eef17a001a27e328434dfacbe7d2348a4f4fb4dc74b4a38b83970aa25fed721b

General

Target

Symantec_Agent_setup_Server.exe
Size

4.4MB
MD5

bc3c4f9b7b7c43cdea4d7eb8e73609b5
SHA1

150835b42a6a018b7cf98eb03f5a49007d56f860
SHA256

eef17a001a27e328434dfacbe7d2348a4f4fb4dc74b4a38b83970aa25fed721b
SHA512

c31912895f78e1f040ab4d4827e1fae6b55f92b5de0267bcc8f54b72d686f59a3d233805e87b182fede18b289abdb8a66e76a21720f06325a507bd2199081f3e
SSDEEP

98304:1zFqBQg/9nWjyBgf2V0GYhR3TZ086CocmXqxYflkkIC41:BAGgBW/2VEO8LcsY8CU

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Symantec_Agent_setup_Server.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Symantec_Agent_setup.dat

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2088	Symantec_Agent_setup.dat

Modifies system certificate store 2 TTPs 16 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 140000000100000014000000cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 190000000100000010000000c3e08af0e5fa8ddccec00533c45bc3cf030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b104140000000100000014000000246e2b2dd06a925151256901aa9a47a689e7402020000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b10420000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104\Blob = 140000000100000014000000246e2b2dd06a925151256901aa9a47a689e74020030000000100000014000000d6aee31631f7abc56b9de8abeccc4108a626b10420000000010000008f0400003082048b30820373a00302010202100c8ee0c90d6a89158804061ee241f9af300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3238303830313132303030305a3044310b300906035504061302555331153013060355040a130c446967694365727420496e63311e301c06035504031315446967694365727420476c6f62616c20434120473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d3487cbef305865d5bd52f854e4be086ad15ac61cf5baf3e6a0a47fb9a7691600b8a6bcdcfdc577e60980be454d956ed21cc02b65a815f976aee022f2327b86dd4b0e70602780b1f5ca99936febbac1b05fa57cd81104067d6308b5835d49661bed08c7a979f1af922e6142fa9c6e8011fabf8260fac8e4d2c32391d819b8d1c65b21cdb61a8892f60e7ebc24a18c46f2ae9109209ed17d1002be67def0489144e33a1b20f97879fb3a0cd2fbc2cecb88368313d1fd54a9010190b8195d6297651f93676d0b7097a384ad76f8cbf137c39edbaae90fc95f77b7809365e74931e25f0ffd4adae686bc6ff0fd535f1556e4849f8f8b8ef88f8f15e1177aadf02b30203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d307b0603551d1f047430723037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c3037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053301d0603551d0e04160414246e2b2dd06a925151256901aa9a47a689e74020301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b050003820101000b398491f997ebaa81af84e95a3892fce26c59bf36c845a7310311e106c0ac32c75a5529da4f4002f5a1deb0eddec0f8f6759d76b987fe41807acf5de300c65b02e69b7862c9dcb8629a77ed8908d74bc5fd43d5622327c404596d713f235bead9f2e724276ff49580db962ce4548bcfea19d97f5599517a0e2d183d785852bc6368570bdd44b3574a60e6c870705b87286ad73b4e524519af24069248111a8baeac181257ac03cbb8f4bdca260ea7c1dde333efc055300d95594e9c033606f8c08f14999c4d2a9ec1e17d3baf72a745ba1396294e19d01a9806f4379417ada318ba3eb0010c95d6293520357df51060e4f768621eec19e124f28711ace90880	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_setup_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D6AEE31631F7ABC56B9DE8ABECCC4108A626B104	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331332000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	Symantec_Agent_setup_Server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 19000000010000001000000014c3bd3549ee225aece13734ad8ca0b8030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a41400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f392000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\495847A93187CFB8C71F840CB7B41497AD95C64F\Blob = 1900000001000000100000003c31c095e651fa664cbfb198e9c0c008030000000100000014000000495847a93187cfb8c71f840cb7b41497ad95c64f140000000100000014000000cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d20000000010000000e0600003082060a308204f2a00302010202105200e5aa2556fc1a86ed96c9d44b33c7300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3130303230383030303030305a170d3230303230373233353935395a3081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e67203230313020434130820122300d06092a864886f70d01010105000382010f003082010a0282010100f5234b5ea5d78abb32e9d457f7efe4c7267ead1998fea89d7d94f6366b10d77581307f04687fcb2b751ecd1d088cdf6994a737a39c7b80e099e1ee374d5fce3b14ee86d4d0f52735bc250b38a78c639d17a308a5abb0fbcd6a62824cd521da1bd9f1e3843b8a2a4f855b90014fc9a776107f27037cbeae7e7dc1ddf905bc1b489c69e7c0a43c3c41003edf96e5c5e49471d65501c700264a403cb5a126a90ca76d808e90257bcfbf3f1ceb2f96fae58777c6b556b27a3b5430531bdf6234ff1ed1f45a932885e54c174e7e5bfda493997fdfcdefa475efef15f647e7f81972d82e341aa6b4a74c7ebdbb4f0c3d57f130d6a6368ed68076d7192ea5cd7e342d890203010001a38201fe308201fa30120603551d130101ff040830060101ff02010030700603551d20046930673065060b6086480186f845010717033056302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f637073302a06082b06010505070202301e1a1c68747470733a2f2f7777772e766572697369676e2e636f6d2f727061300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e67696630340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e766572697369676e2e636f6d2f706361332d67352e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d301d0603551d250416301406082b0601050507030206082b0601050507030330280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d38301d0603551d0e04160414cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301f0603551d230418301680147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d010105050003820101005622e634a4c461cb48b901ad56a8640fd98c91c4bbcc0ce5ad7aa0227fdf47384a2d6cd17f711a7cec70a9b1f04fe40f0c53fa155efe749849248581261c911447b04c638cbba134d4c645e80d85267303d0a98c646ddc7192e645056015595139fc58146bfed4a4ed796b080c4172e737220609be23e93f449a1ee9619dccb1905cfc3dd28dac423d6536d4b43d40288f9b10cf2326cc4b20cb901f5d8c4c34ca3cd8e537d66fa520bd34eb26d9ae0de7c59af7a1b42191336f86e858bb257c740e58fe751b633fce317c9b8f1b969ec55376845b9cad91faaced93ba5dc82153c2825363af120d5087111b3d5452968a2c9c3d921a089a052ec793a54891d3	Symantec_Agent_setup_Server.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4\Blob = 1400000001000000140000004e2254201895e6e36ee60ffafab912ed06178f39030000000100000014000000df3c24f9bfd666761b268073fe06d1cc8d4f82a42000000001000000920300003082038e30820276a0030201020210033af1e6a711a9a0bb2864b11d09fae5300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3133303830313132303030305a170d3338303131353132303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bb37cd34dc7b6bc9b26890ad4a75ff46ba210a088df51954c9fb88dbf3aef23a89913c7ae6ab061a6bcfac2de85e092444ba629a7ed6a3a87ee054752005ac50b79c631a6c30dcda1f19b1d71edefdd7e0cb948337aeec1f434edd7b2cd2bd2ea52fe4a9b8ad3ad499a4b625e99b6b00609260ff4f214918f76790ab61069c8ff2bae9b4e992326bb5f357e85d1bcd8c1dab95049549f3352d96e3496ddd77e3fb494bb4ac5507a98f95b3b423bb4c6d45f0f6a9b29530b4fd4c558c274a57147c829dcd7392d3164a060c8c50d18f1e09be17a1e621cafd83e510bc83a50ac46728f67314143d4676c387148921344daf0f450ca649a1babb9cc5b1338329850203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604144e2254201895e6e36ee60ffafab912ed06178f39300d06092a864886f70d01010b05000382010100606728946f0e4863eb31ddea6718d5897d3cc58b4a7fe9bedb2b17dfb05f73772a3213398167428423f2456735ec88bff88fb0610c34a4ae204c84c6dbf835e176d9dfa642bbc74408867f3674245ada6c0d145935bdf249ddb61fc9b30d472a3d992fbb5cbbb5d420e1995f534615db689bf0f330d53e31e28d849ee38adada963e3513a55ff0f970507047411157194ec08fae06c49513172f1b259f75f2b18e99a16f13b14171fe882ac84f102055d7f31445e5e044f4ea879532930efe5346fa2c9dff8b22b94bd90945a4dea4b89a58dd1b7d529f8e59438881a49e26d56faddd0dc6377ded03921be5775f76ee3c8dc45d565ba2d9666eb33537e532b6	Symantec_Agent_setup_Server.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3880	Symantec_Agent_setup_Server.exe
3880	Symantec_Agent_setup_Server.exe
2088	Symantec_Agent_setup.dat
2088	Symantec_Agent_setup.dat

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2088	Symantec_Agent_setup.dat
2088	Symantec_Agent_setup.dat

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2088	Symantec_Agent_setup.dat
2088	Symantec_Agent_setup.dat

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 2088	3880	Symantec_Agent_setup_Server.exe	89
PID 3880 wrote to memory of 2088	3880	Symantec_Agent_setup_Server.exe	89
PID 3880 wrote to memory of 2088	3880	Symantec_Agent_setup_Server.exe	89

C:\Users\Admin\AppData\Local\Temp\Symantec_Agent_setup_Server.exe
"C:\Users\Admin\AppData\Local\Temp\Symantec_Agent_setup_Server.exe"
1⤵
- Checks whether UAC is enabled
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat
  "C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat" /r
  2⤵
  - Checks whether UAC is enabled
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Symantec\FSD\FSDLauncher-2023-12-29-12h42m28s.log

Filesize
17KB

MD5
79deebb6e8a7a753dee1f408bd3e8295

SHA1
6e523451607df1bea3ea29b8752e07c2f50ae537

SHA256
2123dd8e07a1bdb31afdfa6c7ff7e2c1b13f5acc9d0d1c847cbb609a6a958c19

SHA512
cc32e40e3e4bd5a85aea984a54cfcee816cf01c28bcb52571820255386e7863c61adbee4b7100fdc7fee75a4dfc609b582b9d9e1d8a7960f3148d72dc3846039

Download Submit
C:\ProgramData\Symantec\FSD\bin\Symantec_Agent_setup.exe

Filesize
1.3MB

MD5
4e97f144b6060ee22a86616f2a6398b5

SHA1
aed5d59c3933aef6dba0ebefc28a43748e69fee2

SHA256
024dabd48bb545b0cbfeb1e0e96da38700edecdb183dbb1dd05b89a9e3fd10d5

SHA512
580a7cf92afec20711011b443053b86d2ab8863174fe35b38e1d4e6d525d3f443088f25b5809f8a0f4f52490fedd71c58504d0cdd2489321be37474d802d21ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp566D.tmp

Filesize
4KB

MD5
661e8ccf7182f1ad0b3774fef08b633d

SHA1
d571cb2a1263af6251c75ae5fe2249fff3fab72a

SHA256
7124ce12edbe629ab084b603901ba8dec0cb497bca0f74f9e953f9e8e82a3066

SHA512
0ad26d4027e89afd5f388ecd701da4de8b447bde8dd1c4d8582bcad3e52833d92eaabaf1fe235e83bdfc320231927ac2b5420c47e0ecb3a8fc3c2cb3a75fe7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp569D.tmp

Filesize
1KB

MD5
78ff5e740204e0e244a6d43d7b078f39

SHA1
097008df39ff9f8b23834981bfb31f58e70d92ef

SHA256
c13116656282407ad0eaf70d8eb4981c92e559d1f9174c50fb1d2931fbacf6ec

SHA512
7ecba0fc2dc8056ba73482a143fc22b1e0d83e3e02430010dc5aafeb73d2c62cf960f2bd25d3ce5345b952ba999fbfb9fcac9c3aa86963f1221c3c1d60e12781

Download Submit
C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
1.6MB

MD5
25104503f9b319e3fc9122260d2dbcfe

SHA1
8253bab2a9a04702d2c9a6f8afcdcbee051a065d

SHA256
2f484db41e503eb34692e4137351d6397441cc3a5eca86a73ccd8cf43b5dd616

SHA512
f0960a8585a82778191591a07706de3a930598168025e19babe1e899e8d6152602534d5950f8e1bab44d08ffd0e16bfa6c94b0597c2d9eb8f774a8b25b49e9c0

Download Submit
C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
1.5MB

MD5
e9f8a084e00a455acc2510bb0fdedcdb

SHA1
b889f5dd6e6742365cbe385ce8d7d51e4ca9aa22

SHA256
1397b07a734d68b0e99e4004be00dce37361b479d35351f085abd358aa060f45

SHA512
f6a8024f64c3a3cb30dc7371ca75d3f1a6dde98c65c7bd30e82e1237de9fce40922ebac2695f2555e212860f2b208a6a4cd03e333b7aa96998c9efb4a02e5c49

Download Submit
C:\Users\Public\Downloads\Symantec\{SA143RU8-4Q23S6}_x64\Symantec_Agent_Package\Symantec_Agent_setup.dat

Filesize
1.4MB

MD5
fac4ca0700d525725fd24822698c8385

SHA1
6a76fd926dd6b6fb00ab1aad9e563b7e95949e45

SHA256
a3b9c97e82e581f759d2b428589a304e1bf5806b3ce5e412aa1c6adb9fa55c83

SHA512
b862038dfc79cc7dfba93dd866b43918749e7924f6fb530495320086c2f34aebeece70d4da1cea8e65edb581ef293092a80d421040f94f41076b3fe483f21c1c

Download Submit

Analysis

Sharing