Malware Analysis Report

2024-10-19 07:05

Sample ID 240806-j3gphaxhlc
Target https://cheater.fun/hacks_roblox/
Tags
nanocore discovery keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://cheater.fun/hacks_roblox/ was found to be: Known bad.

Malicious Activity Summary

nanocore discovery keylogger spyware stealer trojan

NanoCore

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-06 08:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-06 08:11

Reported

2024-08-06 08:15

Platform

win10-20240404-en

Max time kernel

200s

Max time network

197s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cheater.fun/hacks_roblox/

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674055078262985" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "5" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "6" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 64003100000000000659c54110004e414e4f434f7e3100004c0009000400efbe0659bc410659c5412e00000043ad010000000b000000000000000000000000000000a91c1f004e0061006e006f0043006f00720065002d006d00610069006e00000018000000 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000200000001000000ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 9e00310000000000c648257f10004e414e4f434f7e312e305f430000820009000400efbe0659c5410659c6412e000000af06000000000300000000000000000000000000000079fa2c004e0061006e006f0043006f0072006500200031002e0032002e0032002e0030005f0043007200610063006b0065006400200042007900200041006c00630061007400720061007a00330032003200320000001c000000 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000000000001000000ffffffff C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 64003100000000000659bc4110004e414e4f434f7e3100004c0009000400efbe0659bc410659bc412e0000007cac0100000009000000000000000000000000000000f27ffb004e0061006e006f0043006f00720065002d006d00610069006e00000018000000 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000002eb059e18986da019caad5e18986da012b48d3e18986da0114000000 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1944 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 208 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1944 wrote to memory of 1580 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cheater.fun/hacks_roblox/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa9de69758,0x7ffa9de69768,0x7ffa9de69778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4464 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3656 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3532 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4472 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4832 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 --field-trial-handle=1840,i,16502527717225563880,10638736772052408794,131072 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\" -an -ai#7zMap0:198:7zEvent18499

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe

"C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 cheater.fun udp
US 172.67.72.33:443 cheater.fun tcp
US 172.67.72.33:443 cheater.fun tcp
US 8.8.8.8:53 33.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 104.18.18.62:443 kit.fontawesome.com tcp
US 8.8.8.8:53 62.18.18.104.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 216.58.214.2:443 googleads.g.doubleclick.net tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 3.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 168.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.139.67.172.in-addr.arpa udp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 142.251.39.97:443 lh3.googleusercontent.com tcp
NL 142.250.179.174:443 fundingchoicesmessages.google.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 97.39.251.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 104.18.18.62:443 kit.fontawesome.com tcp
US 172.67.139.119:443 ka-f.fontawesome.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 improving.duckduckgo.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.36.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 10.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
NL 172.217.23.206:443 google.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons3.gvt2.com udp
NL 172.217.168.195:443 beacons3.gvt2.com tcp
NL 172.217.168.195:443 beacons3.gvt2.com udp
US 8.8.8.8:53 195.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 lazyshare.net udp
US 35.212.156.187:80 lazyshare.net tcp
N/A 10.127.0.1:5351 udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp

Files

\??\pipe\crashpad_1944_KOAECYROCBCXZABO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7b05e0b847b29aa302385fc2a2bb781c
SHA1 1db00d5655dd39a70f0c36432301b337c2fa68a4
SHA256 e491fc65e03daa9c78eac59eff5f1d65c57840a9b18ffa5b5089018385def80f
SHA512 46699fe33523f68e45d1194d5a64f7c76ec59ca2cd90fa7c087dd74a5e1b729eee84d91da66db2b2904f0c550daa78d692139f78d6b00abc70397811f6a45f7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7466b1062c96faa54bc582a864df34a0
SHA1 2c75884dfeb3441ee8c6efb53e30120c6e77d8c3
SHA256 401ed3596d5841de1ac6a40b600ff313b2defabf4b10dcc66e40f1f71fa05ecf
SHA512 1ffda00d47d76ca339d13659f6f595dbdb7bd27649d48006d9ad76147993e9b7da147f5cf329e3c57d14ae1cc8fb7e66ca5f2b941b2f39e15fab83e61d7ab8ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 795d55e5f6c41f67854411948b2e4fa6
SHA1 ddc9566d6bb2bee0ab590c532fbf6ad3854a4ed8
SHA256 0b1a605481b3202ba192572cd4a32b6a89f1c2b1f6c47d48bf1842424dedf5c4
SHA512 7b224a0493ac0c7f5a5a87eb774ed4387c24e84a337646c6277d8e9f34886f5b89a6bc1e6c34245d7e40ace536d0c6aeb1f429cfb18a0badcd13e0219c8f10f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 2f7fff23646a4f0623fb959e86878703
SHA1 2feda6840517cd2701e601cc78bd10c1511208aa
SHA256 affa1540650726f2589cceefbb977def4637ed3b7c8089e087ccc81042d6406d
SHA512 9a50e278d4af33d6af1bfbce649224e8b8a5f304a606a993925a897d0c6a1bc6fcf85c853b347ef78a3d56bcd176cdac7cb7486d0bef8eeadaf428745dbc28bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 6931123c52bee278b00ee54ae99f0ead
SHA1 6907e9544cd8b24f602d0a623cfe32fe9426f81f
SHA256 c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935
SHA512 40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae5e1c376a4d7d97f94e0302e577fea9
SHA1 8e84e07a554d141edc76773896cb117f3e1d2ea9
SHA256 c0b09dc8d2b6fcddbd8f385d5c50f9694e5d823176095c940878fe52869c2d32
SHA512 0ac3c3d7b348b3f4b6c499d6e29e2eec8c214469c936f380bf05b9f4e97d13e128e2dd41944f4e9b578e9d351ac90001319a95c4c593edb02d1bed40b36854fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 27a2057eb1366026b7f3e5adcbd3f234
SHA1 57af7311871208eb154595c98bcf3af7410e9369
SHA256 80c25d8437d554ce8265ae7df807d81734cf89532cf487f07ac93a180bfd95a4
SHA512 22a5a024fab33cadd2601c87c1a051e73252c897892ebd9dfc2c72fad0d79f80b72bf491e6a8963516f7a6fc7b2dae8af63ab37f54acf51c4321c01af1bee7aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 3e552d017d45f8fd93b94cfc86f842f2
SHA1 dbeebe83854328e2575ff67259e3fb6704b17a47
SHA256 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512 e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2be0548cc84968a051c7ce1258fb6f4e
SHA1 f3a337ad45218d724e27a2415ff0cc2ad326eeb9
SHA256 e5eb881a99cabebc47300135b04511601b76c79ada091b9ddc0c9229e6c9fc04
SHA512 bff61b4fbd4a93613ab41fc878a8cad1d9b9503581174d5f8bca6aed459e24af45f1a34cf21b33f566df84274ee0f8c4ab07454f533e392261d0a5e9e9b43985

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5e685830afd40508d20bbec2562e9004
SHA1 ab13ac3a66fda712f70f10cb121895d3e665c1f6
SHA256 ff646a68f9116c8fa2ecd5ecf3747c162c0970c91a717b2d51fac0b6b849f3ac
SHA512 8eaafe336781a5fd696f653a1a6a190ccc9cff9dba897442a175fe1d5760ca0025096c0902ec2d209996eb95d24986854fc0663364a4913d6adee6f818188535

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a9b306eac3819f32f784ccb35e208b3
SHA1 556e4f7d69558f3b4e602b869a4b30d5b2c19c77
SHA256 6e687c36a571fa7266e12047490b5d36ecad93db209229efd250e50a62a81210
SHA512 e2cec2c30fec90993ec03c0b407dda541f73becb2d6e99b06f343bf68e9b29a137e62208866272bf1881ba1344fdab1bc79a4ff0f272eca88101966e3d02f816

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fbd35365a1b6996b2713f269afd65bc2
SHA1 3ed3de3f8a2c2847e4f6485054ad098de8020127
SHA256 b61c8ef6c6904f95fe61c3ede63a7ac86398ccc761bbdaab6db41982a77872cb
SHA512 d2789eac9fb418318ffedad37dcad8a17a30862c13664959d111d135dd7ebee7f4727d7a010f1256e07612095204350ac292a8986eeec57285e9c3610f312f8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5a029716ad28225787682c35c65f7c29
SHA1 7da5191b17878928f484691fea50968afd37e6d3
SHA256 53a3bb7b8348f6129c3816c26feec4e94bba4c6fc805ce522c88665e2220f72d
SHA512 85c2a119784c2089738577673d9697aebc084634a8acc2c187fe75c9273f2af1cf487c611349b782be3397b8b6bf8461d3c4a57949b68300d156265b1010f14c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f88f821cc649dff90005852082fa6c0
SHA1 8b92d2c2b241b91fb818cf664a1afc8263c36070
SHA256 52996e9682f990a172da30bee24d559e6a6537b77a6099d8cbfb79884cb876d1
SHA512 9d64d8ed6d6adcbf09bc943569bb25d3b710c077f7585b73ee2928f74b3fd18098dfa75cdfb8441ef2ecd2aff9392640945d9f6ce31c7bd805f8154feb14c7e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7502f3092fab05b451326bf2419f7ce4
SHA1 3dbdabe38c864a1f12241622bc9b01a321691f8e
SHA256 133f3e4f79b1a6dbbc571adcc5ddefef83740ede23e2fb082fc62e535c1c2eb5
SHA512 a1abd6ec83274f32099f8a618d5a7183c86697172509ca3fd8194750c4604d49e5bc75e5973aa6a4c6c76fa8a91d0c009dda43e899a1c2c5428394b69bba8aad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6e94c38e85cab6d1d033a10cd819ed01
SHA1 f38d8e9480ba2183ccd54ab17182f241ad9eb244
SHA256 d91ec51e80a506e269f86023d4bc2d5a7f3180fe5adc6fadb0a030ffcd4177fb
SHA512 4fb8514fc5acd817066cff11c5218c19d3c6abd89a0255ca3e36b11750f55a26c05d1c65047323b9cdffb9cc30c7648c02b7a7b88b26367787d737d7ef9c9074

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b002.TMP

MD5 ea8466000baa5f9c2f761f017cfd6a24
SHA1 47c40482c1225ed946e4c61312b43f95e7466218
SHA256 0a062d8b241d22175894cf94a59f2d8a47777bb299557686e2624d812d85848e
SHA512 a6e140bca932485e53f08de34ea0a2f938beda4aaad1e039622d600c3520dea14c1f93b0872f6d63abc17a7d775a1ba2c27bcafc507fefbb5e6379cebb281a4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 303189e0e866a2c0e7f02951b5d17e2c
SHA1 3b9dbc326551ad33885d0c5dcef7032c9035f594
SHA256 34da6b2ad7a3602ac99dbd5ed69ec1a40b41932a2122856b659d84b7f7ad4c62
SHA512 1d8319596f70c4ce9d5523536e51b7c0cef02293c625c28e04418644d2f674803c7c0baee01222a0f5ff28d252b3d810f66dec73e9adc3aa53a0c7b4c26bc4a0

C:\Users\Admin\Downloads\NanoCore-main.zip.crdownload

MD5 d959bc04c57bab80ceb182ee42522f90
SHA1 8528fdcaa5456a2ce0c0d8842761d69529a8cdd2
SHA256 efadedfc9c786183024fc058a6ea83c2a219d04100fbde03559ddc05807fda0e
SHA512 85efe033c53a3408514feb7482ba744976ff207b1a57ffeba40cc99c6fc1b16b9feccf023b970d96af6e6a564c5bf3e386fc5ab8af538a3764cf67937bddfa72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 da713b635d18866dc2f16256305d3eea
SHA1 9865e6afbe8e341949d3ee7bcd66426ebbf6abc4
SHA256 706b9c158d54af81ccec6c726870404e46d20fce48ce7696b99c4a1486b64fbd
SHA512 6fc1424eb0ac550c559f807342c3da9814f4f90779cc42ae3ec784e63c0efd6328159331572962199dfb416be3cf2b7147c65bf7bc52ce4b5a6b682877f5b0bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5c3414ecda8fa52ce346f7707014d964
SHA1 53149bfc286997b7304b01992c951429c32f9003
SHA256 5322b6fdd68173bac2f79ed395344888b868358d3d0bebb91b6aa98f5f14bcea
SHA512 d063c06e7b6160fd076c05723a98d2eb725437e956902f7b442cb3f9a932dd359e5f0836f7532fc1b34ff54c3dfef601eccf628265dd531a84276ccc93343da7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7efc1a14b4260192f04962d6c0bf4d89
SHA1 ac23987adb4868cce85cedfd73c9d6c40ff74cfb
SHA256 36d3631b5c06c31cea3ce4e2a8543fa286d4d6c6c0abdc1fc97dedb549578363
SHA512 d9e88713de2e559536bb90b613a517514c3738d48fbf91474a182ec09ab9f64a59def6f0b3e9ab6a80356fdc3a34033fa01b7c9a715b7cdc172335481fa7b5c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3946714a19722a1437a68f29ed299b45
SHA1 c05121afdb700b6b34cb1c9dba20ebba466c3f12
SHA256 b42c2f03a5874e4d61306f3026df5c98d92fe644ad5e04140f55f96df68f5688
SHA512 e787f18c954ce66677d6f360b1902adf10acd359530e3acc5cd090e67958770bcddab19a3dea36530d3a6ac28671b020523fa506ce68cd352b35b89e326617e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 71ef445941523d67bb47f84347618c4b
SHA1 2a3a0444f549b97656aa420c7ad01898ae768674
SHA256 3bf56489395e0b8ea89d670ca619763007b8c75eca7eaabd144236ae299ec085
SHA512 14738a89eea2a1d6bec44a09cd1f7dc64440e332e6c387368e5ea5a6b7b7063ea4ef25118c1a0743cf6401d8e1a4c3e799784278f1c3aa1af497752f540cf306

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 de0c805126f78ebd5620c0edfed649fa
SHA1 b810a5018a6493b1f66042f7330b66e34a2f3f2e
SHA256 f90420af1b1dc07b5bb7ab5f4789949f2fe889b40ffeff38745a605791b59e94
SHA512 3d1707e29d432637d868efed65a7747e6d0b4783bc9efaae4f895e8b851cedf27fde013c585076afebf17ee351544a20c9e0528dd243496c5465335ea23e0bce

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_aq.png

MD5 b841c2ebdca6bb23c15c98da4aa671d7
SHA1 42f562132fe6e9a5029247a2b9666395dd5ad9b0
SHA256 b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5
SHA512 e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_cx.png

MD5 fbf02dad6f60392ce777d006d5762248
SHA1 f9d95e6e5e25b83953e4f898bf99636d85511709
SHA256 45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5
SHA512 9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_gp.png

MD5 5ac0d15234533136bf6ec230686a4aa5
SHA1 2f208a8baf30d13aa23382d3821cc73c4aa466f0
SHA256 5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d
SHA512 d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_sj.png

MD5 4f82c2e83eab05d2bd9baaeff6c81a96
SHA1 e1cd3981d14653bf5df976ece649120134e88546
SHA256 15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b
SHA512 b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe

MD5 1728acc244115cbafd3b810277d2e321
SHA1 be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
SHA256 ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
SHA512 8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\builder.log

MD5 0061a98407086fb3106b61fe5d0fbb27
SHA1 c5882467e947fa1cab30dd45fe337b23bce1712a
SHA256 054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a
SHA512 b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\server.log

MD5 ac6285562e5e3e4e98feb7fe8df884a4
SHA1 4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b
SHA256 51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a
SHA512 6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\settings.bin

MD5 daa76574a834b950a015d191e410c400
SHA1 c93dae186bb23e7fc052b6cbc4626c58bc0f60a5
SHA256 c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f
SHA512 9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\x86\SQLite.Interop.dll

MD5 9b19dcee960dc215e64b1d82348707a9
SHA1 9c1e0f76673eb385787120e17404df179316ca2b
SHA256 3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
SHA512 cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Databases\main.sqlite

MD5 ea522fc387e8e1c1c65e946c9118e2c7
SHA1 0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21
SHA256 ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b
SHA512 52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\client.bin

MD5 906a949e34472f99ba683eff21907231
SHA1 7c5a57af209597fa6c6bce7d1a8016b936d3b0b6
SHA256 9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
SHA512 29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\home.png

MD5 0a482ce7f891fe7a64118bbb34a34b9c
SHA1 2aba3c06942273aebc5e616602620e4b2526ebe7
SHA256 76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346
SHA512 0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\clients.png

MD5 0331dbac2291c05d567461b58654d350
SHA1 1f89cdf7199983e788fd1f22b873ab9b0500952d
SHA256 8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542
SHA512 2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\network.png

MD5 48780574121d519661c2e0bc51b25b68
SHA1 89d8d5e42fbae3d95c8036c1738656b8e6343091
SHA256 28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6
SHA512 7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\system.png

MD5 9993c66f33d16d11e701abbabf5a5db8
SHA1 415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e
SHA256 24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40
SHA512 7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\builder.png

MD5 d2d498dc06990b948ef42c479c4c1f94
SHA1 eb380e6d156f5cc2ab28baa5add2ba8acda088b3
SHA256 ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550
SHA512 fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\plugins.bin

MD5 5e709fc806e8ba3385487699004f6d29
SHA1 2f32547ed5b9db3b33969fb4858945610aaeedb2
SHA256 9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f
SHA512 a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\CorePlugin.ncp

MD5 7914e7302f72d330aa5f6c5c8c26df43
SHA1 8c411f3fe5297a78cb018539b44df87c0a51606a
SHA256 f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5
SHA512 8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\DucPlugin.ncp

MD5 5eca68a8368e0e144b7016e30b85515c
SHA1 0ba48b49974156e5746958aeeb1c2a26c916b3be
SHA256 e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676
SHA512 ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoBrowser.ncp

MD5 8b13fdc96af0a84c152f5a601dcc6b06
SHA1 1250db70fda8a2c32f37bbdc5638074c6dc171a7
SHA256 997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0
SHA512 536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NetworkPlugin.ncp

MD5 70e5b02349742a550fbfcfb5bb78c906
SHA1 2319b68398af74fe08b6a3a7d6943cf700240a4e
SHA256 160030b8444b6fa86775a11d1be35df6a75252070fc5661055884d3f8b07296d
SHA512 bbb5d2fd6eff637da303a4ab2fdb02f781619ffe25c5795c5b9e514214227717771a98ce6c3becc87b29c15303ac4373ee3847060ad5755a2455362e6e26932b

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoStress.ncp

MD5 ba6f59df971d6db7a8951edbd5d6691b
SHA1 ed766de1fb4ab0889b3fbc8127f1393eb3cddc15
SHA256 6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581
SHA512 bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoProtectPlugin.ncp

MD5 e51af633e5f5f4a817a54773fb90d337
SHA1 0cb8a7965f9f042954b1f318ea1026b76e12f8e0
SHA256 b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66
SHA512 6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoNana.ncp

MD5 c5d40b767bd6b97f88ccce13956d0ad8
SHA1 ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100
SHA256 a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa
SHA512 3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoCoreSwiss.ncp

MD5 fcb5afd01e75aca8ed9fbd35a46e54f3
SHA1 94b69f8612d31fc0698089d5e08aea1cafea52e7
SHA256 bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5
SHA512 b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MultiCore.ncp

MD5 becb82e1e914e906be158e3f9dd658ac
SHA1 725d3d658680ca8dcb610d998db4b28733b5ee52
SHA256 5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33
SHA512 1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\ManagementPlugin.ncp

MD5 b612c2c9a6d361a5db14c04ba126119c
SHA1 d2b29e235b0f45242088b78313438bdfd51209dc
SHA256 b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c
SHA512 194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SecurityPlugin.ncp

MD5 44bd68199bb393d0eeb7ae83b56d9b9f
SHA1 c6cfa069a17ace16c651a11945bd54f4ca6193d1
SHA256 25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12
SHA512 a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MiscTools.ncp

MD5 78e3006fc6468eb7dfc7761072b84ac6
SHA1 e46cae768d2754f48a29b7e424a9bddf0d67bcd8
SHA256 3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46
SHA512 0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SurveillanceExPlugin.ncp

MD5 195fbe66986564288c3285935fe87b27
SHA1 2fe84fbbf109b3e4c7c63b414689021ba847b568
SHA256 a2ce9ed783b26d01d58e07b9c97bcfecace9ced72960cf3ecf471fbd008afbae
SHA512 552161e555d07fdf7062a4c0d3738819b13ad4c9a5c54f09db48dccf6faf49b014eb043037500abdac7af0210ed118c5232d8d54be367d8a4caccfae7904332e

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SurveillancePlugin.ncp

MD5 ed3edf12bac989d1dd6edf7146feb805
SHA1 776a667bf2341b43e199c3601856ac223b86d221
SHA256 3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040
SHA512 e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\AIO.ncp

MD5 60c274ccb344da9e3d77449f6068d253
SHA1 ab25eddf3ddb61ef52104a01e5c9b8a23451c764
SHA256 0a59aaee013c57f3b6190d683160d88ca1c5868565cbf5acbb7b17d3e925c602
SHA512 9600d852b56557f31a5a18a6aa2cb76cf4fabf36ae32bbeccf82677f64737542234e2fb06ac8d917f9839120320b7db212d76e8dea24445f13096d86a474b9c9

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\ToolsPlugin.ncp

MD5 699eb468e7d6bee9c429923b5b477545
SHA1 80bc420c3e441c9b9c3813ac05ea9e168cca1e3a
SHA256 d753bc28d842e44ffbf6cf99314febe5ed7759b25a74ca34a47fdd153bf2a6ab
SHA512 5d82a98e918ea3eb024dbb7552e5cdecc317b49635a5789029e7a0035d2f0cb2a3c47ef53e603217afd17d6f59fc78a918e2e5f70266119c619e41b3b647aac9

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoBlack.ncp

MD5 794ab16c092ebf2b1d812d6cce158537
SHA1 6dd9edd26b50265d5af4642f9d1f1f8703a44805
SHA256 7919b7998d6b359d7cb700018dc2d69ff6ffb45bd01c9c190b98fb4c9ff4beab
SHA512 e639bb0f7d309344c45ddff3d7f91212b3c6a9db6970d06db35f6bac228b389ed8c32dbda75ae23ad1359bb60f678b0b891caa3ed07245aaad21dcb3ea4a5347

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\VisibleMode1.1.ncp

MD5 37c2ef6e5214600396ee87c4168a5664
SHA1 69b6e1f612f5a3435fab05074cffd3ebd1c232fa
SHA256 4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2
SHA512 667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\public.bin

MD5 602d0cc4e7246f8a3b8a5ee9c7fabe30
SHA1 e9ecc8f782cf27ae68339b0cdfd0f79c69aa4afc
SHA256 6de29ee3e660fd3ab419f568fcf65f8418484eb43d5bfcdbfac5d456fd8488f2
SHA512 ccaf306f4e4b4ee7de6a62954bbebcb52d131da49912d2d6ad39d07012dffe66ec6109dfbd5fbfd166e98e7bcb2c564b75eda0a2eda2ee815f71db5986506f43

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ClientPlugin.dll

MD5 bdc8945f1d799c845408522e372d1dbd
SHA1 874b7c3c97cc5b13b9dd172fec5a54bc1f258005
SHA256 61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403
SHA512 4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

C:\Users\Admin\Desktop\test.exe

MD5 ec583bd5dfa3bcc769359c47b1220df9
SHA1 d127f79e21477d8b7b0a819f168c0224117d9db8
SHA256 e0739abff13e23f21391e43a50c2ebc1b0d561bfe808cbba0eb71f18cb21cae0
SHA512 e9683efafa165c9ca243d8bdcd6519b5d243195e46745aa1ad56669adc41873ebc5c747df494c1e161f0782d74a70ba80664e2665bc21dd58d801ebda0bbe7c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 47bc50e3c43cbdd1a7fb492d6a100e85
SHA1 0123790d161b1dc2716ab48a3443584470c515af
SHA256 6a9db031404a6cfb5990ba7f4876e58afcfb94a464d1805a627c7969d15abb78
SHA512 bf8c26e5b5635652432cfc8a3120bb8180bbf4bf5c753a90a2e2b121e8dff708de783f78145283ee0acdcb02a1654f527d80b219116e9ddefb72417bc0be9b4f