hxxps://filezilla-project[.]org/

Analysis

max time kernel
600s
max time network
586s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
04/10/2023, 01:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://filezilla-project.org/

Score

8^/10

bootkit discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A3642E6-DE46-4F68-9887-AA017EEFE426}\Localized Name = "Norton Secure Browser"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A3642E6-DE46-4F68-9887-AA017EEFE426}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A3642E6-DE46-4F68-9887-AA017EEFE426}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{3A3642E6-DE46-4F68-9887-AA017EEFE426}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A3642E6-DE46-4F68-9887-AA017EEFE426}\ = "Norton Secure Browser"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A3642E6-DE46-4F68-9887-AA017EEFE426}\StubPath = "\"C:\\Program Files (x86)\\Norton\\Browser\\Application\\116.0.22388.188\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level"	setup.exe

Sets file execution options in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe	NortonBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe\DisableExceptionChainValidation = "0"	NortonBrowserUpdate.exe

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	norton_secure_browser_setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	norton_secure_browser_setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	NortonBrowser.exe

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	norton_secure_browser_setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation	NortonBrowser.exe

Executes dropped EXE 64 IoCs

pid	Process
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
4340	norton_secure_browser_setup.exe
2656	NortonBrowserUpdateSetup.exe
2912	NortonBrowserUpdate.exe
1604	NortonBrowserUpdate.exe
4268	NortonBrowserUpdate.exe
5072	NortonBrowserUpdateComRegisterShell64.exe
2132	NortonBrowserUpdateComRegisterShell64.exe
2964	NortonBrowserUpdateComRegisterShell64.exe
4412	NortonBrowserUpdate.exe
1608	NortonBrowserUpdate.exe
2352	NortonBrowserUpdate.exe
4908	NortonBrowserInstaller.exe
1748	setup.exe
5072	setup.exe
4332	NortonBrowserCrashHandler.exe
1524	NortonBrowserCrashHandler64.exe
4848	NortonBrowser.exe
2956	NortonBrowser.exe
2168	NortonBrowser.exe
4532	NortonBrowser.exe
3712	NortonBrowser.exe
1412	elevation_service.exe
2824	NortonBrowser.exe
212	NortonBrowser.exe
2792	NortonBrowser.exe
2060	NortonBrowser.exe
3836	NortonBrowser.exe
2064	NortonBrowser.exe
1864	NortonBrowser.exe
1244	NortonBrowser.exe
2276	NortonBrowser.exe
4596	NortonBrowser.exe
2064	NortonBrowser.exe
336	NortonBrowser.exe
5108	elevation_service.exe
5016	elevation_service.exe
3104	NortonBrowser.exe
4420	NortonBrowser.exe
2888	NortonBrowser.exe
4440	NortonBrowser.exe
2964	NortonBrowser.exe
3528	NortonBrowser.exe
3852	NortonBrowser.exe
3200	NortonBrowser.exe
3712	NortonBrowser.exe
2792	NortonBrowser.exe
4948	NortonBrowser.exe
1796	NortonBrowser.exe
4260	NortonBrowser.exe
412	NortonBrowser.exe
4572	NortonBrowser.exe
228	NortonBrowser.exe
4148	NortonBrowser.exe
5092	NortonBrowser.exe
4576	NortonBrowser.exe
6080	NortonBrowser.exe
5200	NortonBrowser.exe
5652	NortonBrowser.exe
5460	NortonBrowser.exe
5600	NortonBrowser.exe
5184	NortonBrowser.exe
5256	NortonBrowser.exe
5208	NortonBrowser.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2912	NortonBrowserUpdate.exe
1604	NortonBrowserUpdate.exe
4268	NortonBrowserUpdate.exe
5072	NortonBrowserUpdateComRegisterShell64.exe
4268	NortonBrowserUpdate.exe
2132	NortonBrowserUpdateComRegisterShell64.exe
4268	NortonBrowserUpdate.exe
2964	NortonBrowserUpdateComRegisterShell64.exe
4268	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
4412	NortonBrowserUpdate.exe
1608	NortonBrowserUpdate.exe
2352	NortonBrowserUpdate.exe
2352	NortonBrowserUpdate.exe
1608	NortonBrowserUpdate.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2352	NortonBrowserUpdate.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
4160	regsvr32.exe
4340	norton_secure_browser_setup.exe
4848	NortonBrowser.exe
2956	NortonBrowser.exe
4848	NortonBrowser.exe
2168	NortonBrowser.exe
2168	NortonBrowser.exe
2168	NortonBrowser.exe
2168	NortonBrowser.exe
2168	NortonBrowser.exe
4532	NortonBrowser.exe
4532	NortonBrowser.exe
3712	NortonBrowser.exe
2168	NortonBrowser.exe
3712	NortonBrowser.exe
2792	NortonBrowser.exe
212	NortonBrowser.exe
2792	NortonBrowser.exe
2060	NortonBrowser.exe
2060	NortonBrowser.exe
212	NortonBrowser.exe
3836	NortonBrowser.exe
3836	NortonBrowser.exe
2824	NortonBrowser.exe
2824	NortonBrowser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32\ = "C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\psmachine_64.dll"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32\ThreadingModel = "Both"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32\ThreadingModel = "Both"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0329326-66A5-4FEC-A003-2DD84BC3B0D3}\LocalServer32\ = "\"C:\\Program Files (x86)\\Norton\\Browser\\Application\\116.0.22388.188\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32\ThreadingModel = "Both"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32\ = "C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\psmachine_64.dll"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32\ = "C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\psmachine_64.dll"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32\ = "C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\psmachine_64.dll"	NortonBrowserUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32	NortonBrowserUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32\ThreadingModel = "Both"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ = "C:\\Program Files\\FileZilla FTP Client\\fzshellext_64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{A0329326-66A5-4FEC-A003-2DD84BC3B0D3}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32\ThreadingModel = "Both"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32\ThreadingModel = "Both"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32\ = "C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\psmachine_64.dll"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93D643DC-F504-42E2-AE1C-14B2E116DB0C}\InProcServer32\ = "C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\psmachine_64.dll"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0329326-66A5-4FEC-A003-2DD84BC3B0D3}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Norton\\Browser\\Application\\116.0.22388.188\\notification_helper.exe"	setup.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Software\Microsoft\Windows\CurrentVersion\Run\NortonBrowserAutoLaunch_D01BFAFE2889505F58D52EABD737E834 = "\"C:\\Program Files (x86)\\Norton\\Browser\\Application\\NortonBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\""	NortonBrowser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Software\Microsoft\Windows\CurrentVersion\Run\NortonBrowserAutoLaunch_D01BFAFE2889505F58D52EABD737E834 = "\"C:\\Program Files (x86)\\Norton\\Browser\\Application\\NortonBrowser.exe\" --check-run=src=logon --auto-launch-at-startup --profile-directory=\"Default\""	NortonBrowser.exe

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed	FileZilla_3.65.0_win64_sponsored2-setup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	norton_secure_browser_setup.exe
Key opened	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\SOFTWARE\AVAST Software\Avast	norton_secure_browser_setup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser\Installed	FileZilla_3.65.0_win64_sponsored2-setup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	FileZilla_3.65.0_win64_sponsored2-setup.exe
Key opened	\REGISTRY\MACHINE\Software\AVAST Software\Avast	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	NortonBrowser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	norton_secure_browser_setup.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	NortonBrowser.exe
File opened for modification	\??\PhysicalDrive0	norton_secure_browser_setup.exe
File opened for modification	\??\PhysicalDrive0	NortonBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	NortonBrowserUpdate.exe
File opened for modification	\??\PhysicalDrive0	NortonBrowser.exe
File opened for modification	\??\PhysicalDrive0	NortonBrowser.exe
File opened for modification	\??\PhysicalDrive0	NortonBrowserUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\FileZilla FTP Client\GPL.html	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dll	NortonBrowserUpdate.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\lock.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\da\filezilla.mo	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\116.0.22388.188\Locales\ta.pak	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\IL	NortonBrowser.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\manifest.fingerprint	NortonBrowser.exe
File created	C:\Program Files (x86)\GUM8826.tmp\goopdateres_pt-BR.dll	NortonBrowserUpdateSetup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\treeitem_collapsed_light.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\32x32\showhidden.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\ku\filezilla.mo	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\116.0.22388.188\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\localtreeview.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\refresh.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\48x48\leds.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\PE	NortonBrowser.exe
File created	C:\Program Files\FileZilla FTP Client\resources\xrc\dialogs.xrc	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\48x48\processqueue.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\SA	NortonBrowser.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\compare.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\48x48\logview.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\FJ	NortonBrowser.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_267414906\manifest.fingerprint	NortonBrowser.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\reconnect.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\116.0.22388.188\chrome_100_percent.pak	setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\116.0.22388.188\libEGL.dll	setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\NortonBrowser.VisualElementsManifest.xml	setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe	NortonBrowserUpdate.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\sitemanager.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\file.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\TT	NortonBrowser.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\SN	NortonBrowser.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\PH	NortonBrowser.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\server.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\16x16\refresh.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\48x48\queueview.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\16x16\lock.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\48x48\disconnect.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\116.0.22388.188\Locales\pt-BR.pak	setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\logview.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\48x48\cancel.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\48x48\folderback.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\sun\48x48\speedlimits.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\fzputtygen.exe	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files (x86)\GUM8826.tmp\goopdateres_hu.dll	NortonBrowserUpdateSetup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\upload.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\synchronize.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\leds.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\48x48\reconnect.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\116.0.22388.188\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\116.0.22388.188\mojo_core.dll	setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Application\NortonBrowserProtect.exe	setup.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1244_1329618300\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o	NortonBrowser.exe
File created	C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\AU	NortonBrowser.exe
File created	C:\Program Files (x86)\GUM8826.tmp\NortonBrowserUpdateCore.exe	NortonBrowserUpdateSetup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\cancel.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\48x48\speedlimits.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\filter.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\48x48\bookmark.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\bookmark.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\find.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\32x32\localtreeview.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\16x16\downloadadd.png	FileZilla_3.65.0_win64_sponsored2-setup.exe
File created	C:\Program Files (x86)\Norton\Browser\Temp\source1748_891166481\Safer-bin\116.0.22388.188\116.0.22388.188.manifest	setup.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI258C.tmp	msiexec.exe
File created	C:\Windows\Installer\e5d23da.msi	msiexec.exe
File created	C:\Windows\Installer\e5d23d6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5d23d6.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 11 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	norton_secure_browser_setup.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	norton_secure_browser_setup.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	NortonBrowser.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NortonBrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NortonBrowser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NortonBrowser.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EBB6AA8-8178-4268-85AB-CA606162601F}\AppPath = "C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5"	NortonBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EBB6AA8-8178-4268-85AB-CA606162601F}\Policy = "3"	NortonBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5C731F4-918B-418E-B7E7-0D35BDB1B231}	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5C731F4-918B-418E-B7E7-0D35BDB1B231}\AppName = "NortonBrowserUpdateWebPlugin.exe"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5C731F4-918B-418E-B7E7-0D35BDB1B231}\AppPath = "C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5"	NortonBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5C731F4-918B-418E-B7E7-0D35BDB1B231}\Policy = "3"	NortonBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EBB6AA8-8178-4268-85AB-CA606162601F}	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EBB6AA8-8178-4268-85AB-CA606162601F}\AppName = "NortonBrowserUpdateBroker.exe"	NortonBrowserUpdate.exe

Modifies data under HKEY_USERS 38 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	NortonBrowserUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Norton	NortonBrowserUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Norton\Browser\Update\devmode = "0"	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1"	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	NortonBrowserUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Norton\Browser\Update\MachineIdDate = "20231004"	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NortonBrowser.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Norton\Browser\Update\hostprefix	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Norton\Browser	NortonBrowserUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	NortonBrowserUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Owner = 0c04000060e5025b65f6d901	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E	NortonBrowserUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Norton\Browser\Update\	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Norton\Browser\Update\endpoint = "update.norton.securebrowser.com"	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Norton\Browser\Update	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	NortonBrowserUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = 61e3a282dfbbbd8e7ae19705e682de85ad1a7fe36dcd954303ef09303739f948	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NortonBrowser.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133408575570203624"	chrome.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Norton\Browser\Update\MachineId = "000058d4b27a012b9e3e4541471e6c69"	NortonBrowserUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NortonUpdate.ProcessLauncher\CLSID	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Norton.OneClickCtrl.9\CLSID\ = "{B5C731F4-918B-418E-B7E7-0D35BDB1B231}"	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\nntp	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C32E10AE-6600-4A1E-8BEA-EF89A3072F93}	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{925547A3-663F-4673-A7B7-3FCACCDC4879}\ = "IAppCommand"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NortonUpdate.OnDemandCOMClassMachine\CurVer\ = "NortonUpdate.OnDemandCOMClassMachine.1.0"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32\ = "{93D643DC-F504-42E2-AE1C-14B2E116DB0C}"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A708F91-06A3-409E-83BC-4A5CF10C8025}\NumMethods	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods\ = "7"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.html	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\news	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6972DB5C-E9D6-4A81-B352-B415A3A61CA6}	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{41A025DF-6171-460F-B9A1-29ECE33E754E}\ = "IGoogleUpdate3"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods\ = "11"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\NumMethods	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NortonUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{0DEF8B05-FE43-4FCC-AAD1-FEA157D665E5}"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook\ = "{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\NortonHTML\shell	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ProxyStubClsid32	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{804EC8ED-BF49-41ED-BCD0-CA1D716D3E98}\NumMethods	NortonBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B02B2F29-8637-4B78-892A-CFD7CCE793EC}\ProxyStubClsid32	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C7E81D6-0463-485E-8DF5-2ADAD81FAF40}\ = "IGoogleUpdate3Web"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\snews\URL Protocol	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\NumMethods	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\NumMethods\ = "5"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DAE1732-F855-42A3-9D28-B7F6E291ECCD}\ = "IAppCommand2"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NortonUpdate.Update3WebMachineFallback\CurVer\ = "NortonUpdate.Update3WebMachineFallback.1.0"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\NumMethods\ = "45"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D37D106C-CDD2-4821-BC7A-F08990DDCA74}\ = "IGoogleUpdateCore"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\NumMethods\ = "24"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NortonUpdate.OnDemandCOMClassMachine\CLSID	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods\ = "11"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9303D964BB8EBC049998514834EE4ABE\ProductName = "Norton Update Helper"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9303D964BB8EBC049998514834EE4ABE\SourceList\PackageName = "NortonBrowserUpdateHelper.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0BE1521-7935-42E6-B606-058A559910BA}\NumMethods\ = "11"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\ = "IApp"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E21E991-301D-47FD-AB7A-99FBE864EF65}\NumMethods	NortonBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59577BB5-F97B-4880-B785-510238C5C5CE}\ProxyStubClsid32	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CEBE594-0680-4815-86E1-615A6BE65E0E}\ProxyStubClsid32\ = "{93D643DC-F504-42E2-AE1C-14B2E116DB0C}"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{625FE037-A1DE-4A53-8484-183383519B42}\VersionIndependentProgID	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ = "ICoCreateAsyncStatus"	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9A4AA3-8BBB-4552-B84F-61F2E58064D5}\Elevation\IconReference = "@C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\goopdate.dll,-1004"	NortonBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0C6F8D30-8C8C-43AC-8EF5-CE66FBFEE758}\LocalServer32\ = "\"C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\NortonBrowserUpdateOnDemand.exe\""	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\ = "ICoCreateAsyncStatus"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7B73E65-20BA-407F-8A89-DF649EF82559}\ProxyStubClsid32	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CCD3788-C8CC-4EE9-8DF7-944B7D9674F2}\NumMethods\ = "10"	NortonBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9E6B2FC-34C6-435F-BC66-1EA330DB1270}	NortonBrowserUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0DEF8B05-FE43-4FCC-AAD1-FEA157D665E5}\Elevation\Enabled = "1"	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172C7E99-905C-47B5-B00D-EF4BB520026B}\AppID = "{625FE037-A1DE-4A53-8484-183383519B42}"	NortonBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7F9A4AA3-8BBB-4552-B84F-61F2E58064D5}\ProgID	NortonBrowserUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\smsto	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NortonUpdate.Update3COMClassService\CLSID\ = "{B59FC194-C215-4616-B5EE-7E412D314241}"	NortonBrowserUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB05560-EC9E-4EC0-B1EE-14B05FF48650}\InprocServer32	NortonBrowserUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F2725F9-2E60-4F0D-8050-E542DD49B44D}\LocalServer32\ = "\"C:\\Program Files (x86)\\Norton\\Browser\\Update\\1.8.1649.5\\NortonBrowserUpdateBroker.exe\""	NortonBrowserUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8C50E3A4-12A8-41FB-9941-E8EEB222E07E}\ProxyStubClsid32\ = "{93D643DC-F504-42E2-AE1C-14B2E116DB0C}"	NortonBrowserUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.pdf	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BA03866-1403-40EA-81A9-23FCD97810E2}\NumMethods	NortonBrowserUpdateComRegisterShell64.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	norton_secure_browser_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	norton_secure_browser_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	norton_secure_browser_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	norton_secure_browser_setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	norton_secure_browser_setup.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
2076	FileZilla_3.65.0_win64_sponsored2-setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
4340	norton_secure_browser_setup.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
2912	NortonBrowserUpdate.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
4848	NortonBrowser.exe
5396	NortonBrowser.exe
5396	NortonBrowser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe
Token: SeShutdownPrivilege	4984	chrome.exe
Token: SeCreatePagefilePrivilege	4984	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
5816	setup.exe
5396	NortonBrowser.exe
5396	NortonBrowser.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 4808	4984	chrome.exe	70
PID 4984 wrote to memory of 4808	4984	chrome.exe	70
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3216	4984	chrome.exe	75
PID 4984 wrote to memory of 3736	4984	chrome.exe	72
PID 4984 wrote to memory of 3736	4984	chrome.exe	72
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74
PID 4984 wrote to memory of 2884	4984	chrome.exe	74

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filezilla-project.org/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9400c9758,0x7ff9400c9768,0x7ff9400c9778
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2840 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:2
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2848 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5436 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5420 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5724 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=920 --field-trial-handle=1824,i,4138462771586012641,2710205103437881716,131072 /prefetch:2
  2⤵
  PID:3956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3416

C:\Users\Admin\Downloads\FileZilla_3.65.0_win64_sponsored2-setup.exe
"C:\Users\Admin\Downloads\FileZilla_3.65.0_win64_sponsored2-setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2076
- C:\Users\Admin\AppData\Local\Temp\norton_secure_browser_setup.exe
  norton_secure_browser_setup.exe /s /run_source="norton_ppi_playanext_filezilla"
  2⤵
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Checks whether UAC is enabled
  - Writes to the Master Boot Record (MBR)
  - Checks SCSI registry key(s)
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- - C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\NortonBrowserUpdateSetup.exe
    NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Secure Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Secure Browser&needsadmin=true&lang=en-US&brand=29195&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:2656
  - - C:\Program Files (x86)\GUM8826.tmp\NortonBrowserUpdate.exe
      "C:\Program Files (x86)\GUM8826.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Secure Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Secure Browser&needsadmin=true&lang=en-US&brand=29195&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing"
      4⤵
      Sets file execution options in registry
      Executes dropped EXE
      Loads dropped DLL
      Writes to the Master Boot Record (MBR)
      Drops file in Program Files directory
      Modifies Internet Explorer settings
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:2912
    - - C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
        
        "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1604
    - - C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
        
        "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4268
      - C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:5072
      - C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2132
      - C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:2964
    - - C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
        
        "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0M5NjI4QTk0LTBBQTktNDRFOC04MkUwLUVGMkFGQUQ0QkIzNX0iIHVzZXJpZD0ie0FCMTQwQTk4LTJEMDktNDkzNC1BODBELTAyREY1NzAzM0JFRX0iIHVzZXJpZF9kYXRlPSIyMDIzMTAwNCIgbWFjaGluZWlkPSJ7MDAwMDU4RDQtQjI3QS0wMTJCLTlFM0UtNDU0MTQ3MUU2QzY5fSIgbWFjaGluZWlkX2RhdGU9IjIwMjMxMDA0IiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0U5RjVBODVDLTg1MDAtNEIzQS05NDE2LThFNkUxQjJEOTVCM30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xNTA2My4wIiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tVVMiIGJyYW5kPSIyOTE5NSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTQyOCIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4412
    - - C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
        
        "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Secure Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Secure Browser&needsadmin=true&lang=en-US&brand=29195&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing" /installsource otherinstallcmd /sessionid "{C9628A94-0AA9-44E8-82E0-EF2AFAD4BB35}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1608
- - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
    NortonBrowser.exe --heartbeat --install --create-profile
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Writes to the Master Boot Record (MBR)
    - Checks SCSI registry key(s)
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4848
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=Norton --annotation=ver=116.0.22388.188 --initial-client-data=0xe0,0xe4,0xe8,0xbc,0xec,0x7ff92ead4dc0,0x7ff92ead4dd0,0x7ff92ead4de0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2956
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1856 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2168
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3712
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=1968 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4532
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3532 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:212
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3060 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2824
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3672 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2792
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2060
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3836
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3316 --field-trial-handle=1896,i,10869729893353656186,9801181716923318128,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:1864
- - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
    NortonBrowser.exe --silent-launch
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Adds Run key to start application
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Drops file in Program Files directory
    - Checks SCSI registry key(s)
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    PID:1244
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Norton --annotation=ver=116.0.22388.188 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff92ead4dc0,0x7ff92ead4dd0,0x7ff92ead4de0
      4⤵
      Executes dropped EXE
      PID:2276
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1708 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:2
      4⤵
      Executes dropped EXE
      PID:4596
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2392 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:336
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2364 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2064
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3300 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3104
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4420
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3312 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2888
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4440
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2964
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3472 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3528
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3380 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3852
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3388 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3200
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3860 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:3712
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4012 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:2792
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4172 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4948
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4328 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:1796
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4260
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4156 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:412
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4572
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:228
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4148
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5092
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5292 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:4576
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3580 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:6080
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3520 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5200
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5548 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5652
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5460
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5600
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5184
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      Executes dropped EXE
      PID:5256
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4752 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:2
      4⤵
      Executes dropped EXE
      PID:5208
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      PID:1872
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --disable-protect
      4⤵
      PID:5540
    - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
        
        "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Norton --annotation=ver=116.0.22388.188 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff92ead4dc0,0x7ff92ead4dd0,0x7ff92ead4de0
        5⤵
        
        PID:5692
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1712,i,858251595189235282,7431405761435357664,262144 /prefetch:8
      4⤵
      PID:6052
- - C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\Installer\setup.exe
    setup.exe /silent --create-shortcuts=0 --install-level=1 --system-level
    3⤵
    - Checks computer location settings
    - Suspicious use of FindShellTrayWindow
    PID:5816
  - - C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\Installer\setup.exe
      "C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=Norton --annotation=ver=116.0.22388.188 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff63177ceb0,0x7ff63177cec0,0x7ff63177ced0
      4⤵
      PID:6028
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Secure Browser.lnk"
      4⤵
      Checks computer location settings
      PID:1976
- - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
    NortonBrowser.exe --check-run=src=installer
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Checks for any installed AV software in registry
    - Writes to the Master Boot Record (MBR)
    - Drops file in Program Files directory
    - Checks SCSI registry key(s)
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:5396
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Norton --annotation=ver=116.0.22388.188 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf0,0x7ff92ead4dc0,0x7ff92ead4dd0,0x7ff92ead4de0
      4⤵
      PID:1796
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2136 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:2
      4⤵
      PID:5204
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2404 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5840
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2244 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:1756
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:1
      4⤵
      Checks computer location settings
      PID:2772
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:1
      4⤵
      Checks computer location settings
      PID:1028
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4300 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:4120
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:2956
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=shortcut-pin-helper /prefetch:8 has-startpin "C:\Users\Public\Desktop\Norton Secure Browser.lnk"
      4⤵
      Checks computer location settings
      PID:3864
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:4536
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:2564
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5748
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5192 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:6072
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5344 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:3036
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:1780
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5636 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5844
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5880
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5944 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5720
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5960
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3916 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:3744
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6324 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:4604
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6476 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:816
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6612 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5384
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6748 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5136
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6908 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:3588
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7044 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5756
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6724 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:4264
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7312 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:3652
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7032 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5908
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7064 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:2116
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --disable-protect
      4⤵
      PID:5812
    - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
        
        "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Norton\Browser\User Data" --url=fake_url --annotation=plat=Win64 --annotation=prod=Norton --annotation=ver=116.0.22388.188 --initial-client-data=0xe4,0xe8,0xec,0xc0,0xf0,0x7ff92ead4dc0,0x7ff92ead4dd0,0x7ff92ead4de0
        5⤵
        
        PID:5052
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:6104
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6196 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:5808
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7060 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:816
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6172 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:4148
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6132 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:1128
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6624 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:2144
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6616 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:2
      4⤵
      PID:5424
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5956 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:1164
  - - C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe
      "C:\Program Files (x86)\Norton\Browser\Application\NortonBrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7176 --field-trial-handle=2140,i,1299894756718688240,15045981230607154232,262144 /prefetch:8
      4⤵
      PID:6076
- C:\Windows\system32\regsvr32.exe
  "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\FileZilla FTP Client\fzshellext_64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:4160

C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
PID:2352
- C:\Program Files (x86)\Norton\Browser\Update\Install\{D8C4AEF9-F1C6-4100-B9DD-B78DBFEA23FE}\NortonBrowserInstaller.exe
  "C:\Program Files (x86)\Norton\Browser\Update\Install\{D8C4AEF9-F1C6-4100-B9DD-B78DBFEA23FE}\NortonBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --private-browsing --system-level
  2⤵
  - Executes dropped EXE
  PID:4908
- - C:\Program Files (x86)\Norton\Browser\Update\Install\{D8C4AEF9-F1C6-4100-B9DD-B78DBFEA23FE}\CR_FDFE4.tmp\setup.exe
    "C:\Program Files (x86)\Norton\Browser\Update\Install\{D8C4AEF9-F1C6-4100-B9DD-B78DBFEA23FE}\CR_FDFE4.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Norton\Browser\Update\Install\{D8C4AEF9-F1C6-4100-B9DD-B78DBFEA23FE}\CR_FDFE4.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=3 --default-search=bing.com --adblock-mode-default=0 --no-create-user-shortcuts --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --private-browsing --system-level
    3⤵
    - Modifies Installed Components in the registry
    - Checks computer location settings
    - Executes dropped EXE
    - Registers COM server for autorun
    - Drops file in Program Files directory
    - Modifies registry class
    PID:1748
  - - C:\Program Files (x86)\Norton\Browser\Update\Install\{D8C4AEF9-F1C6-4100-B9DD-B78DBFEA23FE}\CR_FDFE4.tmp\setup.exe
      "C:\Program Files (x86)\Norton\Browser\Update\Install\{D8C4AEF9-F1C6-4100-B9DD-B78DBFEA23FE}\CR_FDFE4.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=Norton --annotation=ver=116.0.22388.188 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff76e56ceb0,0x7ff76e56cec0,0x7ff76e56ced0
      4⤵
      Executes dropped EXE
      PID:5072
- C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe
  "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe
  "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
  2⤵
  - Executes dropped EXE
  PID:1524

C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe
"C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1412

C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe
"C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe"
1⤵
PID:2064

C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe
"C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5108

C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe
"C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5016

C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
1⤵
- Modifies data under HKEY_USERS
PID:1028
- C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
  "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
  2⤵
  PID:748

C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
1⤵
PID:5092
- C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
  "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
  2⤵
  - Modifies data under HKEY_USERS
  PID:6080
- C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe
  "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
  2⤵
  PID:1080
- C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe
  "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
  2⤵
  PID:2680

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
PID:1036

C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
PID:4920

C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe
"C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe"
1⤵
PID:1020

C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe
"C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\elevation_service.exe"
1⤵
PID:4888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5d23d9.rbs

Filesize
7KB

MD5
6fa5979188de951014a9a5da8686ee9f

SHA1
811572dbb28efaaf85ff1e7905ea3b1bb2d5bff1

SHA256
20e22194b77082932cc45a7c5ba4a38c97c235b16eb277bf3948f98e99852a73

SHA512
b6dc2d1ff86cd691833f0bd164d9064c8d2a8d27c1d6c27855a262f83cc79a620ff7014bc2778de36385ae51ca051a21336474279a493b67bcae7a2fffca59c1

Download Submit
C:\Program Files (x86)\GUM8826.tmp\@PaxHeader

Filesize
27B

MD5
045e109cf31145cae4a38e734e392761

SHA1
d9ac427fa7b9a8eaa0e38e5321204a2742b7d459

SHA256
dfb606e93d6c7eb7855f39c4161739f67fd2056773cb829102cd6e05adcc419c

SHA512
857ed2853057d9f2d2a437dcc831d6a4913202333cb3a22de4b1aaebfe51cf8f85b8c90d0cdcc4ec9840651a14571861e9f7d0043e4b2102ac9a3f7e928938b1

Download Submit
C:\Program Files (x86)\GUM8826.tmp\@PaxHeader

Filesize
28B

MD5
a8656e80061c4a05aef5413a21fef78c

SHA1
042d92289c4525418f29294b0774ea3eda585058

SHA256
bcb5180b7384e69e5580e168e22060e027e4b7f12b8d5dbe0c11e8182939d7cc

SHA512
6b31429b1d91d377978595f708f083e5f970c4cc788758a8390986ec02bce51a92b3c3aaee1bad8284efcf1b9cd3e98f4fbfd8c5beaef7142019da35a237196a

Download Submit
C:\Program Files (x86)\GUM8826.tmp\@PaxHeader

Filesize
27B

MD5
fb2c1be699142dca3482d18dc8b4eadb

SHA1
9239b2324762449c98b55a1a3642f22e228163d6

SHA256
d0759e4d43b17bdf5ddfe76ac620623450f45f7268f468177ea7dcce53b5e93b

SHA512
9d4f501673b7e8b0263d8db2158df9d4350ecf44b34826a86f5cbcca68082e4e0cb52517acfc2c65dc4e1c4009f7150c0699431abfcadad042722a0442c0f66a

Download Submit
C:\Program Files (x86)\GUM8826.tmp\@PaxHeader

Filesize
28B

MD5
0df31422f006317d56745fced542ce64

SHA1
6334ebb4f2685d8c7106fb02498dac64a632a81e

SHA256
578fe6180ebcbdcab497f2e8d4d898bccf942587fb5001dc13d05c96ac091368

SHA512
e015392d0fd6560f3dc2a8a8b5df756794743e4fe4ea2ac24d4442a2064519eb63475f7496134bf81ef235a3df0d74ad234c5780850cf47d99c6adb5a7133613

Download Submit
C:\Program Files (x86)\GUM8826.tmp\@PaxHeader

Filesize
28B

MD5
6b4116589c0afe2aac9073838be6cab5

SHA1
b7f7d689ffbbcfa2908badfac223b72a22f752d5

SHA256
15649857db967c099ca6acd62db67168627afab7221721fcbc7a8802cd738478

SHA512
718818bb5c3eb63e691f60c78a56d4f81d2c8235e8b05a5c7e5cc3e52a0eefa0d37ebc82e489b53cdf5ac77b28faa412b4426128c6e2d7b2beca79b98c1e4aa7

Download Submit
C:\Program Files (x86)\GUM8826.tmp\@PaxHeader

Filesize
28B

MD5
b9ea04357667fd46353ca3e48f346261

SHA1
cb35a329d04d990b937cb8c6c49acc8d80ad45a3

SHA256
fdf34d3c6716526200dfc4f81ad1cb1bfda51ec9db20c2c0e7cdd08c179a6de3

SHA512
5b07ba516c030bd3689f21939a2eea417b603a9fa8bebcf4d9baed190b67e7784f1a0458a022450f5ddd99f6d9913ba45d2eb1dce4e011842a5cb33b3695c93b

Download Submit
C:\Program Files (x86)\GUM8826.tmp\NortonBrowserCrashHandler.exe

Filesize
374KB

MD5
1694092d5de0e0daef4c5ea13ea84cab

SHA1
894f3e31cc3666728f2d7a8db6840d4726843de5

SHA256
a178ffad4526b68ba0106032d612164004f20f08b8ef7fdf986429a1cf7708a0

SHA512
882a9392507bf0e089952f17e2f40db0c5e1c52c6a6f5c7cdad61dedaf1af734f23c317c0da77a980d6acc38e169302e1b024ad393bb730851786146bc38e17e

Download Submit
C:\Program Files (x86)\GUM8826.tmp\NortonBrowserCrashHandler64.exe

Filesize
395KB

MD5
09621280025727ab4cb39bd6f6b2c69e

SHA1
a6f3796a310b064d1f2a06faa9b14c4a104506da

SHA256
77b695e9292a10a98c3fc1d25ae05c44fb18a54d74a473d4497b840c8ba94dea

SHA512
cba5dab19bdeafc4eca223a4858b566e3af21fd690f4f6971864c519d284aaf5a3df70b98aeb5fabc66a68e515505b203b0bf1c61ecb92070e8e30a92bda6fac

Download Submit
C:\Program Files (x86)\GUM8826.tmp\NortonBrowserUpdate.exe

Filesize
430KB

MD5
bf8fe62dbcd949547af37eee4ece61fc

SHA1
b267ccb3bbe06a0143c1162f462839645780d22e

SHA256
66e75ea8a3641e419d5226e062f8f17624afbee3d7efd1d6517890511e7111d9

SHA512
512f2c2be5ee5f61f31719344cd20dd731898c5b63f6e1abdbfc81821533d93ae06c96f256ac1196e9f457a927c4aa61c35d00b45181793547ff3b6670866cca

Download Submit
C:\Program Files (x86)\GUM8826.tmp\NortonBrowserUpdate.exe

Filesize
430KB

MD5
bf8fe62dbcd949547af37eee4ece61fc

SHA1
b267ccb3bbe06a0143c1162f462839645780d22e

SHA256
66e75ea8a3641e419d5226e062f8f17624afbee3d7efd1d6517890511e7111d9

SHA512
512f2c2be5ee5f61f31719344cd20dd731898c5b63f6e1abdbfc81821533d93ae06c96f256ac1196e9f457a927c4aa61c35d00b45181793547ff3b6670866cca

Download Submit
C:\Program Files (x86)\GUM8826.tmp\NortonBrowserUpdateComRegisterShell64.exe

Filesize
428KB

MD5
35bddd897e9cf97cf4074a930f78e496

SHA1
69d5e69ddf4132fa2a5ae8b8b36ce047e560a476

SHA256
b2daa382d892fedb01ee0fc960671a96c1d21c663f1883d800f70d72fdd13f91

SHA512
a484f13f5427b20623bc0451bd223c0d89eda0b0789749b46f2981cd7818a0d795b2868840e5bb9a0c6c8020939d085814a6bbbaae4425b2f0c398c913f246df

Download Submit
C:\Program Files (x86)\GUM8826.tmp\NortonBrowserUpdateCore.exe

Filesize
737KB

MD5
5174340282dd8a0ff39480395f5bc5d8

SHA1
08100ab4e019a149cc484bda66ccc5c28dc2d2ed

SHA256
c78e5106debb7d891a9b3df684ede2da295b8e7b595f899ceb8400786a627ec6

SHA512
8b2a3db0dee98435f2c5acf8de8617fe72add9155f3af491cdfbe6770346dd31cad387d3e2877e3e5332117a30d08da428cbf9c7e3c72c6e6e486f4626bfd1af

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdate.dll

Filesize
1.6MB

MD5
5f2d68d3fdaeb09ae78622a5ae59fce0

SHA1
d959c2a9e03c0c4017682c5f48eb1bbd84dd796e

SHA256
f2af299be74ebbfd19bb476d66bde4d55bfb571004b6349eb5ef1971955f683f

SHA512
d0f9ba99df9153a8487fd0c4a3f81c0138aeabaaed9875a8e175531e2bdf18f7b89ae14cf52bf7f546b3b5076b87080096d5c15558b9bd16a44585c0c0171c54

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_am.dll

Filesize
42KB

MD5
72e47a3d3e835b08d1ae65d4f69f77e0

SHA1
7f086000901cf2518c35e1734ea1ed9e10de369c

SHA256
ff74207e5107dc2da38aaa4de10bc8ea83faecb2bca0bf985a7e5a6b427643c0

SHA512
02124755b52423cf734c6cc28af44fa7f8dc79eb4e9e475208fb6591aa2317a149b7efc0e5e7a3dfbaeb9cdef9ed69084c45db6221003de69d6ad1b45b9c09cb

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_ar.dll

Filesize
41KB

MD5
a37370a759932400eed7eaeddbb482ce

SHA1
638e51217f7df449d41067ab3135d5912517b858

SHA256
f183305c17d1c06c3006816e1bad733599e977c1207332799399cebcbdc7df20

SHA512
9fad66444c544519ff4898dee7772923dd0708a27422d02475715e9f1b10c058cbdd8b4c53e8b0e25f7b0cc4b967dd33ad4a36bf21a4099699f87b69fec4dd97

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_bg.dll

Filesize
44KB

MD5
01f941a4b83fabf16e5bc21100b69d38

SHA1
ab6e4b97f90cf44ce6463e96fc97bafbfdd750ac

SHA256
79e3da0e23396dabf17fdc7850d84be5bfc7d6c7e27d6a83ec2dd3537cde8912

SHA512
daad8abf022623447efb08b1b931f52f2328587fe3fed0d510d036e72cc0f293c8584d10f63ef3268768e93c75018cdf4d4128bf863d517b432eb758570c8ea1

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_bn.dll

Filesize
44KB

MD5
663e632846d59788fceb10677488aebc

SHA1
d55e88c98121fceff9d290e48982b7b4f2204baa

SHA256
1dfc05748521bcca9c4bb71e2f02e2fa52b657d0f8db1747bc9b4b27997a60d6

SHA512
13f29325ea1c5055b4f344b7b43b52e754d3c1645263f0168f8936d26b98eb5e352e1f1dafd68e99dc88a6b976a23bd0ba2dc1a73ac27186b8b5f742a18c8c09

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_ca.dll

Filesize
44KB

MD5
ec63069efd260ad24f218ae84882f3ff

SHA1
5875defdf669cc4747c4f68536e9117de2bd4a53

SHA256
bc60127e50fa8e89422966554f1e9319a0e0dd750525812463e0560e48d92fbd

SHA512
13d4fe8f6227c54ef928cae48f8b2854218da04174b60d70bcee410c248ad2cfa974402093a795ae275c5f4cdcecdd9426b50fcdbc3f0f64b6f0b0d9bb06ea2f

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_cs.dll

Filesize
43KB

MD5
0fce99454cfcc351d251fa0e9ea77840

SHA1
7b9575192e105b4cb724f51238a2e5e956a76425

SHA256
8dd39e95cd3515398aed12677db59d71c0773588ff927a6a782a3befcf5b1f5d

SHA512
61aa083b1c5e2ee9de23c9bb14b25deb71a3e6f962495542f83f8d068d5046722d287a7ef5247217fa5ea712572b0eeeadc1b2b3263cb70c061648fed030cec2

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_da.dll

Filesize
43KB

MD5
d6f44dc235f838bf4e52165182fc0969

SHA1
1eaad935a6ff147acbb041397b9e9d63b0ee1270

SHA256
8883fd2e7810eb9c4da66888bc548074fe990ae652ce59a053cbd25e39ae08db

SHA512
20792c1d1e1c174eb86f72ba92f83a92c025debf68db2ba9e3c9346fe4ecceafe0f94be62706cb8d16f8a6529a9358a4fc8a189b22178e501b654a1d4f6952a8

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_de.dll

Filesize
45KB

MD5
42b89b0a42b907d63fe680aedd8b32c7

SHA1
2b36c8bd041331d835dd897ad5ffd29e41abc52c

SHA256
e1b6fa1adc79add6ce803dfaf4ce5d5e4db70eed08223c4eaa381cf0ef55c62a

SHA512
539d3b51bf450bfb80fd90d52e8a8c2be077ed39f3e3657fa21de4b65e391144afb80ce6c57aef340ec67821eba3a886b2e072f7d64152119187ed374b5a73c1

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_el.dll

Filesize
45KB

MD5
cb574cc86d8fd65185e9c93547d9b98c

SHA1
1271590c4bded66d5179b1820e9f66c243debcde

SHA256
7ad4c02b86efeac6e068cb0a47d50fd305c2306d71d1bb9812be9f712597fbdf

SHA512
e170e7a987646cfc71d9a18ff7119daea7ad9c57040c4bd131f86499f663328e9a82240f130699ac10f9d2ddc04154c6d2661a32d768e98b40a0472698e31c3f

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_en-GB.dll

Filesize
43KB

MD5
d73f4e5f97b987b8cc6403909c3e6242

SHA1
0a7075a927333557161bcde22d08c35ff7636425

SHA256
30cd762237c21b6fba4e0b165ebab83a997c093bb088a3df56cee400f5946439

SHA512
f7b561bca0f7dba8beb19ea4e2b041766fcebb940776abd4c79e561ed0997e6d8e3f27927e5dab6f03cd45ecefb568bd872dc67f456bf19881546b51de955b13

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_en.dll

Filesize
42KB

MD5
2059f62477f33f9943dce5db380f09a1

SHA1
62300c5fa2465d535d77b9d378be7039ce32a234

SHA256
ca0f11fe6bcd7cbd9897f73a0b5208c49779b298a2df260ce084912ae73e5c66

SHA512
aec61bb34b79a6666e8eaf56372d049f184f02894b8425faadab9c4a2e812bfecf250fe561cb92fed2f3b965735bc2e7e97904c2667241a840611c0f4e0c768f

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_es-419.dll

Filesize
44KB

MD5
e4a1b678f8b6fab9034ec4657f1d264c

SHA1
4acceda598f41b7fed6ec58e65121d0a37256638

SHA256
faf3e79c113e5423dc0c2308feea2b1f1d8a5afa1bb2d9afcf4684daf4b6ca95

SHA512
2f0e1015224b255535ecbc3691e4f96a6885dc59cddfbadca160da9a45c6bef2c24afb6fb3057fe7144e739aab54f6bab936a9ea59450411b8e02b318e495b3f

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_es.dll

Filesize
45KB

MD5
5f9a8f94e5b85c41cd81f88119d04f30

SHA1
d5dac5f57002a1b43b0a83eadc9d2627492505b8

SHA256
ac2418963ca15734de3135131c1bda03d7e602034dfca75f8d11bca47b577ab9

SHA512
a9ba94b650bfe076584d1f465b293f49c9ddfef747ef51b728fb4988391874542f8029bf4699b304132c8b96a29f29935a213102f3a8ebd3086c54be6ed86388

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_et.dll

Filesize
43KB

MD5
9bc3b29e68a70e0da276d2f80d5609df

SHA1
da3da32bca70e64d461b2b7f25c0fb1b0b4b5a0d

SHA256
19ba49fa519608b6955018fb8b77e39d1356eb1817a8993622f8565322c14cfa

SHA512
2781e997a4f3c92de141f14250098779307513f4e7c4d493f40341b6a4fdf09671e6fc64781d2af38b5f19fb8cdf9c2ec03a5724b291f8d279fff952ad3dd3d2

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_fa.dll

Filesize
42KB

MD5
5089cc134b762c266a2d935da3c8334a

SHA1
e4d142e7b12a64b396e83698467900209b2345fe

SHA256
1d68b46775921fde73e30bd0dea980cee5d7acb191df2d91e16e934400609b20

SHA512
3a551efdcc0c0d221eb8bf883ea5312c77fcaefed6d1eb412351b63945de9f905f2968c21dbead7634e180742df668f8d1a5a2dbf1ee2c4102ac51291b7b1c3c

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_fi.dll

Filesize
43KB

MD5
5bab01b758fcb17579a8aaa3ed7a6787

SHA1
53800c375aa17bb906eca53548fa70191af221e8

SHA256
874e4bd71b4604929d88e50d673d52a1a1bc6afa78c244dd642ba20f302f3e44

SHA512
05c5936fe09642e71ff8a8ade4f4f2283b67e8ea79b58c856008de14cb7ba1163edfe54b16e517cff1354693792627b1caf45d8f0be5a3d563b9592a4711d4bf

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_fil.dll

Filesize
44KB

MD5
17f5249cfb6519985f90655b8d802117

SHA1
2a09e55a2fd07214daf47a331b6cddfea543141a

SHA256
2362f65816a9d66d94e1b3b4bce49d2e967b5c92c9326321107a84ab811aca1a

SHA512
0ee92e8d81a4e6988f1d2315d5e2aa78629ee142e38d6f104f5115fd983cc3e98142e88859dbca879315a6843a8ae65b26c507ac4ef25d3b11293551c0b90dad

Download Submit
C:\Program Files (x86)\GUM8826.tmp\goopdateres_fr.dll

Filesize
45KB

MD5
fa87c9dcca6c104ef4b31fa398150a98

SHA1
22a7f252994bd2c99aca4f1c544ba1e88a249f4f

SHA256
0b5678f58a8f8c8619d0940d981b40971f8b42028edbb2fa845731c747d3b567

SHA512
fd918ac8e95a7cb33cfcc141ed25f1d5848497bf3645f912fcdbea64a1bad1abb440248e2f56e1c7d7ba8afe4d3b44d83feb8c759970203f5cba147737f4c3b1

Download Submit
C:\Program Files (x86)\Norton\Browser\Application\116.0.22388.188\Installer\setup.exe

Filesize
4.0MB

MD5
98135fdc58e65f415840f62e6ca0b8ae

SHA1
b76150fb94286fcad05426a70fde0bfc9261a22b

SHA256
32947a20ab0251e8a67d5ced72ed2dde106c05e6e3590f104f6596594212a68c

SHA512
b22b27b10df0ac4bd6dbf05f84fb425d7e8a6ea4385f0aec62ff46167c312f8de6ddb8bb11cb6ad8bf164ba6e6a24516476a097014cf993f48db92d018b9a6c1

Download Submit
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe

Filesize
374KB

MD5
1694092d5de0e0daef4c5ea13ea84cab

SHA1
894f3e31cc3666728f2d7a8db6840d4726843de5

SHA256
a178ffad4526b68ba0106032d612164004f20f08b8ef7fdf986429a1cf7708a0

SHA512
882a9392507bf0e089952f17e2f40db0c5e1c52c6a6f5c7cdad61dedaf1af734f23c317c0da77a980d6acc38e169302e1b024ad393bb730851786146bc38e17e

Download Submit
C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe

Filesize
395KB

MD5
09621280025727ab4cb39bd6f6b2c69e

SHA1
a6f3796a310b064d1f2a06faa9b14c4a104506da

SHA256
77b695e9292a10a98c3fc1d25ae05c44fb18a54d74a473d4497b840c8ba94dea

SHA512
cba5dab19bdeafc4eca223a4858b566e3af21fd690f4f6971864c519d284aaf5a3df70b98aeb5fabc66a68e515505b203b0bf1c61ecb92070e8e30a92bda6fac

Download Submit
C:\Program Files (x86)\Norton\Browser\Update\Download\{3A3642E6-DE46-4F68-9887-AA017EEFE426}\116.0.22388.188\NortonBrowserInstaller.exe

Filesize
101.0MB

MD5
99faeea6e6fbdec49c972190f72eda77

SHA1
e1eb7a88d9f242df5bdc7aef23bac2ee853807eb

SHA256
d24a41671559b958b34cd9bc8a60ebf83af5a8a5d43190375ea6af36aba2ee87

SHA512
e17d7ad93ccfa16334c9fbd1bcef71a4780e8e0ba211cf508de1d44c194df64a875982487a3161dfc5e301a0f513f330cfae43877f979b8a1f5a7305675e8b06

Download Submit
C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe

Filesize
430KB

MD5
bf8fe62dbcd949547af37eee4ece61fc

SHA1
b267ccb3bbe06a0143c1162f462839645780d22e

SHA256
66e75ea8a3641e419d5226e062f8f17624afbee3d7efd1d6517890511e7111d9

SHA512
512f2c2be5ee5f61f31719344cd20dd731898c5b63f6e1abdbfc81821533d93ae06c96f256ac1196e9f457a927c4aa61c35d00b45181793547ff3b6670866cca

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping1244_1329618300\manifest.json

Filesize
573B

MD5
1863b86d0863199afda179482032945f

SHA1
36f56692e12f2a1efca7736c236a8d776b627a86

SHA256
f14e451ce2314d29087b8ad0309a1c8b8e81d847175ef46271e0eb49b4f84dc5

SHA512
836556f3d978a89d3fc1f07fced2732a17e314ed6a021737f087e32a69bfa46fd706ebbdfd3607ff42edcb75dc463c29b9d9d2f122504f567bb95844f579831b

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1148909742\manifest.json

Filesize
196B

MD5
898f5b3c1b9e44506bd7a511321440d6

SHA1
0096290f45fe065bf6ee65e535cf5b2ce6949276

SHA256
9d00037ba16af20e96e2afc34f260f0e51183904c8adfbb0c2fa96ddc7a16f81

SHA512
0cf4ad588afc6df659809325f582f64aaaf1ee3661893dd76209ce3036ac553518ee007666faf7c08a0f2742f8eb528c8cc0c181d1f62e182bdd14e1553c3f9c

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1757455573\manifest.json

Filesize
1001B

MD5
8453654f8448d8cd1ad1921f00f72aea

SHA1
bd1c5851942c5b60a53e14a7590a0f2460655c03

SHA256
ea46dc10030637a6ef42dfc175982e6c1a0755db1bd4f426d3fe86a19a5124a5

SHA512
f38e88a2d486a29ac0876007f472c18582145d2d6c4eb2122a49204569b501be4452f68f82471bdf80a74517612509459577de846a3b8ffb1479312b9521912d

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1822767099\manifest.json

Filesize
69B

MD5
fb195043cfc35ce711b45934e387267b

SHA1
6f1aaafee57a3da2687e9fc8defe2dbc7cba0e07

SHA256
aeb364b60303212808fac02eb490ee5b054ae843ce084376e5981ef8767e5198

SHA512
bd7fee1d6f8e51137c849d76ff53f3b501d60ddce83cce18f3a217703d3d8b1a1cc7696b656c666d4f6de62a17ea2407c857137d12e0b6ac7bcdde4b3c8ff86b

Download Submit
C:\Program Files\chrome_PuffinComponentUnpacker_BeginUnzipping5396_1919708210\manifest.json

Filesize
114B

MD5
0759a1dc1411e07a494d5856dcb9e817

SHA1
48be8f53d0537490dc9dc7de53e1a4e3e9648d87

SHA256
f4862fcac31d500abcf92e69e04a63d554036a116fc7a1b5ce4900a977f18082

SHA512
4061a0606cc2b4e9a38621bd1f58789787dc521727ac859a904e665c36b95531ff6c44ced552b4ed16ad765640b7c5fd4e0c396d0cb2434f43fabea9e1681479

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk

Filesize
1KB

MD5
470611db0d45ff71df5c85f94ca723c8

SHA1
a5728bbf391dd4fb2920686fc4ef0bab947efded

SHA256
80f9895bca28934ce14ae06339456146ff490b3dc3120b2f579416bed16e2054

SHA512
b5633a043c5f0b0920db9dfb88d03ebd15b2d164e536de3680eb8ac24e751d485dcb4eac71168c01e1aa62c53bc9cf7f2136ad72b8b13e574f8b3b5de18fbc18

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk~RFe589390.TMP

Filesize
967B

MD5
0365837383a2ed19395f317cc4887073

SHA1
8185393211b9209a5855234b1ffc28083e31c07e

SHA256
d124bccc096e8d61c6a331ac9c696887b5bf17b6b5a04c1e41abf588ee15be44

SHA512
6b1532c0e486e50e2a594b0f53a02ce064a730d6e4fd759a2d4c94c8b084e45ced818bc603c6a2d7a509726f09feda8f48d3cd7f0a06b690fa20860a06a37b4c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Secure Browser.lnk

Filesize
2KB

MD5
8d77c7f5d1e53db1b70cf296d62e78c6

SHA1
be47ff03f3b330e4be547690bb34916d5a38aa20

SHA256
f53d8b3c285f57c7fe2688344d1c9ce94bd05371896995f0c6538a33f904e2f0

SHA512
b83648759d0dd96d4224c744aebe9f713730313963513d9453cda18860e18ee68a47774a1ec3009335f90816073f73ac4b529ae19750f4919999d0bba3a766e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
d8fe13b3646344f6785e9622b4aaf12b

SHA1
ebc7e7882620df4ee627888e7d9ffa14105c202c

SHA256
3f48bcf2b43aedd18a0afbec5e9008f07a951aec72f6447a3375c171d7e21210

SHA512
917a437d8a34eb092093bf23a055761ca2685d92db15129bc33ab67b26eb341a1520c7a916b92c368165c9a2c6cd36a313a602dd442bf1afd5fcee870f7448b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
375554648f082b5bfd1b1169dc89ab60

SHA1
b116bb6142a7a5d87f24e9e24b6b425f7d0b66f7

SHA256
c5bf72ae77ac9b8f1bebce88d2afdb7efbabe9a5acc289e4190b690769f70b39

SHA512
41098232724e68b814d1960e3ada52c06b7471adfbe98f85bd7f20a2f94f1eeef822f80ac14634d48a14cbf3259c6b296d82df6f04ae5d5f6d424899961790ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
683a27d0143599c1769372ed4832aeb8

SHA1
26dfd3b80770eae31ac7b90ea8c39f36116b9472

SHA256
54f1c2b6a5739c7a55b65d56d21f0829f5b78a7c1844cb71a7d93a7232e7c74a

SHA512
105e351af985556b4356cfa231e12bdc18ccd45dbf2e3fff1a0ce59b8ad7e92fb8896f2475f4ea1869a915a94f77eed81ae907f9602ae599678431ae13a43468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
e0e58dbdff2f5aa91e0d6096ccb788f1

SHA1
2fbe19d3c6c45fef3923450b98e4be782bae36b9

SHA256
1efae448a3e96ad5730b4cbbdce3e24dd77b428394327ad48db333ac31ab3d70

SHA512
b0d8b627efef682b81a677447464f41d7757ee421abf55ea8ac9f12ae84683007af0afb4b148dad8d45d74354b54d7f1605975f017f22edbf770474569cc8751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d1e1ed2124c0862e12a42a091aa35f7f

SHA1
efa3eb7f0bc6b4ebd182aa3bffb130570ea05b5c

SHA256
0c41c5ddccf4ed586bc63bc066fc1af1ef3e66a9e45d28c05926c82119271e0a

SHA512
aa4306acb6f0dc29c5ff7e9f338402582a53697cc7e0b9c65de49b2429e1f0143479f1c676f1354897c8c31b4c8964ad0529382a36d3cc86c24c410235d482ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e59174b3e356fee315f1d7a27342d31b

SHA1
d426158d25b8eb9ad87eea4e7df543b612c39039

SHA256
c49bca2a14fdbfba536737956cdb06997af99530dd16d1b230ae3c4d97bb2925

SHA512
1b3f7e186ef43450791c9680174038f2fb30506a84e3cb985952720b54905f5f8c3eaf15ca4852b7f0516eea43fb2d63168236384dfd1f3fa16e8b1f0a3fb2c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e59174b3e356fee315f1d7a27342d31b

SHA1
d426158d25b8eb9ad87eea4e7df543b612c39039

SHA256
c49bca2a14fdbfba536737956cdb06997af99530dd16d1b230ae3c4d97bb2925

SHA512
1b3f7e186ef43450791c9680174038f2fb30506a84e3cb985952720b54905f5f8c3eaf15ca4852b7f0516eea43fb2d63168236384dfd1f3fa16e8b1f0a3fb2c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e6e059dfbce1d63148c2d5bbc129bf2e

SHA1
2a20bb469d55540d882d81df8b972f15acada50d

SHA256
6e15fe008d243ae5cbe0b674ada6cbcbaee5738a206df6c1926ccf1d574e7f56

SHA512
04c4516b31ee92bc022a811166a997c74ef7e472606af2451d3cedc1da26e2edccb96490bc0d3c47936988518414247dfcfe4597d21530d45b012fa7f9e790b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fdd4336baea001e0aa672ade8012eb69

SHA1
b247c99f330e60b061c3604df0710c11eea87f68

SHA256
9084cb6f2e4e4d077bad5dde4b56db8f38c4a4322fc3f01bab63a0b19bd84050

SHA512
262bc61d31754d133317bcb2adebe97747341f0efd220077801682db888a3762e1bf490cf08ee920c95360782b1f0106d181062ce7c98c277398e0d9a1cce05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
5773ecbca3a20e6e5140864a51e9c0a3

SHA1
700eac18583abe5dbb86cba019656fc73258c671

SHA256
0ae7372f49cdc4b8c5caa20de54446c0f510ce419063b1cad395a9f8fa343863

SHA512
32ac5489c5b9eba8e05c97b089ae1a473660467d061262b4c2d7a0cdd94a077c6b17019f1eacff34752da927a3a3d8c496064bb0417bb1bb6977d0a3fb0200c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f3e7f74c5718268f3117a500eb6ed5c9

SHA1
051e91bf8b38b86850e5ce2fb1bf932b366708f7

SHA256
a774419b6cc93170ee11368ad52c3fff2c0dfe79ac06e620f8582d8d02a9b502

SHA512
7de69addba136a2f5735b8df31cb65b2a8193ae0c677170304d11e09ae10a604e04c7d76f3935b46ebc3b8cdc377a4cefdb105c14252e51289515942b02027ab

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\5a20d52e-3155-4c32-ab99-aa568064e257.tmp

Filesize
209KB

MD5
9ebd16e9271ccb3a7bf8bd5527d94cea

SHA1
8413eee7410a24db66cdf2e6c44da6593608cea2

SHA256
ecc2696f761b362fcc5aee382a866802bcc46634f298ca6f289d7ca669f94588

SHA512
510d932cd6f9e2c61a072e490aec1d19d39f10005510762183008c688e7aecd78b8fa103194c6cb3fdac7980543493f607f40cee0caff1b71797685bde95cb64

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e5e34749befef2599d5b40dcbdd996a0

SHA1
6f1a4b92cd7a9ae4e606bec8ac90ed5755f628ea

SHA256
f30463135c47d15f1845e824531b8ea56b21c96c0092b740cfe6f4b43d8b723c

SHA512
efc6929ab02e00ee1e67366bbb8fe16069e55580044e5381b386b08c0b17cef1895a558f657ce655d64945b0ba7131541ad9c4d5c4b87575a470270fbb5dfab9

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Network\Network Persistent State

Filesize
904B

MD5
fd3bd43dfefee76f7fca94e3d4c61f2c

SHA1
0be1487e8f26b750f473505228ddff5403f8c34b

SHA256
8c850487d97feb666d1db299662c3cff70032374ebb40a3329c977d66681c4cb

SHA512
aa4edfaa31c52d821da749d2d4c67823e432ac0751349ff53d462712a3a804bb8e8b5edf569bc7152fbac79f530469d2b9089cba761e0cbce21d0dbfa37dd9b9

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Network\Network Persistent State

Filesize
549B

MD5
b412f4412b931b7ddc13974f5aa968cd

SHA1
c6ec02b5f6f42347e764cff5565ace81882d6538

SHA256
e3dcc99137a2b8a8144050bab0d884fd6e513c7f6214d41beac1834a938a9076

SHA512
073eb95ce27dae2ae31809293e27dae66d6a25949280319250cf8b2c0887cfd297933d54ee3002131b96afbf69ed92750ef822562763e1e43d7dd5bdcf1de782

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
fec1b1a837005cb0a25a4e7673b8d7de

SHA1
707159a643a72758b10eb3b14536356441c973c6

SHA256
7c38dabe4a162518c6a75abf48efc1f28abab86324035da43a7690c619724d0c

SHA512
6d5e8b7d590eef7c7c33a6dda9134d8b2832747857636fd94a0a15b8e3f6e2873a4e5e456e0f07877e85ee0554680851c1b4515e671495725409b000c3851acf

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
ede3c811dad8ce09b2a302df36173ccb

SHA1
3163fe5bf4bfa0926e9912e2eb04b06ec474713e

SHA256
84cb8d9b35b17e2d3bd687cb2f2e8370c5187fa589aed92617a8c626597f235f

SHA512
aa646bc7233a48023e4434b4de99c8273b6d788b33a439df4b9f603a8983bc4b6921ac4efae757573ddb9509b97e30cdd814960d96b7c9cbd9211ac1ac491dc4

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Network\TransportSecurity

Filesize
188B

MD5
eefaee4af50a59b843c624cbd5fd37a4

SHA1
5cba354dcc40fecfd2b3f07047c42bb425b7e9a5

SHA256
feb8b373a0b65ee342eb7c590fa2d78cc67c718efacb0a8d15d15b9517932512

SHA512
261c4d68148cc6afc1decf4755095ed22d62f13ad4cba0383d59a5ff96af47b7e07a7b28b385308300d4db560a82a8c2c131fb211c9f073d6eccce25b0f626a3

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Network\TransportSecurity~RFe5c7ebd.TMP

Filesize
188B

MD5
3fcdd2c89496770917495cc51bdff8c8

SHA1
0ffaa6729c0c794e6ab2646906cd5a1a8bfe2a66

SHA256
70f4ff6c08b160223d387c89f35c9bf3ee1c6ff1fcf6d0e0818de3324560a1ca

SHA512
84688b8e054f1f9e059563a9326a22803dc237a7bf8c121ca4ba32e4ba738a3afe314e406c3fb4e2cbfd45a1a90ed9ec0d7fd03005db13de5cf4cb08fb2252b8

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Preferences

Filesize
9KB

MD5
aa887f25903133560a0a693032168574

SHA1
2098dee21930e8d5fae2519668d2dbdff48fbd00

SHA256
9052877b9695d80d8dc3208c9d4664746fc6c23b0b3833a4ee0d259f2cf189d4

SHA512
caf6708ac9aa6e5dbc8b2ad7ed3adde1da0c5b268839541e466f26514edffb3522a0902a2b6b81a8ebc368efabbf7a564b6371c4966deb53ad3dff532c732e30

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Preferences

Filesize
15KB

MD5
8d8a11935b8522e251aa87da984695df

SHA1
9411db34fa20797aa48103bb8b249707e6009e82

SHA256
1602c619a1cd832e89f679500f6cc363ab4a3940cf7889d249ec19f43aa04ae9

SHA512
d7ca1f9f6f2f3964d00ef35e113e3cd9abfe741b6426b9b0970ccbe98a75f9506d47318387a9d7e9c8ff5fc9c4c4a576f585afdbc8a2034a43417f7b197400e8

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Preferences

Filesize
16KB

MD5
d876441870a0e5e75e0348979d7057ce

SHA1
6d93b61c592e0f606ce83f6d8f94a13119c62b47

SHA256
82290cf92fd03413778a2b57ddb4682eb35e8100d287077cdd7e3dcee938b0ed

SHA512
affdf15cb58aad12d11291bd51fa9c972a2e0f3870e7fb4a11eb857ff69a63d0606509f96f1f3c988736472f9c7268158bdb3b29357cbe403dfa519b38a5a6c4

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Preferences~RFe59695f.TMP

Filesize
4KB

MD5
9071fddec0f77fac1d474c6abff91093

SHA1
1666e45e07551292b306f6e326bd49c2145caa4e

SHA256
2c2523a1983214c9d2c51fffd6ba48ab1ac0db1c610706ae36651b20b0b51664

SHA512
26eef72f1bb67655c8329717828f965788e7710fe89e675e14bcfe9b6e5eb7e06f648cdee9daf2cff3cb65432cb8d961eebb9bd646d6a54cadfa79ac032fec49

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Secure Preferences

Filesize
11KB

MD5
362a3d6084a0fdda783f58f9a3ea63a3

SHA1
b93e39a29d089e6242a6b104db19f800ac7b0f00

SHA256
c9257c37853034d0710eb0c168ce50fd0e7dbea9379c1e9a83b95117cee6b389

SHA512
720b85df0c955e90f1508f4b21431aee94a3c6c57e14dc51d68a085a52b8de194c42d4a4041750bf6498c33959065c78e265569fbf982d3432f42c0f91c3942a

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Default\f904c6b1-e195-4a74-9512-3ee50df428ab.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Local State

Filesize
7KB

MD5
9ae870b00b2ae41d5c51b0f7933f434a

SHA1
1ec91373e79c87705cf17c7a328b38b4923417a5

SHA256
a8073bf47608ebcbb7a4bc4a7aebb7d35f4d54092e27122ae196b8e7f9e79b67

SHA512
f6d780f79f3801aab73ea40b2343f28958dee2e9196f95e3c783e77912557a593efda0623694aa58aaa05dd924da29042c57e56c000d027174afa47051857098

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Local State

Filesize
6KB

MD5
813023be7e486d442850649ae49ad25c

SHA1
a9d8dd633a86cc8aec913a3672813b88d55aaca6

SHA256
b477c0da3c1303cc65e5fe7c50d6cb37eb53de9e7ab127d7d8d59b866d3d5636

SHA512
483189bb6ab192970a4eb23472838f2f84fb346e04098d2600d45f03567dd082a3f42a528683c96d83f2c4037369f54d8bde0827396c2882ae858be56f4ed579

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Local State

Filesize
6KB

MD5
60e97471a87734ba91ace8a854072c50

SHA1
33aa2d10780888812412b4567c65e6290b0e1bbd

SHA256
21e7b75aa41b86341ce9b06e90a2ab9555ccea8de93c706d87f9885fd94fff46

SHA512
979200c9b1187ec6d550158478db00df4f87c44f33082469408eb247a5bab646278df86ac5cb1e545f2de53b3f17ee40fa8a83d40bd27d2cf46b8363bd57b5b3

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Local State

Filesize
4KB

MD5
809d03b392dd73a2dc6a12eb3f5583b3

SHA1
281c25150c7a7060036f35d47025900dd7e28f0f

SHA256
4ff47f47b2bbcda699fbb2e618b8d756bb14e2c295690d815e1ce8beb019a742

SHA512
34d0ccf308896ce1b0645163854e08928ed11dd7c467853f60314368c61c56a3247cf3f34990c067fa1b07f0f1342deda577c085137c590512a7bbabfe57a761

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Local State

Filesize
16KB

MD5
70e1f9dfbb36c8912fb90918b91b620f

SHA1
32ffcd83a9ac32986296dfa1c63bce93af0077f0

SHA256
6292a3786b62f3b37b738e2eb1f735913b555fdba981e067069ba82ce050b06c

SHA512
f7ff8eae83f12979a4fa45d67c19c82c322f779bb88b2c51bd2889f03e5ff6af1a20fc81955e61fcfaa260208865cd1a1fcd4324073e83cfb9bf03e85537c074

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Local State

Filesize
14KB

MD5
d704abadbe9ba4a124f8f5145220e647

SHA1
2321e5f5bd3f040620a75395d76e565dd5504c37

SHA256
f57b46afd84e03e0907a9abfeb190021729e0bc692ac49f826152b37bbf526ce

SHA512
264d8f25a6022d91431450c3894d041cd23740ff860e24542ae5e79757781be0e78995adac8906979dbfb4558f8d20da13d812367d4502bb65af7460d039bdac

Download Submit
C:\Users\Admin\AppData\Local\Norton\Browser\User Data\Local State~RFe59694f.TMP

Filesize
1KB

MD5
9fd192ee0a4d81eb09099376788895f0

SHA1
f586abd160817829bab313dcc9ff8ab31c3f21a4

SHA256
2ccba1985f050414c00dfcc40d3fb14281160743a94f0737a2dbb0f7d3597e36

SHA512
266f207aa12179c314fa67a451a0741e67fb2d3db796bb9f603443e633a5fc65ea774ceae8fa7977a3ba54495ffda50be13a4486bddfb1e2a19e0ff14f160a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\6660610a-15c2-4621-b7b6-ef4536350c14.tmp

Filesize
17.7MB

MD5
5cc86f5542b7081c66ca3cf7664e86e9

SHA1
3fb1b70f2995f54e62cb29c87cfc8ed1b53b3377

SHA256
3138da333fe174cd35a791a3c4792e815addd5dde380ca03765b9bad2a720616

SHA512
e3c72c6ad64bb0f11bf1a876ef5a0766ce668ba4db0b6f3ea13d34715cdc282be8872d914f7420544b36d325a83dbb69d0b2abe5d46a136ec5e4dfffb583f18d

Download Submit
C:\Users\Admin\AppData\Local\Temp\9bb9ec62-e6d5-4880-8827-b570cab06183.tmp

Filesize
841KB

MD5
da6817d8cee3cc7d8453dca16dc9020a

SHA1
0c8ff4da27afb3ee1fdae0fbb4d2236cda7ed20d

SHA256
58edc18deffa79f21c9af5299dc5810f76c6d41f88b141ef70898894e5a612eb

SHA512
a94f545e5bb98c3b1a643b460b255a78922699b08845a425345de6bb19afc8c761c1bc9c055092166e9d12fcb001fee393dc7107ac70c604d9203d758e4c1301

Download Submit
C:\Users\Admin\AppData\Local\Temp\e641d7d4-533c-4689-b387-6ccd5454b187.tmp

Filesize
85KB

MD5
59a39635945da117f76a1b9017c6c106

SHA1
553248b89ec725e74c9bcb52a18cad152948049a

SHA256
bd1ee6dcdfb4315efe162991159904eb185b27134601cde77092b17596bdf431

SHA512
a9c2f0e07002c97869da4ef6ed71862e8d1e0d9fb06e446368b45120c279ee089f1bd282660eb994a8f3c596f9a37cde852878e63cbf10bca206d76858e1addc

Download Submit
C:\Users\Admin\AppData\Local\Temp\fee15de9-a412-4343-8cc5-e17516c9de3f.tmp

Filesize
1.1MB

MD5
5cbdfde6e669935f840cbf9c50334207

SHA1
0c07465016ac7476816770f31e64abf5ed2918a9

SHA256
1384d43d503bb9a0f81a6782037efe1c4030df85f9e16a10e0fadd7c97fcd234

SHA512
1559e1b4d66a42d3b7d380b982422c44f30f99ecc9e031380d1d1124548cf0203b6e55594ef93ad14adee497440ed507238cd20e23a28f26c3dc35da1efbe4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\norton_secure_browser_setup.exe

Filesize
5.5MB

MD5
ded9ce3e77f36f5fb722ffc02427d0e9

SHA1
26cb2866f941df748f012fd4da1ee67fe7a9dbac

SHA256
bac20d7c229faef4baa990d441038af3c28f52abd13f48763460a6046a6b8e6f

SHA512
98778b249b5e3be1378f588524986c0be35834a332fb20e3d42e659c973fdc22773a7a1de41542a88c699f1d9ccdf96f000687d3b749dbe09971d13fd8d428b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\norton_secure_browser_setup.exe

Filesize
5.5MB

MD5
ded9ce3e77f36f5fb722ffc02427d0e9

SHA1
26cb2866f941df748f012fd4da1ee67fe7a9dbac

SHA256
bac20d7c229faef4baa990d441038af3c28f52abd13f48763460a6046a6b8e6f

SHA512
98778b249b5e3be1378f588524986c0be35834a332fb20e3d42e659c973fdc22773a7a1de41542a88c699f1d9ccdf96f000687d3b749dbe09971d13fd8d428b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\norton_secure_browser_setup.exe

Filesize
5.5MB

MD5
ded9ce3e77f36f5fb722ffc02427d0e9

SHA1
26cb2866f941df748f012fd4da1ee67fe7a9dbac

SHA256
bac20d7c229faef4baa990d441038af3c28f52abd13f48763460a6046a6b8e6f

SHA512
98778b249b5e3be1378f588524986c0be35834a332fb20e3d42e659c973fdc22773a7a1de41542a88c699f1d9ccdf96f000687d3b749dbe09971d13fd8d428b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\CR.History.tmp

Filesize
148KB

MD5
d8fe13b3646344f6785e9622b4aaf12b

SHA1
ebc7e7882620df4ee627888e7d9ffa14105c202c

SHA256
3f48bcf2b43aedd18a0afbec5e9008f07a951aec72f6447a3375c171d7e21210

SHA512
917a437d8a34eb092093bf23a055761ca2685d92db15129bc33ab67b26eb341a1520c7a916b92c368165c9a2c6cd36a313a602dd442bf1afd5fcee870f7448b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\FF.places.tmp

Filesize
5.0MB

MD5
fba744e2dc0d69aaeeead4f33a4cca71

SHA1
e32563d7139c68a187d4e4878eb9f24cb11855c7

SHA256
20e831e080827ab639f2c5fb5ebdc02f7ad9e0e6cfe019b197eb2e4cce5ede4a

SHA512
33166a292397f0d94f5b883c7794cf7eaba6c76165f822f2e26156544cbeca13443b0be4ea984bcc837fdadefbb79d53627f849e4c57bed33beb396011fc2449

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
7dd62c8333bd819efa4f6cc0bade208a

SHA1
5a9f502239eb557826fc6a272747f5fb367ae567

SHA256
fca81d6c74326a1ad4b1071c566ca71846919e9be0376cff682aa033ed51c979

SHA512
03e9614c839e91aa45bcc434d11c41fab9eb3cdbe2492dd747361b9da7bd300bfed53ef310bace2e1ef3da01db5e834f85b33cac635cb7fe2e089046a154d27b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\Midex.dll

Filesize
126KB

MD5
ef03372728aae78a23b9cda082852d38

SHA1
8819fac7fff0b4cf7afdb1c8d1523513b0d49823

SHA256
75487fb7cd1ee4534615b22b559f55819349c2abf138b8d6e773a18e05df231f

SHA512
5d6181de9e61c5170feca9aa4567d92d0433480d4ed247b0d840be4c07f8d79099009e1bed5ae02e57eff0f2297fb05dcd0896d267325d96f5c23684acc65911

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\NortonBrowserUpdateSetup.exe

Filesize
1.8MB

MD5
2b07e26d3c33cd96fa825695823bbfa7

SHA1
ebd3e4a1a58b03bfd217296d170c969098eb2736

SHA256
2a97cb822d69290df39ebaa2f195512871150f0f8aff7783fea0b1e578bbb0ba

SHA512
1b204322aca2a66aedf4be9b2000a9c1eb063806e3648dbab3af8e42c93ca0c35e37a627802cd14272273f3f2e9bc55847dfa49fc6e8ffb58f39683e2446e942

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\NortonBrowserUpdateSetup.exe

Filesize
1.8MB

MD5
2b07e26d3c33cd96fa825695823bbfa7

SHA1
ebd3e4a1a58b03bfd217296d170c969098eb2736

SHA256
2a97cb822d69290df39ebaa2f195512871150f0f8aff7783fea0b1e578bbb0ba

SHA512
1b204322aca2a66aedf4be9b2000a9c1eb063806e3648dbab3af8e42c93ca0c35e37a627802cd14272273f3f2e9bc55847dfa49fc6e8ffb58f39683e2446e942

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\NortonBrowserUpdateSetup.exe

Filesize
1.8MB

MD5
2b07e26d3c33cd96fa825695823bbfa7

SHA1
ebd3e4a1a58b03bfd217296d170c969098eb2736

SHA256
2a97cb822d69290df39ebaa2f195512871150f0f8aff7783fea0b1e578bbb0ba

SHA512
1b204322aca2a66aedf4be9b2000a9c1eb063806e3648dbab3af8e42c93ca0c35e37a627802cd14272273f3f2e9bc55847dfa49fc6e8ffb58f39683e2446e942

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj7617.tmp\StdUtils.dll

Filesize
195KB

MD5
068bb413f09277572b7eb1642ca7cf10

SHA1
b9941d69998a86c7dd108ac6761c4c47d8641249

SHA256
646ca163c54641b467e54d987065afb808a9b0e88bacd5b2f3105b8540f4a6af

SHA512
787e5751b377c2a88045e491bcd7dac4a03ac78a01b4001a9a34f55b927f6e524279170cc72c61b43e8b094aa7d6da2700aa4619832ee41f71e83370ab8042d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl81B.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl81B.tmp\System.dll

Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl81B.tmp\UserInfo.dll

Filesize
4KB

MD5
98ff85b635d9114a9f6a0cd7b9b649d0

SHA1
7a51b13aa86a445a2161fa1a567cdaecaa5c97c4

SHA256
933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de

SHA512
562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl81B.tmp\nsis_appid.dll

Filesize
3KB

MD5
19071761e91c43c115a16b52458869b7

SHA1
75ddb807157f1aa31a08f87be0270f60990bcbbc

SHA256
e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

SHA512
bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssCA4.tmp

Filesize
579B

MD5
9595dbaa917be32943e938b7e94cf223

SHA1
5d0e9d08703ba38369cf7eb1f1eb762a6edc35c7

SHA256
85743929080e06bb112998e2c43409764d7711b1b1c3b76597535eaf49b067bb

SHA512
fdd7b77c3abd22f3ae104a2324222cc692e2dcf2a9a39216a90458f93d547864f7e0bb1fbbc1252d168753c09b26fd84253105d5327d241023be5d14db9f6c29

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1244_1263042507\82bcc849-bd11-46da-8ea3-23812d7860ab.tmp

Filesize
1.3MB

MD5
f4ae39162cef3302521488c76aac41a0

SHA1
81c1c1708030e3a4c3266efc767b81d02dbdcdbd

SHA256
ab388cbb819b05cdf5543934b700dd4bd0256d22615b406f27e6257a12181456

SHA512
862358abc2d210c976686424cd1f252f0e69f95d7d820e4de7fc480f1186267b0aa870c48fb516a7da32f0154978e4db050dcfe60987c4ed9d49d70d9f4a42d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1244_1477038412\CRX_INSTALL\content\formdata\l10n\ee.json

Filesize
937B

MD5
8a0001b6f0b931d4917af8eac7f2c008

SHA1
1c9f4fe15d671218eff298f3d4127123c4263c81

SHA256
1080bf9d39a11877e7a3be16b7c38f549de24ae56aeaa6bb121f7f142ceb4621

SHA512
565e597e29a8f3900c9098a45994198814eac952120aae690ff8efc01e8dcd9829ec62ef6e1d39f4d76daf0f6c85f9701f8ba0c117809cd0778a3c45f764b4f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1244_1477038412\CRX_INSTALL\content\formdata\l10n\rs.att.json

Filesize
868B

MD5
1f89d23a1630e72c8a7b6998ad3c435a

SHA1
627700da506910e9790fc2db03df24e7790cfe2d

SHA256
e3658f2085808d75f416b9b9b6ca81b5cba15e2dc3077ca9a193c6b48d597284

SHA512
eff805fe6348e82e069e8073c2761108deb81e37317f7ca3819bb5688c2bcd8ce4cad92043c59f2f07346ccde92db2f21fcf79f7a3102648afba44cbf7ad7cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1244_1477038412\CRX_INSTALL\content\formdata\sitescripts\WAXUtils.js

Filesize
4KB

MD5
960ff79228a08c5125ff03e9adca66d9

SHA1
b640b6243777dc52876a3eed97713f53fa7c0a35

SHA256
ca6fd3e23d72c7d4374c00755aa885a05e1c549a16dd0c232e438ea95da42e76

SHA512
061f6a2e1b335504214a839a029864b1f6bb0077b8fcb1e9b7358d9185df0ad302b6fb29bf50bff17f7e6849a359c905576eec0cca4b348681f5a3da80e767f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1244_1477038412\CRX_INSTALL\content\formdata\sitescripts\amazon.com.js

Filesize
377B

MD5
ab2fb372011e2decd6dbde1ef04cde32

SHA1
d83469ff521513088a9016eb800f35943ba86be7

SHA256
ce2d1f098490e7e03f1d02c9978b42c1540cf1409bfed64ea2879f1ff0d76908

SHA512
d00e5dcaa441d63dcfdbc9d5d9f2dc9df0688914ca9cda44ee060613edbe25239637a816ea8498ff5fceee77d1541a7f7619b462eb8c5eedd562d8611700b477

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1244_1477038412\CRX_INSTALL\content\formdata\sitescripts\zappos.com.js

Filesize
484B

MD5
7abdaebf15e0e261a80f917206f7cda7

SHA1
78949896b5a2955ae624b06e65d24a26771b46c9

SHA256
084b139bfe8a5651d630d75efd97198e95aad2ae5b9d065eef2e1525c486c3c6

SHA512
2ad535cf8f88182d5e74d8c171a143a067f0a8f9896ccf74ce2e69be5d6176ec432fdd86e63a24b3ab459a340a5bd2b68a04a17385c765cbfbe793cfd4ca5b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1244_1477038412\CRX_INSTALL\content\scripts\portalInstallFlowCS.js

Filesize
783KB

MD5
68018953df0963e037071f863e0ca381

SHA1
2c7fb763752ff48195d1626e785344b6661815c4

SHA256
0f6c017bdec84c131c73ba9735a960610482b5862d539ce39b92fcffd1c3f01a

SHA512
591ea7f29cce53c31c5556eaa3f78ff055e8e938ae42b51558be89e06ce9cb093c2adc3e91b7db618255bd0ab02a47d26acc40618505eff16f1671f50d58299b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1244_1477038412\CRX_INSTALL\images\img-import-safari-mac-col-3.svg

Filesize
2KB

MD5
53bcf53744910e5ad16bd93a04735434

SHA1
cd2dca470ab9024a12cd29991b5a2c3fc4565411

SHA256
f3ee3c6e384b4abc1f54af166bb142c5d1f6ded12d4e0bae666ceee50812b3dc

SHA512
d4c242a7d404aa37d62289bed3a445f1ef68159cbbde432ef989ed3beb407e69764d184675b91e9f8900d4a3a7ddbfcebc99dfbd8735074b222ae7bc07f542fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\_locales\en\messages.json

Filesize
229B

MD5
100b1c153f93de2f585bf40b88c8eab7

SHA1
c3bfda2744161dc77352ff86093a63f31293e261

SHA256
5357a20e6e883654b2d369b829b711ab67fc0d253033ed1ae6894bd4fcfa6269

SHA512
492290f9bb7df45e846a007095b49d2d3d7c9273e9933d7cbbc5149f2065a4cd33519cbf5215dfc0b9d56ee50d88a526f7a07f4bfeb50619473b4b6aaa25a4cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\_locales\no\messages.json

Filesize
300B

MD5
1bbdaccdb65f219025f1625cb9f700d0

SHA1
cd4c8793ff28e66d6b05b48868227243650f9226

SHA256
c396ef075e5e6ee3b36d2a5915f52dedc9994021428c3d265dab89a93219005a

SHA512
6ff1d165fd1a5d706e7a107f4d68be785f24012a9cf01610dd63b71dcf122bfcbc8c1955f12a3a85276b650448e1f38f6947ca978e2c6fd5ffa01c2115fdc88c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\content\formdata\sitescripts\icloud.com.js

Filesize
742B

MD5
7475c597380079206d92d7f7afbc64ee

SHA1
62d0c1fc133fb02c8a68ae2b6fd71d053eb6bf37

SHA256
82e38af0b4c837ad7a6058a7cb9be4f0054a6c369e9bfa6c0726b3f135f577de

SHA512
ca5d8d0708d6d06e217f09f38e9160620cc41d6e48cf95dc6b8e14b12c8aee0da2bc62ed11c2390b1a6cb6ee44d6274dff21448b145a488641840e305cb2b3a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\images\icons\ic-extension-warn.png

Filesize
697B

MD5
a857f6ad443f190d82c603ad77334ee0

SHA1
a943b0a11933cdf3320c9e13d71dc2e4d4081dde

SHA256
5a128dd383f6d4368c6d1856fdbe5d142eb631ce86d7d8e3ea5db41c4ecf0346

SHA512
25cc14102ee0294d107c70ba6592c240f7cc2025dc075d1759a23d4066ce0857ef050964f95aeb2d9f449f246008baa9c00bc3d302af521110474073bfb60846

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\images\icons\[email protected]

Filesize
1KB

MD5
b0a31afa51b89db05b4141efe4328107

SHA1
dff7edf376d3000dbe9186707eacdcb64da3c789

SHA256
da792cd0bbd36f0106d917981685c0c1394006664bda916cf1cc8ac72c8513ad

SHA512
af135086b648242df037c0a2d63bd71208eaef6da6122e848130a8bf88216240191e0352054fd7801ddef9ebf42d8862beffa106d66e790a0451dc72d1f0b47e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\images\icons\[email protected]

Filesize
2KB

MD5
fd3a350e0cc44dbae8c59dab5d0a154e

SHA1
881a47d466a784a4fe030245ac3086701ec11a22

SHA256
87c853f49eff0b3c2ccd7b04569ab62fb0cc8ffbd6907ef392bc98b2fa4911f1

SHA512
f818818996f447095324a105ab93d0839192d5b39520fa6589ced6be38e9044394b1f83e26d642ae5b56481688879ddc0b834287156f8b86f55734eeaa8a33b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\images\icons\logo_npw_16.png

Filesize
687B

MD5
4793180ca4eafaf179279ee4e299c32a

SHA1
439feb29af709481064392ad341f7390a1589654

SHA256
afe86d4db5a8d061994f67fad37d446f2f24cf51f12093066c8a1c0f3f2a17dc

SHA512
f48564ab075d393018ae6b72bb2638800b35e2a283256a0aa428d5974cf05b65cffe5e59b0a35b7264fba1230a48b73eee2192b43af0f0f394128202a74e62a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\images\icons\logo_npw_32.png

Filesize
1KB

MD5
df50b6c8bf4b4cf7068822283323625c

SHA1
7ec8a127c4f27879ca9619de041240b34e4d64a1

SHA256
3a85ed71003abfdb0bb79e2163490f552a5aafe4a6053ac9bd94424084296a8d

SHA512
c7337e4f85df5e216f8de6006ab3c6ed7e6aee5baa7acb1c0a2aea78f785848c2a242fa8e7054112b4ccb28fc8afb941a2ae5af770b4ab9ce5006d04140e23d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\images\icons\logo_npw_48.png

Filesize
1KB

MD5
5ab0dd28394f07e8a5e870dde4ded395

SHA1
798bac16f1532f810a887464a6e7d51d4a99a167

SHA256
54642aeb03180bd513514201b88db2b3cf8f3d0c2b00f1c8e10949cd6732fc1e

SHA512
243c2507683d3ed1ba519c0be7a7552e2ad9b7dd231484a8cca38b32c49b62f678bbb59c9c644e8291770aaa62afdb65f2bbc6fa1a549c9d5f2c45ea08239086

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1398135947\CRX_INSTALL\manifest.json

Filesize
8KB

MD5
2ee4a68f837e853b4f3432b03cb32ed6

SHA1
6bf29439f02cf4e1ef2a7fa85234c66ac1e3113a

SHA256
b71e70eef1f724532e1484ea7ac29ca7278b4d999e561acb374af43e323a294d

SHA512
2b91e5ba3b4afb3cc55c5fdeb2a231af7942d4df6167cdd45073ab95865d66cc496b6fc28f9957b12ecb97f6093c6c32cd3dd1e8d570a04bfbb39fb1e080db19

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_148641255\CRX_INSTALL\_locales\en\messages.json

Filesize
117B

MD5
74a52ce07440d9e5bcbe569c8dd73de5

SHA1
016c3ea39bc7083440c5009d653009071cf9f5cf

SHA256
b8569fb90bf00a0477e6c7094b237a8c16f9ccbf9d81cdb9a7ef85359339cd82

SHA512
f174e3f5d9b261aef840b54b8594b318697301c6f400649a6e8f9651eb9dee8bb7bda2d60a94a2a36c6025d795f6366b86941bb2541a9485315c14ac2ebbf898

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_148641255\CRX_INSTALL\img\icons\icon16.png

Filesize
778B

MD5
222b4b192c108b61499f5cd6f2163644

SHA1
9f286e3ac74c2c9ef0cbf19d05958d0b07e7caf7

SHA256
3bb2e292950e5c073ae0b37a99916ddbb123fcfc3bb68450b0c04407e496e438

SHA512
6e9d6da34e654b9a1d9144ec14cc5b3a93a8128a91c94827d34a07db147ff32bda890d70b5ec6015da2e4acc05fb3c0ab60d3adfc7f58a5c4d3db9a8c7754688

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_148641255\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
0b4c42cec2e71bdb7c6f0a62da08578d

SHA1
02f076a18514385dba902fb4b8407e8f62c417ec

SHA256
a39e63fe50555cc99fb0ed6561596207bd0ee405d404b7caed43c8b945bb80e2

SHA512
c82dc0875671a5a549d16a6bcd0abe20cf40e7a41bef5f4e3deb9ca14bcc868d7d3354c3e9c055b1047b5ae1410685519d0b3754f52e802b6036255bdd3f14cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1967141497\CRX_INSTALL\_locales\en\messages.json

Filesize
6KB

MD5
5719d23550c268a3c134893508e25c9f

SHA1
2fd9092d510741f262330d94fd1c58b1992cfe4b

SHA256
731d06d051e82babd981858f28766f57a4c7322dae04eb377dd847e8c57a0b14

SHA512
2036c271b9fd459b84b1e24705eedbbe9c65b08b5819ca0f8d3f9b577d92e1fa7773e3480e5bb54fb265dded72cea799a230c3030af1929e84721ed054b1be6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1967141497\CRX_INSTALL\js\options.bundle.js.LICENSE.txt

Filesize
1KB

MD5
248e8de01e2bbb4e192fd513a6f8c548

SHA1
36a74ab7d7491090895ce2183154d268e5ce4937

SHA256
027f922a17d3a0dbdc7767b0ca494cb3c1865d5446a1969fa2c06cbb3bfa87a5

SHA512
cb78d6295aaa9c49771d6586aa5461d214443a63930c600740ddb0c8017be09ab8733f3651f2aaec627a9b99002b8f05b9166f8e74c432a1f344e0d7fdcca6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_1967141497\CRX_INSTALL\manifest.json

Filesize
2KB

MD5
b51b00b5e710b6db257815a2e60f827f

SHA1
fd4caaebbad216b517e9d36fc7e1179813216037

SHA256
26da4e6b32375b1b048a439a8d7d0f9707831d178560cfb81c47881b935bb0e9

SHA512
add0e646c0ba71852cee29a3d5d2d7350fe50fb44d930c5a437e16a746efceb1bda47983147f2d115bc48a948eff44e307a4dd2bc383a5cb3b0b789cd0c2e946

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_646853287\CRX_INSTALL\manifest.json

Filesize
877B

MD5
591521c9ac32ceef3727d495fc13e54a

SHA1
c9650fd62de4c25f2b0a546de62de9ca59ee440e

SHA256
f446cc703b90155fa48eae7fe546391cca4ca707db51834f090b68c86dc848a8

SHA512
a22b2126979708d5936977af006478958d231ed62363622cf00d6d70853ff75bc950415dd30358758840ca5430a1d752252cb2d25460b80410bc218bd5e0d695

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_873789362\CRX_INSTALL\_locales\en\messages.json

Filesize
1KB

MD5
001f612251bd4eb1f259522a4aea5366

SHA1
8ff5d37e52ed798f194e6be9149b4cc466f655ef

SHA256
1bc874db115267c117d0e4b23456a76723cd76cf75570e88c191903a8f19fd97

SHA512
09ae93b2311d1d60baaea017572da0cce5e1816104aeb1764faf72dc2052602e73e326a6198f3bc82d2e22b4ecdd7f81746c375d79c0214768be7eab7b808b2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5396_873789362\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
7dfa937ed6a04c213203011e78f950f9

SHA1
95a112e4ad15e948c53768656dd5f5d84b2c88eb

SHA256
db01f1d7c930954fe946093229d05672096cfce86270110fcbdfd7b200a8e5c3

SHA512
1400b1806ce6feb688b525acc731fd350da1087686ced3bd3ad143824c0612f9ec32c1df205af250c5827342db78d1f7fcd24599e9502cba6774fe4cc87b14f3

Download Submit
C:\Users\Admin\Downloads\FileZilla_3.65.0_win64_sponsored2-setup.exe

Filesize
12.0MB

MD5
f0c3769e336e0c1e3f970046e7df2f88

SHA1
eb821b3f13dd97fc4d125b6e347b8728e4b7f81f

SHA256
9a64bf4d9031ecea57bdc250d4bcc39c607047a230e62646b383ace8c12d5d49

SHA512
0e01502c4456890bd84b5038165c3009d7a5e1d6cdf885868ab48240c2aebcebd8b0f76490132b0390a26198316f664fbd32425e96941bdaa17297fe4e487639

Download Submit
C:\Users\Admin\Downloads\FileZilla_3.65.0_win64_sponsored2-setup.exe

Filesize
12.0MB

MD5
f0c3769e336e0c1e3f970046e7df2f88

SHA1
eb821b3f13dd97fc4d125b6e347b8728e4b7f81f

SHA256
9a64bf4d9031ecea57bdc250d4bcc39c607047a230e62646b383ace8c12d5d49

SHA512
0e01502c4456890bd84b5038165c3009d7a5e1d6cdf885868ab48240c2aebcebd8b0f76490132b0390a26198316f664fbd32425e96941bdaa17297fe4e487639

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 243390.crdownload

Filesize
12.0MB

MD5
f0c3769e336e0c1e3f970046e7df2f88

SHA1
eb821b3f13dd97fc4d125b6e347b8728e4b7f81f

SHA256
9a64bf4d9031ecea57bdc250d4bcc39c607047a230e62646b383ace8c12d5d49

SHA512
0e01502c4456890bd84b5038165c3009d7a5e1d6cdf885868ab48240c2aebcebd8b0f76490132b0390a26198316f664fbd32425e96941bdaa17297fe4e487639

Download Submit
C:\Windows\Installer\e5d23da.msi

Filesize
32KB

MD5
079852b401b4c83a1982255dcfd795b3

SHA1
4c54232099461decad52f45f827503b7c40c8bd0

SHA256
1f0cbf6de9a292e02474d32763d54f22108fb15226bd4d2d5b8113c3207a1248

SHA512
1f07204fcd763fbfda6d535f9cf4c9971045cbff3127a2464e46529a8e59ff5269490ed5ab74f71fd957f0abf3b42d2cf8258f12738d543097ec0df89e8ffb2c

Download Submit
\Program Files (x86)\GUM8826.tmp\goopdate.dll

Filesize
1.6MB

MD5
5f2d68d3fdaeb09ae78622a5ae59fce0

SHA1
d959c2a9e03c0c4017682c5f48eb1bbd84dd796e

SHA256
f2af299be74ebbfd19bb476d66bde4d55bfb571004b6349eb5ef1971955f683f

SHA512
d0f9ba99df9153a8487fd0c4a3f81c0138aeabaaed9875a8e175531e2bdf18f7b89ae14cf52bf7f546b3b5076b87080096d5c15558b9bd16a44585c0c0171c54

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7617.tmp\JsisPlugins.dll

Filesize
2.1MB

MD5
7dd62c8333bd819efa4f6cc0bade208a

SHA1
5a9f502239eb557826fc6a272747f5fb367ae567

SHA256
fca81d6c74326a1ad4b1071c566ca71846919e9be0376cff682aa033ed51c979

SHA512
03e9614c839e91aa45bcc434d11c41fab9eb3cdbe2492dd747361b9da7bd300bfed53ef310bace2e1ef3da01db5e834f85b33cac635cb7fe2e089046a154d27b

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7617.tmp\Midex.dll

Filesize
126KB

MD5
ef03372728aae78a23b9cda082852d38

SHA1
8819fac7fff0b4cf7afdb1c8d1523513b0d49823

SHA256
75487fb7cd1ee4534615b22b559f55819349c2abf138b8d6e773a18e05df231f

SHA512
5d6181de9e61c5170feca9aa4567d92d0433480d4ed247b0d840be4c07f8d79099009e1bed5ae02e57eff0f2297fb05dcd0896d267325d96f5c23684acc65911

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7617.tmp\Midex.dll

Filesize
126KB

MD5
ef03372728aae78a23b9cda082852d38

SHA1
8819fac7fff0b4cf7afdb1c8d1523513b0d49823

SHA256
75487fb7cd1ee4534615b22b559f55819349c2abf138b8d6e773a18e05df231f

SHA512
5d6181de9e61c5170feca9aa4567d92d0433480d4ed247b0d840be4c07f8d79099009e1bed5ae02e57eff0f2297fb05dcd0896d267325d96f5c23684acc65911

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7617.tmp\StdUtils.dll

Filesize
195KB

MD5
068bb413f09277572b7eb1642ca7cf10

SHA1
b9941d69998a86c7dd108ac6761c4c47d8641249

SHA256
646ca163c54641b467e54d987065afb808a9b0e88bacd5b2f3105b8540f4a6af

SHA512
787e5751b377c2a88045e491bcd7dac4a03ac78a01b4001a9a34f55b927f6e524279170cc72c61b43e8b094aa7d6da2700aa4619832ee41f71e83370ab8042d7

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7617.tmp\jsis.dll

Filesize
127KB

MD5
fbf7fb142ea4161bba1bf0280f5ccc5e

SHA1
9e4ca8435cb7d8c76688ebaddd39a99313912642

SHA256
bbaf0835023c56ff0a0d666014945ade5f1460e100162d7694eeb7a56e56188d

SHA512
3d1a675485bbd66d0b67c6a91e9d95ca749ac75e3cb8f4f02640af459f5a201f5a3a0ae0abc09219c6c5ee6eec54c2ccbe7570cd98e0c61bf92652798fd4f2da

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7617.tmp\nsJSON.dll

Filesize
36KB

MD5
38533e4153a8ee2965443e2b2343321e

SHA1
d732a54ae9ff62e9a251e30558c155e48c211f25

SHA256
6e7c731ec897e491e4091e6fa721ef4f0433d8657712d1fe70ffca88991f1c95

SHA512
60409409ed7488eee1c93693d3c4af03184e561424442774d0ce4b96cecc019464f7a48344f3eaf9b0ff2e705fc849129ece58c43b003ba34e5687a1d7c0097e

Download Submit
\Users\Admin\AppData\Local\Temp\nsj7617.tmp\thirdparty.dll

Filesize
93KB

MD5
5385524755c7bd7b7117f02ad93fdd65

SHA1
69c8851231ea6852cc51c0f273457bf279014a3c

SHA256
43f086367f66e98b34d8c70135d6475778dd76102026509715bd1ae8b6577480

SHA512
9bb40181b008283c870ae072e926fffb1000fcf680277a92861953b9bb32f7daa95bdb5e0ae2bc9de0cdb300a1d9f956d34953c85ecf640ce5404ae72be52566

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\StartMenu.dll

Filesize
7KB

MD5
6b7073967487c24d08e88c208a1626fa

SHA1
f75f9dd095558b3c03b1647fe23c0869634bd9cc

SHA256
c91c61861cf22d1e9cd14dbba163573b2bd3d03dc72fcb1512879e4f3ab3b276

SHA512
31e1962b761bb0304905287f8ef33bf244b05ce1490723b98134dff0cc55956295d979086c350457fa5f6618868e431f1fc2d34afb4437ada15839ae4836f6f7

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\System.dll

Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\System.dll

Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\UserInfo.dll

Filesize
4KB

MD5
98ff85b635d9114a9f6a0cd7b9b649d0

SHA1
7a51b13aa86a445a2161fa1a567cdaecaa5c97c4

SHA256
933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de

SHA512
562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\UserInfo.dll

Filesize
4KB

MD5
98ff85b635d9114a9f6a0cd7b9b649d0

SHA1
7a51b13aa86a445a2161fa1a567cdaecaa5c97c4

SHA256
933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de

SHA512
562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

Download Submit
\Users\Admin\AppData\Local\Temp\nsl81B.tmp\nsDialogs.dll

Filesize
9KB

MD5
48f3e7860e1de2b4e63ec744a5e9582a

SHA1
420c64d802a637c75a53efc8f748e1aede3d6dc6

SHA256
6bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156

SHA512
28716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583

Download Submit
\Users\Admin\AppData\Local\Temp\nsq1451.tmp

Filesize
947KB

MD5
610f4eb991ae0db08785dc4a6c1b1fb2

SHA1
0b28c35f1569eec2dd1cd6c8cfdabb349f6e0866

SHA256
6872cf401483b46c9b0456f676cc6f7e810fe11b7831567b187c6228ec4c0857

SHA512
327647555d35f4dcf567579c4750299d8fe8ead866bfc304efd7f2b855bfd659da407c344c8077041310e214d0395d2f0c85c7d504ecf0403b970aca72496f7a

Download Submit
memory/1976-4208-0x00007FF948FB0000-0x00007FF948FC0000-memory.dmp

Filesize
64KB

Download
memory/1976-4209-0x00007FF948D60000-0x00007FF948FA9000-memory.dmp

Filesize
2.3MB

Download
memory/1976-4211-0x00007FF948D60000-0x00007FF948FA9000-memory.dmp

Filesize
2.3MB

Download
memory/3712-1541-0x00007FF94A360000-0x00007FF94A361000-memory.dmp

Filesize
4KB

Download
memory/3712-1540-0x00007FF94A510000-0x00007FF94A511000-memory.dmp

Filesize
4KB

Download
memory/4596-1857-0x00007FF94A5D0000-0x00007FF94A5D1000-memory.dmp

Filesize
4KB

Download