hxxp://notlon[.]top

Analysis

max time kernel
251s
max time network
250s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25-04-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://notlon.top

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585242109555922"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\MuiCache	AppInstaller.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Notion-x86.msix:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
3744	chrome.exe
3744	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe
Token: SeShutdownPrivilege	1568	chrome.exe
Token: SeCreatePagefilePrivilege	1568	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe
1568	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2832	AppInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 2524	1568	chrome.exe	77
PID 1568 wrote to memory of 2524	1568	chrome.exe	77
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 3656	1568	chrome.exe	78
PID 1568 wrote to memory of 4184	1568	chrome.exe	79
PID 1568 wrote to memory of 4184	1568	chrome.exe	79
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80
PID 1568 wrote to memory of 1224	1568	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://notlon.top
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe6720ab58,0x7ffe6720ab68,0x7ffe6720ab78
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:2
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2156 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4064 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4364 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3108 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1792,i,2667016466003044961,5010647373003972787,131072 /prefetch:8
  2⤵
  PID:1396

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4972

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6729b05667bdf1fe04d1eeb647c0d859

SHA1
3d53ef344ada9bb1b062c508a86dc0fbbaecbba3

SHA256
8a45dc4fa4e0d06c21daa2a8cfe0b413f533c97c12a0ae0b0e21fe4643649907

SHA512
cd6b384b60deb72349ec051039652dbce3adcabc798a75d61078a52b8187c26be827951bcbb15f94ab09c03ed3588979b9e4a566aa90faa0831317ec8c3fed44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8f19d338b482fd8f9d2d3201916b024c

SHA1
8da863f5811125e11ebcd636415e91166bd65517

SHA256
77b9546d3addb9bab9968d25b7665ade483ee6eb39ed130d0a149ca2f174a81b

SHA512
3e3b6eb41569cf37fd1e2b6dceffeebd718c244af6fb79840fb81384cf65e6c47bf7dc94ed5d84721ddf9c229710c025c78f18141db3cabe121927acc7c332f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
90cbe5307a1e7040b20da1480e4644ce

SHA1
9594b729ccbcd04acee9070370d2e27d8fff3b7e

SHA256
4462e928608ac62c1d84f6ea150e8eafb3848f1189400e7acb55e63be408f1ce

SHA512
a365aed173afa8f37256eca3d324d9f1a5a01ba5de69d8ff0732355d34498bd855f6d8ef92b6ef9d59bb37d4eed4f19cb37581d84312d9be4b59f6f06cc8fe60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69c1d2c2110dbaaa13c957d4397287e2

SHA1
9ded1afb6210aad403c14ea5fdc750232747de19

SHA256
19f2483dfaa044bf48b7b8c23cbbb404c29161e68726c46afa3df9f815fc258d

SHA512
5b875dc75dee6c4ed8881e7d2f7c2e2f00768cfc019417abdd66f22b230370bb00a84139f52f99d06f57f680be1d3391573addef73075cf948acff24d15c44b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
101e738b533dac8b036013cd9268432d

SHA1
b5edfe747a16fd008bb6540fb16c97fe96b49d53

SHA256
95309b675b85784e393c687671b9939aebbb98632ed0aa5db82af5188f483ab3

SHA512
23adb180abe1ed35a44cf651cbcd5083994d2f53cfbc582180ab9af1e2018b85f562f5192dceb51e1a3db59d18c27d7df54c6d89b2b2e616cee9bbbcb74f5af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
add6e2c1de22c81684f5990d98bda110

SHA1
4cc8d13205ebff8800d90d87cfa6edab7a45522c

SHA256
3aa5d0f6b3e49bb4a57267481f2fc7d47d1f3bfff0836b140dff189878d8322a

SHA512
32cef223b2723a494073d78d7a51937f085fc67fc2fef5719f8cbd9dbf49bb70e8d1a39065488b87528b8775493a718aff5b2ecf266c49dba36b3d003734b928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ded85c84d4d2b22d8af8d299e9dde8e9

SHA1
1e8af20c8fed4369c86dfad2b1ea736754d8b5ca

SHA256
a72239f3973772c68407bd34efe5a44a1b5d212a8f3897a7cd3ddf634a0de0a5

SHA512
67b816c0e24c10157f504a2705aecf96afd436073a8a207d5a41181b6cce40a66d772be85bea3e913ace6cea3dce3b5ec4cdee6cd4bb76e50c57202235a94310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
01af2b22610e5b30bf7ce6538d23819e

SHA1
b660f4ceae479b8bb653e2af759c8435ea73067f

SHA256
cb3992ce89eda6044f0320b9edeb8529a47e0500681192fcbd8daf859569243b

SHA512
bc6a0cb70070488566122462a623d5203fa276bb37ad762beb0d7e624cb14a95a3368a981eecdb37b397f6921fd10a11e29924ea01602ce418c231bb96f6cf7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8ba04dd6a6f675a4a635478ed7e97a1d

SHA1
84c7e61d3c43f7c54a67df261efc7365ef74e5bb

SHA256
b43d93e6505e5ab23008535bcc158182ff25cff5c9c9466ea3f571eecee7d998

SHA512
18c60c8bab73b8718bec3ef07661f6a17e04f8a506f066587f159e899fe825b76f96b3619f603807c741918f9a8438c2e386b38198be1796c5195255ed6a1f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
e75869d7b50568484ec61b9c55047843

SHA1
e0c270c6da94410e97b785d0518446a47cbe4162

SHA256
80750c265b23e228616a7dc228f101034dd8eec1e137b355a8759000de545e84

SHA512
9b720febe7c75fc27c3ae1066469530683933ecbd12dffc0c9a9b117749431346f8fd0af772e556ce74b19b1b6a1d1c75be3a334767da57ba8421e15a3a6674c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
d7b811edbe2c97eeebf5a38cbd8ef6fb

SHA1
48430c40b3efaf733c2f1b29857d3094a9b8f125

SHA256
a6b486f2f265ed2eb85e232964cf13ceec49cdafce9e93c13db6d6f313ef89bf

SHA512
4637190fa61c73f262dacfa12ae39916c939fad8fa4cd9f487dc00b286a49280615c8450efaf0bbefef34f98bcc04ed8fc94dff123ca327ff28ef5bfeb6330c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
ce9a9ee0cf33b65d2e0b0d860dc63070

SHA1
f9bf8751207ad8145780c3705505e306d2833bfb

SHA256
eb5273a4610b6acd63e280a41b3553a3c65be773bc7c8a32035e4538f0301a45

SHA512
f905c593e00b11c10a268d3048e06ff433e5ebab29093af3d8a1813353ab55bb447ee5c9bd4471f2f5a0a02c80927bcd8e70093fd61da4d341c0767ee461bae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
16aa1be01d7f1ed6f565c057e1de5ce9

SHA1
1fbb545baa5106bb93d16d9e3fb98935320f03cc

SHA256
1f0cb8c0fb20526eb4902a3737d74d5a0c9659b7ca20dac138216fe14b9047d6

SHA512
746151fa712d40de9a33b281ef8212127055d663cead217b49637b8fe1e4b08b693cc9250cd3677235c48b0ec3d44916a45d1f636d598a42d0f448a54137d74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5832d3.TMP

Filesize
82KB

MD5
a1af76baac15443618c8688b4cdf7586

SHA1
92629fcc4475a9f457f439f0cdbc792fddf6a94e

SHA256
efdab4a726612643d3828ac6aec5dd5b47c1d6fbc80d5dfc09cdd2541333c563

SHA512
c875737cf5801fcd136943f0a89e559d4678eb47a1fb6f85cbf334351c3ba34c3f844d49bc4f695be61890d8e3f516c7a1223d9e78899fe4cf472e2587454d32

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
6e75342f094776811c4447f467547f7a

SHA1
d22761e54c91ad2cba1e738f7f84fb66102b3c24

SHA256
e0048ea072e18d8907e0ea4be5875ec27d77020f2371a1359949a44d5dbdfa12

SHA512
19653fd88b3478ede9c6dba6470fbb87d650d2c3f35000b21d105f660b9f48263a20ba03527deea101ab93806a1ea77c0d84b926be3ca6869921ad06632481eb

Download Submit
C:\Users\Admin\Downloads\Notion-x86.msix

Filesize
120.1MB

MD5
8ac2b149a34a0eec1b737214631b0fd3

SHA1
00dfd72f6128b78924006528f5863fa3c5214fb0

SHA256
5f82b67f0f14fe039db53f3eb980520615afaac5356ad3cb633d11add4cb6c63

SHA512
2b3705353cd7916534da749633b21736d7363e7264fd82fafdc392b7373628363f46daf43b46a19d2d76bd15ac261a578ccba1708a5d1cea11433aaa5e02fddc

Download Submit
C:\Users\Admin\Downloads\Notion-x86.msix:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit