nanocore | hxxp://nanocore

Analysis

max time kernel
107s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12-04-2023 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://nanocore

Score

10^/10

nanocore keylogger spyware stealer trojan

Malware Config

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

NanoCore_Portable.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	NanoCore_Portable.exe

Executes dropped EXE 2 IoCs

Processes:

NanoCore_Portable.exeNanoCore.exe

pid process

332 NanoCore_Portable.exe
2632 NanoCore.exe

pid	process
332	NanoCore_Portable.exe
2632	NanoCore.exe

Loads dropped DLL 13 IoCs

Processes:

NanoCore.exe

pid	process
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe
2632	NanoCore.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

1020 timeout.exe

pid	process
1020	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133257976259347081"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1208 chrome.exe
1208 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe
Token: SeShutdownPrivilege	1208	chrome.exe
Token: SeCreatePagefilePrivilege	1208	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exeNanoCore.exe

pid	process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
2632	NanoCore.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe
1208	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

NanoCore.exe

pid process

2632 NanoCore.exe
2632 NanoCore.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1208 wrote to memory of 452	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 452	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 220	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 3572	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 3572	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe
PID 1208 wrote to memory of 4620	1208	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://nanocore
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffb0b619758,0x7ffb0b619768,0x7ffb0b619778
2⤵
PID:452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:2
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:3220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4492 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3140 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:3328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4592 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3172 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:3732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5028 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2952 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5568 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:1260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5728 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4808 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:3364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3492 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5576 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3864 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3528 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:2476

C:\Users\Admin\Downloads\NanoCore_Portable.exe
"C:\Users\Admin\Downloads\NanoCore_Portable.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:332

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TempDel.bat" "
3⤵
PID:3140

C:\Windows\SysWOW64\mode.com
mode 30,20
4⤵
PID:4304

C:\Windows\SysWOW64\timeout.exe
timeout /nobreak 10
4⤵
- Delays execution with timeout.exe
PID:1020

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe
"C:\Users\Admin\AppData\Local\Temp\NanoCore.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5396 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5680 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5684 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:2416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:8
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5820 --field-trial-handle=1808,i,9245797275195105130,4248448293454866639,131072 /prefetch:1
2⤵
PID:3732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2684

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
162KB

MD5
fdfdaf63d56b4a9cd6641d79f7159fdc

SHA1
18b413d8b6b9f3bec32026b7e9d9f4e5e366922f

SHA256
f4dba3e15f08cf0686e6d89370ed42e8a5dafc38973501f0aa6baa9b93c720f3

SHA512
06fd67f1a2d5f168c75b5b833d3222d6c0eccfadd4021173a7ec7f949971554d1c7df322b1dc512ef14941e76a9ff6445ba3bd16d940be5bc177be989ec39c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
d00fc8ab0cd77417a576bd18e927dc17

SHA1
5a4f7e8bac2cc972e09ad368c09f318bc40269b4

SHA256
18b58913f178d53c063a2e9f34498588cb78b6ffdd34bca00a7196e35b42457b

SHA512
a5f5044595dd8cec8dde9a6cf3e4b8cd1c14d0776240cf9ac8e640402e20bf476533c568e210c98ca7271ada7a582ba08c7a3b026195d6851c4f47c1cc7bfb2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7c9be16f26cfc65cb9993704a4c957b2

SHA1
7537407648325a5e45d5c250920d4e6f5222eb8a

SHA256
7977e4b59ee3306969b27259cecc2137e6e8121c29d2039e9cce1457c173e1f4

SHA512
4856f517a7110f7a0fe83beabe95711d2eb194accc6530c2640cff6c7fa5431c65d0e748c2f4c845b1cd84659911d97102218663fd94edacecec934e63e54aaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
3bdd866b69b5f97f34b6b32dc67becb6

SHA1
3fb330201d704bac4581cd88f7e6b1744df8ccbb

SHA256
aa359c9ad26eccb24d24d3d56d25ab7115e1055837e751a410a08c5722febc8a

SHA512
e2adcfc733b1ebecc9ab640a26f73b04e57f66b723cbd58dd2a84e8d2a37f5e2354f82952edbcecd52af79557b868bff0f6e26188d641f13ddd07abbc8e79f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
79ba2e191241782f3b6b0ecb0917f259

SHA1
632a8ac5225f8256f8ea4e6d5d7c7552de1ca00d

SHA256
617555326aa8f469c09e027deaddb5820156f4471944a774130d39c55038902e

SHA512
857d8404c0ebe0fdac46acb2dd2e06486911e60b24ebb224fa81537851af2f47bb6e290ff461197a8dccec9c65ba4aef53dcf4677ac5c282f1986283eb9b60c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
caaabe50aa502da088462d3810cea055

SHA1
74e41ef19ad66e3ae51f369ddefa6fb2fb8ce205

SHA256
774eb8d5c9b6a7990324d80c0f63bacbfbdd6a66db9f11bf8355773670020d64

SHA512
1ad71b95c685e5c228b8c863bcf5ae6333dba71e4a101abc796ce11ea0a7067077b4ec52d6b5443c51845e88d29f0c253ae1a598f86da606b31d2636c8bf4222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
34b69561d7610939ee0be1f6022302c5

SHA1
8316a939fc795c88502e81339cd9804d8edc292d

SHA256
037a19e4f8168b96b4ab846ac1b02c2975d03c27ae865b2c809b2e820656016a

SHA512
45506b126efe47123d3be851e02af96cd2c0485e92bc688f2be8b69f9dd18ba83245610481600b7787ddc86de421762825ab08ad102f2719a0780d5587b0b31d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8d148cda03949a592ada9c0a8e77ef4a

SHA1
4bb62be414ac7308fa338c82314b430dd3c297e0

SHA256
b7cae4dfa6880d126255f5da6d3807dd14c045c9d921c78645743e67a358f636

SHA512
3de90982e282868476d4dc7dcab773232e4be9ef8d899ac19bf15bf4a21a79a9716bb1d974211e9dd91668fad97522b51956bb9f7d437985ad4eebb0ac841331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1d3a0fa59cbf2d36693ea3193c7623b2

SHA1
2bcdc24595bcfc1b2da51eb910cd9fa66dd0dd5c

SHA256
b8075977dfbe0652c9fde677b2bcd27f98f912e0e64eac5210792b556d6a1efd

SHA512
e4b5053df25c3b96229ab8cf0653739ab20595f61a7cf7ed25e2b46cfc18123abfc7a6212f5d69e3d249367087d6edb349f68a56fb90daeeafcaa7dbd68f725a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
31bcbcbfb7065abf547d7113351624db

SHA1
ebd8868dc9065177339df9a7653e9727d8637197

SHA256
a9edb62192550364b8dab40c0335a6c1544c61e912f9b2bb840fbd9bc25873f7

SHA512
c0cfa24bcbcc83f341c3a612c105838c8b48786d151c30bb3bcb43240cedc129fd38fc42b8207d2e3e99563446ce10a612019cf40db39384110b6065a141e3a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2c6eafc1b6fe813bb18e48e83c3bdb69

SHA1
802ce770e637fd4f62c9f11c30e949cb0149efca

SHA256
eb6c96485d62d153a4e6ff1f6f020bb7edb3e0687ddb227ca9e5fbd6ebd87ba7

SHA512
c083d16330522495ad22c484ab8c0463c6de1ed4867ab36411c2143083b91bec5f07738fb1ab971b68ec133fcc733f979c9a8520bfcd9228e113ac4f508ecaf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9ac382c8ac2c224a299ab51a885da4c0

SHA1
fc263cd20ac20c106519940508a52121d9613683

SHA256
8f8f82417240065d8b797a4de9168ea05b7b833dcfaa1e9496c269e224f1d39b

SHA512
c30206b50f81ad33d7d5eb5331813eeb1ade19d8a218fb7413f969b80aae74051bcaa427a7ea1ef03d040ae51d5996397dbc3f43eb935fab983d8ffec3afc20d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1f35e652f658741f4da73b849cf1a484

SHA1
d2262b8a09528682dbee00f3fa3687480e661732

SHA256
f173606db6842d0e7f60e39a35cd850fcf2e6407309a692bcbedfb9b9da80a18

SHA512
c758545ff474644a09d4dddf5ac352dc1035798b25efe2ca8b684c05fa020f922c275cc4e62df0bb2c6e640d342078282b52ebcd07e4e82394a6e4ae3674d156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ce0f6b60040aaff077fb91759be4c9e2

SHA1
270251cee41efcb7eda5c100cc479cecb4338357

SHA256
8e730b52997b102429162ec5ee4a1aa8490e60c5adc8c905f7713693ed355d2f

SHA512
1f08eee41b1c1b95e0dbb95d75b726303cb5a653e91b6cea3c6df79717e265a76c421d82fd647b2e46813cdfc3e75b2f0ebabcf77f9bfb499fa7f215c79c2391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
b5b1f73b07874d8a2522df077a254d18

SHA1
3d5e9f6cec4c5d0973ddce73ba8c78de55938c6c

SHA256
be0bceaf059b50e7c71571ae1787a99fa9e59aaf8a4d737b36121a2fdee82544

SHA512
343298fec0b0658f70742acdd30ebeb534d9356d936870c71de28ac9fd68d32e872a6a56fb1aa1698d95a201a586d172251c4e57ce00ba1615555a566594bd20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
4fe0e7e59d96ed91e86ead837a099629

SHA1
d9ea7534522ecf4825c2037168ea21c2cdd065f3

SHA256
afb9a9a33dc91901be00a2492b5c2a34f4ba7b83f90a9deee011495bffbfac3f

SHA512
ececd87764ac319de4480247e9391abaff00580fee26c79dfbda56644ca4eabd6750b9ebf4bc202fa0e240c74346bfd9a79bd7bd6cbc2efa4a9a955f7ee6225a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
ee2b2860970ddd63f0e52b31a1bf5252

SHA1
cf8acf5f72a02713b3a19498b1135f9f6f9e2157

SHA256
db4bd3bce0cc81ffe72fc695f34a7fb4df42a69720016abd1560bd9ccdbeeffe

SHA512
b746e9dea0d6ff35804c189fba154dad236c0b7ff298f7e9040bb794a9d33f1f17609337aa2d0e7271ce83d9335ec72d796be4791c413ce6415709323d311d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
78195740e79dba55deaea87cb26dc8dc

SHA1
11d131809efbbdfae3143453d79bcd05da5bc2f3

SHA256
61b4e9295fdd06b2297857031d8fad59b49c631134b6461f1acb731234602b75

SHA512
c9a8278b81aaf630a499cde39fb792c39151e7ba2c88441cc38f7c0e2ae7eef8262b6bcbf13a1d9acb97bfb181c5d2429662f4a566dbe148c332a47472d07de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5790e6.TMP
Filesize
96KB

MD5
f9e15acc7fa427833ba8f5d0b68b0d1e

SHA1
b59d8c4dc1ef1b2fa5fd6fd355557eb3a3eedab5

SHA256
0c334a110ec453d3a63be9241c3cdaecc3ae9966ef88a39e8698d01935f393ff

SHA512
8d2be84ec0214df9a05ba0f4e1b5c0c7f50a9db392d7fddfb8963784a7ab14139fb28c175db8af6a5ac56f07dc8a704b2a528921fbbac3be5f50e4c66184b479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Databases\main.sqlite
Filesize
15KB

MD5
ea522fc387e8e1c1c65e946c9118e2c7

SHA1
0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21

SHA256
ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b

SHA512
52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

Download Submit
C:\Users\Admin\AppData\Local\Temp\NanoCore.exe
Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\AppData\Local\Temp\NanoCore.exe
Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\CorePlugin.ncp
Filesize
119KB

MD5
7914e7302f72d330aa5f6c5c8c26df43

SHA1
8c411f3fe5297a78cb018539b44df87c0a51606a

SHA256
f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5

SHA512
8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\DucPlugin.ncp
Filesize
73KB

MD5
5eca68a8368e0e144b7016e30b85515c

SHA1
0ba48b49974156e5746958aeeb1c2a26c916b3be

SHA256
e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676

SHA512
ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\ManagementPlugin.ncp
Filesize
300KB

MD5
b612c2c9a6d361a5db14c04ba126119c

SHA1
d2b29e235b0f45242088b78313438bdfd51209dc

SHA256
b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c

SHA512
194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\MiscTools.ncp
Filesize
66KB

MD5
78e3006fc6468eb7dfc7761072b84ac6

SHA1
e46cae768d2754f48a29b7e424a9bddf0d67bcd8

SHA256
3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46

SHA512
0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\MultiCore.ncp
Filesize
236KB

MD5
becb82e1e914e906be158e3f9dd658ac

SHA1
725d3d658680ca8dcb610d998db4b28733b5ee52

SHA256
5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33

SHA512
1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBrowser.ncp
Filesize
102KB

MD5
8b13fdc96af0a84c152f5a601dcc6b06

SHA1
1250db70fda8a2c32f37bbdc5638074c6dc171a7

SHA256
997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0

SHA512
536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoCoreSwiss.ncp
Filesize
49KB

MD5
fcb5afd01e75aca8ed9fbd35a46e54f3

SHA1
94b69f8612d31fc0698089d5e08aea1cafea52e7

SHA256
bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5

SHA512
b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoNana.ncp
Filesize
157KB

MD5
c5d40b767bd6b97f88ccce13956d0ad8

SHA1
ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100

SHA256
a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa

SHA512
3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoProtectPlugin.ncp
Filesize
179KB

MD5
e51af633e5f5f4a817a54773fb90d337

SHA1
0cb8a7965f9f042954b1f318ea1026b76e12f8e0

SHA256
b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66

SHA512
6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_aq.png
Filesize
351B

MD5
b841c2ebdca6bb23c15c98da4aa671d7

SHA1
42f562132fe6e9a5029247a2b9666395dd5ad9b0

SHA256
b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5

SHA512
e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_cx.png
Filesize
626B

MD5
fbf02dad6f60392ce777d006d5762248

SHA1
f9d95e6e5e25b83953e4f898bf99636d85511709

SHA256
45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5

SHA512
9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_gp.png
Filesize
546B

MD5
5ac0d15234533136bf6ec230686a4aa5

SHA1
2f208a8baf30d13aa23382d3821cc73c4aa466f0

SHA256
5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d

SHA512
d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_sj.png
Filesize
562B

MD5
4f82c2e83eab05d2bd9baaeff6c81a96

SHA1
e1cd3981d14653bf5df976ece649120134e88546

SHA256
15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b

SHA512
b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\builder.png
Filesize
303B

MD5
d2d498dc06990b948ef42c479c4c1f94

SHA1
eb380e6d156f5cc2ab28baa5add2ba8acda088b3

SHA256
ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550

SHA512
fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\clients.png
Filesize
462B

MD5
0331dbac2291c05d567461b58654d350

SHA1
1f89cdf7199983e788fd1f22b873ab9b0500952d

SHA256
8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542

SHA512
2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\home.png
Filesize
343B

MD5
0a482ce7f891fe7a64118bbb34a34b9c

SHA1
2aba3c06942273aebc5e616602620e4b2526ebe7

SHA256
76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346

SHA512
0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\network.png
Filesize
230B

MD5
48780574121d519661c2e0bc51b25b68

SHA1
89d8d5e42fbae3d95c8036c1738656b8e6343091

SHA256
28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6

SHA512
7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\system.png
Filesize
273B

MD5
9993c66f33d16d11e701abbabf5a5db8

SHA1
415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e

SHA256
24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40

SHA512
7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll
Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll
Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll
Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll
Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll
Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll
Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll
Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll
Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll
Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll
Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempDel.bat
Filesize
204B

MD5
3b2fb2a8ccaaa86a5fbcab338e641ff1

SHA1
bfd7df0e383c404d6c5cd58687954426a43acd7f

SHA256
34cba91daa5d60239496f52d4da9c526a0ed7680adf8f4fc491b2ddb32d48208

SHA512
cf00ac00845f1ac0cde6a18507c8b629c95a4391170dc1297e596406e0aa5802090b3631aa2bc3dc8632fe6c85c3d33557f9235cb43a833cbb4d8f3d84bc4443

Download Submit
C:\Users\Admin\AppData\Local\Temp\builder.log
Filesize
22KB

MD5
0061a98407086fb3106b61fe5d0fbb27

SHA1
c5882467e947fa1cab30dd45fe337b23bce1712a

SHA256
054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a

SHA512
b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\client.bin
Filesize
130KB

MD5
906a949e34472f99ba683eff21907231

SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6

SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8

SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

Download Submit
C:\Users\Admin\AppData\Local\Temp\plugins.bin
Filesize
240B

MD5
5e709fc806e8ba3385487699004f6d29

SHA1
2f32547ed5b9db3b33969fb4858945610aaeedb2

SHA256
9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f

SHA512
a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.log
Filesize
103KB

MD5
ac6285562e5e3e4e98feb7fe8df884a4

SHA1
4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b

SHA256
51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a

SHA512
6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

Download Submit
C:\Users\Admin\AppData\Local\Temp\settings.bin
Filesize
280B

MD5
daa76574a834b950a015d191e410c400

SHA1
c93dae186bb23e7fc052b6cbc4626c58bc0f60a5

SHA256
c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f

SHA512
9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll
Filesize
792KB

MD5
9b19dcee960dc215e64b1d82348707a9

SHA1
9c1e0f76673eb385787120e17404df179316ca2b

SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38

SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

Download Submit
C:\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll
Filesize
792KB

MD5
9b19dcee960dc215e64b1d82348707a9

SHA1
9c1e0f76673eb385787120e17404df179316ca2b

SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38

SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

Download Submit
C:\Users\Admin\Downloads\NanoCore_Portable.exe
Filesize
6.4MB

MD5
d8097b543928f1ae74e17ae06e941366

SHA1
639cbf9d926c767a850d349dc09d2947ddb50ab2

SHA256
59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc

SHA512
48a25a1799376f1d2b754ebb00203ffde7f28208debbbddcefa6f77b34d7ae95271f8894725aab546d254678954fb918c3cef87f8899b31121b5151c777d6ae0

Download Submit
C:\Users\Admin\Downloads\NanoCore_Portable.exe
Filesize
6.4MB

MD5
d8097b543928f1ae74e17ae06e941366

SHA1
639cbf9d926c767a850d349dc09d2947ddb50ab2

SHA256
59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc

SHA512
48a25a1799376f1d2b754ebb00203ffde7f28208debbbddcefa6f77b34d7ae95271f8894725aab546d254678954fb918c3cef87f8899b31121b5151c777d6ae0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 852765.crdownload
Filesize
6.4MB

MD5
d8097b543928f1ae74e17ae06e941366

SHA1
639cbf9d926c767a850d349dc09d2947ddb50ab2

SHA256
59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc

SHA512
48a25a1799376f1d2b754ebb00203ffde7f28208debbbddcefa6f77b34d7ae95271f8894725aab546d254678954fb918c3cef87f8899b31121b5151c777d6ae0

Download Submit
\??\pipe\crashpad_1208_MTZWYNOEVSIUWJDM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2632-1325-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1360-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1275-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1382-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1287-0x0000000005A40000-0x0000000005A41000-memory.dmp

Filesize
4KB

Download
memory/2632-1327-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1403-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1404-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1405-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1406-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1407-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1417-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1296-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1423-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download
memory/2632-1293-0x0000000001880000-0x0000000001890000-memory.dmp

Filesize
64KB

Download