Windows Analysis Report
https://my.norton.com/extspa/llonboard/idv/form2

Overview

General Information

Sample URL:	https://my.norton.com/extspa/llonboard/idv/form2
Analysis ID:	1541107
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Classification

Signatures

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49733 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /symantec/cp1/Bootstrap.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/Bootstrap.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://my.norton.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2 HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Host: symantec.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic	HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=eeb7662070774edca038572e87dc71ba&mboxPC=&mboxPage=3e7eff5657134cacaa417b72c58a02fb&mboxRid=95487b1c763d4bf3aaa4b0e06803d432&mboxVersion=1.8.3&mboxCount=1&mboxTime=1729751529194&mboxHost=my.norton.com&mboxURL=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&mboxReferrer=&mboxXDomain=enabled&browserHeight=907&browserWidth=1280&browserTimeOffset=-240&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&Promocode=&profile.TCG=&vendor_type=&program_type=&site_country=&site_section=&content_title=&site_language=&traffic_source=&ExistingCustomer=&site_sub_section=&profile.promocode=&current_subchannel=&site_content_title=&original_subchannel=&profile.vendor_type=&profile.program_type=&profile.site_country=&site_sub_sub_section=&%20profile.site_section=&profile.site_language=&profile.%20traffic_source=&profile.ExistingCustomer=&profile.%20site_sub_section=&profile.current_subchannel=&profile.site_content_title=&profile.original_subchannel=&mboxMCSDID=39192FC575EFDA9E-79DEBE6A3E839DD8&mboxMCGVID=87272364839168777360339105128304970746&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://my.norton.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2 HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130 HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=eeb7662070774edca038572e87dc71ba&mboxPC=&mboxPage=3e7eff5657134cacaa417b72c58a02fb&mboxRid=95487b1c763d4bf3aaa4b0e06803d432&mboxVersion=1.8.3&mboxCount=1&mboxTime=1729751529194&mboxHost=my.norton.com&mboxURL=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&mboxReferrer=&mboxXDomain=enabled&browserHeight=907&browserWidth=1280&browserTimeOffset=-240&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&Promocode=&profile.TCG=&vendor_type=&program_type=&site_country=&site_section=&content_title=&site_language=&traffic_source=&ExistingCustomer=&site_sub_section=&profile.promocode=&current_subchannel=&site_content_title=&original_subchannel=&profile.vendor_type=&profile.program_type=&profile.site_country=&site_sub_sub_section=&%20profile.site_section=&profile.site_language=&profile.%20traffic_source=&profile.ExistingCustomer=&profile.%20site_sub_section=&profile.current_subchannel=&profile.site_content_title=&profile.original_subchannel=&mboxMCSDID=39192FC575EFDA9E-79DEBE6A3E839DD8&mboxMCGVID=87272364839168777360339105128304970746&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: symantec!mboxSession=eeb7662070774edca038572e87dc71ba; symantec!mboxPC=eeb7662070774edca038572e87dc71ba.37_0
Source: global traffic	HTTP traffic detected: GET /error/e.gif?msg=mboxFactoryDefault%20is%20not%20defined&lnn=-1&fn=&cid=21&client=symantec&publishPath=cp1&rid=300053&did=167100&errorName=ReferenceError HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130 HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763; dpm=87432529198126374650360190330118866763
Source: global traffic	HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.norton.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; mbox=session#eeb7662070774edca038572e87dc71ba#1729767792\|PC#eeb7662070774edca038572e87dc71ba.37_0#1793010732; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20021%7CMCMID%7C87272364839168777360339105128304970746%7CMCAAMLH-1730370730%7C6%7CMCAAMB-1730370730%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729773130s%7CNONE%7CMCSYNCSOP%7C411-20028%7CvVersion%7C5.5.0; s_nr=1729765934933-New; event69=event69; channelStack=s_eVar72~mynorton; s_tbm=true; s_gpv=mynorton%3Aus%3Alifelock; s_gpv_custom=mynorton%3Alifelock; s_cc=true
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlKHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.norton.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; mbox=session#eeb7662070774edca038572e87dc71ba#1729767792\|PC#eeb7662070774edca038572e87dc71ba.37_0#1793010732; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20021%7CMCMID%7C87272364839168777360339105128304970746%7CMCAAMLH-1730370730%7C6%7CMCAAMB-1730370730%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729773130s%7CNONE%7CMCSYNCSOP%7C411-20028%7CvVersion%7C5.5.0; s_nr=1729765934933-New; event69=event69; channelStack=s_eVar72~mynorton; s_tbm=true; s_gpv=mynorton%3Aus%3Alifelock; s_gpv_custom=mynorton%3Alifelock; s_cc=true
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlKHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/action/5441611.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /action/0?ti=5441611&Ver=2&mid=8c334c8f-32ac-4c88-b600-ee9d8553bcf6&bo=1&sid=40e9d39091f311ef95348b02c946a95b&vid=40ea030091f311ef84760da8773eaf28&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Norton%20-%20My%20Subscription&p=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&r=&lt=8208&evt=pageLoad&sv=1&cdb=AQAQ&rn=227139 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/action/5441611.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: my.norton.com
Source: global traffic	DNS traffic detected: DNS query: webapps.norton.com
Source: global traffic	DNS traffic detected: DNS query: static.nortoncdn.com
Source: global traffic	DNS traffic detected: DNS query: nexus.ensighten.com
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic	DNS traffic detected: DNS query: www.nortonlifelock.com
Source: global traffic	DNS traffic detected: DNS query: symantec.demdex.net
Source: global traffic	DNS traffic detected: DNS query: symantec.tt.omtrdc.net
Source: global traffic	DNS traffic detected: DNS query: cm.everesttech.net
Source: global traffic	DNS traffic detected: DNS query: oms.norton.com

Source: chromecache_126.2.dr, chromecache_133.2.dr	String found in binary or memory: https://assets.adobedtm.com/launch-EN1cc7556280444b10a3c687a73ed01baa.js
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_134.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_134.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_116.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_116.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_124.2.dr, chromecache_111.2.dr	String found in binary or memory: https://static.nortoncdn.com/static/nmpcdn/static/nmp2024.3.20.989/dist/llonboard/norton/
Source: chromecache_116.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_130.2.dr, chromecache_116.2.dr, chromecache_99.2.dr, chromecache_118.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__.
Source: chromecache_99.2.dr, chromecache_118.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49733 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/77@46/15

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,4355322394269608029,16993460720195172481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://my.norton.com/extspa/llonboard/idv/form2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,4355322394269608029,16993460720195172481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.17.240.122	unknown	United States	16509	AMAZON-02US	false
52.208.241.210	unknown	United States	16509	AMAZON-02US	false
66.235.152.225	adobetarget.data.adobedc.net	United States	15224	OMNITUREUS	false
63.140.62.222	norton.com.ssl.sc.omtrdc.net	United States	15224	OMNITUREUS	false
65.9.66.72	d2pz9khpjpljz2.cloudfront.net	United States	16509	AMAZON-02US	false
150.171.28.10	ax-0001.ax-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
65.9.66.103	unknown	United States	16509	AMAZON-02US	false
142.250.186.36	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
63.140.62.17	unknown	United States	15224	OMNITUREUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
150.171.29.10	ax-0001.ax-dc-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
52.214.221.135	dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.8

Contacted Domains

Name	IP	Active
adobetarget.data.adobedc.net	66.235.152.225	true
d2pz9khpjpljz2.cloudfront.net	65.9.66.72	true
ax-0001.ax-dc-msedge.net	150.171.29.10	true
norton.com.ssl.sc.omtrdc.net	63.140.62.222	true
www.google.com	142.250.185.132	true
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com	52.214.221.135	true
ax-0001.ax-msedge.net	150.171.28.10	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
symantec.tt.omtrdc.net	unknown	unknown
oms.norton.com	unknown	unknown
assets.adobedtm.com	unknown	unknown
www.nortonlifelock.com	unknown	unknown
my.norton.com	unknown	unknown
webapps.norton.com	unknown	unknown
dpm.demdex.net	unknown	unknown
cm.everesttech.net	unknown	unknown
nexus.ensighten.com	unknown	unknown
symantec.demdex.net	unknown	unknown
static.nortoncdn.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://my.norton.com/extspa/llonboard/idv/llVerify	false	unknown
https://nexus.ensighten.com/symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2	false	unknown
https://nexus.ensighten.com/symantec/cp1/Bootstrap.js	false	unknown
https://nexus.ensighten.com/error/e.gif?msg=mboxFactoryDefault%20is%20not%20defined&lnn=-1&fn=&cid=21&client=symantec&publishPath=cp1&rid=300053&did=167100&errorName=ReferenceError	false	unknown
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179	false	unknown
https://oms.norton.com/b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1	false	unknown
https://symantec.demdex.net/dest5.html?d_nsid=0	false	unknown
https://nexus.ensighten.com/symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js	false	unknown
https://my.norton.com/extspa/llonboard/idv/form2	false	unknown
https://nexus.ensighten.com/symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130	false	unknown
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	AF7220BBAEA7CC28A4E8D3B9CBBFDA2A	08617E31A0E73466628FF197CAA86A2C6BD7AD06	244BA6BE04149A96E97AE635D5ACCC09624582A075A5B808BCF98B113AC39A52
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	65D76DD4A033814357BF8ECCED272A9A	ABF6AFA9B5C3868B93622B7824DD99D445D7092A	987FFF63E7CCD930C4E35DDA9EDE635D8E9D12AEF87C02E8532DED21FD0EE4CE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	33EA5FAE518483A43BF3F8C0D54BCD07	38B41559B7548F5B09AC5F120428E853E7A37F27	F91A87D3765742D3B5C157D49092212BEF9E3695D368A170A26789DD0DBDF1E3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F37301253BB85E019A9A58E6A177B9A3	58689344176A0FB76085382AB9D830CBBA50C4DE	85D519FAD6B7D0D22BCFB8DE11FCCC6EB7FDECD6C52C6E1919F1A02AC911DEF9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	99CBCD04A5FFAFD76C53E5F9D95A2594	FDDACE91ED01F83764DC4189851A59B704C8E991	636BF82D9954FD235163C0D95DE6455D1B43168A90541AF55B5FBAA2360FFF93
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 24 09:32:06 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4C4A69BFCE5A47522679E928837AD27B	EF2295EEB47F903A41FEC55E91821639F1A9AD94	30ADC5928D4424EA90EA86CCA6A467D65BFCAA2C0A448A542EB38C8FB8FC0F4E
Chrome Cache Entry: 100	SVG Scalable Vector Graphics image	AF5814CCEBEF8C3E8FBAB0FA87C26A62	561B29895AE0B70047DE70DCFEFA5B53AE128810	3AA1951A0D27225ED41318F7A7D077777E198FA6F5DE1951B1A47A784EB2D108
Chrome Cache Entry: 101	JSON data	ED8A9BB99B66523597777BC67C269B0C	1CFF127147DE8E0FFC24E5ED23DF58C409DD3CD7	051B391DC6796E292561D70D3F1ADD113BEBF6CAD27956F6BD774813CAB6CAE3
Chrome Cache Entry: 102	ASCII text, with very long lines (62896)	63D17CCAA3F994B3C69C63430571E0E0	75A6C4CB1013AE10604800142DE52472DF739628	6025F4EC0125F84D3D79527CE2286E2988AF546F55A174DB5DB3EEC14EB7C37D
Chrome Cache Entry: 103	ASCII text, with very long lines (65536), with no line terminators	FEDFDE3AE8DE64009FAC92B702BB7A4F	89EAF9D5349C50A530E11C73318136EBD5960DDC	6D86FA54F7C9D8B51F2F058836AF20178C38447D1B7BA81C358A7847D60BE1A7
Chrome Cache Entry: 104	SVG Scalable Vector Graphics image	7ACEDE7F75DA890B8BB3E6754BC9FB73	DDF3443F64A475D4B8FF5D6AD418ADC2581FF6EB	35887C3D3787A7AE6B47F346AC95305B59143275ECDA228715A87F8752EA945C
Chrome Cache Entry: 105	ASCII text, with CRLF line terminators	35DB82FB180E5BCD0BDBE6D93BB22FBF	1177FAC2BF250D1669453585A2151F4186A87AA3	80057B238A62F569F8361C0C724FC6CA5EF4EC6EEE8C15D1FC3D19932BEE1A7C
Chrome Cache Entry: 106	Web Open Font Format (Version 2), TrueType, length 227180, version 1.0	66C6E40883646A7AD993108B2CE2DA32	7A2602D2EBB08CE895E33ADDB6FE595F1029431E	17FE38AB302C7E5DBFB5C3D87801092D79BE958500DB6412ED3BC0F126BD53D3
Chrome Cache Entry: 107	MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel	703BA659B9435E57DDEB9156DB6FC16A	667937FCF6C9F08936FF0740D03603B8BEB3F6AE	0A32B2518C4B3512887E88D605868C8CF4234AADC88673A9458F79D3843D3C7E
Chrome Cache Entry: 108	SVG Scalable Vector Graphics image	26B8EB8D1F8DC899CBFE162495182EA9	B4060384B2EB47C52B6080364458AD6D63B92775	2B71C8CA846D677AD4C917A6C026A20894550B77ED8CF86B01520A22625F869C
Chrome Cache Entry: 109	HTML document, ASCII text, with very long lines (2316), with no line terminators	264E2A36AE7127F27AD92F2452B39B39	213C28827BF957A0EF54F278F8557A167756B944	0F772E655E44D86A0CFDC6E5826F4E7376A0A8FFC7A7A29F8ECBCFC73574350D
Chrome Cache Entry: 110	JSON data	ED8A9BB99B66523597777BC67C269B0C	1CFF127147DE8E0FFC24E5ED23DF58C409DD3CD7	051B391DC6796E292561D70D3F1ADD113BEBF6CAD27956F6BD774813CAB6CAE3
Chrome Cache Entry: 111	ASCII text, with very long lines (1574), with CRLF line terminators	B76EB561F35911133FE0A4D0E249DDFC	6162A245FA038A9A53BE7483A0236E7D614D6AA0	34B19F84FC86EE03F9E23873A7F7955A6618545DEC7256BF76B8FD4850D21EF4
Chrome Cache Entry: 112	SVG Scalable Vector Graphics image	AF5814CCEBEF8C3E8FBAB0FA87C26A62	561B29895AE0B70047DE70DCFEFA5B53AE128810	3AA1951A0D27225ED41318F7A7D077777E198FA6F5DE1951B1A47A784EB2D108
Chrome Cache Entry: 113	SVG Scalable Vector Graphics image	26B8EB8D1F8DC899CBFE162495182EA9	B4060384B2EB47C52B6080364458AD6D63B92775	2B71C8CA846D677AD4C917A6C026A20894550B77ED8CF86B01520A22625F869C
Chrome Cache Entry: 114	SVG Scalable Vector Graphics image	71D1CE5E1F81CE4568AC1E889D62FF60	0A1F7DC489DD6FE3766124D21BD61E1045037C11	6F7A9BFCE9CB32A6D959911B149ACB1BBA1E9125F679924A19A5DDDC5B0968BB
Chrome Cache Entry: 115	JSON data	30450A974A9BE61DAF9AE0D55E065579	3721961C2F62D4AB0A1AEA1AA02F0A5E4224993F	5448B171E2D7792B57DB860B1A58F2EA52F5DCFEA2E1238D60EF62EA1CBEE7C1
Chrome Cache Entry: 116	ASCII text, with very long lines (715)	1D3C12EF7348978206413B2C985D0E37	4C8BF7428BA9FF2C3F9E54C05065604D5C4D6A4C	5AB8F962752071D61B4C1613F2126EAD5A5969B0157509532CB1CC43D1C0486D
Chrome Cache Entry: 117	JSON data	30450A974A9BE61DAF9AE0D55E065579	3721961C2F62D4AB0A1AEA1AA02F0A5E4224993F	5448B171E2D7792B57DB860B1A58F2EA52F5DCFEA2E1238D60EF62EA1CBEE7C1
Chrome Cache Entry: 118	ASCII text, with very long lines (1497), with no line terminators	6672483D641E341A4E17D72C0A892F95	0B2257AC38E830708B472F3A0607F4C9BC747658	CDA8FED4FA8356CEC4E8FE1E0E0858395C2A5BAA23C645023A9CE78033787E21
Chrome Cache Entry: 119	ASCII text, with very long lines (527)	2838622562EA0DFB9F92CC6B6DD0CF0C	FFEAF3B0AFB5F8DA83F643121FCB09054F2E4D33	6FC5C3F9269C3777EC783AF059224740282FAFB4F415B61FA45CA940EE7EB529
Chrome Cache Entry: 120	MS Windows icon resource - 1 icon, 50x50, 32 bits/pixel	703BA659B9435E57DDEB9156DB6FC16A	667937FCF6C9F08936FF0740D03603B8BEB3F6AE	0A32B2518C4B3512887E88D605868C8CF4234AADC88673A9458F79D3843D3C7E
Chrome Cache Entry: 121	HTML document, ASCII text, with very long lines (2316), with no line terminators	264E2A36AE7127F27AD92F2452B39B39	213C28827BF957A0EF54F278F8557A167756B944	0F772E655E44D86A0CFDC6E5826F4E7376A0A8FFC7A7A29F8ECBCFC73574350D
Chrome Cache Entry: 122	ASCII text, with CRLF line terminators	35DB82FB180E5BCD0BDBE6D93BB22FBF	1177FAC2BF250D1669453585A2151F4186A87AA3	80057B238A62F569F8361C0C724FC6CA5EF4EC6EEE8C15D1FC3D19932BEE1A7C
Chrome Cache Entry: 123	Unicode text, UTF-8 text, with very long lines (32054)	6CDA8B6271B502ED1174336D6537D44B	7A5D5256CED6EA8B8C4B88CB08A7EF0CCB13FE62	7CA9E9328C72EAF9F7CB3E12648AD05411A6140291B284D4785E65BB02FB290B
Chrome Cache Entry: 124	ASCII text, with very long lines (1574), with CRLF line terminators	B76EB561F35911133FE0A4D0E249DDFC	6162A245FA038A9A53BE7483A0236E7D614D6AA0	34B19F84FC86EE03F9E23873A7F7955A6618545DEC7256BF76B8FD4850D21EF4
Chrome Cache Entry: 125	ASCII text, with very long lines (520)	693E44CB920A49CD359C9B2A0205281F	FCD3786052B6BAF8AFBEDC240BEE6C70DEA6D3A5	037AEE8B899729D810F4D25B755A1F59062C841462FF650FFDDE54FD1F9C5F93
Chrome Cache Entry: 126	ASCII text, with very long lines (32764)	8C370AB1ABE10490ACA72C000FC8B322	ACBFD69BE4464F254B79DEC3395B5DA454986A42	765BCC5C747A0E4C9BCE94F6132561E4D81CA391BE2BF5D8080C3C04A85CBA08
Chrome Cache Entry: 127	Unicode text, UTF-8 text, with very long lines (51384), with no line terminators	6626C1362840EBFC8F48294E8F023E18	4EC0DFB37C3E536C1B5EC04B68C9846FDBAF9EEF	AABC88A6DB8B22022F96CA88E4F0A7BE426ABEF2B35169A71515A2D55246402A
Chrome Cache Entry: 128	ASCII text, with very long lines (527)	2838622562EA0DFB9F92CC6B6DD0CF0C	FFEAF3B0AFB5F8DA83F643121FCB09054F2E4D33	6FC5C3F9269C3777EC783AF059224740282FAFB4F415B61FA45CA940EE7EB529
Chrome Cache Entry: 129	SVG Scalable Vector Graphics image	71D1CE5E1F81CE4568AC1E889D62FF60	0A1F7DC489DD6FE3766124D21BD61E1045037C11	6F7A9BFCE9CB32A6D959911B149ACB1BBA1E9125F679924A19A5DDDC5B0968BB
Chrome Cache Entry: 130	ASCII text, with very long lines (715)	1D3C12EF7348978206413B2C985D0E37	4C8BF7428BA9FF2C3F9E54C05065604D5C4D6A4C	5AB8F962752071D61B4C1613F2126EAD5A5969B0157509532CB1CC43D1C0486D
Chrome Cache Entry: 131	Unicode text, UTF-8 text, with very long lines (51384), with no line terminators	6626C1362840EBFC8F48294E8F023E18	4EC0DFB37C3E536C1B5EC04B68C9846FDBAF9EEF	AABC88A6DB8B22022F96CA88E4F0A7BE426ABEF2B35169A71515A2D55246402A
Chrome Cache Entry: 132	ASCII text, with very long lines (520)	693E44CB920A49CD359C9B2A0205281F	FCD3786052B6BAF8AFBEDC240BEE6C70DEA6D3A5	037AEE8B899729D810F4D25B755A1F59062C841462FF650FFDDE54FD1F9C5F93
Chrome Cache Entry: 133	ASCII text, with very long lines (32764)	8C370AB1ABE10490ACA72C000FC8B322	ACBFD69BE4464F254B79DEC3395B5DA454986A42	765BCC5C747A0E4C9BCE94F6132561E4D81CA391BE2BF5D8080C3C04A85CBA08
Chrome Cache Entry: 134	ASCII text, with very long lines (20467), with CRLF line terminators	9613A705E99A8B4FF94D62E73C045CAB	B7A7E4DAEF4CE8226D85A2BD6ACCC717A4BF36E7	FA99D528B20ABBC2E0A2AB207E898E88CCAA899740C68C214F09C2BDDF87731F
Chrome Cache Entry: 135	ASCII text, with very long lines (65536), with no line terminators	FEDFDE3AE8DE64009FAC92B702BB7A4F	89EAF9D5349C50A530E11C73318136EBD5960DDC	6D86FA54F7C9D8B51F2F058836AF20178C38447D1B7BA81C358A7847D60BE1A7
Chrome Cache Entry: 136	ASCII text, with very long lines (65536), with no line terminators	105C987B812E43F3437D145C4C06120B	060551C9024628CAF4CE01FA28BB8A8F3F540FDB	408F7272E063EB36014973B8BED5385ACCEE0514270362141B5CF840A6C3C827
Chrome Cache Entry: 137	ASCII text, with very long lines (62896)	63D17CCAA3F994B3C69C63430571E0E0	75A6C4CB1013AE10604800142DE52472DF739628	6025F4EC0125F84D3D79527CE2286E2988AF546F55A174DB5DB3EEC14EB7C37D
Chrome Cache Entry: 138	Web Open Font Format (Version 2), TrueType, length 227180, version 1.0	66C6E40883646A7AD993108B2CE2DA32	7A2602D2EBB08CE895E33ADDB6FE595F1029431E	17FE38AB302C7E5DBFB5C3D87801092D79BE958500DB6412ED3BC0F126BD53D3
Chrome Cache Entry: 93	ASCII text, with very long lines (65536), with no line terminators	105C987B812E43F3437D145C4C06120B	060551C9024628CAF4CE01FA28BB8A8F3F540FDB	408F7272E063EB36014973B8BED5385ACCEE0514270362141B5CF840A6C3C827
Chrome Cache Entry: 94	ASCII text, with very long lines (10139)	42750DF7BDD32AA34C65B67B6F55C15E	B063923A5E425469D6878B4A11F58196A630C50F	F5EB40674C362404C76DBB4A4A26FE0205CDA04093EC29018D18C87AEB5DDC70
Chrome Cache Entry: 95	SVG Scalable Vector Graphics image	7ACEDE7F75DA890B8BB3E6754BC9FB73	DDF3443F64A475D4B8FF5D6AD418ADC2581FF6EB	35887C3D3787A7AE6B47F346AC95305B59143275ECDA228715A87F8752EA945C
Chrome Cache Entry: 96	ASCII text, with very long lines (579)	3DEF7D8F54C898338EBA38E2520C1731	2ED66F9167FD795C56F584532FC5E4AEEED5E2BC	84F3D9F8505420CAD451290F392B2C14EC6AEDE0820F509C84B1B3BA7BFB9B78
Chrome Cache Entry: 97	ASCII text, with very long lines (579)	3DEF7D8F54C898338EBA38E2520C1731	2ED66F9167FD795C56F584532FC5E4AEEED5E2BC	84F3D9F8505420CAD451290F392B2C14EC6AEDE0820F509C84B1B3BA7BFB9B78
Chrome Cache Entry: 98	Unicode text, UTF-8 text, with very long lines (32054)	6CDA8B6271B502ED1174336D6537D44B	7A5D5256CED6EA8B8C4B88CB08A7EF0CCB13FE62	7CA9E9328C72EAF9F7CB3E12648AD05411A6140291B284D4785E65BB02FB290B
Chrome Cache Entry: 99	ASCII text, with very long lines (1497), with no line terminators	6672483D641E341A4E17D72C0A892F95	0B2257AC38E830708B472F3A0607F4C9BC747658	CDA8FED4FA8356CEC4E8FE1E0E0858395C2A5BAA23C645023A9CE78033787E21

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49733 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.51
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27

Source: global traffic	HTTP traffic detected: GET /symantec/cp1/Bootstrap.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/Bootstrap.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: /Origin: https://my.norton.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2 HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Host: symantec.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic	HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=eeb7662070774edca038572e87dc71ba&mboxPC=&mboxPage=3e7eff5657134cacaa417b72c58a02fb&mboxRid=95487b1c763d4bf3aaa4b0e06803d432&mboxVersion=1.8.3&mboxCount=1&mboxTime=1729751529194&mboxHost=my.norton.com&mboxURL=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&mboxReferrer=&mboxXDomain=enabled&browserHeight=907&browserWidth=1280&browserTimeOffset=-240&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&Promocode=&profile.TCG=&vendor_type=&program_type=&site_country=&site_section=&content_title=&site_language=&traffic_source=&ExistingCustomer=&site_sub_section=&profile.promocode=&current_subchannel=&site_content_title=&original_subchannel=&profile.vendor_type=&profile.program_type=&profile.site_country=&site_sub_sub_section=&%20profile.site_section=&profile.site_language=&profile.%20traffic_source=&profile.ExistingCustomer=&profile.%20site_sub_section=&profile.current_subchannel=&profile.site_content_title=&profile.original_subchannel=&mboxMCSDID=39192FC575EFDA9E-79DEBE6A3E839DD8&mboxMCGVID=87272364839168777360339105128304970746&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://my.norton.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1729765929179 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/symantec/cp1/code/&publishedOn=Mon%20Jul%2003%2016:37:09%20GMT%202023&ClientID=21&PageID=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2 HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130 HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /m2/symantec/mbox/json?mbox=sym_global_mbox&mboxSession=eeb7662070774edca038572e87dc71ba&mboxPC=&mboxPage=3e7eff5657134cacaa417b72c58a02fb&mboxRid=95487b1c763d4bf3aaa4b0e06803d432&mboxVersion=1.8.3&mboxCount=1&mboxTime=1729751529194&mboxHost=my.norton.com&mboxURL=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&mboxReferrer=&mboxXDomain=enabled&browserHeight=907&browserWidth=1280&browserTimeOffset=-240&screenHeight=1024&screenWidth=1280&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=ANGLE%20(Google%2C%20Vulkan%201.3.0%20(SwiftShader%20Device%20(Subzero)%20(0x0000C0DE))%2C%20SwiftShader%20driver)&Promocode=&profile.TCG=&vendor_type=&program_type=&site_country=&site_section=&content_title=&site_language=&traffic_source=&ExistingCustomer=&site_sub_section=&profile.promocode=&current_subchannel=&site_content_title=&original_subchannel=&profile.vendor_type=&profile.program_type=&profile.site_country=&site_sub_sub_section=&%20profile.site_section=&profile.site_language=&profile.%20traffic_source=&profile.ExistingCustomer=&profile.%20site_sub_section=&profile.current_subchannel=&profile.site_content_title=&profile.original_subchannel=&mboxMCSDID=39192FC575EFDA9E-79DEBE6A3E839DD8&mboxMCGVID=87272364839168777360339105128304970746&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&mboxMCGLH=6 HTTP/1.1Host: symantec.tt.omtrdc.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: symantec!mboxSession=eeb7662070774edca038572e87dc71ba; symantec!mboxPC=eeb7662070774edca038572e87dc71ba.37_0
Source: global traffic	HTTP traffic detected: GET /error/e.gif?msg=mboxFactoryDefault%20is%20not%20defined&lnn=-1&fn=&cid=21&client=symantec&publishPath=cp1&rid=300053&did=167100&errorName=ReferenceError HTTP/1.1Host: nexus.ensighten.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/code/5a511eff6ece75f86134f0b7c2baed9b.js HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763
Source: global traffic	HTTP traffic detected: GET /symantec/cp1/code/55ed090a14f40e6b7b02a1bbfc72a1a9.js?conditionId0=423130 HTTP/1.1Host: nexus.ensighten.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ibs:dpid=411&dpuuid=ZxoiLQAAAJqQkgNx HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=87432529198126374650360190330118866763; dpm=87432529198126374650360190330118866763
Source: global traffic	HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.norton.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; mbox=session#eeb7662070774edca038572e87dc71ba#1729767792\|PC#eeb7662070774edca038572e87dc71ba.37_0#1793010732; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20021%7CMCMID%7C87272364839168777360339105128304970746%7CMCAAMLH-1730370730%7C6%7CMCAAMB-1730370730%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729773130s%7CNONE%7CMCSYNCSOP%7C411-20028%7CvVersion%7C5.5.0; s_nr=1729765934933-New; event69=event69; channelStack=s_eVar72~mynorton; s_tbm=true; s_gpv=mynorton%3Aus%3Alifelock; s_gpv_custom=mynorton%3Alifelock; s_cc=true
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlKHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s36224975530980?AQB=1&ndh=1&pf=1&t=24%2F9%2F2024%206%3A32%3A14%204%20240&sdid=39192FC575EFDA9E-79DEBE6A3E839DD8&mid=87272364839168777360339105128304970746&aamlh=6&ce=UTF-8&pageName=mynorton%3Aus%3Alifelock&g=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&v10=de527324-05e3-46eb-a2a7-43ab29c1aff7&c14=D%3Dv16&v18=mynorton%3Aus%3Alifelock&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&v29=not%20signed%20in&c35=D%3DpageName&c41=mynorton&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-10-07&c48=Norton%20-%20My%20Subscription&v48=D%3Dc49&c49=lifelock&v49=D%3Dc48&v57=87272364839168777360339105128304970746&c59=mynorton%3Alifelock&v59=D%3Dc59&v72=mynorton&c75=D%3Dv57&v96=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&v133=na&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=907&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.norton.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: at_check=true; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; mbox=session#eeb7662070774edca038572e87dc71ba#1729767792\|PC#eeb7662070774edca038572e87dc71ba.37_0#1793010732; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C20021%7CMCMID%7C87272364839168777360339105128304970746%7CMCAAMLH-1730370730%7C6%7CMCAAMB-1730370730%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729773130s%7CNONE%7CMCSYNCSOP%7C411-20028%7CvVersion%7C5.5.0; s_nr=1729765934933-New; event69=event69; channelStack=s_eVar72~mynorton; s_tbm=true; s_gpv=mynorton%3Aus%3Alifelock; s_gpv_custom=mynorton%3Alifelock; s_cc=true
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIW2yQEIorbJAQipncoBCOj/ygEIlKHLAQiFoM0BCLnKzQEIitPNARjBy8wBGMXYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/action/5441611.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /action/0?ti=5441611&Ver=2&mid=8c334c8f-32ac-4c88-b600-ee9d8553bcf6&bo=1&sid=40e9d39091f311ef95348b02c946a95b&vid=40ea030091f311ef84760da8773eaf28&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Norton%20-%20My%20Subscription&p=https%3A%2F%2Fmy.norton.com%2Fextspa%2Fllonboard%2Fidv%2Fform2&r=&lt=8208&evt=pageLoad&sv=1&cdb=AQAQ&rn=227139 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://my.norton.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /p/action/5441611.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: my.norton.com
Source: global traffic	DNS traffic detected: DNS query: webapps.norton.com
Source: global traffic	DNS traffic detected: DNS query: static.nortoncdn.com
Source: global traffic	DNS traffic detected: DNS query: nexus.ensighten.com
Source: global traffic	DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic	DNS traffic detected: DNS query: www.nortonlifelock.com
Source: global traffic	DNS traffic detected: DNS query: symantec.demdex.net
Source: global traffic	DNS traffic detected: DNS query: symantec.tt.omtrdc.net
Source: global traffic	DNS traffic detected: DNS query: cm.everesttech.net
Source: global traffic	DNS traffic detected: DNS query: oms.norton.com

Source: chromecache_126.2.dr, chromecache_133.2.dr	String found in binary or memory: https://assets.adobedtm.com/launch-EN1cc7556280444b10a3c687a73ed01baa.js
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_134.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_134.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_116.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_116.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_124.2.dr, chromecache_111.2.dr	String found in binary or memory: https://static.nortoncdn.com/static/nmpcdn/static/nmp2024.3.20.989/dist/llonboard/norton/
Source: chromecache_116.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_130.2.dr, chromecache_116.2.dr, chromecache_99.2.dr, chromecache_118.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_130.2.dr, chromecache_116.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__.
Source: chromecache_99.2.dr, chromecache_118.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49733 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@17/77@46/15

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,4355322394269608029,16993460720195172481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://my.norton.com/extspa/llonboard/idv/form2"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1892,i,4355322394269608029,16993460720195172481,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1541107
Product:	CloudBasic
Start time:	12:31:04
Start date:	24.10.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://my.norton.com/extspa/llonboard/idv/form2

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://my.norton.com/extspa/llonboard/idv/form2

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://my.norton.com/extspa/llonboard/idv/form2