nanocore | hxxp://google[.]com

Analysis

max time kernel
1559s
max time network
1558s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

nanocore discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Downloads MZ/PE file

Executes dropped EXE 36 IoCs

Processes:

Sandboxie-Plus-x64-v1.13.7.exeSandboxie-Plus-x64-v1.13.7.tmpKmdUtil.exeKmdUtil.exeUpdUtil.exeKmdUtil.exeSbieSvc.exeNanoCore.exeSandboxie-Plus-x64-v1.13.7.exeSandboxie-Plus-x64-v1.13.7.tmpKmdUtil.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeUpdUtil.exeKmdUtil.exeSbieSvc.exeStart.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSpotify.exeSpotify.exeSpotify.exeSpotify.exe

pid	process
4236	Sandboxie-Plus-x64-v1.13.7.exe
3688	Sandboxie-Plus-x64-v1.13.7.tmp
3016	KmdUtil.exe
4232	KmdUtil.exe
544	UpdUtil.exe
4272	KmdUtil.exe
2452	SbieSvc.exe
2364	NanoCore.exe
4840	Sandboxie-Plus-x64-v1.13.7.exe
4752	Sandboxie-Plus-x64-v1.13.7.tmp
4380	KmdUtil.exe
2932	KmdUtil.exe
3824	KmdUtil.exe
1000	KmdUtil.exe
2888	KmdUtil.exe
3528	KmdUtil.exe
5072	KmdUtil.exe
2384	UpdUtil.exe
2340	KmdUtil.exe
4216	SbieSvc.exe
4436	Start.exe
4504	SbieSvc.exe
2660	SbieSvc.exe
4236	SbieSvc.exe
2596	SbieSvc.exe
536	SbieSvc.exe
5116	SbieSvc.exe
2784	SbieSvc.exe
2276	SbieSvc.exe
5024	SbieSvc.exe
4232	SbieSvc.exe
4236	SbieSvc.exe
760	Spotify.exe
3984	Spotify.exe
4588	Spotify.exe
936	Spotify.exe

Loads dropped DLL 46 IoCs

Processes:

KmdUtil.exeKmdUtil.exeUpdUtil.exeKmdUtil.exeSbieSvc.exeNanoCore.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeKmdUtil.exeUpdUtil.exeKmdUtil.exeSbieSvc.exeStart.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exe

pid	process
3016	KmdUtil.exe
4232	KmdUtil.exe
544	UpdUtil.exe
544	UpdUtil.exe
544	UpdUtil.exe
4272	KmdUtil.exe
2452	SbieSvc.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
4380	KmdUtil.exe
2932	KmdUtil.exe
3824	KmdUtil.exe
1000	KmdUtil.exe
2888	KmdUtil.exe
3528	KmdUtil.exe
5072	KmdUtil.exe
2384	UpdUtil.exe
2384	UpdUtil.exe
2384	UpdUtil.exe
2384	UpdUtil.exe
2384	UpdUtil.exe
2340	KmdUtil.exe
4216	SbieSvc.exe
4436	Start.exe
4504	SbieSvc.exe
2660	SbieSvc.exe
4236	SbieSvc.exe
2596	SbieSvc.exe
536	SbieSvc.exe
5116	SbieSvc.exe
2784	SbieSvc.exe
2276	SbieSvc.exe
5024	SbieSvc.exe
4232	SbieSvc.exe
4236	SbieSvc.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Spotify.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DPI Service = "C:\\Program Files (x86)\\DPI Service\\dpisvc.exe"	Spotify.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Spotify.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Spotify.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

322 raw.githubusercontent.com
323 raw.githubusercontent.com

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Spotify.exe

flow	ioc
322	raw.githubusercontent.com
323	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

Processes:

Sandboxie-Plus-x64-v1.13.7.tmpSandboxie-Plus-x64-v1.13.7.tmpSpotify.exe

description	ioc	process
File created	C:\Program Files\Sandboxie-Plus\is-U09JJ.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieIni.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-BUIB7.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140_2.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-4SAR4.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-Q36OI.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-7GOT1.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5Widgets.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieDcomLaunch.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-4QM6I.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-9HEAM.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\32\SbieDll.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-1QM29.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-C32L0.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5WinExtras.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-PB49K.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-D2R8O.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\platforms\qoffscreen.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieCrypto.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-1G2AT.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-5362N.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-GPKI0.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\platforms\qwindows.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-EFMMD.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-BPRIJ.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-TSS2T.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Start.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-G0B8K.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-7DQ2C.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-J6HR0.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\platforms\qdirect2d.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\platforms\is-8T8GC.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\platforms\qminimal.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-KQFTC.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-1S0D9.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\KmdUtil.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-LJL9G.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files (x86)\DPI Service\dpisvc.exe	Spotify.exe
File created	C:\Program Files\Sandboxie-Plus\is-ODTKE.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\32\SbieSvc.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\libssl-1_1-x64.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-OJA60.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandboxieWUAU.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-PTHD0.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\UGlobalHotkey.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-MP638.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieShellExt.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\32\is-CU63S.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-1RM78.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-32EC5.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140_1.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-DIMG9.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-KV2IR.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SandMan.exe	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\Qt5Qml.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-MI5FJ.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\QSbieAPI.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-FOBPT.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-148G4.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\vccorlib140.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File created	C:\Program Files\Sandboxie-Plus\is-CRQCF.tmp	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\msvcp140.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\vcruntime140.dll	Sandboxie-Plus-x64-v1.13.7.tmp
File opened for modification	C:\Program Files\Sandboxie-Plus\SbieCtrl.exe	Sandboxie-Plus-x64-v1.13.7.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

4272 schtasks.exe
3772 schtasks.exe

pid	process
4272	schtasks.exe
3772	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

1260 taskkill.exe
3660 taskkill.exe

pid	process
1260	taskkill.exe
3660	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620219333709733"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 61 IoCs

Processes:

NanoCore.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 8400310000000000c55827081100444f574e4c4f7e3100006c0009000400efbe9a586b64c55828082e00000074e10100000001000000000000000000420000000000dc677a0044006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 = 9e00310000000000c558270810004e414e4f434f7e312e305f430000820009000400efbec5582708c55827082e0000007333020000000b000000000000000000000000000000b84026004e0061006e006f0043006f0072006500200031002e0032002e0032002e0030005f0043007200610063006b0065006400200042007900200041006c00630061007400720061007a00330032003200320000001c000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 50003100000000009a58e26a100041646d696e003c0009000400efbe9a586b64c558af052e0000006ce101000000010000000000000000000000000000009de9b200410064006d0069006e00000014000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\NodeSlot = "4"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	NanoCore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 78003100000000009a586b641100557365727300640009000400efbe874f7748c558af052e000000c70500000000010000000000000000003a00000000004ccd9c0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = ffffffff	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	NanoCore.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

Processes:

chrome.exechrome.exeSandboxie-Plus-x64-v1.13.7.tmpKmdUtil.exeSandboxie-Plus-x64-v1.13.7.tmpSpotify.exe

pid	process
2600	chrome.exe
2600	chrome.exe
1984	chrome.exe
1984	chrome.exe
3688	Sandboxie-Plus-x64-v1.13.7.tmp
3688	Sandboxie-Plus-x64-v1.13.7.tmp
4380	KmdUtil.exe
4380	KmdUtil.exe
4752	Sandboxie-Plus-x64-v1.13.7.tmp
4752	Sandboxie-Plus-x64-v1.13.7.tmp
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe
760	Spotify.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

NanoCore.exeSpotify.exe

pid process

2364 NanoCore.exe
760 Spotify.exe

pid	process
2364	NanoCore.exe
760	Spotify.exe

Suspicious behavior: LoadsDriver 13 IoCs

Processes:

SbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exeSbieSvc.exe

pid	process
2452	SbieSvc.exe
4216	SbieSvc.exe
4504	SbieSvc.exe
2660	SbieSvc.exe
4236	SbieSvc.exe
2596	SbieSvc.exe
536	SbieSvc.exe
5116	SbieSvc.exe
2784	SbieSvc.exe
2276	SbieSvc.exe
5024	SbieSvc.exe
4232	SbieSvc.exe
4236	SbieSvc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe
Token: SeShutdownPrivilege	2600	chrome.exe
Token: SeCreatePagefilePrivilege	2600	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeSandboxie-Plus-x64-v1.13.7.tmp

pid	process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
3688	Sandboxie-Plus-x64-v1.13.7.tmp
2600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

NanoCore.exe

pid process

2364 NanoCore.exe
2364 NanoCore.exe
2364 NanoCore.exe
2364 NanoCore.exe

pid	process
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe
2364	NanoCore.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2600 wrote to memory of 2980	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 2980	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 4264	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 2620	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 2620	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe
PID 2600 wrote to memory of 3128	2600	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f5ab58,0x7ffb55f5ab68,0x7ffb55f5ab78
2⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:2
2⤵
PID:4264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:3128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4288 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2956 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:2856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4584 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4772 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:1292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:1028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4588 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:2820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4584 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1704 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5456 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5804 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4392 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2900 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:1436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5760 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:1080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:3228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3912 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:3328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:4992

C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe
"C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe"
2⤵
- Executes dropped EXE
PID:4236

C:\Users\Admin\AppData\Local\Temp\is-TIS2G.tmp\Sandboxie-Plus-x64-v1.13.7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-TIS2G.tmp\Sandboxie-Plus-x64-v1.13.7.tmp" /SL5="$140070,20081407,791552,C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3688

C:\Windows\system32\taskkill.exe
"C:\Windows\system32\taskkill.exe" /IM Sandman.exe /IM SbieCtrl.exe /IM Start.exe /F
4⤵
- Kills process with taskkill
PID:1260

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieDrv "C:\Program Files\Sandboxie-Plus\SbieDrv.sys" type=kernel start=demand msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" altitude=86900
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3016

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieSvc "C:\Program Files\Sandboxie-Plus\SbieSvc.exe" type=own start=auto msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" display="Sandboxie Service" group=UIGroup
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4232

C:\Program Files\Sandboxie-Plus\UpdUtil.exe
"C:\Program Files\Sandboxie-Plus\UpdUtil.exe" install sandboxie-plus /embedded /scope:meta /version:1.13.7
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:544

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" start SbieSvc
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3404 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:1
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1852,i,2834929026286769937,17206009268792129853,131072 /prefetch:8
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2736

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:2452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4388

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\" -spe -an -ai#7zMap6299:142:7zEvent11334
1⤵
PID:3052

C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe
"C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe
"C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe"
1⤵
- Executes dropped EXE
PID:4840

C:\Users\Admin\AppData\Local\Temp\is-EDUN6.tmp\Sandboxie-Plus-x64-v1.13.7.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EDUN6.tmp\Sandboxie-Plus-x64-v1.13.7.tmp" /SL5="$B051E,20081407,791552,C:\Users\Admin\Downloads\Sandboxie-Plus-x64-v1.13.7.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:4752

C:\Windows\system32\taskkill.exe
"C:\Windows\system32\taskkill.exe" /IM Sandman.exe /IM SbieCtrl.exe /IM Start.exe /F
3⤵
- Kills process with taskkill
PID:3660

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" scandll_silent
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4380

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" stop SbieSvc
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2932

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" stop SbieDrv
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3824

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" delete SbieSvc
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1000

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" delete SbieDrv
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2888

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieDrv "C:\Program Files\Sandboxie-Plus\SbieDrv.sys" type=kernel start=demand msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" altitude=86900
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3528

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" install SbieSvc "C:\Program Files\Sandboxie-Plus\SbieSvc.exe" type=own start=auto msgfile="C:\Program Files\Sandboxie-Plus\SbieMsg.dll" display="Sandboxie Service" group=UIGroup
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5072

C:\Program Files\Sandboxie-Plus\UpdUtil.exe
"C:\Program Files\Sandboxie-Plus\UpdUtil.exe" upgrade sandboxie-plus /embedded /scope:meta /version:1.13.7
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2384

C:\Program Files\Sandboxie-Plus\KmdUtil.exe
"C:\Program Files\Sandboxie-Plus\KmdUtil.exe" start SbieSvc
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2340

C:\Program Files\Sandboxie-Plus\Start.exe
"C:\Program Files\Sandboxie-Plus\Start.exe" open_agent:sandman.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4436

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:4216

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:4504

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:2660

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:4236

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:2596

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:536

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:5116

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:2784

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:2276

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:5024

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:4232

C:\Program Files\Sandboxie-Plus\SbieSvc.exe
"C:\Program Files\Sandboxie-Plus\SbieSvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: LoadsDriver
PID:4236

C:\Users\Admin\Downloads\Spotify.exe
"C:\Users\Admin\Downloads\Spotify.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:760

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "DPI Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmpC021.tmp"
2⤵
- Creates scheduled task(s)
PID:4272

C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "DPI Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmpC07F.tmp"
2⤵
- Creates scheduled task(s)
PID:3772

C:\Users\Admin\Downloads\Spotify.exe
"C:\Users\Admin\Downloads\Spotify.exe"
1⤵
- Executes dropped EXE
PID:3984

C:\Users\Admin\Downloads\Spotify.exe
"C:\Users\Admin\Downloads\Spotify.exe"
1⤵
- Executes dropped EXE
PID:4588

C:\Users\Admin\Downloads\Spotify.exe
"C:\Users\Admin\Downloads\Spotify.exe"
1⤵
- Executes dropped EXE
PID:936

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x508
1⤵
PID:1672

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Sandboxie-Plus\7z.dll
Filesize
1.8MB

MD5
016455167158ad8932e1c661f882b791

SHA1
91ba7dca87ca8605394ebedb12a35408d716d8ad

SHA256
9d654177210e1d24dd1809c2917e23cd5044e672029488bba06d62f0936a1274

SHA512
8be7420d7c1eb3b0022d0022e026dd585e513f5e8f48b249bce19134f6053cc0985f44d48f5065f17710b2d20f15b6baabeef7356d6c18ccd915cbd08ef8f78c

Download Submit
C:\Program Files\Sandboxie-Plus\ImBox.exe
Filesize
178KB

MD5
344503bf5b7b82ad2770b445015961b4

SHA1
c94442d3ee453effb95e01dfaf82f67c71e80bc1

SHA256
1d96e44393c9fbfd813ac4364126672a34f51feadf58e04dd66372831f913e0c

SHA512
498786b92d906e6c722f9c39f3d4c424c6bad75e7a0ba965f40af289a94200184e3a6fd0d12cfdf9a3824bb9000601c236a4ae31fe5223d798b9050c00b59af0

Download Submit
C:\Program Files\Sandboxie-Plus\KmdUtil.exe
Filesize
210KB

MD5
d5e48be290003e4edcc9875f916f4b65

SHA1
28f7c3846a07d373ef39a09fc1e7e1337dc901d9

SHA256
6f913c193fc6b1a8ad23054398bb3a646ff433e520555577ae8255d28783eec8

SHA512
29aa31c03b726265d99b0ee9757b5d1f8ad51c1ea239bc79798756ea55e4d8f05fa162757c2d4cd6a1ce9e68bb96653459fde9468adc2750314f789f19aea0d4

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest0.txt
Filesize
2B

MD5
81051bcc2cf1bedf378224b0a93e2877

SHA1
ba8ab5a0280b953aa97435ff8946cbcbb2755a27

SHA256
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

SHA512
1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest1.txt
Filesize
364B

MD5
1689ab6cf954209a1286a88c5ddee65a

SHA1
4028a3db74cc240643027cbb9946d3f03162f2ba

SHA256
de0167798a89a4b80ec2ccb4cb4ab95bfe4da2e91666f27fb83dcb75c71206ac

SHA512
aca0e04f607cf15ed8aeb707d6d6acb103278d2cd2fb27a3139904351c64a2c95f1857ee57c1d44cb3268bf07e1b112b91055427809a518fc1697872d048b7ec

Download Submit
C:\Program Files\Sandboxie-Plus\Manifest2.txt
Filesize
92B

MD5
9bc1b27cc08b3673686fa4ecf793a278

SHA1
67b588168dc8c8667343443d0a23cac59cab234b

SHA256
55e7b42230dffab5e4f1a13476e888eea5850ec8ee121e23a7b1c48836299335

SHA512
0bd40ead34aa1fc40aa25f4c59068026724e7f7cf5dfa8f3142cea00fd5804ba9309f4e92db2e36a72c7ee15ca3d6a5fbf0700429347ebfcd650a1cb1ea557ed

Download Submit
C:\Program Files\Sandboxie-Plus\MiscHelpers.dll
Filesize
617KB

MD5
c4f9619697e7c8831f85776a7531ab26

SHA1
a4870134bad3df3c4d880a0559f2da45dcd97bbf

SHA256
493dc5b6a538ae9f514ed243ced9efd58ef8e61e8a76faf33ed5c6578344a839

SHA512
922770658159d80eebc7d9e5e232d29a0b1aa48914911956df5d20edc564e9dc963e15cf81fa7dcdb8c4aefcdae0e6ebdc0f170d555dc22508ceb24044323a0c

Download Submit
C:\Program Files\Sandboxie-Plus\QSbieAPI.dll
Filesize
452KB

MD5
e22a534e260be44af2b80febdbbc970f

SHA1
232abfa7ecb1c7477a29674429efdeccc7e1ea4e

SHA256
b56f0f8da27865f2831eb3d820f009ea1955e715bb2b964474202ceb8a734a06

SHA512
8501bc528750801e965a06b043dae61def582418f58ab59268c048c664d68408736682bb81e9f9ca8e86d2d7d707cde49adc71fca285816a158b45eb91df4320

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Core.dll
Filesize
5.9MB

MD5
7a3a908f3f221256283489591ed92ec2

SHA1
c0f304687916fa9b079abfe19856d6646809c66e

SHA256
ba06570557f3936f3a968808e52d2d811bd0e3da06556b7cc14d23f8006e64d5

SHA512
58704da13bff66fa15d394e69c0b75623e87f8f011ae78e51c84108ce0969a08173e9e248191339fddc615fc108e422d00a79f4bf642deeee439086113bbd63c

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Gui.dll
Filesize
6.5MB

MD5
98b2db746ce372de20b84bd3b234d17a

SHA1
5c72aafe882db1a19f8c60b8bac5a2d942eb92ad

SHA256
7b9526a854347ae56550125171628a989566386e2b594a00cc37e6719941cc7e

SHA512
4c2d67018bb48b7377b09956a29bd86198d2cda46886ca69f3132010c6059661b4cbab95e9e9fa02d4a2301867b80abceb4ff1001e513d1517e7d39159eefe9c

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Network.dll
Filesize
1.2MB

MD5
dbe97a62b1541340ddaf77f83026fe1e

SHA1
8af053f60a52f59a178dc30de8362aa524d8dea6

SHA256
91a3ea0ecef950a0de2cd91f2d3cbd992a066126bfee8b62872b8f6758c18e7e

SHA512
7e1f3fefa1e24d0a017103be293dd6c795e38ac393df1be61642b49aa143531f8654b823d4dfc8aa935a133d3663216e023a68d08fa9d4f82869f923f0a6a6da

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Qml.dll
Filesize
3.4MB

MD5
db5d6a01ac4a3b63f98852f5128909a1

SHA1
e324e532573790d638bb06c8f6eec2a7593dce50

SHA256
46a5d7b219a43ebf9ba9527b842101bbff7d2bed873518e70f0ad8e5b73a65e4

SHA512
d3bbcc491cf22a2aa709864210855ee92d3590d7a418c84721b71059a73b24875b8041f2e75446637819e98546b26f37c07e3945714131ff0a780499754574b3

Download Submit
C:\Program Files\Sandboxie-Plus\Qt5Widgets.dll
Filesize
5.3MB

MD5
1514da054ff6b151a224ceaa057a651f

SHA1
e189cd4dbe803a90a81ef7bff663e79924228015

SHA256
cda42931821882a7131b2e1511527197d6ea29c6dc413bfce998187a93d8129c

SHA512
1419eb4fb30d3b75ae24e383b3413e74d1d0ab2316026bc54101f11f82fdcba82cc313977248d544e039e240b3865ced0661172e4dd8849f42bef1731540324b

Download Submit
C:\Program Files\Sandboxie-Plus\SandMan.exe
Filesize
2.9MB

MD5
e91a35cc14f4f117da6f4c91a0c8d048

SHA1
6642e207e3e7b4ad2f380bd51860aef616925077

SHA256
00090d289035749bdd0a25ad1990be32b12e3d1ae03bc58891f8b1df00bb2f5f

SHA512
5ed134c3ab9c0153576487a5f65ddf29b3e787237e56ad0d26292444426eff484c37285ecafc735c59f69caad7e6bbf81c5f322f3f7cf600978b88b188b15785

Download Submit
C:\Program Files\Sandboxie-Plus\SbieDll.dll
Filesize
877KB

MD5
d8d4b52948e4c8ae256560c01a7f3f8a

SHA1
1dd4ce1b40399a24059059d867c95a5e1b74e4cf

SHA256
955fffc1c4eb639491e1531fee61a33161edad42a3eccf292ed202c8348fbd8b

SHA512
d8c0320e30bf2f4ec37f627e4b7969ff5070ef8c59692063951139e2742298a881a0dbc1aa789c725e628dd1cf3226a556c207d295c4f79968e5fd6969933dcb

Download Submit
C:\Program Files\Sandboxie-Plus\Start.exe
Filesize
328KB

MD5
8c569deac8f343779b9058c718aef6ea

SHA1
93ffb32cd8a2a2ae4f77852c13687a36a52b68e0

SHA256
d6644ff66f5f6648c90011b4e12cd7e7b682d9edb5f4f4084737f1bd0b10b838

SHA512
30c1459973b7b4ca3522e8e223c8e7cdb6b26747e11cfba6ac3d9603549ff85cff5a6ea69b4f9ded843f44e334da6a8bbe6ea1b0c6441ee0d52e256653d319b8

Download Submit
C:\Program Files\Sandboxie-Plus\UpdUtil.exe
Filesize
176KB

MD5
de9b3053d8bb3a1b6bbb912fb920f71a

SHA1
9dd0e520936b19a4d183f4469a6d8521ab1da102

SHA256
1cbe32444858c845166595fb83c2b80bdef491ace7129be022c635012015f836

SHA512
f83b490ca69895ae66e2a8b632a99daadac4ea14a9e4ad855b9814ab5c7d1b263309a097c490d3ce761d157fd7ae71de81c240c240af88075426d56d323a726e

Download Submit
C:\Program Files\Sandboxie-Plus\VCRUNTIME140_1.dll
Filesize
37KB

MD5
9f4eac207cb58e8d110477e7fd19d565

SHA1
687051b863f7a7178cabf9c06ab3b534b1e23dd3

SHA256
7cf38d20d00b6640d510eab70171e1c6f8fa2e42040832e17c7433ab61d94a8e

SHA512
9c5c4499adfc7b61751510f52a1288ff386dd1c1aaf8e8a9660990194813394329f8123f38e026ea10c6e30b4a5506625b9060329d524db68e48f36ab2691a05

Download Submit
C:\Program Files\Sandboxie-Plus\concrt140.dll
Filesize
310KB

MD5
44240c846cfa74af233c58983ff2d2b5

SHA1
e7caa56beb7e02fd30ce5ad449f19964529d8706

SHA256
f0d83677b5296ff90d22959aa425b2d249145d894200a33ec10c001191523c74

SHA512
fbb32ac42cff9e07c0667c8cbe118f7f9c030207c8f525176c796003cd3ce6ac08e18ed7fb7ab85a713f0a0bdf9aef60b794eb1b6b74370b379c13c54085bb51

Download Submit
C:\Program Files\Sandboxie-Plus\is-ODTKE.tmp
Filesize
3.0MB

MD5
ff6684e5ae992d7a7a14bc04d7038d4f

SHA1
7f1111236f1aadbe5ac6a133f6c2229189c7000b

SHA256
eeea913fa30a70de2703e980222884f103d82a15eb6e1177f213a5003b537700

SHA512
da264d5aa4b8d72479d6077de03da7dca411bd240c43bd0b784fe80af429d9925fd4234ab66352dbad8352a450f43f9a76d91c6fac86a0e2e57ed7e12ceff45a

Download Submit
C:\Program Files\Sandboxie-Plus\libcrypto-1_1-x64.dll
Filesize
3.3MB

MD5
95190986990d331bdd760b4e6790b2dc

SHA1
6e0c0b7bc1c8076c8ca72723efffddb3ed2cc41a

SHA256
2cbf8402bbc1e0a20e5399b3f05f8fc6ef7dd271f1547bb9cc82d7a21b912e91

SHA512
843b48049a6f63863caab947cec94a2bb30001d48277ceda7b5ca17f2cb9fb25d98238ed0498342fbf8acf9c4763fd767904b1fa70f5bff8bd901aeb03eefd5b

Download Submit
C:\Program Files\Sandboxie-Plus\libssl-1_1-x64.dll
Filesize
672KB

MD5
45f0c10f0e1683f40b26529e37acd526

SHA1
67a4a29a066950be1d8fbdfe754386b556df5810

SHA256
d7e91180194d341dd129b52c6833c2b89d7a32f65808204491bab632cfed13fd

SHA512
8b1300676372d958b119e5e19dfef4a8d733ceabec83362e126cc4c06e3eec6dbf6823fa824cb6380465927b6358b9da8e787b8e026654f4cd2b3169a7cbc8f6

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140.dll
Filesize
554KB

MD5
0d89995cc45c7eb40e5a7e287506c1e9

SHA1
096c27b06ee7fff2bcd290af0264cdafd04cded9

SHA256
e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b

SHA512
3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_1.dll
Filesize
24KB

MD5
c060bb176a671f068362db2673a08c5e

SHA1
1d6b4ae5e778f1daf3573d4817777a51c35cbac4

SHA256
768e0829decea713afb35a7de07e276f051581c8ff2c17e1bae9b07dd1445dd0

SHA512
78a6c8f76d3ebd8db9c784d7775ec44647c4776fcb11d0b32ae2b3a6f2837c0b3be12f053ef6a25811a68da17d0eea83077521f496e238757f5539b445a58a7d

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_2.dll
Filesize
182KB

MD5
94bc7a22ec7308f851cc58fd6de90b2d

SHA1
cb4d8dcd2c8e9bbf049c1628246cb12cdd34b353

SHA256
5c12eaef6db18b168f712bff9b55793e0effddf15b89552e7f5ca4f8f1887b9b

SHA512
87791e992ccb43c833ea6ef2b0fa146031e0fd26305c93d77bc693473292f5b54d36516f3294edcc1c253d2decc166fdd1767c659f65e7d7e447cd8c318b7c96

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_atomic_wait.dll
Filesize
56KB

MD5
6407c40330e6081689bb702daa5aacac

SHA1
24126ff2ddd568a6ed17134e539cad94e22152a7

SHA256
0193cdcff562f12218ecab5841fd6bbc4d24295cd8e4dcae960e2fb47cceb662

SHA512
445ab6d0e1f2e5d0ef520261122fac3f6909fcdc7c39df7891b395694f31a3b54a1f7f5dadc35701baad4431ef358481e725cd19f438362c262e4f936abea7a3

Download Submit
C:\Program Files\Sandboxie-Plus\msvcp140_codecvt_ids.dll
Filesize
21KB

MD5
23efa781b89641f24c17592de857bb40

SHA1
fd537ff2cf7d09701baf6550640d6cc96bd5d284

SHA256
9c6c0d8fa51ecca5e274295cbd72d45be474f3c6ce1070ec5e90f70242ae7185

SHA512
48c541d11fae95cfd04aa00d9c769a7cb6844524cdbb2e234af471048148a6f7f20e1acf077b88cb6127e8a7c49642726745386d081d0c8d404dcbb9caa4310b

Download Submit
C:\Program Files\Sandboxie-Plus\vcruntime140.dll
Filesize
96KB

MD5
a4cf5c1f71c540c69371c861abe57726

SHA1
f272b34182db8a78ffc71755b46a57a253fcd384

SHA256
c179d8914ba8e57b2f8f4d6c101c2c550c7c6712a7f0f9920a97db340f9d9574

SHA512
f2b53f28a6369f76b22e99fddfb86730f3d33e87c68dae7aa3d05808223693bb86ade263cccb99d5462cf98eeeaa6a6f1cfe5ea3aa1739f8ad6eb624caff1045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\38134e02-7450-4f0a-b53f-9c8b0ddae484.tmp
Filesize
8KB

MD5
0a1163f4f1ca1c45848be02040c68b04

SHA1
4e6177421c63e8320d218810d408171a0537f30b

SHA256
28ee893fee76e874fbba84ca7e5973e315fdf8c99a6c837496ea50d844934f55

SHA512
a1853e755e17b4a033861fc1753bfccfae7bd617b823a6112ea5416ee4064e984eeb0c0f85f3efff4d847d4fbf5307a7f044806dd34bf336fefdee3e7209ebba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
327KB

MD5
c8833d412a1bb5261fcab30ac740a5c8

SHA1
df313263e64731124c70334c9e1ba6feaa6558a7

SHA256
1b8ed9e038213303270b20e1a24548692d3f4696fe37f0e919ef6b5a208a3572

SHA512
b6d100b4c837cc23635fe4827e977bab04857d04e7cc5644fb94cd5421a4730ec35cb1f9e5a5d9fa9d20dd2c69dda0f05826d504cdead71ede6b8b6444d06535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
133KB

MD5
dd64e79637766f4b54fde307b0a59b9f

SHA1
c6b8011e8f3f37486848c5e154e61a7648885d36

SHA256
8c1ab4a9d8e6f6a0041d21e2db01e9f9e70158b28b7bcfbc597d2a415e5e31bc

SHA512
f82f48142c35e5a4d755fdc8dd2efa78f5cca2b844e63a525d2f164cda94a475185afd944d2f47e4c63519c36566fdca2f1defdc0cea0053dc3a0ef4c74fd977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
73KB

MD5
2067122ce4ba4bc45e03510962806f02

SHA1
6ca12c164e7d07b61264876c60270daeb683e555

SHA256
db3da4b1ae20c08bae4a5d85d4f55f22880831febfb06d31d65232e58d2cf243

SHA512
dee7707483b30f74f9a57a6facdc17b9f335d5ea5fd85c68b7c8bce1889376d46d2aabc1d8cdfbfa9abd50c519a83043908c0b5fa30c1f81ffa3ebff2633dbb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
40KB

MD5
aa12ea792026e66caab5841d4d0b9bab

SHA1
47beeba1239050999e8c98ded40f02ce82a78d3f

SHA256
65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1

SHA512
0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
Filesize
50KB

MD5
7ddc125ce7c092f37c6bba7901f3aa1e

SHA1
87857db767b4a57cbd73eb50d66a4a11c7df3499

SHA256
8e2ab445e74128be28398fcc193a4f05efb67927d2e82b5e805c0f27a28d0ba4

SHA512
b438a90bc59c43ae6df713838b7226cb10d5f2ac1bf770c69dfddb71ba21b42463d2ea876f6f24bc7d9977321b0df96c514cadd18d746957941582e3c59c0d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
Filesize
19KB

MD5
856a3daa268de8801e7cfd5b727b6de2

SHA1
8e099b433518980e657c7541c49b498e6b83430d

SHA256
b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5

SHA512
2f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
2KB

MD5
ca43ebfa6b8ee9399e78b587a345bd4b

SHA1
0840271854241f70c24ede730fcab895b28e2bf2

SHA256
ef4dd7cf0e85e7d9b6944c8508c3916262b54ed52400d52c3ab505e6a499c141

SHA512
9d9a3edb87ba2123e75601a99d32748f1b5f41e9079813c1d9e605ed0d9f1066e824e400f849d48abb82974f43af95de7aafc2a82cb6bd7362a4b705eb7e73f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
2500674be33c89be8c9a1f1eaab073c7

SHA1
8b8c89daff7f681164b9a6811dfc0ab73b89cb0a

SHA256
31e5dab4ae64254708c349587ae161de8989acfc9fafd8719037424dd66c8ce8

SHA512
a51f492bda57b8dde6387b785e6be93fb70f240146601ba08b37ffb3a36427d16509996441ad35ed2643c468cacd313d350ed0bcce5f39969c4840edf661970b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
503ba8cebf5dc0e8c7fc5afc6c9a7444

SHA1
8cf38eb58ec964cbf4928ff0fe1073c68ea8a36f

SHA256
d6e9c50d4b5bdb68b1c1a36973af05692d0bf2a9978bbd9d3a980258cd543037

SHA512
1ed14c31a65edf4098150d41438dbdc7a64985d907876b8ba713c348ac9298b0b5b7fd01d7b9f6699d3fcd8cc0411643d820437984ef25d77e78ef2029d490de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
64e8e939e6d1bdfb5be99d2bcc51cf69

SHA1
6b2b7e7a1b8ed383276a7aa4ca23d97cf69fc133

SHA256
8961a0347ab05f617e585cacbe0a4cf58c4a55193265f76c85d445299ffa5bd9

SHA512
c143e936307331576fe0da0603a15aec671fc3e081a0505eb6bd73fd9505bc00362bdc52421d6622620e39ab2ec83d75effdb10f1f3dfc42bb1bcea3b8d8e8e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7b410ea509aa684604089b14c7217338

SHA1
7e0046e723ab047d8df8984ed3122051973cf30a

SHA256
156784c37c59ddbfecb9971416f91fa7f916fdafb8e647d3d44e914f52b5a7dc

SHA512
175d4f008f80aeff6a9d98aa23740b2e4cfd12c17a83dbcc9bb9de992bd16ae5bfc685d8239de924457a15a416f75cb93aec9936018fab9f081ed8c2e4d55a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
bdbbf1be2a1e69cf850cbf4d36d38a15

SHA1
06f1c0a436256a74d1849e12be6d65e11de1369e

SHA256
e647f282006bab7081db3a240a3a3cc52a622ff5479b0d1583f2a3872da9fe8f

SHA512
853aedfe5ccd2a1b10d7cb44c756b14d7dd83f002db91e744bcc9b9d66d9cfc0c98fd0268021b5125c0d44bf5182f4ce32e2dcc686143ec9fb99f67ece03ce11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
47a4be2a87135480e5a38fd1aa811fdd

SHA1
7a90da009f661873dddad82f5da83058a99a4131

SHA256
620752c0ac290b85bd64495e73d8f4aa3a7fb2d63dd741132d6258e16bcb1559

SHA512
8099cbc17fa99148a338985d6cdb4d1372007ec8578ec97b8d2b0a26c2e4bf5761cffb47e276acc7124c8d1c64acdefe865a5df939de0ef3799f8ea5f1c06e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8ad9aa26a859e41e5bd2ec5b0e9f26da

SHA1
f67256bf283b5ed4029e733a2da972efbde83801

SHA256
d814760af85d3a080a9aef273c3211a0f80af3064f54d4caf3008944239bf123

SHA512
17c83fd52491d37fb1f27d5b4f7f42de092ea7f8757e46fc51d89066145fe753f9d5ad2b3a8463e307ea2e1d5cf1716f54080f722803a2c3177cd15ec3d7b56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e7671010ea628c01830e3786649ce8b9

SHA1
8ea267b0e04d0b7dbf2caa14223c6fed71da0552

SHA256
92041f8fe8a8743f333084d0e1818326c91798f317481be639bf83c9d283634b

SHA512
c234cde0d51f0a93268b3a0a63e1a2d0a859f0c7a8d8a7a496173483b1fc127e2f31ad6b605ecf211d34c134b0adf0071ad2c97ecfd596ebfcfd086a3a54280e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5cfd87707d226364499a01e0a9ff646d

SHA1
26dbd3ebc198954e7a9766d627c667884d24f5e1

SHA256
1ee299f693fc07cf2336f58fac1a387916f0d18753402ddb182b19e8332fa4db

SHA512
b9d52c0b3fc28f093cb142d829b2c60383853b176b9ecd993af3f2175098a14c0e88f0c34c9757dbcfef20b06d6a366ff6430352bcf5ef872becfbdb86155055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
69dc2ae8b8cd0df57fe43afecbf1589c

SHA1
e64688a324a84aeca8b0280e78f77ff3c52dc657

SHA256
b207b421473aaa8e3ca469e89c451b7ff93649f6b9d587cfbed11ae8bb0d65af

SHA512
7293634207383139ade1a71934ca94b028285116aaac6c4a00c28d8ff2a89d5c492ed22a049286f9525f47b9ebbc4345588c59bcf6472d0bff33b2ff4fb038cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
f6c51ea9010f8d75305feed94815977b

SHA1
4ca1d4711f8b4b1aa1ccbe3e1de5ff359eb778eb

SHA256
3fa40f9ab49f07bddc5ca2145157896dc3ddcfa6826f056f4d6838a8ef9da255

SHA512
4e96bea253e655389299ec43875120ac614f709d4ce71c734ffe6d5c20942df53ec160b93750c1225c99f3ee62b901d0ad32fac075b088263a5ed7f76016dff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
6c4b3d50aeac06fef9e97c519ed58f46

SHA1
7fd3869aefadfd99df44ead7857fed9c99e6aef2

SHA256
918b757e3f906eaba5c7f57b0b72d6879e96a6ca3c67af1f63d743826bf7b45d

SHA512
83c9ac18ec9523ae85b94b90ec0a17b5c5537f77496e1c6b566f8e692b63c313abd65d045ee4f9ef15e78a07567e44f15f6b0b6c29a224a9f7b5c80af29c8c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
0f9ef624a4e14abcb5c0e3412f788dbe

SHA1
6372be26ed2423e6a2a86e80d065fe3a39243285

SHA256
fa9dd4d861b85b55901bee0c0d937f0eb29e068a6f97bfcf5981c4695940817f

SHA512
df5566414c235edaf9e370100ad139c3bb3c157ebfd294f9722d647c46cbf856ad198f5843b98e0fe88dbf4ef23071533f8021f7b18dd7f114914fb5d15646fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
3d1eb7114b16de78b76bc7561e594fc7

SHA1
dd43189ba3ae755aad3f3e329fdabd79f556078b

SHA256
513dd03660aea7d33e79e6bb206875563ba40ec13a538182898df77372c02ad9

SHA512
019d9df6199fd5968c0ef50b97ab1d6ee0eb4a9392d0bd0ac6bdc33a2a2903e3935018d9c916bc4f5bb731f1ea6f23ea9a8c9969294257f84c34f78f71ca2479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
e4a933c056bb6034273e338c65c5e6f3

SHA1
82a3fd8baee5313c5aa034dd45046717f37c2cf9

SHA256
45f6dd6a7b0f766ca862abae23cf77599ec051702f910044761a4bf34e13aa9f

SHA512
464ccc2d26178228d2e79cf0b913a0095ef226223e177e7152bca8bd56e854e4ebd4a8ca2e07b8b2ea9340cd193cf408f2afdd438aab179379b729b199c67d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c22982150dbe5bedc080f602e5a41853

SHA1
7c6448f2fbc1eecb3d9d02887dd893dd23396c3c

SHA256
5b18c09ef2b48a05d772323b09a60205d3813a59f6427f7c456ddd3c7420c27d

SHA512
da4549f3a7b3c6013ecaa9422a69c4e5bc5c8fbfa855d38a608143e1ac5d37c2c0044828939b06d1832fd29d1dce00b4448dc76ae7b6d06cadc3978dee360f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
524B

MD5
c4fba4b54e4d537e7a610671ea8fa92d

SHA1
9fb7dacff2fe055b28c5ed7f3c5f07c8cb9f5b82

SHA256
e90062f6b95452065e5e582aad126bdc95f71532285a40588ea5428f5cd8cab2

SHA512
513cb5d467cd5846e5c48d9963239bef762cb4cfc212cb1ece29cb9dcb6ec8b473716932a334862386cbdab733b16d6d4bae7cce82fa12b150b38e20ca2f38b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a74ea97f5cc727717650691da8484b18

SHA1
edf5eac7b0d02e40389de9818ab90fcbbd084648

SHA256
62b02c5ea6e5857f2c237959c9d1fb471f3b52dbd922f747aaebc42694061a3d

SHA512
b513372a2e56f34896e5f0dce9ecbd625d9f404efc629d61ecb2ba1c1d8bdeeb4b429d02d40533b40a4e4cf6f407a9367f46cd4dc3ef46f1f25bfe3f04e850b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2e79ca6aa679037433fab3c52bda2f50

SHA1
0cf775280688e9aa668d00e090d5226b2b9446e7

SHA256
19fa4cd81295189fb0f0be41b360527c890db7c69e85c25f1ae549eff1f3a5a8

SHA512
7db251a23cf89b905f698a04b5d6b4564f124336afb538a7a86fd635d55ab37ad47dc96ecd8cc2784efe403146e378ff12c48900b180e4176012be18a23b95fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7b7124195a383671070d048235f44027

SHA1
388fc86ace185bc4832185ff923a414546d27b42

SHA256
81f6e859d4b2c1367e0e7ce3706c8a4991ebef58fb65860bb80cc4b446cf7961

SHA512
48726647132ac84f0922531657b9b0594e1e47fa554b696c2d3add18c7b2b9ecdf074f5a6ceebcd637af79eaad30fde2ffbff3d1215c03e585d2d07d25d2b9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
4dbc2564c9e2f47978f55d33b055fea1

SHA1
468db720e03523059b1b7860c1739f589af5e714

SHA256
3891f171fd3b652127d57b12c0069a3ac33f9d18454a9764d3940361578e3ac2

SHA512
ce9a8e10ca1af2372ae0d900c121da1ff77aa4537baaa7f99ca8f6c05ce0f98042adb843147e1c63d394fcbf2d979b8aa7f2174380b5bd2fda1e8c654a1ae909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
9fa6b27de538875ce90dce226c361739

SHA1
ea57678c7090cf63d578214348731a11142de317

SHA256
b3d898e39d7862ee4762a857e80b64465b58d1b557537bdb5eff64abfb2ec277

SHA512
6aa9d26ca8a24be5d184bc6b364cff48f2e993c492c8387281e5fa3763e2db657828d57ceaab9572a8daccde1a0803d1ccdd003acae5215bdf5a769b119f2dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5782bd.TMP
Filesize
120B

MD5
802ecf58e1830e46235b9a6308dbc833

SHA1
da4c5540d2411c67fe43e3ed18a609c043e58bb7

SHA256
b1961f00caea25f409724534e303a9d013a5656d967a4afdc98a152e4d21d579

SHA512
30a5c027aa6a8fbdf78d1c97efe1ba80a42e3a8c43bc8e11ca2a3dc454fc25d77bf3ade989d39dcad4459fc4b82d44dd55082e3c09fa800a7c5badd6c68e1f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\de54ebf8-98d3-4e82-9bd3-180aedecdb90.tmp
Filesize
8KB

MD5
c00050a7f967ed4eb602592805872038

SHA1
102ea8ef461f70b5ef27d7197d1cb1d176cfd95c

SHA256
51ab1a87d62c4e212881533dd41bffbe9739bf0743b0b91848f3efdfacc04152

SHA512
4059f4eb59b7a81843a222b54230ac0ebcb7077017554c6c076a11b9474748e39e64a48e47af1f643dbc4b2a71f89ba4eeed6b628fb2af4751cf6762f7a4912e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
825ac11529005ba6e87b13bd00732b1a

SHA1
fa691d94e6275bfb1d53bca3addefe87200fd10f

SHA256
fc8e5556ed83f4b7060a84ebeb3da92731cbd47b7f6492d22fa8ced1a9155347

SHA512
86480abe5f353440f7c93fcf4aaa34bd2aeb200e0f8bf8b2ee1fe8552af758abd3495520410c36de7f173dc6d1a3ad1767440799265e67719e8f208edeed78d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
332bc084e88c58b91802d2da61ffd30e

SHA1
88f0beadda29cf814edaeda03c5310dfa11d75a2

SHA256
4ebe7606cedafde16b9b20632fc7136430acea217d21262b9e254711e8898ec4

SHA512
3c1572c75195fb9c7a82c6caea8b3e4c173de055bd47a81e7b2f72cdcd2034f55f51252a235f85046907aa46b2812a43438d94580bed371e7225e2f4ef6735e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
9ff972b7595cde4460bce67cd41fa79d

SHA1
a1ca59658761600b4bbf9ef6bc8885e12b89583c

SHA256
72278d202a679fd1af5c6f662dd6233824b9388384aaa234a12d2a4b3d5cd260

SHA512
8167188d3633c45ed7433c18e9533a7453554c4297ac78bf64c15773b5095f3b9f80301acf44d9b125c7ecdeb5b5bdcf76f009f3d6074343054deba7c04b4d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
b7ec4824554c552f9ffe04d0cfdd7d9c

SHA1
d2614e2363e747638773ee75ea860e252f39751b

SHA256
da55d3adf644aacf86cde629be54101ef0168cec300bfc14212cf441e3890f8c

SHA512
71ce2e327905c9a77c7b3d9396b46616e8ae124a596d74d986398cd752d9737ef27212106c3b6eae9c5dc63df3abaf9e4a050a24815ca3aeb2a9264ca532688c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
c7464fbeea744b22f980aa06563de129

SHA1
0831517e8ab447e99dc737843ef91e7f9ed45544

SHA256
e87d7029870ba5d3fbcc0662d6d2e535320d6623a40ab7d2cf3f7a7e10e86b3c

SHA512
568a2bec2f92ac0b530a712c19a256887b65a23e95e14a8af50d45c180b15666ee755e06b93e4200ed18c24f3b09efb6da3cea6a876d5b7691260b8c12476ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
ff62cdd3278008908ae04b53ea878858

SHA1
f71b83f5f6249eafc89e51c21f4eeaee9224b240

SHA256
3a651c625ac9e1959166f86ea4ad058d590df79f19d1f0bca590df7f0b2e3f0c

SHA512
a078cba40f869500de929324c108e4c399461ccdb35187e69320d1d1848866db3eb367c0942ebc20126a71cc7c35e2b902e966eb8db88d7a5f53c6a8cece0911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585510.TMP
Filesize
88KB

MD5
d971f0a7f82bd00eb88c848eafc403f0

SHA1
a6a74661e3c6da160ed4931a93b3cc39059a0af0

SHA256
8d40f4fc541d15fb61264536acecebefa39baed42b21730a2124aa496c912876

SHA512
ce913ea2a622992b792ae65d3ab68cdc63d64479a3afb94c7a45a383693d159def499e086e5372e712edc1ae57cf89ad06934782bd5a1e95359f10624f10944b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TIS2G.tmp\Sandboxie-Plus-x64-v1.13.7.tmp
Filesize
3.0MB

MD5
a17f380a3b451ebda7ed227a198c1ea6

SHA1
6d96a8591a498d6f969014648e32eaa39fd2dc4a

SHA256
ac2fd84c32326050f81686f5429f8ffb5f04eee1735d51e4ec0357dcf57b9273

SHA512
5531f5535b0b47d857272b9c6f89d1f82ecf47d9fe8185a1fa9b731e1d4f60da27afbcc4b070d78e4187b479aa0379c4e74d73c330f8068beee492555d65e47e

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar.crdownload
Filesize
5.8MB

MD5
c75744769bae7a3e7a4a1aec27673851

SHA1
56b0aa88b44c532be4975bc096cb8e4b9e7ecb49

SHA256
ceb348dfa61b34bebce021fa783b0afdb874ea7205f75e7fb42b01898439be75

SHA512
fa0c8d0b3adbb0bf11185b6c85f38c99421ef24ce55d94674e8d999c907f323a3eb0bcf711b60298e31db2958ebfa2dafad9d01cdf1e61251018ebd717934679

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_aq.png
Filesize
351B

MD5
b841c2ebdca6bb23c15c98da4aa671d7

SHA1
42f562132fe6e9a5029247a2b9666395dd5ad9b0

SHA256
b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5

SHA512
e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_cx.png
Filesize
626B

MD5
fbf02dad6f60392ce777d006d5762248

SHA1
f9d95e6e5e25b83953e4f898bf99636d85511709

SHA256
45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5

SHA512
9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_gp.png
Filesize
546B

MD5
5ac0d15234533136bf6ec230686a4aa5

SHA1
2f208a8baf30d13aa23382d3821cc73c4aa466f0

SHA256
5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d

SHA512
d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_sj.png
Filesize
562B

MD5
4f82c2e83eab05d2bd9baaeff6c81a96

SHA1
e1cd3981d14653bf5df976ece649120134e88546

SHA256
15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b

SHA512
b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

Download Submit
C:\Users\Admin\Downloads\Spotify.exe
Filesize
130KB

MD5
21f34b48f868bdd11bf2bd9eba5e6b1d

SHA1
0f2b74b2450787790ca3a143b32cf7606465c3a6

SHA256
e9ed9324d86509cb2efdf24a652a52109a2d92b359f9d9ede9575cf4d3e28b94

SHA512
e818291cbc409c6849361c549ca1780432b2e6907a01b0fa0e2e050e145710e9330a21225dfcceb331916fa00e2625e609b24f7487227d52c555c911ed52b47c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 894311.crdownload
Filesize
20.0MB

MD5
b0a7296411bbdf3faadd889b0332de5a

SHA1
e3ae7e3327ca04404cd4ebec4c06d488f6788207

SHA256
c929eaec30989246ad3945f122ad6a134f78a8da0ca06838fee026a3ba060e86

SHA512
a93b2cc001e44e52dbd9a4625594238bf05578810c67d9200d3cfbb3fab9cf38568f39e2b038b9503db4e8a825f6d719b080a7133d6b1e990353e7bfb5d197eb

Download Submit
\??\pipe\crashpad_2600_XRYWLVPMKZDPDPAQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3688-985-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3688-743-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3688-942-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3688-765-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3688-781-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/3688-974-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4236-738-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4236-986-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/4236-737-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/4236-755-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/4752-2059-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4752-2206-0x0000000000400000-0x000000000070A000-memory.dmp

Filesize
3.0MB

Download
memory/4840-2053-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/4840-2058-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/4840-2207-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download