25a8_gizcrygx-7am0-fmm8-f01d-12377f7cbe6b.thor

05baf747a28333ed_gizcrygx-7am0-fmm8-b211-7d3bd6f367db.thor

eed7ed8ed2db744c_gizcrygx-7am0-fmm8-0d28-8a9872281fa3.thor

bce9786899c69971_gizcrygx-7am0-fmm8-e7ba-73316defc0c3.thor

8931d34acc2d60b8_behavior.xml

445c1c73648d8a9d_gizcrygx-7am0-fmm8-9ef1-c89980c8e829.thor

464d33a8f195dc70_gizcrygx-7am0-fmm8-1af5-d7d945b82fe6.thor

ea0c1f1a5e5a5768_gizcrygx-7am0-fmm8-9468-0c04491fdf3d.thor

c835e4ee802da253_gizcrygx-7am0-fmm8-c4f2-fa5f115b52a0.thor

e393404426405ad3_gizcrygx-7am0-fmm8-db9f-a1f6bf7a4826.thor

3c2c9fdf6aa63ac2_gizcrygx-7am0-fmm8-6185-e587f9e3e266.thor

aff7d8946b2920c1_gizcrygx-7am0-fmm8-a2d2-ebda795d12f4.thor

86521630f6148c83_gizcrygx-7am0-fmm8-20b8-c185eb901c2f.thor

b5bcdeade52d0c62_gizcrygx-7am0-fmm8-2b3a-326c017b95ec.thor

fd75fb055c0cafc4_gizcrygx-7am0-fmm8-b23d-2de0d7d0e827.thor

ab5b4fcf8010c6cb_gizcrygx-7am0-fmm8-a852-65709f418d37.thor

7571a11c4af96d0f_gizcrygx-7am0-fmm8-eca7-c20df66d7c5f.thor

2bb68b69bbdbc23a_gizcrygx-7am0-fmm8-ae86-af3b2169a89e.thor

a00ebb4026e10cae_gizcrygx-7am0-fmm8-9f03-b32a3ef5bf18.thor

3c3eef50f6ed7ad9_gizcrygx-7am0-fmm8-883d-a1920e226788.thor

164e3847b398dca4_gizcrygx-7am0-fmm8-9f55-a75529109ab5.thor

586639dfc6963d74_gizcrygx-7am0-fmm8-10ae-4527579fda62.thor

db1ba2ba0beb781a_gizcrygx-7am0-fmm8-5940-c210ea70fc7d.thor

17dd39f5a361df4c_gizcrygx-7am0-fmm8-0368-17bab4268420.thor

b9e949daed6aee75_gizcrygx-7am0-fmm8-57fe-1ab1c6b4700d.thor

363e3eca9789ef86_gizcrygx-7am0-fmm8-b2cf-2fa8fedc79ed.thor

a7ce7e07f1a7cc46_gizcrygx-7am0-fmm8-025e-01448d19cc6d.thor

a4a48252ea2d0a4b_gizcrygx-7am0-fmm8-199f-feda206e03b0.thor

5a2e22bd9d488ff8_gizcrygx-7am0-fmm8-7be0-06bfbde887fe.thor

8fcf60c263e4c66e_gizcrygx-7am0-fmm8-469e-0d57fe08010a.thor

4f8085b2e5a06ad6_gizcrygx-7am0-fmm8-0019-9719272ad988.thor

55fc24260fe6b273_gizcrygx-7am0-fmm8-1dd6-4b818f30f028.thor

2c981b0d1c361ed0_gizcrygx-7am0-fmm8-767b-01c070468a77.thor

a05a92ef4fff5072_gizcrygx-7am0-fmm8-04f3-9acc5191c13e.thor

5a3b5a04eca09a08_gizcrygx-7am0-fmm8-5f56-fc590e600fb4.thor

df3080865bcb7bf5_gizcrygx-7am0-fmm8-b411-f43186257b28.thor

af7f86e30a14e550_gizcrygx-7am0-fmm8-cf57-39e91887cf8b.thor

4d11ddf34b49c78f_gizcrygx-7am0-fmm8-c7bf-1458fabea9f0.thor

a692ce208366c06e_gizcrygx-7am0-fmm8-d938-b766a830f501.thor

1fd5c9d9d36085e6_gizcrygx-7am0-fmm8-1e66-1888b92d11e1.thor

bf57575f2e9b3646_gizcrygx-7am0-fmm8-4eb3-701bc793e7f3.thor

59b0e9609be945ef_gizcrygx-7am0-fmm8-de1c-9193b1c15778.thor

c4ec9f4bc98df8b4_gizcrygx-7am0-fmm8-8fb7-7e2011c917f6.thor

899bce5fe3bf7de6_gizcrygx-7am0-fmm8-3f36-72de66632545.thor

38b15e2c0face65d_gizcrygx-7am0-fmm8-9c41-882e05112673.thor

9356ed51319b3aa1_gizcrygx-7am0-fmm8-5311-fcbc1a3db412.thor

537ff9b4113b530a_gizcrygx-7am0-fmm8-4096-594f33727326.thor

3b0a61151d193f14_gizcrygx-7am0-fmm8-5566-c7577decfcc0.thor

e5a84b32edf66ed6_gizcrygx-7am0-fmm8-20a9-285c26fd4a1d.thor

177374bf5799bc1b_gizcrygx-7am0-fmm8-98e0-32fa7b2b8001.thor

390ff149b329cb0c_gizcrygx-7am0-fmm8-65ee-b372ce06899c.thor

fa8304efafb15c8a_gizcrygx-7am0-fmm8-eb90-9158e590abc9.thor

0b5c9c9d75cdcabd_gizcrygx-7am0-fmm8-747a-15dd3686a2ab.thor

2d443ab3711bd840_gizcrygx-7am0-fmm8-9eaa-2dc76bc508e4.thor

1b03c9d42824b6e9_gizcrygx-7am0-fmm8-7d35-c1aeefcd57be.thor

13fe5940461f60eb_gizcrygx-7am0-fmm8-fcc0-4814bc979ebd.thor

3f528ced93572477_gizcrygx-7am0-fmm8-e5e5-f775b336dc38.thor

43dfead92ee09ce0_gizcrygx-7am0-fmm8-1dea-aab03d8bc77d.thor

5587b504202b49b5_gizcrygx-7am0-fmm8-5a9b-3789d8c80b4f.thor

1dc8f121bd24badf_gizcrygx-7am0-fmm8-54c0-427de91b3418.thor

3150afdd63aa574f_gizcrygx-7am0-fmm8-3027-c6af98292042.thor

e8ba55b5fcc05ce6_gizcrygx-7am0-fmm8-cf8d-297003a625e6.thor

021c92207ade57b8_gizcrygx-7am0-fmm8-a10d-c808b325f11a.thor

b4a98a11fe0740e6_gizcrygx-7am0-fmm8-e8fe-5302785f9637.thor

de808a8a7fab65f1_gizcrygx-7am0-fmm8-622a-e34f7ea42fcd.thor

f98d65fb0240f66a_gizcrygx-7am0-fmm8-1586-51dddac1410d.thor

6f5c7bbca3acb793_gizcrygx-7am0-fmm8-97ad-cb0b5c198a13.thor

80e782379fc35923_gizcrygx-7am0-fmm8-461b-e94b829c6907.thor

fa3fd27aa01e5080_gizcrygx-7am0-fmm8-f79f-8a1752391a3f.thor

f0572b5708c83015_behavior.xml

f87c704f74d0217e_gizcrygx-7am0-fmm8-b56f-0831ac58e78d.thor

6b3085ba85cc1d82_gizcrygx-7am0-fmm8-d8dc-1af4d295149a.thor

f12672c399ffb701_gizcrygx-7am0-fmm8-9970-07d0e48fa859.thor

54874865c698e3da_gizcrygx-7am0-fmm8-d286-dfb0259ba8b7.thor

7d33035eb372aa44_gizcrygx-7am0-fmm8-89de-0967adb56a55.thor

9441934ac86e9b38_gizcrygx-7am0-fmm8-b3b9-2ac852c2bc31.thor

de94b12d561697e7_gizcrygx-7am0-fmm8-6654-4e527c57f153.thor

ada5f67ba136a362_gizcrygx-7am0-fmm8-77d9-a750354e9860.thor

aa905d798a67aa8f_gizcrygx-7am0-fmm8-ab7e-1d25fafce17b.thor

e873ff78c9c6deff_gizcrygx-7am0-fmm8-cf6f-961a5d387d54.thor

eb6b0d5f48006b9a_gizcrygx-7am0-fmm8-394e-68e106981fa2.thor

525e1f87eb198590_gizcrygx-7am0-fmm8-6cbd-1d14bb193831.thor

d944a473a20d138c_gizcrygx-7am0-fmm8-25f3-d8882464aeaa.thor

dc08693b713bd4c3_gizcrygx-7am0-fmm8-4b80-033946a88550.thor

5aea75f07d07b928_gizcrygx-7am0-fmm8-f2e3-5213e8590443.thor

8bb873e6a5f30d0f_gizcrygx-7am0-fmm8-1238-1ad2788f98d1.thor

8fba31cf1e873752_gizcrygx-7am0-fmm8-d50e-71bf58101950.thor

b2d02ad724d1b71e_gizcrygx-7am0-fmm8-e83c-272ef6d1d70e.thor

9f59ab83384073d6_gizcrygx-7am0-fmm8-f2eb-eacbb2f93984.thor

4003e73677aabb87_gizcrygx-7am0-fmm8-881c-d49bf248ca15.thor

0b2a43a3123567df_gizcrygx-7am0-fmm8-ef00-8cbcad26d04e.thor

d8694672ad7c4cee_gizcrygx-7am0-fmm8-9f51-3854076c5629.thor

eac06e19780e1b7a_gizcrygx-7am0-fmm8-fdd3-bc884c656028.thor

f03629cf9751d24a_gizcrygx-7am0-fmm8-1abd-ed82df59ddbf.thor

e01ff4d87cb3e934_gizcrygx-7am0-fmm8-79f6-6d9455f6130c.thor

fd08fc642a338064_gizcrygx-7am0-fmm8-6cde-89f1a9ae3e82.thor

8f45d3ccf4d8a5f3_gizcrygx-7am0-fmm8-23b5-6bfc3af04fc0.thor

0e7caac296ad3bd7_gizcrygx-7am0-fmm8-f54d-3ca02eaf5771.thor

ac710c7a3b1a8501_gizcrygx-7am0-fmm8-b9ea-942917b9ce47.thor

6e44255a3b8a9e75_gizcrygx-7am0-fmm8-d154-0080d6653384.thor

b16ab20e6e28df9a_gizcrygx-7am0-fmm8-1284-31f19672d84a.thor

d1b3ab745e68c497_gizcrygx-7am0-fmm8-5e2a-8a88381694f6.thor

658c83e5a0f88c86_gizcrygx-7am0-fmm8-237f-6e0ad9459f3e.thor

6edb42eccf11a8aa_gizcrygx-7am0-fmm8-fa9e-f435cb002c3c.thor

791a8848a44c8271_gizcrygx-7am0-fmm8-7b29-d92c61b5833a.thor

ae41e69cb2af3c62_gizcrygx-7am0-fmm8-bd05-6030f23aa1dd.thor

4b5e19fa12d6d160_gizcrygx-7am0-fmm8-2929-9a0cc6d1f3bd.thor

fa95fe03e09975e0_gizcrygx-7am0-fmm8-a522-5e9ceff6ab05.thor

eba3638429d2c641_gizcrygx-7am0-fmm8-7609-8a75c9bb1f6f.thor

0505b3de242c36b3_gizcrygx-7am0-fmm8-f417-ebaab2a9c6c5.thor

ca08fe0e1b76d468_gizcrygx-7am0-fmm8-6eea-2bce190c5879.thor

a6f79fd0c856820c_gizcrygx-7am0-fmm8-06b0-f79c12d38c13.thor

47042e98e8278d43_gizcrygx-7am0-fmm8-f86c-428150abb0fd.thor

8b62d7aa23b4ff07_gizcrygx-7am0-fmm8-0176-d3c3f742b63f.thor

81b3038c39d483bc_gizcrygx-7am0-fmm8-8ec9-686ff542b37b.thor

d312f3ad57cdaa5e_gizcrygx-7am0-fmm8-abe2-4c245ba4ee41.thor

597b449488cfc1c2_gizcrygx-7am0-fmm8-686b-427e177f64cc.thor

059b7355664b6a9a_gizcrygx-7am0-fmm8-abdd-6c0372e5b419.thor

286a73c4855cfab3_gizcrygx-7am0-fmm8-416b-3fb8e34dadee.thor

2a267a9673a39724_gizcrygx-7am0-fmm8-dd8e-2bb1a5e222ce.thor

805d3fe3cdfe16c9_gizcrygx-7am0-fmm8-cc6d-bbf0f42b1a73.thor

0be891114d83e5ff_gizcrygx-7am0-fmm8-69a3-a8613a2c9490.thor

65772814eaee77d6_gizcrygx-7am0-fmm8-d09d-92b9bdc2117d.thor

408a1d1a865a5187_gizcrygx-7am0-fmm8-2cc6-4b160c7be4bd.thor

f2f6562e9727f20c_gizcrygx-7am0-fmm8-c7ae-de7e356255f4.thor

c4b7dcb94bc35d97_gizcrygx-7am0-fmm8-3c7c-c0d6c746e457.thor

00935ff3bb4823da_gizcrygx-7am0-fmm8-a0fa-a8fb7b68d856.thor

8f89b161b0265b6e_gizcrygx-7am0-fmm8-6924-929cb7fef009.thor

11b7324114edda86_gizcrygx-7am0-fmm8-6313-a97f5aaad483.thor

ae4e625d66c73d89_gizcrygx-7am0-fmm8-adaf-b2defda6731e.thor

c0076f99abc4efb4_gizcrygx-7am0-fmm8-c84b-c37555698647.thor

1c0c4aa2f63e6556_gizcrygx-7am0-fmm8-411c-e0b3a9b74403.thor

69f7e12270a506e9_gizcrygx-7am0-fmm8-b99b-209dca97356b.thor

bdd05337359f7fe3_gizcrygx-7am0-fmm8-e05d-11fd3a5f5388.thor

8ac1ccc0b0a7271a_gizcrygx-7am0-fmm8-d267-a3a47d197992.thor

603199922e6da77f_gizcrygx-7am0-fmm8-b07f-0bcb5b630b75.thor

36dfd2823dce26bc_gizcrygx-7am0-fmm8-aa33-37bc2ae1be6f.thor

0ba2b9bc5a2beab5_gizcrygx-7am0-fmm8-f5d5-4d24bca560a0.thor

3bb4bce78f8dbe8a_gizcrygx-7am0-fmm8-d871-1c06088f7228.thor

6c891aeb9ad77016_gizcrygx-7am0-fmm8-5f19-010558f3fc67.thor

a79bff3c3170af2a_gizcrygx-7am0-fmm8-9d56-9c77e9add31d.thor

NRV_MLB91954_.js

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Edit and reflow paragraphs in PDF files.bmp
  • c:\Python27\Lib\email\test\data\msg_45.txt
  • c:\Python27\Lib\email\test\data\msg_06.txt
  • c:\Python27\include\ast.h
  • c:\ProgramData\Microsoft\ClickToRun\DeploymentConfig.0.xml
  • c:\Python27\include\pyexpat.h
  • c:\Python27\include\tupleobject.h
  • c:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml
  • c:\Python27\include\descrobject.h
  • c:\Python27\Lib\test\cjkencodings\iso2022_kr.txt
  • c:\Python27\Lib\test\cjkencodings\gb2312.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Integrate PDF into your mobile apps.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\classic-16.png
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\body_bg.jpg
  • c:\Python27\tcl\tix8.4.3\pref\SGIGray.cs
  • c:\Python27\include\grammar.h
  • c:\Python27\include\import.h
  • \\?\PIPE\browser
  • c:\Python27\Lib\email\test\data\msg_30.txt
  • c:\6cdeacda242012e0e5b593e657\1040\eula.rtf
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Create PDF from Office-convert PDF to office.bmp
  • c:\6cdeacda242012e0e5b593e657\1043\eula.rtf
  • c:\6cdeacda242012e0e5b593e657\1032\LocalizedData.xml
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Desert.jpg
  • c:\Python27\tcl\tix8.4.3\pref\Blue.cs
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\NoEcitbuwv.doc
  • c:\Python27\Lib\test\xmltestdata\simple.xml
  • c:\Python27\Lib\test\test_doctest2.txt
  • c:\Python27\Lib\email\test\data\msg_36.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\show_con_bg.jpg
  • c:\6cdeacda242012e0e5b593e657\1042\eula.rtf
  • c:\Python27\Lib\test\cjkencodings\johab.txt
  • c:\Python27\Lib\idlelib\TODO.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\Profile.xml
  • c:\Python27\include\marshal.h
  • c:\Python27\Lib\email\test\data\msg_23.txt
  • c:\6cdeacda242012e0e5b593e657\1046\LocalizedData.xml
  • UNC\KIDSROOM\Users\Public\Videos\Sample Videos\Wildlife.wmv
  • c:\Python27\Lib\email\test\data\msg_19.txt
  • c:\Python27\Lib\idlelib\extend.txt
  • c:\Python27\Lib\test\badcert.pem
  • c:\Python27\Lib\test\cjkencodings\euc_kr.txt
  • c:\Python27\include\pgen.h
  • UNC\KIDSROOM\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg
  • c:\Python27\Lib\test\floating_points.txt
  • c:\Python27\Lib\test\wrongcert.pem
  • c:\Python27\include\objimpl.h
  • c:\Python27\Lib\test\math_testcases.txt
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Publisher.Publisher.x-none.msi.16.x-none.xml
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Enterprise PDF Reader.bmp
  • c:\Python27\Lib\idlelib\idle_test\README.txt
  • c:\Python27\include\abstract.h
  • c:\ProgramData\WebEx\WebEx\12_1324\gpc.php
  • c:\Python27\Lib\test\keycert.passwd.pem
  • c:\Python27\Lib\test\cjkencodings\gb18030-utf8.txt
  • c:\Python27\include\object.h
  • c:\6cdeacda242012e0e5b593e657\1036\eula.rtf
  • c:\6cdeacda242012e0e5b593e657\1044\LocalizedData.xml
  • c:\Python27\Lib\test\cjkencodings\shift_jis.txt
  • c:\Python27\Lib\test\cjkencodings\euc_jisx0213.txt
  • c:\Python27\tcl\tclConfig.sh
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\ribbon-16-open.png
  • c:\Python27\include\pyport.h
  • c:\6cdeacda242012e0e5b593e657\1045\eula.rtf
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\skin.css
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Create PDF from Office-convert PDF to office.bmp
  • c:\6cdeacda242012e0e5b593e657\1030\eula.rtf
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.es-es.xml
  • c:\Python27\include\code.h
  • c:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\DeploymentConfiguration.xml
  • c:\Python27\Lib\test\exception_hierarchy.txt
  • c:\Python27\include\dtoa.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\css\tabs.css
  • c:\Python27\include\asdl.h
  • c:\Python27\Lib\test\empty.vbs
  • c:\6cdeacda242012e0e5b593e657\1030\LocalizedData.xml
  • c:\ProgramData\Microsoft\IlsCache\ilrcache.xml
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.proofing.msi.16.en-us.xml
  • c:\Python27\include\complexobject.h
  • c:\Python27\Lib\email\test\data\msg_13.txt
  • c:\Python27\Lib\test\tokenize_tests.txt
  • c:\6cdeacda242012e0e5b593e657\3082\eula.rtf
  • c:\6cdeacda242012e0e5b593e657\1031\LocalizedData.xml
  • c:\Python27\Lib\lib2to3\Grammar.txt
  • c:\Python27\include\pystrtod.h
  • c:\Python27\include\longobject.h
  • c:\Python27\tcl\tix8.4.3\pref\Bisque.cs
  • c:\Python27\include\pyctype.h
  • c:\Python27\Lib\email\test\data\msg_02.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\phantomPDF_s.png
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Integrate PDF into your mobile apps.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal Integrate PDF into your application.bmp
  • c:\Python27\Lib\test\nokia.pem
  • UNC\KIDSROOM\Users\Harry Dresden\Desktop\PJrahBlDqQIA.pptx
  • c:\Python27\include\pydebug.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\Default\right_over_bg.jpg
  • c:\Python27\LICENSE.txt
  • c:\Python27\README.txt
  • c:\Python27\include\fileobject.h
  • c:\Python27\Lib\email\test\data\msg_11.txt
  • c:\Python27\include\enumobject.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\ribbon Design form fields easily.bmp
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\advertisement\normal create pdf from scanner documents.bmp
  • UNC\KIDSROOM\Users\Default\NTUSER.DAT.LOG
  • c:\Python27\include\pyfpe.h
  • c:\Python27\include\compile.h
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\images\phantomPDF_b.png
  • c:\Python27\tcl\tix8.4.3\pref\WmDefault.cs
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Proof.Culture.msi.16.en-us.xml
  • c:\Python27\Lib\test\https_svn_python_org_root.pem
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml
  • c:\Python27\Lib\test\cjkencodings\shift_jisx0213-utf8.txt
  • UNC\KIDSROOM\Users\Public\Foxit Software\Foxit Reader\StartPage\start\en_us\version.xml
  • c:\Python27\include\cobject.h
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml
  • c:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7