Malware Analysis Report

2025-08-10 19:47

Sample ID 221113-zj7dtada45
Target NanoCore_Portable.exe
SHA256 59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc
Tags
nanocore keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc

Threat Level: Known bad

The file NanoCore_Portable.exe was found to be: Known bad.

Malicious Activity Summary

nanocore keylogger spyware stealer trojan

NanoCore

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Enumerates physical storage devices

Delays execution with timeout.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-11-13 20:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-11-13 20:45

Reported

2022-11-13 20:46

Platform

win7-20220812-en

Max time kernel

42s

Max time network

45s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe"

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1644 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe C:\Windows\SysWOW64\cmd.exe
PID 1644 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe C:\Windows\SysWOW64\cmd.exe
PID 1644 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe C:\Windows\SysWOW64\cmd.exe
PID 1644 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe C:\Windows\SysWOW64\cmd.exe
PID 1876 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 1876 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 1876 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 1876 wrote to memory of 1668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\mode.com
PID 1876 wrote to memory of 956 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 1876 wrote to memory of 956 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 1876 wrote to memory of 956 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 1876 wrote to memory of 956 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 1876 wrote to memory of 1528 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\NanoCore.exe
PID 1876 wrote to memory of 1528 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\NanoCore.exe
PID 1876 wrote to memory of 1528 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\NanoCore.exe
PID 1876 wrote to memory of 1528 N/A C:\Windows\SysWOW64\cmd.exe C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe

"C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\TempDel.bat" "

C:\Windows\SysWOW64\mode.com

mode 30,20

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak 10

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

"C:\Users\Admin\AppData\Local\Temp\NanoCore.exe"

Network

Country Destination Domain Proto
N/A 10.127.0.1:5351 udp
N/A 8.8.8.8:53 lazyshare.net udp
N/A 35.212.156.187:80 lazyshare.net tcp

Files

memory/1644-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

memory/1876-55-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\TempDel.bat

MD5 3b2fb2a8ccaaa86a5fbcab338e641ff1
SHA1 bfd7df0e383c404d6c5cd58687954426a43acd7f
SHA256 34cba91daa5d60239496f52d4da9c526a0ed7680adf8f4fc491b2ddb32d48208
SHA512 cf00ac00845f1ac0cde6a18507c8b629c95a4391170dc1297e596406e0aa5802090b3631aa2bc3dc8632fe6c85c3d33557f9235cb43a833cbb4d8f3d84bc4443

memory/1668-57-0x0000000000000000-mapping.dmp

memory/956-58-0x0000000000000000-mapping.dmp

\Users\Admin\AppData\Local\Temp\NanoCore.exe

MD5 1728acc244115cbafd3b810277d2e321
SHA1 be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
SHA256 ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
SHA512 8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

MD5 1728acc244115cbafd3b810277d2e321
SHA1 be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
SHA256 ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
SHA512 8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

MD5 1728acc244115cbafd3b810277d2e321
SHA1 be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
SHA256 ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
SHA512 8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

memory/1528-61-0x0000000000000000-mapping.dmp

memory/1528-64-0x0000000074240000-0x00000000747EB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

C:\Users\Admin\AppData\Local\Temp\builder.log

MD5 0061a98407086fb3106b61fe5d0fbb27
SHA1 c5882467e947fa1cab30dd45fe337b23bce1712a
SHA256 054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a
SHA512 b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

C:\Users\Admin\AppData\Local\Temp\server.log

MD5 ac6285562e5e3e4e98feb7fe8df884a4
SHA1 4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b
SHA256 51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a
SHA512 6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

C:\Users\Admin\AppData\Local\Temp\settings.bin

MD5 daa76574a834b950a015d191e410c400
SHA1 c93dae186bb23e7fc052b6cbc4626c58bc0f60a5
SHA256 c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f
SHA512 9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

memory/1528-72-0x0000000002356000-0x0000000002367000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

C:\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll

MD5 9b19dcee960dc215e64b1d82348707a9
SHA1 9c1e0f76673eb385787120e17404df179316ca2b
SHA256 3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
SHA512 cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll

MD5 9b19dcee960dc215e64b1d82348707a9
SHA1 9c1e0f76673eb385787120e17404df179316ca2b
SHA256 3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
SHA512 cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

C:\Users\Admin\AppData\Local\Temp\Databases\main.sqlite

MD5 ea522fc387e8e1c1c65e946c9118e2c7
SHA1 0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21
SHA256 ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b
SHA512 52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

C:\Users\Admin\AppData\Local\Temp\client.bin

MD5 906a949e34472f99ba683eff21907231
SHA1 7c5a57af209597fa6c6bce7d1a8016b936d3b0b6
SHA256 9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
SHA512 29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\home.png

MD5 0a482ce7f891fe7a64118bbb34a34b9c
SHA1 2aba3c06942273aebc5e616602620e4b2526ebe7
SHA256 76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346
SHA512 0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\clients.png

MD5 0331dbac2291c05d567461b58654d350
SHA1 1f89cdf7199983e788fd1f22b873ab9b0500952d
SHA256 8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542
SHA512 2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\network.png

MD5 48780574121d519661c2e0bc51b25b68
SHA1 89d8d5e42fbae3d95c8036c1738656b8e6343091
SHA256 28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6
SHA512 7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\system.png

MD5 9993c66f33d16d11e701abbabf5a5db8
SHA1 415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e
SHA256 24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40
SHA512 7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\builder.png

MD5 d2d498dc06990b948ef42c479c4c1f94
SHA1 eb380e6d156f5cc2ab28baa5add2ba8acda088b3
SHA256 ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550
SHA512 fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

C:\Users\Admin\AppData\Local\Temp\plugins.bin

MD5 5e709fc806e8ba3385487699004f6d29
SHA1 2f32547ed5b9db3b33969fb4858945610aaeedb2
SHA256 9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f
SHA512 a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

C:\Users\Admin\AppData\Local\Temp\Plugins\CorePlugin.ncp

MD5 7914e7302f72d330aa5f6c5c8c26df43
SHA1 8c411f3fe5297a78cb018539b44df87c0a51606a
SHA256 f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5
SHA512 8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

C:\Users\Admin\AppData\Local\Temp\Plugins\MiscTools.ncp

MD5 78e3006fc6468eb7dfc7761072b84ac6
SHA1 e46cae768d2754f48a29b7e424a9bddf0d67bcd8
SHA256 3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46
SHA512 0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

C:\Users\Admin\AppData\Local\Temp\Plugins\SurveillancePlugin.ncp

MD5 ed3edf12bac989d1dd6edf7146feb805
SHA1 776a667bf2341b43e199c3601856ac223b86d221
SHA256 3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040
SHA512 e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413

C:\Users\Admin\AppData\Local\Temp\Plugins\SurveillanceExPlugin.ncp

MD5 195fbe66986564288c3285935fe87b27
SHA1 2fe84fbbf109b3e4c7c63b414689021ba847b568
SHA256 a2ce9ed783b26d01d58e07b9c97bcfecace9ced72960cf3ecf471fbd008afbae
SHA512 552161e555d07fdf7062a4c0d3738819b13ad4c9a5c54f09db48dccf6faf49b014eb043037500abdac7af0210ed118c5232d8d54be367d8a4caccfae7904332e

C:\Users\Admin\AppData\Local\Temp\Plugins\SecurityPlugin.ncp

MD5 44bd68199bb393d0eeb7ae83b56d9b9f
SHA1 c6cfa069a17ace16c651a11945bd54f4ca6193d1
SHA256 25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12
SHA512 a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4

C:\Users\Admin\AppData\Local\Temp\Plugins\NetworkPlugin.ncp

MD5 70e5b02349742a550fbfcfb5bb78c906
SHA1 2319b68398af74fe08b6a3a7d6943cf700240a4e
SHA256 160030b8444b6fa86775a11d1be35df6a75252070fc5661055884d3f8b07296d
SHA512 bbb5d2fd6eff637da303a4ab2fdb02f781619ffe25c5795c5b9e514214227717771a98ce6c3becc87b29c15303ac4373ee3847060ad5755a2455362e6e26932b

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoStress.ncp

MD5 ba6f59df971d6db7a8951edbd5d6691b
SHA1 ed766de1fb4ab0889b3fbc8127f1393eb3cddc15
SHA256 6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581
SHA512 bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoProtectPlugin.ncp

MD5 e51af633e5f5f4a817a54773fb90d337
SHA1 0cb8a7965f9f042954b1f318ea1026b76e12f8e0
SHA256 b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66
SHA512 6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoNana.ncp

MD5 c5d40b767bd6b97f88ccce13956d0ad8
SHA1 ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100
SHA256 a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa
SHA512 3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

C:\Users\Admin\AppData\Local\Temp\Plugins\AIO.ncp

MD5 60c274ccb344da9e3d77449f6068d253
SHA1 ab25eddf3ddb61ef52104a01e5c9b8a23451c764
SHA256 0a59aaee013c57f3b6190d683160d88ca1c5868565cbf5acbb7b17d3e925c602
SHA512 9600d852b56557f31a5a18a6aa2cb76cf4fabf36ae32bbeccf82677f64737542234e2fb06ac8d917f9839120320b7db212d76e8dea24445f13096d86a474b9c9

C:\Users\Admin\AppData\Local\Temp\Plugins\ToolsPlugin.ncp

MD5 699eb468e7d6bee9c429923b5b477545
SHA1 80bc420c3e441c9b9c3813ac05ea9e168cca1e3a
SHA256 d753bc28d842e44ffbf6cf99314febe5ed7759b25a74ca34a47fdd153bf2a6ab
SHA512 5d82a98e918ea3eb024dbb7552e5cdecc317b49635a5789029e7a0035d2f0cb2a3c47ef53e603217afd17d6f59fc78a918e2e5f70266119c619e41b3b647aac9

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBrowser.ncp

MD5 8b13fdc96af0a84c152f5a601dcc6b06
SHA1 1250db70fda8a2c32f37bbdc5638074c6dc171a7
SHA256 997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0
SHA512 536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoCoreSwiss.ncp

MD5 fcb5afd01e75aca8ed9fbd35a46e54f3
SHA1 94b69f8612d31fc0698089d5e08aea1cafea52e7
SHA256 bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5
SHA512 b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

C:\Users\Admin\AppData\Local\Temp\Plugins\MultiCore.ncp

MD5 becb82e1e914e906be158e3f9dd658ac
SHA1 725d3d658680ca8dcb610d998db4b28733b5ee52
SHA256 5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33
SHA512 1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

C:\Users\Admin\AppData\Local\Temp\Plugins\ManagementPlugin.ncp

MD5 b612c2c9a6d361a5db14c04ba126119c
SHA1 d2b29e235b0f45242088b78313438bdfd51209dc
SHA256 b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c
SHA512 194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

C:\Users\Admin\AppData\Local\Temp\Plugins\DucPlugin.ncp

MD5 5eca68a8368e0e144b7016e30b85515c
SHA1 0ba48b49974156e5746958aeeb1c2a26c916b3be
SHA256 e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676
SHA512 ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

C:\Users\Admin\AppData\Local\Temp\Plugins\VisibleMode1.1.ncp

MD5 37c2ef6e5214600396ee87c4168a5664
SHA1 69b6e1f612f5a3435fab05074cffd3ebd1c232fa
SHA256 4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2
SHA512 667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBlack.ncp

MD5 794ab16c092ebf2b1d812d6cce158537
SHA1 6dd9edd26b50265d5af4642f9d1f1f8703a44805
SHA256 7919b7998d6b359d7cb700018dc2d69ff6ffb45bd01c9c190b98fb4c9ff4beab
SHA512 e639bb0f7d309344c45ddff3d7f91212b3c6a9db6970d06db35f6bac228b389ed8c32dbda75ae23ad1359bb60f678b0b891caa3ed07245aaad21dcb3ea4a5347

C:\Users\Admin\AppData\Local\Temp\public.bin

MD5 602d0cc4e7246f8a3b8a5ee9c7fabe30
SHA1 e9ecc8f782cf27ae68339b0cdfd0f79c69aa4afc
SHA256 6de29ee3e660fd3ab419f568fcf65f8418484eb43d5bfcdbfac5d456fd8488f2
SHA512 ccaf306f4e4b4ee7de6a62954bbebcb52d131da49912d2d6ad39d07012dffe66ec6109dfbd5fbfd166e98e7bcb2c564b75eda0a2eda2ee815f71db5986506f43

C:\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

C:\Users\Admin\AppData\Local\Temp\Databases\core.sqlite

MD5 3732df3263fbaa868bb866bcca1f402c
SHA1 f247dc7dfea7bcbb69116920d48af2dabf85b444
SHA256 716d9992711b5b17eca841836ba5a63db0a62251bd056a92db96deccfa887b41
SHA512 bb99cfe2be9488c6d7e57991b2bbc4e593ade8c8d2c79e4b7056ec5be60fd5e0b88467f65dca71c269540b800f0c3319e4e849e7e77069a6e9b1b89a2d4807fd

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\computer.png

MD5 c0dc4d56147b86b211c7419f727be0a3
SHA1 71740927a6e212b9caaf30a04eba86ad549bf63c
SHA256 b0b606f3f84b5e1f8c7f8558dd3f092adce374f5c810613845276d47a6401d58
SHA512 a1e89366800e611979fe693cc1a87d75d3e0e9629523b2d19a222b87a4f80e813319f861fd972cb861cf227de272d701f7bac508fb48c8f2d025485fe8b75a97

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\arrow_refresh.png

MD5 9b1a30ac871af0684baa0e4e76911d48
SHA1 c1bf620aa2e493ed63d96729842c650b62c26ab3
SHA256 6141eaf716680ef3030c0db1252bb39bf3145e4a17225d787808c7731ba9358d
SHA512 22c6a8d27ed029cde7812b5cc0442c8e6733fa00f1f62506f6f94cec48026709e0c444fb72dd123b37182c791bb9358d00cac899bd65480c9d05d4b8ce80758d

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\disconnect.png

MD5 560aa223ee6d663270b49df9fee84d7a
SHA1 5e177aa1e3180cccc15fc81bce5d23ae32ddef6e
SHA256 d79ca587e71fa6dc2fe27b2fb678b84b01b0509a1956ee8bd852417e860d5fa7
SHA512 7a2295769cd2ed15ad9491afda427a7584fe206fe1158caf01d5d229d7d223820b92fe6b804ed0a5681f0cfd25ba3a2a7280b4180a985c0ba67cd3eca2c37487

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\remove.png

MD5 51f8eafbfab6b02f83e24336f4bb7ec8
SHA1 e18154aabac4f28b829197666e0c156b6fe52349
SHA256 e2a8bd43684bf7955927ed689b191b0fb79552c1440342f0c6dd2ab6bccd7b7f
SHA512 56777a5b8a0e1f65c6767325d6c0527de33e19055fa9af6e4a11af4127d5f2ec22c2a957fbd972991eb754202f56effe53ee392a5cf80ccd5fccb47dfc8c90bf

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\application_delete.png

MD5 333c3e0cc3ff3a57b9ca358de9bd39cb
SHA1 799169a02fc0ad101dad6b8d6d86c5ba76015841
SHA256 9e3de440bec32e23846a9ef37235453ea627a8aeb0a17ac0afedb433fcb448ee
SHA512 3551ad2fba75328aab0ca185290c18d44c1943fc1423f9c3c12b6f450c14be27c4fbfa548d98a664e06693cc706dce1a41c3f5bfaac245440692a25fb11b6b82

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\system_monitor.png

MD5 cbc5a799bd030812570fe27b8a5c804b
SHA1 ef0be2295a7165b76785602e9bd7f5fc13c8cb6d
SHA256 9913c8c7871b787d832a3688db5623e8f72ac547d0517a5c1741e9c24d6ea279
SHA512 ec40b627f37e1c368314cfa7dd6d13adf8d4ab420c96267cb5a1f384a625ec8a4eb8fbbedab0e2b8239906e1eb1961c862a6a104fde83adf14f3fe29109e1197

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\books_stack.png

MD5 f85aa7e604e376846e22060f39ed5cef
SHA1 52682e511e742f72f370946a87022d00e6218e64
SHA256 e10f4dd9daaf95f3aa0f6009e2d82d5c09981cced09c253bf105931a40673750
SHA512 3ccb257db311259887b811ba217122325dc7ff443697abb875a56950be3dd0d1ba481f9ff9b1666c264c277e40938ac403df90179ff1f43749e5882897a9d6b6

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\clipboard.png

MD5 bba5acfe2a3448910760402af17b2057
SHA1 b5a17fcaa8462818cc7bab6ec28f0b394f47c553
SHA256 bc6045247ed76340995951f6fdeb18c24b8ee53db3450a3426b8aca85175b308
SHA512 2f27d130675eefb2e6586645a75fd3d0729e9050a3ad7b8dc1671ed86c270831589f9c03f6c39fe1755a7c485fab42af789bb446ee5ab7615e574fe5a0f6fe35

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\plugins.png

MD5 3191ca0269497a9566299585d427bc15
SHA1 7db0caabd0a466730b264d07c8cceeb62648788c
SHA256 e60d5bbd1aaa36e731ef53f09dd4b010a041dd7c346c4f3ae0b824f63c37959f
SHA512 6d76f44efea93a2f43e3d9ac11bb97d279a9d3fe668382c2e747ec5bcc0e48d5decf59e2772058e804bf32bc74f4b0380db8dcd0f652073661e68abcbe5adb08

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\wrench.png

MD5 da4053b4dd7f25ab2f0fc2efd1ed871a
SHA1 4c5314dbb63ec94c8735bf83cccb66926f4f9d92
SHA256 0149f17649f85866d19b503c0a75c592d5e6a2bd62cac1a11cbb180ecfcb3f79
SHA512 1d039be60f312d58145eaea5d83d16b9214fdd91c13580567f1aa6cccd8dcd497aff95368d0ebfa770f79545a6626f943fea8ed9c19717e405a625269cbe9006

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\file_manager.png

MD5 aa7e817a2d4f55e9873a24a1586ebf54
SHA1 13bbe5a713599e6c7fb7cf043339995e02cd088b
SHA256 4623a50fc347c3f745ae9acb1bcddf6394e18d07bb532036b7fcaef4e161e33b
SHA512 b7dd1ef3b7fdac61ad014283dd2fa6af0ba83ea4162cccbd652576bab215c474c4c1feb343117cefa20741a29390b0e6eff67cf3030af40cd5baefe85b0615f9

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\control_panel.png

MD5 49811b46491e436958be941d0e5e2bd2
SHA1 aab6685832f9de619929f7bdf288ac668f35ce02
SHA256 04030a3e3e23baaf7573e297ca0b83f5d196f905568fceefba0b1e0413d1a063
SHA512 cb078f7341c646f9ec65a2a0e9f20dd3fe83c713bd4999cd79619ba52729ac673fc1a9f24c0b7547058b22664d8ad79df14ab2a3656c5577b8ce3bc751ceb54c

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\database.png

MD5 5c58d93fc729fc2713a1b48fd9c75b13
SHA1 4cf70524c5feb288d0685cd3f4c8a47a23a4e229
SHA256 2472976a5d208572c0d535ce14bd46415b205e0bb004a74c2f1a90d82e23fa39
SHA512 8b4fce32089a29ed619b288c7d682c0b833019efd163d5890966476fb436033f0ca1ade418be2a58f8e324f5b4fd1bd8559313bff9e007eff862fbb0d3278f3f

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\terminal.png

MD5 7eea51d284e59c3d2b347bf0eec4c4aa
SHA1 1e5ac6ed716c5450c6330475f03575a62e093996
SHA256 5e5221e3f9e990114b5f747024bcd2c7f6916f46624e8f68d32affc88b1b97ab
SHA512 f0f846c6ef11eeaa97d13b1f7939ca48b7a20e3395cb93270c6d9f6bd4004ee372441deb76e6cafbb04258e3432e6567f8b7854874f809ecb7ce97d4365690ff

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\toolbox.png

MD5 eb79462fe486add9e0a303fb8f31340d
SHA1 84b3fdc9c64e94b8bcd48071baf018540f6486f2
SHA256 116c0039bc039290aab9d7d3089b7dcd6ffe7a3364f14a2ebc3ff4e665307498
SHA512 6dd52d7c4ffe77443d5ad4459722febdee04f5b6074b548ef02a04e2041fc06efbea3b5f1a45d54c906a534b9df97a22873e6c50010b390ed0d7f1c6996304e3

memory/1528-126-0x0000000074240000-0x00000000747EB000-memory.dmp

memory/1528-127-0x0000000002356000-0x0000000002367000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-11-13 20:45

Reported

2022-11-13 20:48

Platform

win10v2004-20220901-en

Max time kernel

91s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe"

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe

"C:\Users\Admin\AppData\Local\Temp\NanoCore_Portable.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TempDel.bat" "

C:\Windows\SysWOW64\mode.com

mode 30,20

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak 10

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

"C:\Users\Admin\AppData\Local\Temp\NanoCore.exe"

Network

Country Destination Domain Proto
N/A 20.42.65.84:443 tcp
N/A 8.8.8.8:53 lazyshare.net udp
N/A 35.212.156.187:80 lazyshare.net tcp
N/A 10.127.0.1:5351 udp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp
N/A 104.80.229.204:443 tcp

Files

memory/3560-132-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\TempDel.bat

MD5 3b2fb2a8ccaaa86a5fbcab338e641ff1
SHA1 bfd7df0e383c404d6c5cd58687954426a43acd7f
SHA256 34cba91daa5d60239496f52d4da9c526a0ed7680adf8f4fc491b2ddb32d48208
SHA512 cf00ac00845f1ac0cde6a18507c8b629c95a4391170dc1297e596406e0aa5802090b3631aa2bc3dc8632fe6c85c3d33557f9235cb43a833cbb4d8f3d84bc4443

memory/1224-134-0x0000000000000000-mapping.dmp

memory/4356-135-0x0000000000000000-mapping.dmp

memory/3100-136-0x0000000000000000-mapping.dmp

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

MD5 1728acc244115cbafd3b810277d2e321
SHA1 be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
SHA256 ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
SHA512 8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

MD5 1728acc244115cbafd3b810277d2e321
SHA1 be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
SHA256 ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
SHA512 8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

memory/3100-139-0x0000000074D30000-0x00000000752E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

C:\Users\Admin\AppData\Local\Temp\server.log

MD5 ac6285562e5e3e4e98feb7fe8df884a4
SHA1 4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b
SHA256 51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a
SHA512 6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

C:\Users\Admin\AppData\Local\Temp\builder.log

MD5 0061a98407086fb3106b61fe5d0fbb27
SHA1 c5882467e947fa1cab30dd45fe337b23bce1712a
SHA256 054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a
SHA512 b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

C:\Users\Admin\AppData\Local\Temp\settings.bin

MD5 daa76574a834b950a015d191e410c400
SHA1 c93dae186bb23e7fc052b6cbc4626c58bc0f60a5
SHA256 c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f
SHA512 9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

C:\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll

MD5 9b19dcee960dc215e64b1d82348707a9
SHA1 9c1e0f76673eb385787120e17404df179316ca2b
SHA256 3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
SHA512 cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

C:\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll

MD5 9b19dcee960dc215e64b1d82348707a9
SHA1 9c1e0f76673eb385787120e17404df179316ca2b
SHA256 3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
SHA512 cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

C:\Users\Admin\AppData\Local\Temp\Databases\main.sqlite

MD5 ea522fc387e8e1c1c65e946c9118e2c7
SHA1 0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21
SHA256 ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b
SHA512 52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

C:\Users\Admin\AppData\Local\Temp\client.bin

MD5 906a949e34472f99ba683eff21907231
SHA1 7c5a57af209597fa6c6bce7d1a8016b936d3b0b6
SHA256 9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
SHA512 29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\home.png

MD5 0a482ce7f891fe7a64118bbb34a34b9c
SHA1 2aba3c06942273aebc5e616602620e4b2526ebe7
SHA256 76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346
SHA512 0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\clients.png

MD5 0331dbac2291c05d567461b58654d350
SHA1 1f89cdf7199983e788fd1f22b873ab9b0500952d
SHA256 8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542
SHA512 2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\network.png

MD5 48780574121d519661c2e0bc51b25b68
SHA1 89d8d5e42fbae3d95c8036c1738656b8e6343091
SHA256 28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6
SHA512 7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\system.png

MD5 9993c66f33d16d11e701abbabf5a5db8
SHA1 415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e
SHA256 24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40
SHA512 7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\builder.png

MD5 d2d498dc06990b948ef42c479c4c1f94
SHA1 eb380e6d156f5cc2ab28baa5add2ba8acda088b3
SHA256 ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550
SHA512 fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

C:\Users\Admin\AppData\Local\Temp\plugins.bin

MD5 5e709fc806e8ba3385487699004f6d29
SHA1 2f32547ed5b9db3b33969fb4858945610aaeedb2
SHA256 9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f
SHA512 a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

C:\Users\Admin\AppData\Local\Temp\Plugins\CorePlugin.ncp

MD5 7914e7302f72d330aa5f6c5c8c26df43
SHA1 8c411f3fe5297a78cb018539b44df87c0a51606a
SHA256 f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5
SHA512 8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

C:\Users\Admin\AppData\Local\Temp\Plugins\DucPlugin.ncp

MD5 5eca68a8368e0e144b7016e30b85515c
SHA1 0ba48b49974156e5746958aeeb1c2a26c916b3be
SHA256 e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676
SHA512 ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoCoreSwiss.ncp

MD5 fcb5afd01e75aca8ed9fbd35a46e54f3
SHA1 94b69f8612d31fc0698089d5e08aea1cafea52e7
SHA256 bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5
SHA512 b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

C:\Users\Admin\AppData\Local\Temp\Plugins\MultiCore.ncp

MD5 becb82e1e914e906be158e3f9dd658ac
SHA1 725d3d658680ca8dcb610d998db4b28733b5ee52
SHA256 5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33
SHA512 1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

C:\Users\Admin\AppData\Local\Temp\Plugins\MiscTools.ncp

MD5 78e3006fc6468eb7dfc7761072b84ac6
SHA1 e46cae768d2754f48a29b7e424a9bddf0d67bcd8
SHA256 3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46
SHA512 0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

C:\Users\Admin\AppData\Local\Temp\Plugins\ManagementPlugin.ncp

MD5 b612c2c9a6d361a5db14c04ba126119c
SHA1 d2b29e235b0f45242088b78313438bdfd51209dc
SHA256 b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c
SHA512 194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoNana.ncp

MD5 c5d40b767bd6b97f88ccce13956d0ad8
SHA1 ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100
SHA256 a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa
SHA512 3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoStress.ncp

MD5 ba6f59df971d6db7a8951edbd5d6691b
SHA1 ed766de1fb4ab0889b3fbc8127f1393eb3cddc15
SHA256 6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581
SHA512 bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2

C:\Users\Admin\AppData\Local\Temp\Plugins\AIO.ncp

MD5 60c274ccb344da9e3d77449f6068d253
SHA1 ab25eddf3ddb61ef52104a01e5c9b8a23451c764
SHA256 0a59aaee013c57f3b6190d683160d88ca1c5868565cbf5acbb7b17d3e925c602
SHA512 9600d852b56557f31a5a18a6aa2cb76cf4fabf36ae32bbeccf82677f64737542234e2fb06ac8d917f9839120320b7db212d76e8dea24445f13096d86a474b9c9

C:\Users\Admin\AppData\Local\Temp\Plugins\ToolsPlugin.ncp

MD5 699eb468e7d6bee9c429923b5b477545
SHA1 80bc420c3e441c9b9c3813ac05ea9e168cca1e3a
SHA256 d753bc28d842e44ffbf6cf99314febe5ed7759b25a74ca34a47fdd153bf2a6ab
SHA512 5d82a98e918ea3eb024dbb7552e5cdecc317b49635a5789029e7a0035d2f0cb2a3c47ef53e603217afd17d6f59fc78a918e2e5f70266119c619e41b3b647aac9

C:\Users\Admin\AppData\Local\Temp\Plugins\SurveillancePlugin.ncp

MD5 ed3edf12bac989d1dd6edf7146feb805
SHA1 776a667bf2341b43e199c3601856ac223b86d221
SHA256 3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040
SHA512 e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413

C:\Users\Admin\AppData\Local\Temp\Plugins\SurveillanceExPlugin.ncp

MD5 195fbe66986564288c3285935fe87b27
SHA1 2fe84fbbf109b3e4c7c63b414689021ba847b568
SHA256 a2ce9ed783b26d01d58e07b9c97bcfecace9ced72960cf3ecf471fbd008afbae
SHA512 552161e555d07fdf7062a4c0d3738819b13ad4c9a5c54f09db48dccf6faf49b014eb043037500abdac7af0210ed118c5232d8d54be367d8a4caccfae7904332e

C:\Users\Admin\AppData\Local\Temp\Plugins\NetworkPlugin.ncp

MD5 70e5b02349742a550fbfcfb5bb78c906
SHA1 2319b68398af74fe08b6a3a7d6943cf700240a4e
SHA256 160030b8444b6fa86775a11d1be35df6a75252070fc5661055884d3f8b07296d
SHA512 bbb5d2fd6eff637da303a4ab2fdb02f781619ffe25c5795c5b9e514214227717771a98ce6c3becc87b29c15303ac4373ee3847060ad5755a2455362e6e26932b

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoProtectPlugin.ncp

MD5 e51af633e5f5f4a817a54773fb90d337
SHA1 0cb8a7965f9f042954b1f318ea1026b76e12f8e0
SHA256 b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66
SHA512 6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

C:\Users\Admin\AppData\Local\Temp\Plugins\SecurityPlugin.ncp

MD5 44bd68199bb393d0eeb7ae83b56d9b9f
SHA1 c6cfa069a17ace16c651a11945bd54f4ca6193d1
SHA256 25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12
SHA512 a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBrowser.ncp

MD5 8b13fdc96af0a84c152f5a601dcc6b06
SHA1 1250db70fda8a2c32f37bbdc5638074c6dc171a7
SHA256 997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0
SHA512 536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBlack.ncp

MD5 794ab16c092ebf2b1d812d6cce158537
SHA1 6dd9edd26b50265d5af4642f9d1f1f8703a44805
SHA256 7919b7998d6b359d7cb700018dc2d69ff6ffb45bd01c9c190b98fb4c9ff4beab
SHA512 e639bb0f7d309344c45ddff3d7f91212b3c6a9db6970d06db35f6bac228b389ed8c32dbda75ae23ad1359bb60f678b0b891caa3ed07245aaad21dcb3ea4a5347

C:\Users\Admin\AppData\Local\Temp\Plugins\VisibleMode1.1.ncp

MD5 37c2ef6e5214600396ee87c4168a5664
SHA1 69b6e1f612f5a3435fab05074cffd3ebd1c232fa
SHA256 4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2
SHA512 667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab

C:\Users\Admin\AppData\Local\Temp\public.bin

MD5 602d0cc4e7246f8a3b8a5ee9c7fabe30
SHA1 e9ecc8f782cf27ae68339b0cdfd0f79c69aa4afc
SHA256 6de29ee3e660fd3ab419f568fcf65f8418484eb43d5bfcdbfac5d456fd8488f2
SHA512 ccaf306f4e4b4ee7de6a62954bbebcb52d131da49912d2d6ad39d07012dffe66ec6109dfbd5fbfd166e98e7bcb2c564b75eda0a2eda2ee815f71db5986506f43

C:\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

C:\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

C:\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

C:\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

C:\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

C:\Users\Admin\AppData\Local\Temp\Databases\core.sqlite

MD5 3732df3263fbaa868bb866bcca1f402c
SHA1 f247dc7dfea7bcbb69116920d48af2dabf85b444
SHA256 716d9992711b5b17eca841836ba5a63db0a62251bd056a92db96deccfa887b41
SHA512 bb99cfe2be9488c6d7e57991b2bbc4e593ade8c8d2c79e4b7056ec5be60fd5e0b88467f65dca71c269540b800f0c3319e4e849e7e77069a6e9b1b89a2d4807fd

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\computer.png

MD5 c0dc4d56147b86b211c7419f727be0a3
SHA1 71740927a6e212b9caaf30a04eba86ad549bf63c
SHA256 b0b606f3f84b5e1f8c7f8558dd3f092adce374f5c810613845276d47a6401d58
SHA512 a1e89366800e611979fe693cc1a87d75d3e0e9629523b2d19a222b87a4f80e813319f861fd972cb861cf227de272d701f7bac508fb48c8f2d025485fe8b75a97

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\arrow_refresh.png

MD5 9b1a30ac871af0684baa0e4e76911d48
SHA1 c1bf620aa2e493ed63d96729842c650b62c26ab3
SHA256 6141eaf716680ef3030c0db1252bb39bf3145e4a17225d787808c7731ba9358d
SHA512 22c6a8d27ed029cde7812b5cc0442c8e6733fa00f1f62506f6f94cec48026709e0c444fb72dd123b37182c791bb9358d00cac899bd65480c9d05d4b8ce80758d

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\disconnect.png

MD5 560aa223ee6d663270b49df9fee84d7a
SHA1 5e177aa1e3180cccc15fc81bce5d23ae32ddef6e
SHA256 d79ca587e71fa6dc2fe27b2fb678b84b01b0509a1956ee8bd852417e860d5fa7
SHA512 7a2295769cd2ed15ad9491afda427a7584fe206fe1158caf01d5d229d7d223820b92fe6b804ed0a5681f0cfd25ba3a2a7280b4180a985c0ba67cd3eca2c37487

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\remove.png

MD5 51f8eafbfab6b02f83e24336f4bb7ec8
SHA1 e18154aabac4f28b829197666e0c156b6fe52349
SHA256 e2a8bd43684bf7955927ed689b191b0fb79552c1440342f0c6dd2ab6bccd7b7f
SHA512 56777a5b8a0e1f65c6767325d6c0527de33e19055fa9af6e4a11af4127d5f2ec22c2a957fbd972991eb754202f56effe53ee392a5cf80ccd5fccb47dfc8c90bf

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\application_delete.png

MD5 333c3e0cc3ff3a57b9ca358de9bd39cb
SHA1 799169a02fc0ad101dad6b8d6d86c5ba76015841
SHA256 9e3de440bec32e23846a9ef37235453ea627a8aeb0a17ac0afedb433fcb448ee
SHA512 3551ad2fba75328aab0ca185290c18d44c1943fc1423f9c3c12b6f450c14be27c4fbfa548d98a664e06693cc706dce1a41c3f5bfaac245440692a25fb11b6b82

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\system_monitor.png

MD5 cbc5a799bd030812570fe27b8a5c804b
SHA1 ef0be2295a7165b76785602e9bd7f5fc13c8cb6d
SHA256 9913c8c7871b787d832a3688db5623e8f72ac547d0517a5c1741e9c24d6ea279
SHA512 ec40b627f37e1c368314cfa7dd6d13adf8d4ab420c96267cb5a1f384a625ec8a4eb8fbbedab0e2b8239906e1eb1961c862a6a104fde83adf14f3fe29109e1197

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\books_stack.png

MD5 f85aa7e604e376846e22060f39ed5cef
SHA1 52682e511e742f72f370946a87022d00e6218e64
SHA256 e10f4dd9daaf95f3aa0f6009e2d82d5c09981cced09c253bf105931a40673750
SHA512 3ccb257db311259887b811ba217122325dc7ff443697abb875a56950be3dd0d1ba481f9ff9b1666c264c277e40938ac403df90179ff1f43749e5882897a9d6b6

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\clipboard.png

MD5 bba5acfe2a3448910760402af17b2057
SHA1 b5a17fcaa8462818cc7bab6ec28f0b394f47c553
SHA256 bc6045247ed76340995951f6fdeb18c24b8ee53db3450a3426b8aca85175b308
SHA512 2f27d130675eefb2e6586645a75fd3d0729e9050a3ad7b8dc1671ed86c270831589f9c03f6c39fe1755a7c485fab42af789bb446ee5ab7615e574fe5a0f6fe35

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\plugins.png

MD5 3191ca0269497a9566299585d427bc15
SHA1 7db0caabd0a466730b264d07c8cceeb62648788c
SHA256 e60d5bbd1aaa36e731ef53f09dd4b010a041dd7c346c4f3ae0b824f63c37959f
SHA512 6d76f44efea93a2f43e3d9ac11bb97d279a9d3fe668382c2e747ec5bcc0e48d5decf59e2772058e804bf32bc74f4b0380db8dcd0f652073661e68abcbe5adb08

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\wrench.png

MD5 da4053b4dd7f25ab2f0fc2efd1ed871a
SHA1 4c5314dbb63ec94c8735bf83cccb66926f4f9d92
SHA256 0149f17649f85866d19b503c0a75c592d5e6a2bd62cac1a11cbb180ecfcb3f79
SHA512 1d039be60f312d58145eaea5d83d16b9214fdd91c13580567f1aa6cccd8dcd497aff95368d0ebfa770f79545a6626f943fea8ed9c19717e405a625269cbe9006

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\file_manager.png

MD5 aa7e817a2d4f55e9873a24a1586ebf54
SHA1 13bbe5a713599e6c7fb7cf043339995e02cd088b
SHA256 4623a50fc347c3f745ae9acb1bcddf6394e18d07bb532036b7fcaef4e161e33b
SHA512 b7dd1ef3b7fdac61ad014283dd2fa6af0ba83ea4162cccbd652576bab215c474c4c1feb343117cefa20741a29390b0e6eff67cf3030af40cd5baefe85b0615f9

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\control_panel.png

MD5 49811b46491e436958be941d0e5e2bd2
SHA1 aab6685832f9de619929f7bdf288ac668f35ce02
SHA256 04030a3e3e23baaf7573e297ca0b83f5d196f905568fceefba0b1e0413d1a063
SHA512 cb078f7341c646f9ec65a2a0e9f20dd3fe83c713bd4999cd79619ba52729ac673fc1a9f24c0b7547058b22664d8ad79df14ab2a3656c5577b8ce3bc751ceb54c

C:\Users\Admin\AppData\Local\Temp\Resources\ContextIcons\database.png

MD5 5c58d93fc729fc2713a1b48fd9c75b13
SHA1 4cf70524c5feb288d0685cd3f4c8a47a23a4e229
SHA256 2472976a5d208572c0d535ce14bd46415b205e0bb004a74c2f1a90d82e23fa39
SHA512 8b4fce32089a29ed619b288c7d682c0b833019efd163d5890966476fb436033f0ca1ade418be2a58f8e324f5b4fd1bd8559313bff9e007eff862fbb0d3278f3f

memory/3100-201-0x000000000103A000-0x000000000103F000-memory.dmp

memory/3100-202-0x0000000074D30000-0x00000000752E1000-memory.dmp

memory/3100-203-0x000000000103A000-0x000000000103F000-memory.dmp