Overview

overview

4

Static

static

1

URLScan

urlscan

1

http://notlon.top

windows11-21h2-x64

1

http://notlon.top

macos-10.15-amd64

4

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-04-2024 11:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://notlon.top

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://notlon.top
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe3f463cb8,0x7ffe3f463cc8,0x7ffe3f463cd8
      2⤵
        PID:5020
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        2⤵
          PID:5068
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:492
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
          2⤵
            PID:2080
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
            2⤵
              PID:2276
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              2⤵
                PID:3796
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
                2⤵
                  PID:960
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4488
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4328
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                  2⤵
                    PID:5096
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
                    2⤵
                      PID:3300
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
                      2⤵
                        PID:544
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                        2⤵
                          PID:2068
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
                          2⤵
                            PID:4168
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                            2⤵
                              PID:4992
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                              2⤵
                                PID:4640
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
                                2⤵
                                • NTFS ADS
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3040
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                                2⤵
                                  PID:5032
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1688 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4740
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
                                  2⤵
                                    PID:576
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,4275120167969508494,4211358312186234277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
                                    2⤵
                                      PID:2492
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4340
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:1928
                                      • C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
                                        "C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
                                        1⤵
                                        • Modifies registry class
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5012
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                        1⤵
                                          PID:1384

                                        Network

                                        MITRE ATT&CK Matrix ATT&CK v13

                                        Initial Access

                                        Execution

                                        Persistence

                                        Privilege Escalation

                                        Defense Evasion

                                        Credential Access

                                        Discovery

                                        Query Registry

                                        1
                                        T1012

                                        System Information Discovery

                                        1
                                        T1082

                                        Lateral Movement

                                        Collection

                                        Exfiltration

                                        Command and Control

                                        Impact

                                        Resource Development

                                        Reconnaissance

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          57e5c5a9236321d336e2c8ce1eeff844

                                          SHA1

                                          8fd4288af72ba3f7a0ecc5583a9265723fefc096

                                          SHA256

                                          ae6496cf397848bf3139858deaf567e3df991bab5a7704a0fa7aae95474872d7

                                          SHA512

                                          bc3f24afe6ce0494022d8201a01a60239ac5cfee54e0650a337036817056424b418cb636d58d07e5034dffe2226906202b56509e4cc07562c0b60f618c420080

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          493e7e14aceba0ff1c0720920cccc4a2

                                          SHA1

                                          468f39cefbcf14a04388b72d4f02552649bf3101

                                          SHA256

                                          a0dd32ed60115f661a4ca537472e0d4e230ff844d56a3db766299cf4cd817842

                                          SHA512

                                          e16c748e4513ea10bf7124cef7b50dc5f3a1802205af9228e0c33fdbf3c24286739db08db4b813079ed7cc36be43d7457f4c26f00ae3126a2fafd77d2696107a

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          1008B

                                          MD5

                                          440d03d6fa16319c167c78b3ec961df9

                                          SHA1

                                          ce2cdc04f37454d4f86a5ba53db4d19129f78d8b

                                          SHA256

                                          8b22c3ccc90d1903ab8520ee371d38617cdf314d6628399840a5404587a16075

                                          SHA512

                                          6d1061d41752084a1b637a0a81d184d6d9320caf02ee51039507e4a9f96562b8caf342c265d4eefebbc78f9f4689c081d4e514f23b7b623e0daab702fd089b43

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          1KB

                                          MD5

                                          7eda9006a36488ad2e080bbdeb0d0206

                                          SHA1

                                          76bd90b38a0603d9599bad9aae151ec2cdf1fdff

                                          SHA256

                                          2671857e3643167f9a3263c0084d539b9bb8f5945368e338ba1abce1fec34da9

                                          SHA512

                                          3fa2669887f1c6f0ecb0c63508f7aba9a879ff5b26063fcdc4b8249bf390135364033187a09ddd96c8be68c268f32a0e1e2223af1eb6d4776932fb8b9b372428

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          2KB

                                          MD5

                                          a83a1f1c8e33e615ee3c9e6abc0c3370

                                          SHA1

                                          aa5ec81b24e275af19ac1d4e3d08a6e7ee37e881

                                          SHA256

                                          ba50ee59a07d5e221e21248aa530f12a408e50633e065670644085669a6160bf

                                          SHA512

                                          770a6743fb7d3fd0821a38936857e1ef28b573513d5b549bef214e552314a8875529359f367272fe9cd1f4b8aaba937bef6b76ffce98d843826b1a0957ebc241

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          f3ae7984420e1abee9767f1422e7b2bd

                                          SHA1

                                          2ddcc830031de3267c86c5cf7361c126087e6410

                                          SHA256

                                          2ef07461ff870efda589e46e63c7a43fcd57492ec3e1e98af2715530c5c4425b

                                          SHA512

                                          a6c9205d33dffe6889b8af0b8cd5c2e721d2fb8abd45aca40994aca47915563426f7e86cfb2b15c87eec2cc7d3642b473584190ed0501eb06e17f72525dd56fd

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          733eba7f1add334216e27c5e7f3bf8f1

                                          SHA1

                                          4f6452d6fcd0587831c854e7dea8d8cf93bb544e

                                          SHA256

                                          7ec1856d85a2ec1825f4e6e49ccb94fdbf29bda10544bbaf486c891d11f290fd

                                          SHA512

                                          42ffbe469082fb1ce7f1a60260d7a558b203f55fcdfae0385b5a29fe474902984bde5fd3dc06b64643807615b5861795fdc2378b4ef9e36ea27f092ff22246c2

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          e37885503e72bdf067307441d1d5bdd9

                                          SHA1

                                          129f7e0d012c29c7c10249b8ad1f981e66b7b897

                                          SHA256

                                          4c59dd787dfd1b46cfaabb009f1d992cda3caac32852def7ee20d12e3d88a20e

                                          SHA512

                                          f707b9ecc0d546f89fc3f40dcca6bf04a99b645d5d4c7c3c102ab864bc50126744a11006ea82cad4f5416a46eb10c0c53ecfdb2e962af14aade87ff1c09da688

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          fbf185ac4e89f3d1178371d9482438d4

                                          SHA1

                                          dd1eaa07894451a36f1859b1e9a2fbefafa62999

                                          SHA256

                                          cf17b9f1e55a3c8a9cc82526acedef0aebf02a82c58b447b97c291efba2a1a9e

                                          SHA512

                                          cf5c21b83e0eba6a023ad8c3f45de58b1b5aba5e08706682efacff343ec6acde8f7a069d57c48150414b8678e8878260fc1f88d1144bf8e645aa0adc1ecc8c0f

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          d02d98a895f94bbd4bf1332bfba76ccc

                                          SHA1

                                          b53cdee48a3831b7cafeb04839d4b2ca7928e250

                                          SHA256

                                          3b1d11c97ce50fc39e496556f3b8573b7298ec2ac9fa9604199c45eb560bfc12

                                          SHA512

                                          d85a67c946fee8b4e06050de64293e4dbf2c3b4fac37d392cf0381246ce13a70319997cc8fccf07a17eef31a3790f8c5a849fdd4fb040d586485b75b58754ee7

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          1KB

                                          MD5

                                          a7b200eb6d4212b1f3119a3782d29f93

                                          SHA1

                                          7c3697e13a06582661001e648aa077cdc4dec092

                                          SHA256

                                          9493c094844312faae6013517c71aeaa97b52b9c6de9fc68084ac798de3a950e

                                          SHA512

                                          6c8610ce65a2f4e015cf24ce979b7f17eb732a6b1b6d6fa549cfb92528634444d968aeec27ff56966570930f2d430d6af3f0ec524ff84edd0631098c43645c00

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                          Filesize

                                          1KB

                                          MD5

                                          7228c2ee9c99b820cbac66c4c86027dc

                                          SHA1

                                          6fc13d87c049a576643a49ce72a49e0f9a9d645d

                                          SHA256

                                          0990c4505e964bef293b202909466a309ee72671e2b151843bf1fa59f8d87da9

                                          SHA512

                                          f8b55e1afd95c17b1433b23b3c8f84719bcec79f2cd85274e2efa12c6d292ce6471c9a33b165743ba10b555576e8bfdc753872577ccb7bf75814af940f33b9c2

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ab15.TMP
                                          Filesize

                                          204B

                                          MD5

                                          d7c84efb4cc151677367b3b1b3b27626

                                          SHA1

                                          27c0719ed267297c9b9a7e554f985557db52b401

                                          SHA256

                                          af1947be2c5b4a252ea85172b9de2751c40782fc80183f6751f75c335650a244

                                          SHA512

                                          079fc8ea8378366324068dafd6dbd6c1241ccafb2569d62a06add99782541d0311275b159ad17f8db506f524ea7e57bd0d4a79325ee7602dce33eac273bd1d1d

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          46295cac801e5d4857d09837238a6394

                                          SHA1

                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                          SHA256

                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                          SHA512

                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          206702161f94c5cd39fadd03f4014d98

                                          SHA1

                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                          SHA256

                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                          SHA512

                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          eb630a1eeb6b0dadf7dbaeb3d2bcbe9e

                                          SHA1

                                          a55963d56f918ea6a50ea45632935a5ab36da775

                                          SHA256

                                          69c70db5f5c8cfae66720f522fd647de97c67a8222b63628279778a2f761ada5

                                          SHA512

                                          ef20c21ea0b9ce963be7520a288d4af2c4228055b18240e0a1451f690ad7c164aa00e89625540b2a5f7aeb307fd92ae6fbe3cbd2adc962f9d31f93822250dc9c

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          12KB

                                          MD5

                                          e5a6c14c50611a4838e394bd8ec4c8ab

                                          SHA1

                                          5461f34d5fac801a7fb36d580a7d4540f85c3ab4

                                          SHA256

                                          51e02ba555fc6ef55296feb00715e4ccc8d4d3604995fe89c5e76c9b45cf9747

                                          SHA512

                                          f113ce6d32af477240a01240204537805671f060f9b5301365fcd3b5c41fc89a8259f7359ce4932e9bdfd621d04080c2a74c77520d6c724341ac0b73d0f7507e

                                          Download Submit
                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
                                          Filesize

                                          917B

                                          MD5

                                          89754ad36054c9f3eb329365fbbd7682

                                          SHA1

                                          64eecdecad74cd9e5635c7228dea133876c8bdb3

                                          SHA256

                                          b61bc25a839e15aa821026a7dd9e5f68e83c3fe4e0c9a284d003def2cba8fa30

                                          SHA512

                                          a18864ac151f999be18418afa71e96d5669ea9126b667cf81bc50709579d3ef26d80ac4301ef5c340ec2647f87075d929e3ce3481fd1ebb20854417de7940c73

                                          Download Submit
                                        • C:\Users\Admin\Downloads\Notion-x86.msix
                                          Filesize

                                          120.1MB

                                          MD5

                                          8ac2b149a34a0eec1b737214631b0fd3

                                          SHA1

                                          00dfd72f6128b78924006528f5863fa3c5214fb0

                                          SHA256

                                          5f82b67f0f14fe039db53f3eb980520615afaac5356ad3cb633d11add4cb6c63

                                          SHA512

                                          2b3705353cd7916534da749633b21736d7363e7264fd82fafdc392b7373628363f46daf43b46a19d2d76bd15ac261a578ccba1708a5d1cea11433aaa5e02fddc

                                          Download Submit
                                        • C:\Users\Admin\Downloads\Notion-x86.msix:Zone.Identifier
                                          Filesize

                                          26B

                                          MD5

                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                          SHA1

                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                          SHA256

                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                          SHA512

                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                          Download Submit
                                        • \??\pipe\LOCAL\crashpad_1520_IDZVJMFVNWXZNIEY
                                          MD5

                                          d41d8cd98f00b204e9800998ecf8427e

                                          SHA1

                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                          SHA256

                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                          SHA512

                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                          Download Submit