hxxp://notlon[.]top

Analysis

max time kernel
271s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://notlon.top

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Notion-x86.msix:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	540	firefox.exe
Token: SeDebugPrivilege	540	firefox.exe
Token: SeDebugPrivilege	540	firefox.exe
Token: SeDebugPrivilege	540	firefox.exe
Token: SeDebugPrivilege	540	firefox.exe
Token: SeDebugPrivilege	540	firefox.exe
Token: SeDebugPrivilege	540	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
540	firefox.exe
540	firefox.exe
540	firefox.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
4248	OpenWith.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe
540	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 5384 wrote to memory of 540	5384	firefox.exe	79
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3864	540	firefox.exe	81
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83
PID 540 wrote to memory of 3580	540	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://notlon.top"
1⤵
- Suspicious use of WriteProcessMemory
PID:5384
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://notlon.top
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.0.1369546046\391869133" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c06e1247-41d0-43a4-903a-205f737e4c95} 540 "\\.\pipe\gecko-crash-server-pipe.540" 1848 22bf860f558 gpu
    3⤵
    PID:3864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.1.1780527401\1042791864" -parentBuildID 20230214051806 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {920e3bbb-0718-43db-8ce4-241c5c66e389} 540 "\\.\pipe\gecko-crash-server-pipe.540" 2424 22beb98a258 socket
    3⤵
    PID:3580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.2.1069653362\1015225330" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3000 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0691692-e25c-48a0-95a9-970cb44e89fe} 540 "\\.\pipe\gecko-crash-server-pipe.540" 3132 22bfb543558 tab
    3⤵
    PID:4888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.3.299924783\1506415127" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3614b8ee-1171-4714-8208-b7ff46baa144} 540 "\\.\pipe\gecko-crash-server-pipe.540" 3648 22bfd1a4c58 tab
    3⤵
    PID:5012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.4.83044441\1444499283" -childID 3 -isForBrowser -prefsHandle 5080 -prefMapHandle 5032 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {396dfcde-30fc-4ad1-bacb-8f94e93f4e49} 540 "\\.\pipe\gecko-crash-server-pipe.540" 4772 22bfee87258 tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.5.1329537595\843974059" -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 5268 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eda0290-54fd-4043-a02d-00d556338b03} 540 "\\.\pipe\gecko-crash-server-pipe.540" 5336 22bfef52158 tab
    3⤵
    PID:3672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.6.1436391503\277436562" -childID 5 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70cedd24-aa26-43f7-ab96-58cdc6ee9b74} 540 "\\.\pipe\gecko-crash-server-pipe.540" 5560 22bfef54858 tab
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.7.1516943904\1745449094" -childID 6 -isForBrowser -prefsHandle 5352 -prefMapHandle 5460 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0a39a12-2ecf-438b-8ca2-38c606812dc4} 540 "\\.\pipe\gecko-crash-server-pipe.540" 5448 22bfef52758 tab
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.8.1550469264\1071938126" -childID 7 -isForBrowser -prefsHandle 5148 -prefMapHandle 5160 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0103188f-6e40-4f65-906e-be9e0b3ba8fb} 540 "\\.\pipe\gecko-crash-server-pipe.540" 5136 22bfeeb7a58 tab
    3⤵
    PID:1284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="540.9.555867622\530267505" -childID 8 -isForBrowser -prefsHandle 6628 -prefMapHandle 6624 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52b5647a-053a-42fd-8d2d-8a763a04e678} 540 "\\.\pipe\gecko-crash-server-pipe.540" 6652 22c00297b58 tab
    3⤵
    PID:4948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
3a639b5e4daba03d6be049a950f40391

SHA1
6c659e1493b5a9df2b5f3d5fdcc37be32486c537

SHA256
82139693725e298d32a416c2ff035bc656efec0cbc63f320871d9addbfad6800

SHA512
c4d2ab3e8d8d0292ff5b54a3d0fea9d897d88bfec48c9dbeb2ed3dc5034bd7184705635efd289e62c65fc8d7cea4311cefc43c3dcfb2ded0dc19983d1d438bb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
9849e72ebedf80694ae00247cdba72be

SHA1
587cd9cbfaa56d58e75a66e3d1fd7dea89c71463

SHA256
f76facd7bc486726e0542832d9e977db2fe3b32179e941789ba3c765e607e263

SHA512
07d23e5e5a6766861ed786ba9c1858c5700f3cb59bf19c90bca189959ccbfb44af778e445abaf41e67836388435c75fdb8af9f99ffb6002c5462f2b48cc9ebe0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
4d9b6d8356775981d69ab8dfc46e6004

SHA1
f90157089a455e62098162533cd5c7edbf241ece

SHA256
bce14524d92fd4890a2ce04046bfaecec13c7ad658688c4ff2eb168e175efc25

SHA512
dd5b3266c86cdbca29f6310728efec3085493f3db10ae163483a266aa8f7c7f5c9e3fb58792079815700f42acfb27a9a458841a31bbdd34598dc3fd4884883de

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
2ad42f7883962980e6c14608d96b4497

SHA1
775bd7ff0ca8d1a9fc9cd51df1019822c8612341

SHA256
407537059da788fcac9e62b26bb5ef2d77685b4d6a3bc7a2b31a9d090050b74a

SHA512
9ba3b54cb4eb690a421c6a16672f96d1bef39491e94690d5a743b8656788d38741e804eeab3953b88257140b45e0cd694f79b0a168cf91632fcf9ba840736a21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js

Filesize
10KB

MD5
8691c481108eb59fcab9dade6d1cb60c

SHA1
166ead60debd3679dd14f7a756f6345b12ef14c2

SHA256
bce7b810fd7390527bab21495c582e7bd4b43de71e6cd0f3341768346b8d8955

SHA512
a7da86b586990fe1340a9572cc9476c0f393a9b92962730c2b72014208ed36500d0b44961097563e4deaf41fec9e48aa68b808ef44c59043e21e1e296a7bacfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js

Filesize
7KB

MD5
49fa44b871e50eb3c249b8315e710c6b

SHA1
71d8c4806c9e6bb244ec3e90cbeb5ce214bf1519

SHA256
9abce7c3946a2c098ebe5793f126e69a3861e2a7566cbd4e07c13f243bcd9fe1

SHA512
985f855758044f80d403acaba8b035eaf756bdf315adb22a97d99bf2eeb0a618b7ebd5d2e1b58dc234e68fa695c59086c8ccae1534a433ff4dc9a166b0d63ab5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js

Filesize
8KB

MD5
01080e056d2ce9a974ca3f6e0afad679

SHA1
d22097e8c3d8de047c8480dd9b6106b182806b93

SHA256
722887b3fa80617d09cccaac29d277bd725f9438886aed069520e60f89a4a5d6

SHA512
4a1b679dddd150f4bfa348c5c2826653dbbe2286a77d1d2526b49f608c632399cc1c30eb71d18eaf3666f245d690d0206127898353588aa6585470a8842863be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs.js

Filesize
6KB

MD5
9d31260b67079e3b8ccf979cb45d89a1

SHA1
d07c6f7fe0027832c8be897205802d8b18a0ff49

SHA256
681509c4da3662c51b9bd82cb6146eb242403d762d94dd91af9ef279924d2f68

SHA512
25bdbc2bdbf740cb11fd2942eed0bd2b230d31999b06d5392d5c2c37da36ca330f71adc562ad09aa24aa54422e39bb140edc9ceace697c549863cbcdebd2fccb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs.js

Filesize
6KB

MD5
5f965a712a3b36bde5e0a3e5b923e1ce

SHA1
6e9a6f58c13e233e2e0dc3e4aebaccb39cd11738

SHA256
befcd429eab49d0b4de54dc1bd7f208537b91fb2db98cba239ea34954a285a24

SHA512
9fd78bafa8e32fdb67390221bb85b79b60370a6ba4b40e1fe2a1e343ea7b50fd6f57b8cebaaf2d58c342082133b121b034829ca71a2c80843fc9559cc96eb376

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
438884168950488fdea3a94e28a83944

SHA1
e37182dca0491b27658795efa5e3b54494aed07c

SHA256
2046e894cbdceb56b81d687e9148e959e33fe7777adea44d4152a4862ce974f4

SHA512
eb23421b1f9fe7b3345c98e63aa9c11c85c239e7f7707c1ea98b5e89db824bc2b8ea2ea371bd0722e6d17de1dc8ba9ad2913f0c3fc76adabfbde52c6bc9f09ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
5bc9936c8e1c5e67aeb8be984340cb64

SHA1
581506f9c9cd466b214003a238f8ee10b2ec4064

SHA256
da638e8ff401ed6bb317bb5903c6d1c83466e8132f9abeffcb53539ed3cb881e

SHA512
24edd866f42d6dc1771eb3663c4e09dfb793f665811fe837a4273944f5af07026e2c8bd10c6a2649d19e87558ac7075047c2a770ca4b574ad13e94ff73020a77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b7b1f00565e4f667191f451d43f59e28

SHA1
3a6fdbabfc63b72e4c431655ef36c12550a4a43f

SHA256
1f70b157403a0cfd5681ab8d681f94734e36e4c72046aef4255faf5d45bf8fb6

SHA512
d5474b42c84818ab0ad769e7d767c5f1dde3cc0dacd0c0a2ceb61568ebe4e14c3999f900d73c90ee7fa8ef84d2159f3dcca12f1da3958068c897cd839882ca23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
0cebea3c658542bce93b2a0e7b934d42

SHA1
1358fc0d1182942ba1721b59a358ecfd70457b8a

SHA256
027b0d71068c0c8018ed3bbde14a8202648fc8b52f4a08eaf0e1cf389280d731

SHA512
37a55461ff9af2d1e9be0341a919656dc0f1c92d6590d8036a4bd99899d3fe71de3ab29de2bc066bc95eb53de05e1022350a92575b11a26046ca12b7e6eee61f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
0919dc8fc0308d8a2dbac272181b1b52

SHA1
e2fc52aa9c437080f438ce916ddda41c04b059c8

SHA256
d3870fb7473df49314f5e3c2c23c161c7e3b86d59d0bdba6bf8d179e2eb49388

SHA512
f283faa8ece4bfa66c24fa59030bba7181da2fc5831a1bef477c667dc57e5ac00480491041f24e0257c24df159475e961ccaef3bdea59a7a5e54601c5d0a29f5

Download Submit
C:\Users\Admin\Downloads\Notion-x86._x56ddFP.msix.part

Filesize
8KB

MD5
acaa6da5fbe7119c207af810f4eac399

SHA1
527dfd8dcce881bcdc408180436abe54098d8f5e

SHA256
0e4328f58846d5ced42c4eb1eb238b0422d6facbc6708638bd2c52de141d66af

SHA512
59435a7d117437854f40afa17b9b1512672843d6d144fecc2de54368acb5193f619ca821d2e0c0e547e2aa9c86cc2a049666998425c7d79ecc4ab46029ee264a

Download Submit