hxxps://notlon[.]so[.]appllnk[.]com/Notlon%20Setup%203[.]4[.]2[.]exe

Analysis

max time kernel
154s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://notlon.so.appllnk.com/Notlon%20Setup%203.4.2.exe

Score

9^/10

cryptone packer

Malware Config

Signatures

CryptOne packer 1 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Notlon Setup 3.4.2.exe	cryptone

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

Notlon Setup 3.4.2.exe

pid process

1044 Notlon Setup 3.4.2.exe

Loads dropped DLL 64 IoCs

Processes:

Notlon Setup 3.4.2.exe

pid	process
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe
1044	Notlon Setup 3.4.2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585615723105459"	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Notlon Setup 3.4.2.exe:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1352 chrome.exe
1352 chrome.exe
1352 chrome.exe
1352 chrome.exe
4232 chrome.exe
4232 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1352 chrome.exe
1352 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Notlon Setup 3.4.2.exe:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1352 wrote to memory of 2468	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 2468	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 3916	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 2704	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 2704	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe
PID 1352 wrote to memory of 728	1352	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://notlon.so.appllnk.com/Notlon%20Setup%203.4.2.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb2da4ab58,0x7ffb2da4ab68,0x7ffb2da4ab78
2⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:2
2⤵
PID:3916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:1
2⤵
PID:236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:1
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4528 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4680 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:1252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:3952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1620 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3964 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2628 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:8
2⤵
PID:1196

C:\Users\Admin\Downloads\Notlon Setup 3.4.2.exe
"C:\Users\Admin\Downloads\Notlon Setup 3.4.2.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 --field-trial-handle=1840,i,10287548506292717729,12474767538057065334,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4232

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1556

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
27754121e413a5c04537b86b2ec0337b

SHA1
fec4bb459732091d076e563fd219e786bae29e17

SHA256
744faa07ffbbadf2f4c76d88ee9d2fb18650cbb3f6d16d0247086ac617ddb9da

SHA512
579db4a5b4357ae02251eb8b80aea8b9f5738ff53127df373732d6e3372a60628503c19c353a68b9c1afc9b89b7c539fa904f446ac7f550a4d5026b2823268d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a893bea1bcb62402e426780e0e163071

SHA1
e99f4bb90b1e487e6f644a22b1b8b5aba6542475

SHA256
1770e91c1fc4dd9b8f738fa745b71fa44cd50df0b30980ca30995456097791b5

SHA512
2173353b8cbfa30c732945fe92e4c8bde23be8aca7909e3fb3f3adca02ab21bf12c75bf39e0a011e233ffc504ecbb460a406e40e3578f9ae09eee5422c4e3835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e688113d-e846-464b-8d45-23ec78103def.tmp
Filesize
6KB

MD5
ab51523878f010cb2fa5d4b943259bd9

SHA1
e2dda20d3fc74330c8c03637574538fa7bd56320

SHA256
e51f33cc145d7500904bce8c34fa6a150175bea30f60d9abd444d28eea001926

SHA512
2106770ba97f7f863b7405eaeafdfb5a347c75e254444e3c74c14d3ef8073e3660e6bc8caf4dbd16d81ed945eefa1691ed620056e813ef1aad3958a241da5ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
2c738fac176409dfb2905c55cd405f03

SHA1
560114c34b41d6773138900580dffb3076cdd7fa

SHA256
fd4b0180caf62d19b3029958b22a3c771c7895d0be147fd20028ef7855bac23f

SHA512
274a55570085109fc37fcc66f9bd4e407eb1fe5f569211b3e4e473e7d269420bd3cfcc237394fbfb106acdf011eaf24c4265cc01dafdb6c0567678f354f6b274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
26b1cac452878f6d07feedbdfc0cf9d8

SHA1
7dbf05f7e8b57325e16cf1ad9082b0bd7e81fbfa

SHA256
4265626a2b3ab25d5701ce758250f6b3039111829963d4351a2cf9a4a8a68b6e

SHA512
6402b7b48321a4be084b7dd9f61eaef6a69a442c137bcb32fad2de68600d957769c73d8aec3e0a71929d502693d63c6a308e4c6c7a4b798e1846cfed2ae5205d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
5e2195dac0bfb29158190f9716eac621

SHA1
f33b63dc0fb3bc7d35a44f2fc31e48259618a0b5

SHA256
352eb9895c25bdd1a004f3b6d10b49d8b5fdb4ddeef305defa07c96b7e50cc49

SHA512
836208d002272f6a38d5ecda3fb013910b5aa3ebeea6ae3113f7efa2b565044519ebd073f6085640e4a195870752322ce5be180317b9acbde0c6a26a70f694ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
149KB

MD5
fde8db31b946cef7b8100f4d84d85562

SHA1
dd157de72a7f1af3c5936613218b259dcb069b08

SHA256
c8984e2daefd5626e802cc89f74ca9de4c3c1f5eee9d1921820d18103ba6c4b6

SHA512
fc732a2be9f78890bd6510b0fd8295d2d285e0aa8d2c048f149922aaede7d999b7459647659b8e05a6a392e0f67e33df432028927adcbf7d1d203a5dead6d58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
a7944dcb3d3143e7009a00693c92023d

SHA1
3098ab5755c3dfddaeca940fa125f3b66634d87f

SHA256
b7a9adbb142afd4c393bfe490fdcb0c4a1233e18f98180c5fc198894ead03b7e

SHA512
3699f81c438f2a5c18bca750f39e3eb87671c494e71f35dc86928db15c61bfdb1f7630c6f1db45a2d5991975b0a42dc930a12a48a261e0363d0c18c542fd8253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
90KB

MD5
10991dd23f3b568f000d7f24828db7e3

SHA1
fb1a60b3a8503ce96c67f4742ff73c4d0f7ea155

SHA256
b083515fa723d8b4b771233b94a989640ed79bda623c89459de166d6c44093ee

SHA512
701e633a01d0065c4d240f17b41d73bca38fa7912411608d52f5658e0b94064ba786f4e8696af5b17f4a68c430382fd23a02bda23138f4959c824b380c9c3f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d3bb.TMP
Filesize
87KB

MD5
c4df8407fdeeb897d4d7d4b8460cab4d

SHA1
c89e97ee931991ce82057303a40739ce0247133e

SHA256
4ae4442648c55aafb82b0c048a9bfb9cb97ed1dbd5b62230e687320a4ce446f6

SHA512
187b53f97fd79ea4e1cfab17c96522e66b1221cd07b55040512634a01ba6e5509dd5a014255f35313e68403b94b06d672019a53fe3570fc9a955afced35ba260

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\DirectWriteForwarder.dll
Filesize
486KB

MD5
a9a9f93a3b9f359f3ae974fe4b4f8906

SHA1
3a39b67cc9eaa1de50c66315a4e1ab35b6e4ef61

SHA256
b54f75db8e5e8a6a767170fed167034f3dcbab632fbe678b107d97fcd6746d97

SHA512
ca5ce12fc693e973156814abac44360238b6a9b87170ec2e42e9acecf9ffd115ccb27fef67d9a12bcd29197f272c9efb408fe56ade87494485cc81d38f567f53

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\Microsoft.Win32.Primitives.dll
Filesize
15KB

MD5
300c95ff95b52e8a02fec6bfcfa58225

SHA1
b646f89fcd463ad5c19889b4fea40540568b780c

SHA256
f1b40565e5c4c41da810aee5b7d2272a0906e88f796812435aa5ed712bcac40c

SHA512
9bfe0eb6eea98b2d35aa42986a273ec82424143965e173b32bb4b7e5537580a027940a6952a45fc54f0b665e871deb2a95651106c2f24c7de3b3d3cd2dec7e89

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\Microsoft.Win32.Registry.dll
Filesize
102KB

MD5
864886eeb218f3029809f912b0557094

SHA1
228635f48de47623cc1e9def09c65463953386fe

SHA256
999416f99762eb7b3d8f2bf79c90408e7a65a89978653547a3ca71d4fdd22f01

SHA512
e36c5aa2ae0d8837646f8ec646076eb56135f609926e4caba77209f16e3db6b3714d630768e9be1f15d18472f48339ec1fd36dd3376fd07f258ad3b927baf108

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\PresentationCore.dll
Filesize
7.7MB

MD5
607af95246d6f30839f856083520432f

SHA1
da56071f6dc516aa6542a028e4014d838fa3ca94

SHA256
8c1d7a96af569622f3e7c9f095b459c058bfb4ea9755614bac3041cc4095fae7

SHA512
4910c53202dd2c45fbd39eb3f59059deb12aeb98d7f6c0de6fc5d8400d3af74afe29473b01f7b528313e42774357cc100642765042dcb2c30427b22f345709da

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\PresentationFramework.dll
Filesize
14.5MB

MD5
dd11d9dbcbcba444e54b6a19b5108dde

SHA1
02f1d050230d76099dcde288e7802f9baaf88411

SHA256
c3874a671a384bfd067a2e0e95035e82256dc658147f5d22dc87c082682381db

SHA512
8ea343eaa274813f5c4262d44577267b18e0b271df78dc1446372b4e04043cecb0621d1d1618d96fbaf18fffacbcf6e2e6fb219d6857d3ef0bef5eafbbca2015

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\PresentationNative_cor3.dll
Filesize
922KB

MD5
189e8b2ed3a8cf16ca82462dc0f44319

SHA1
9bc34fe3fc9da99a5f0709085a330530ac2bdf79

SHA256
0037596b79b5a8fd580ef409620c3936fd514382de972af1df74a6143adcbb95

SHA512
316326630fec54e274eadf25ac344ee9d399239c82eaec2020aa49394d99e8b8b4abc1e5d47a19177dfa008cefb892aa9cd95c7436f450f2dc5e2d3abaf5eb6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Collections.Concurrent.dll
Filesize
246KB

MD5
0f849ea0f9408fdaf999ee8443f9ae02

SHA1
be76d857dbda71afd167912bb148ae8406b11490

SHA256
5d37561e4b1e8139fa8d83ab5d382643fc72a288cddc2e2ec580c637fe857c42

SHA512
3cc7fee424947c2f4b521ad05c718c52f88c6b4152762b4ee256598fba2b823152f90b705c41b0acbae124a8db576ed435e75cdb8440093085d135c433e6a3f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Collections.NonGeneric.dll
Filesize
90KB

MD5
d68b42ba4dd394424a6355e57e3f7919

SHA1
1446ae97cd267a512bc5c54e7b5a632044d0c8ad

SHA256
6a4ba43f64a9ae01d4ff78a1ebfb0e7a0f978e348e5732f02dd02aaa01e2ebfa

SHA512
c03be20da4f230e05a0b379af54bdc6c71d76db0ea5b8b311a11f816fed43eb1fba8553fcf1a9b218f75a814fa3ebb6df58aadb8099ce0d5811dca68012c90f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Collections.Specialized.dll
Filesize
90KB

MD5
e1f43907949d5d831324d06445a7e5fe

SHA1
eef81e1aa9ddbe797585bab6e011e0e7be8d8992

SHA256
e399a9419c7d94046fe6f3d7b88224666496b160d1cc2f942a1477061c233f97

SHA512
6aa89e289780dde21c1626a6fbbe838118f81463a43ff5ea2196bf1a53d115fe61316ab3da5e119c88115cfddf9fd11a22aaa688d73a318066b015b3aee4984e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Collections.dll
Filesize
234KB

MD5
1a70954d51a08dffcb4256ad3c978ee6

SHA1
5a29053dcbd0d5599a27580f61e2e71aa54666fc

SHA256
7aab49f1efcf2db52912eae149937184b1b7e0e8c9953258d8fed5ff58b7a828

SHA512
d05d862353be02816085fda4b43d47c2a03af482ad5242e352c4dd5d291ef6a414faa71f430f0294d2c334ebc994e392e21553490f4d55c0383fe9f015981646

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.ComponentModel.Primitives.dll
Filesize
74KB

MD5
158fdbf63c6374da304beb31a524565b

SHA1
644aa4a08565057d0cf541ec40a0059f019fd56e

SHA256
017fefedaa96d8aea524053cb887f8432b8e5e2500366c10c78978db60d5e87f

SHA512
53f020a93f6924a4b97a1e1f3036494df8d599a724ad7e7e8c46a25ed54b5cc33e0cd4682a90006e392c064e542e1f683c15b8f07cc6d26232ed676a3e080dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.ComponentModel.TypeConverter.dll
Filesize
670KB

MD5
28bf0b69a40916e99c581b7d6cd8c13e

SHA1
ad1eb55ad670804e1a16c2cd4c3afa47126ab10f

SHA256
387ed553ee45b337ae38874976e6356d6d7f148a0cbca42e24cd45f0e1adb39f

SHA512
cc2d936373a2eec585c0cb4008f6e6d43740e510622719fee43f70a9aaeb6b34a477e16a4c8279350f682c47952e684f99bea0ea9034d16637788543d59e82e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.ComponentModel.dll
Filesize
30KB

MD5
8ec4bb21e02b4b5fa399cc6c536e7ae1

SHA1
f2b1e6c04f34e5188bd48ade04f47bf00b9d5629

SHA256
9700e7d1501063618de5daf13ac61778350b418537020f1c73b3469041c4c1cc

SHA512
21f8c4e4c59f54384513e5b7f5f90e11a2c4aacc218d61a8d73d78f6291857bf56adaad748fba2fbfb7675fd674afbb5b9dc44cca1ebc18498114f7bba1b86ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Configuration.ConfigurationManager.dll
Filesize
942KB

MD5
1ce3f1c6a7a87a1be2c76999ff144784

SHA1
dc3e7a2a44c00904827078a3853077467e1c0d1b

SHA256
98750418c8afd34731e58291633e997b8d6d767261f5ded41734cecc275de341

SHA512
d56c37fcd1dea4d5cd8ec2e269e9a8c640b1cbf9ab9d10a83bc017d789544c655206e4036014cefb70be497d0a484645c0a90ea2200b59abdccd7264d13513f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Diagnostics.Debug.dll
Filesize
15KB

MD5
7d8e0c638821d9a7d739e36b9b239682

SHA1
b478744d6df1a0b6fc1308b0ba087ea649779916

SHA256
8c424b3ade60f123801cfb80f0682775b71ad422f84cb5d74fc48947364574c5

SHA512
460bd4bbbb35037eb318e326fbfcd537737c3c878efb6bafb8a48770c5bafb2cad7d13dee43d370d1d5cf2418157474c9c06f12e84292c34adab8648244223e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Diagnostics.TraceSource.dll
Filesize
126KB

MD5
bdea2bf4ae4d11a6cdb14b96f108ddf1

SHA1
90282ec0c1deb29e2adbe4390925007341136dee

SHA256
c5972b470d97e492dd1b1e126a5807b9ed64012f2d858cc17a5e8d604b3277d9

SHA512
15595d3f5f686b58caea08d76e34f581024dda1a74e959c2caea407b3d39e3988a617d6a9ea0184ea8b0f8caa79ba11745b211368d957b689542961575800616

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.IO.Packaging.dll
Filesize
262KB

MD5
e1c0ab7a5e450112ae5dd6a28ed768e5

SHA1
2106ba5a18fa41471eb9cdddd9a54bf9d2db2152

SHA256
c665a5378f201337e4da5bb93a84fa42301b5d0d8e275c242e86ed6b42a3378c

SHA512
01a2a6089aa40fad9d9774ff974a4414830534ffea6fd068cea9fc367f5e39ca28fe0d9e4338ecc6947b9c08b8e0bd001b68bdae9f6b9b35c27e0e40265dfecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Linq.dll
Filesize
482KB

MD5
ba0c2b51ce19c6da705024382397abeb

SHA1
20fa48c5d0800bfbfa053a21c0a2da361b26e83e

SHA256
8438ca72426ad68198eb981257bb1ceae527f5d8951db2fbb8de72d9f2e330b8

SHA512
79e8482be5147ad59e4424067d7b8b4e806ba319cd00be7bc4fd81ee7510e3665df21989aa1e0ba121d5ad7e3668958efda1fcbec79991daa7eded3e870211b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Memory.dll
Filesize
142KB

MD5
38baaab0c6b7954f5e10ec726f900bab

SHA1
c96fdc8e192bc0830e7e90e3f0c604ac3d8018a2

SHA256
95983565ff4d3a9a90870c9279e3b047aaef00350c0f88a05704e7623110e5a4

SHA512
68749fdf1d7a090cd974e9a571d3625e62f5a91904df1279220c4fdad665bf94659b72b0448b23019c3f9101dc793f7f1efeed49c430404a0e6e4db6998ef992

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Net.WebClient.dll
Filesize
146KB

MD5
7df46545aebfae742fb5efaa3c8c4537

SHA1
c0440a3a3cd95ddd47c74cfc84dbe15181f8efbd

SHA256
362da0da6ae71a56d29d9195d53da0af041bd5f132c840b97793cadecdcc3715

SHA512
698e0a4bae1e6e2f91f50bb368049baf1c21f4d7f263b3479eabd99366f1f41409389a219713e03493e22215ec30d7212ebf70fd3e1d4de3eb4826597f4b55dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.ObjectModel.dll
Filesize
70KB

MD5
2b7033253e304dccdbba7d8979824cf0

SHA1
86c8a0550322974e9baf7c4017981f002b4e3127

SHA256
7f92ca867d74afa4a72727284067a5d7286dd27c5a0beeaa14a07741e1344430

SHA512
69bf1290059614cad6d6a60adadfedc9397b71b5741dbb82914131e039b74ba481e179914a27d7417a62d35b61dd6070890be5a66c88caa49514394d619c2dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Private.CoreLib.dll
Filesize
12.0MB

MD5
ffbb715d8ddf1f50aceaec01830c6b62

SHA1
7797e33b410c08b71402d19d34cae0eb27ffc783

SHA256
08f5bf904290c6a251f0b685b2a625982aeb1cee9b4388cf4a6639b4101da599

SHA512
d9ad6f3eb4336fbe17ef783fd58cf412483a6eb19d4a190d2d682fb32b5912d7e32249c5614b98f9fd1190f0a91386b65d6cce6463132320f41c709bdfcf6e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Private.Uri.dll
Filesize
242KB

MD5
b0a4e34b999b57b0cc95f10982e146d5

SHA1
dc1afec6cde36181159e653b20c9737bb9be5dfe

SHA256
a6d1847cd28460842f57115f076faf2898213420a3bed0b6ef46a8b646af33ba

SHA512
f205e422d6b795417e968bd19e94df2d1c2350d4e58212aa797d38c09bafb11558c9d2797639e303818b5bda0da142f24adeefa7c9f32a9a1ed13ed81d8464c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Private.Xml.dll
Filesize
7.1MB

MD5
f272d38a8fe09920da2aecd1b2daa743

SHA1
24013eae19f22f445b849db3b28b6b4698f9067c

SHA256
52df59be36a0cf35b26ec2b504386cbb88a4804107d700e9e12b6d5caf4c7fc0

SHA512
bc979a847caadb683a84948742e84054fcaa3cf78abb5e1f3e65b09d50cfa13dc26a90b814e6e89cb72a112dac1b034eb23319cd39d9da6edd5f418e94d49190

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Runtime.CompilerServices.VisualC.dll
Filesize
30KB

MD5
d7c1761590fe8946b8009db6d6cb876b

SHA1
a51e6908a9dd09025060041974bdf1395fc7b4af

SHA256
f4f7fb11c85cf20200551f7a169d7c0cd1893c2f6fe5e73a9a1202452b0c8b7c

SHA512
a30bd8d4e173655898e52441144321bb31cfa4b78ec53c4de91f0718c90d3b663073fd7d1cc664df524cb1d53ea8b19822335acdbd77de1babce7f0ef2154942

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Runtime.Extensions.dll
Filesize
17KB

MD5
a50f9099553aae450b6cf85ab565e4fe

SHA1
893d7a9136a7a2f288763dc50c6723240199de82

SHA256
a925c3fc617a41b040770f9f8d5d7305ac68f2894c1cff8caba79eeab4ec9741

SHA512
1979d4b8d4f1f639e099d4198dc3954618f5c9cffd21c771789854a53aaa5aaa4ada0b07bb244ed042ed1a0db01b2aad994b04a876b676658edaa0a82bee74d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Runtime.InteropServices.dll
Filesize
86KB

MD5
bbed39118d0fb818c4cfe583e76832b6

SHA1
576058cc3003af3a30654e640db5978863b65393

SHA256
81c16f06b76f9c47d53610c884397cb2d93ea975ec042970cbcd1ae2ff31735d

SHA512
230387d18249cdc6efb65a67509d17def5a4c81b6de008805fe72b5daca3653c90fe6b2c0d7810f036472144b92454f5a784dbd63b956921712ee3167736aec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Runtime.dll
Filesize
42KB

MD5
53501b2f33c210123a1a08a977d16b25

SHA1
354e358d7cf2a655e80c4e4a645733c3db0e7e4d

SHA256
1fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100

SHA512
9ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Text.Encoding.Extensions.dll
Filesize
15KB

MD5
a3254446eff420f2aa40d8897459f456

SHA1
1db48f672157e1905149cd7e5f50afe711a380d7

SHA256
dc1371559c661a4584423f2564cf4291479ca2719794fa72fbba90852f5bbd84

SHA512
b62376755457a495da7adfb4d1cdfe060555ec315035d11cc506d1f6e9138d9249eadd9724b6363fab7b804efce8ebc2bb2b4136a28020b0542aedf526928ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Threading.Thread.dll
Filesize
15KB

MD5
72d839e793c4f3200d4c5a6d4aa28d20

SHA1
fbc25dd97b031a6faddd7e33bc500719e8eead19

SHA256
84c9a95609878542f00fe7da658f62d1a6943a43e6346af80d26bcff069a4dbd

SHA512
a414cd9d7cf6a04709f3bdbef0295349b845a8301171ed6394e97b9993f35816383b958736c814f91c359a783cca86ee04802856486d4b4e0ab90a45da39db1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Threading.ThreadPool.dll
Filesize
15KB

MD5
41eb95b17d76fc321d2edce418146d8c

SHA1
384b7c8f24d8e3e71806e9aef7bbdc041d246bed

SHA256
b7724c6910369dfabd8945cceaad13a91737dd08fa542ad8b276f5a6ea678018

SHA512
c363f5e4889f6cb8b843d7690d5c9598dcfbe4c64af757596fdca8e99752b2ccf80cd59300e9e4c98745695781588342471941648fc77ecf523c55673515a581

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Threading.dll
Filesize
78KB

MD5
6052426c5bca2a85cf643b67f2d427d5

SHA1
0d8d654e361e7a738205fb18b47635661696cad3

SHA256
805d22cd608633508dc74cfe1941c46df4f7150cf53e7bf07d9ca99761c64d03

SHA512
2204c5a11b18687fde815ec88e5f7ce34c0572f80645f4bca8a572ed50b50411b6eeb8a0ac25e49fdd32ba97326e7aab5617f83f2a54f64dcbe2f64380cbfe10

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Windows.Extensions.dll
Filesize
110KB

MD5
11759f567068790055dd709cb2aaceb1

SHA1
be99c2cf2abb0b32090501400798c84a50d64f46

SHA256
d0341c71ff3d331021584c1b328ed5533aa4aab105a3f8893f29ebdba88a9dd8

SHA512
ed7cbffb7f32bbfe64d0f7a40563041af0fc28f2e5d5d0201e9598d1c327a53b0105c7fb4c70c6d6d316309ce01ef813e66607a495ee32fabefbd03683bba0b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Xaml.dll
Filesize
1.2MB

MD5
f2f4a18644aeae74615eb9c4ab630542

SHA1
76fb932e819d7000d7e0c750a5a9dbcd5131054c

SHA256
bc1cd7c28b2171d980a09512deefffe29a96e29909f5cdf9df11d0a96b5b3bed

SHA512
59da6b8fa92f70bb1623a1f0037c5e737ecb98b0728aec9d5317c4765fead564b60112f2ba3698da2283f97382df35bfce2ec659c9b179eeaac8a2e20cebcb35

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\System.Xml.ReaderWriter.dll
Filesize
21KB

MD5
bd1a0ca34c7eba18172d0135bf2b0b88

SHA1
aa4461a766b2d5824afbce7df00a7fbf67702238

SHA256
a2a5b71515b5c4f5768679123aae92938914b7daa8ba0c2a34d84be086c69352

SHA512
3b5c8448a1916c315da328149435dfbc12bdbfadbe9f83f8f32230f96151c6d6eaf38749279a04fe8c37de444247eec32b937b4ecb3e5eeb2930c272848db8b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\WindowsBase.dll
Filesize
2.0MB

MD5
ed9a69d73e1de8891330b42be09fc019

SHA1
26f8a15efe27f68dbfff078697fc9bc37fbf9b30

SHA256
e8a874bcca4e6737bf07eaff64f8cff7736744744abd88ef18b6675dbf39e861

SHA512
a1f57084bfc7859cd9073ddaa0a134fa6c39f539d640060411cf2561d9797150283f3a278f41cbca5abf0885e92f51f29552b696b1fae6d5feb735bf9b348c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\Notlon Setup 3.4.2\fSqcp2+qzH5NJtEIyWrTouhx2uTtt_s=\WpfApp1.dll
Filesize
14KB

MD5
297a497fba519f509a790095ff2a911d

SHA1
0e884df483104d4e4d2695c066ed3f31b6ce3930

SHA256
63da60a42e53b368590ef8feab1397ed6e4a20da8bd2f368364e6e7b3dca5ace

SHA512
516d09e50c0c5ba383b033229c7720cbe8b2c6a027306326c52a5ee72052dbbf19823d7499d2ea7999dae5bc1cc209ba4c9bdc7b5015383178e8131f25f1e9de

Download Submit
C:\Users\Admin\Downloads\Notlon Setup 3.4.2.exe
Filesize
144.3MB

MD5
9ca988858c71d0ecdd673d436e08fbcf

SHA1
aea0702d75a7b64d9249b0aab4de2d21f718497b

SHA256
2719881afa76bce77833221753f4c00774491e91c4b0d782606db63a267fbb89

SHA512
0352b0edfdb8a37dc87c1d82669e8fac70c66ad67ffb2814b0c52e20c3ac5d7330a6e0cd27f287130c3e0de8ec2d8fb1df7f1894fa98839b1bf7b9c7f93818ac

Download Submit
C:\Users\Admin\Downloads\Notlon Setup 3.4.2.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_1352_SHBQFWUSIFXTGNEN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit