nanocore | hxxps://github[.]com/PaleoMenace/NanoCore

Analysis

max time kernel
1797s
max time network
1143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/PaleoMenace/NanoCore

Score

10^/10

nanocore credential_access discovery evasion keylogger persistence spyware stealer trojan

Malware Config

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Executes dropped EXE 3 IoCs

pid	Process
5572	NanoCore.exe
4736	hh.exe
1016	NanoCore.exe

Loads dropped DLL 17 IoCs

pid	Process
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\DPI Manager = "C:\\Program Files (x86)\\DPI Manager\\dpimgr.exe"	hh.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	hh.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DPI Manager\dpimgr.exe	hh.exe
File opened for modification	C:\Program Files (x86)\DPI Manager\dpimgr.exe	hh.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	hh.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	hh.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685754314145278"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "7"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0 = 9e00310000000000c648257f10004e414e4f434f7e312e305f430000820009000400efbe13598ea813598ea82e000000a035020000000700000000000000000000000000000079fa2c004e0061006e006f0043006f0072006500200031002e0032002e0032002e0030005f0043007200610063006b0065006400200042007900200041006c00630061007400720061007a00330032003200320000001c000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 6400310000000000135981a810004e414e4f434f7e3100004c0009000400efbe135981a8135981a82e000000e534020000000a0000000000000000000000000000008960fb004e0061006e006f0043006f00720065002d006d00610069006e00000018000000	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 9e0031000000000013598ea810004e414e4f434f7e312e305f430000820009000400efbe13598ea813598ea82e0000009f3502000000070000000000000000000000000000006f3bb6004e0061006e006f0043006f0072006500200031002e0032002e0032002e0030005f0043007200610063006b0065006400200042007900200041006c00630061007400720061007a00330032003200320000001c000000	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	NanoCore.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{0B308B8E-1109-4C54-9EFB-772099BFDC6E}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 640031000000000013598ea810004e414e4f434f7e3100004c0009000400efbe135981a813598ea82e000000e634020000000a0000000000000000000000000000006f3bb6004e0061006e006f0043006f00720065002d006d00610069006e00000018000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	NanoCore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\0\NodeSlot = "6"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NanoCore.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
5112	msedge.exe
5112	msedge.exe
2056	identity_helper.exe
2056	identity_helper.exe
5424	msedge.exe
5424	msedge.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
5964	msedge.exe
5964	msedge.exe
4888	msedge.exe
4888	msedge.exe
6008	identity_helper.exe
6008	identity_helper.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
1000	msedge.exe
1000	msedge.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe
4736	hh.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1916	OpenWith.exe
5572	NanoCore.exe
4736	hh.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	5832	7zG.exe
Token: 35	5832	7zG.exe
Token: SeSecurityPrivilege	5832	7zG.exe
Token: SeSecurityPrivilege	5832	7zG.exe
Token: SeDebugPrivilege	5572	NanoCore.exe
Token: SeDebugPrivilege	4736	hh.exe
Token: 33	2196	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2196	AUDIODG.EXE
Token: SeDebugPrivilege	1016	NanoCore.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5832	7zG.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
4888	msedge.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
1916	OpenWith.exe
5572	NanoCore.exe
5572	NanoCore.exe
5572	NanoCore.exe
1000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 3880	5112	msedge.exe	84
PID 5112 wrote to memory of 3880	5112	msedge.exe	84
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 1440	5112	msedge.exe	85
PID 5112 wrote to memory of 3248	5112	msedge.exe	86
PID 5112 wrote to memory of 3248	5112	msedge.exe	86
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87
PID 5112 wrote to memory of 1652	5112	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/PaleoMenace/NanoCore
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0d7746f8,0x7ffa0d774708,0x7ffa0d774718
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,16831130061178204770,8933731194281381740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1564

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\" -ad -an -ai#7zMap23664:198:7zEvent26617
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5832

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe
"C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5572

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\hh.exe
"C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\hh.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://akk.li/pics/anne.jpg
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa0d7746f8,0x7ffa0d774708,0x7ffa0d774718
    3⤵
    PID:3228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:2284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
    3⤵
    PID:5420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:4944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
    3⤵
    PID:2752
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
    3⤵
    PID:4212
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5424 /prefetch:8
    3⤵
    PID:5956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
    3⤵
    PID:6016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
    3⤵
    PID:1632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
    3⤵
    PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:5512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,6023109537844426730,5353264973617347621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4208 /prefetch:2
    3⤵
    PID:2468
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2196

C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe
"C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffa15d4cc40,0x7ffa15d4cc4c,0x7ffa15d4cc58
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2180,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4828,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=2960,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5184,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3352,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4056,i,17408175973972228510,5058564463373543375,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5796

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:772

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1212

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f898c31a381028c616662d7f1b82540a

SHA1
8bf8a68ec4da4d2f59196d7843c5cf6a7513d67b

SHA256
4f4676d5b49ed0363b4dca8522441ec54e570fdcc04d24697c927d56b9d31d25

SHA512
05e94effac7667607d5ac43f91eaac7267b6ec600c9eb1c9e277c88db4104bf5fa65006b30f142408a173d501724232c085349e1c1817094a3dcb2dbd3388dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f890174e89384a83d0cf9a5855502704

SHA1
cbf1f2aea909e593ab730e5caea5897a96f115af

SHA256
af95baf16ce9745836f7886603a84bfb3b7485fb9a9c5dbe7a1cd3530ebcad92

SHA512
174c024bb2f0b1c1fd3c1f1b5c183ad3f2406f8c223bf7abb43f6fda2cb16c9ec805b60bf5e1b0ad01a2a8641741543ad094997033c7cba22075faa6a8c5690b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
9a304a2756649e80e1337f6a677c9c1f

SHA1
64f88b262bea9a26e57ff91ab6632ec7db0f1f2b

SHA256
46f377f50ed887cb86f2c28a2bf8cec3cc93cb7be0b6f79e432f62e9cb864260

SHA512
e88079ab2e213af233a7635613333a827e9e8ebe6f66ab9044f07d565c2cce5b2d0cd7cc92a73d3edffceede64c905f8ecb1a1c3064eac939e66cb826cd6aaa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
c5965330de9e8e6935fc2eb309d41ebc

SHA1
75f2f9d2c7c1975e4fcef41d9602a6839fbbbbb6

SHA256
a275c3bd51ebb596d41392d4ff558c1b8495a66a8d60fad8a0176ab58c1439d7

SHA512
18d0df6f8d43db9160fb20aa88087743345e81c6caf51902b4af35a726b3226c07b0b540d3b2c6c241e396be8ee48d9296d2b397940137a5152cf40ee935abfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a17886a595d83dfb0d451bf17f7abef9

SHA1
1724399c46326c8cd656e8b86bba6de27c09ad71

SHA256
33c82792bc721e81eb9ee765d613352697a374fa566e642a05ffa4efa968ff0b

SHA512
33f792c97da166c07c441e3d185a7e7d4d5f8cb08fd2e48e111cfaad60575895eb289849673c4756320464f1a2d27dcb4082bce2660304bca9be29697db5192a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
033510fbb05369e3d13f3af54b648bfa

SHA1
9f40965401dbb95a2c2a8dae0c72a2802a0c0c2b

SHA256
7bd17a41c4ed2cd6c3194edae70567082046f24c11b65892fc1922e518885361

SHA512
e657965c525eb4f20b32a72a4547b55d8965ab8bdc9f73cf203198a79ec11610570d61bb36558c32cdff4aa361bb57055c488206a1d7b970d2f002dc34d15cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0ca8629f487b6006df5aef1469488870

SHA1
ec83f75ce835e86e8a4edfbc9172da1acaec87b5

SHA256
dcd37255ea238aa123428f8076132147b086bc07148554cf73e5eee0c8be57ff

SHA512
28a2b6eae6e94b365280302ca062a6d00a8c6f4fe69ede5b2b7231eacd838764e7150db026a7a85ee5d39d9a8c75c14c6531262a7229518b60c2ea3fa07c180e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c176f7764c450560d11db0c4442d7154

SHA1
763b2c13583e87951970c9c712fdd398136dbb13

SHA256
befe279d122f3acabb6b640d21e73f4ce8286e30b4c106a4e393b80395c42a74

SHA512
108123b7294f0ed65e4b0034a444a1632f5ee91afb9f1d775176d9244e3411df2fc32cfeef79d8a40aabb735e97592811ebe227777548cc9c22e47958b34019a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0d25f726e9c4b0776ae21287a8d2d26c

SHA1
d0d92ca238e1852d9d742eba69b3c4bd9426c79b

SHA256
a80362faa40cabc2eb5cf75e41ea5cc71db669d58c9f9623e9a960490d02c04b

SHA512
52fbe259d5cb1ecdae137a3787c263e7794a277e102c8ce405855eff1b7219c0b4c366b3b1880ef3eb99ab1b926734afa65d491d4993560ec9b3c304a0b94cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5674f51a4df88cb09a7bf52919d484cb

SHA1
3f406edb9803c0a5a07840c75ceb722b4587cff7

SHA256
b723fa0b546009997578765d658539552edf76e54cfa84b49bc0cad19aaf798e

SHA512
958458ea4862a324f9284ea0687dfe0a72eebbbce68b4892fd55c028b71ebbeaae9957c9259df05b0c35fc626ecc9ccf715bdd9e691aefd41e52015e16c1e02b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
faebf524fef1206bb54264f22bbf4e8b

SHA1
97b4a7c69bfc05016da02e55afd4e9b72295a889

SHA256
d3080d7c30230ffa3d778228b10d8e1b5d06968e49e40f707037fd3c16de32a2

SHA512
ba6fdf38275b2a2a3074476a103c01fdf34445e1c2ddb29ae8ff2a41e42f9d89a82bff856c54da31eaea394ca9331deb8f75a79c01fbc639f8d39a2e177d5b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5354177e9fd259490261d8b6d263ba3

SHA1
f3055a301fe2540e6ffd7f9127f5d90525daeab6

SHA256
f73ddeccb233846dd87a8c22e903c1e064699e7b5990fe0ecb0a57c30fe958d0

SHA512
12c6a2a852ce4f8858aa56d9dee56f7866131a934f604558dc57efc25ff408d2eeb238c22865c434d5a050fcca5f8b8550ffa85aa5f4c97a00d7de823fae384a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05dfdaa47940db40009403b118d571d7

SHA1
0caa8df932a3fb00e4b1eca36f0ee4701d0a7eca

SHA256
0a8f836060785e66634694a1b76528855812a0b332daadb0aca7c7ff5aecf6ea

SHA512
39314c26919dfd42437397213188f168e32aeac4d32393fd5c964e61b14c9d5e77a58a0bef591bd6fd08eac2e94d2bd5e9be88229f5d89d7eab83f01af9dc47c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
780e0bd722e406adc59b42890cc63d0b

SHA1
2a8ef812b0acbe17d2d685403fa38bed6a5a8a2f

SHA256
8f3323002b038aeafbc4d2b4bc8f80660a5a31c528540d5074c4517ac718d29d

SHA512
35a26bf47a6ac76235ffd4e825624b5578c7f6f9be4f9b1a95b4391537050a920cda7a0d5d507dac7afcdea8376002b58cca0f2e6e715dd1218dfe09909e5913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66dc68d9359183cc2fde4aab549f1aa6

SHA1
0cf56d590e29474c16bac47e0b748cf58d4452f9

SHA256
0b8560cd47ca2c980345c816df57354fdee45b2172be14c158a712282eada7c4

SHA512
101b2676bc586b2542c417f71ff3a0df3a47119ca708b9f825dce2c3735482484e45d8bac51f3733bb383dc0fa839279647b8d9fad3a72fadaef40b4ab64c368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a04c325df1a25f93dcd3b81022507070

SHA1
fb3e2d1ff8aa52f63508aa5e5a2fdf959b111ecb

SHA256
5ff0bc0ce7bde1351c25ce8a4a48842e5c1f214233ad7db781c2932b42f1472d

SHA512
f2644eea1783ce762ce3f80048fe48586ee162aed1d845df05168c1b4647a980a8fca2250e2630730d2af902e244c1604eb165fe072952e420902f3afa208d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
139597cad34c75538082a948b5683d57

SHA1
c6ec6c7c0be45cf4186ae021ea5e051983dbc6ef

SHA256
ea64cc0beae4c520e41a3f4b714166e70113cd9fa280e278742e97604929cefd

SHA512
3e159e00f062561432c8175fee99df017c024911e5a97ad24cbe8ec3aa8e43dddada9ff670449c2d8a5b392ec375af52c98c60ee81a0e07e759f7a3044cfd21b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a01bc0c9-9f5d-4c6e-929d-1f01050c12d1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e9840b88-16f7-48ba-8b8f-e7d177308488.tmp

Filesize
9KB

MD5
686bae73380d449a39a41dfa37edcb2d

SHA1
b98030367ee609efe105b525cbbb508e12e81e33

SHA256
e998f6fdd358ed620cfa0dbbf06fdf8adffdae051ac36abd9532f2842ac92f56

SHA512
1dfdb4e0bfe2123159c5d9bbfa8ae7e2e5fc55238447be22513198eddbe9685908196911f3338c8e66fd6be26eea3b3f6430d3cad9a7a836afa3fbee2b42dd16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
8ed3192c8fe7505fed062c408ca98238

SHA1
aa1dbad4336be0aa6e5f37953f63fc799a0671cf

SHA256
8547c26dece9221f67eb4f899a5e4294d9a144f0955f2859e4e5d7027f72eb93

SHA512
831217ad95a846782ce110161a8d98ed650cdfebebd54075f22e70d2d23021920bfcf084f8544dea2fee391180cac55bddfe07fc8a992a626c34b98731dfe826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
a61dc5eee47f07729c562717236ea0f0

SHA1
8b0fb721e12384a4e4b32c87c1353220d241d3cd

SHA256
6dc41ab2947226f813ffa0e660523d5d2e3ac597309fec92effd9d2a5d6ad2f1

SHA512
a9369075887fec68aa2c55d13bdbec0c44828ae5e6eed11a21c982be901c3f7b153fd94ff6059bd62173a2b4023a4bee21f72783f340dbc6886363c9528a6e06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
2c9b62f92c24dbaa07431b8dc145bd1d

SHA1
7664c6af5f537bc7e80e74481514de7395c0acb5

SHA256
95b1013bd52e2bf7a16bd8b6c52fb05983497a980e24368e9d0bf581e0045529

SHA512
0dc4dab3891612fbadfc887f34822852b24e558bb9eb489c5ad1a1126921d68aa9b6d489874b4eede539f310b763c9cfdbfc98f9f4d61202c1b681e45bd1597a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b1aef3676143908be2b684dd6601e248

SHA1
6b1c544684c0c7fbe483212f7e27a3e8c5bfe3db

SHA256
0f1584b492e5dba4483992d595195856a28d4a079121c6f6831e1da8767be112

SHA512
a7bb38099020bfd2571be09326e2a5a9a0529a19f22a56d619142fb7a06e0e28fb116eb53fc2f67ed200b2c2cd33616b885a30115f23e6bf1570b28db8aee7ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1717d1c2e10bb1d069f2e630970077ec

SHA1
067d4b75dd1c4825804fde5cb8e207abaa85f17e

SHA256
6bbca2857a60eeb71d6aa881a822789e77fc42d3c594ffb07467aa5ca0d2d3eb

SHA512
3ef7945431a7d9b9efb28600de0489bfc2d43014e9abdeb3b26d3834778f04617173f9cf622215672f82b2ce3e2d7b8284e88db11bfb19925255da8e693cfde7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bad0d9fff55ccf997b19ed36f80b2ef6

SHA1
cc94c143a1347b4874f380e329cb3d53ac012c23

SHA256
2fccbac8e561bc88658fe81285e1f8c31e6f2c9d02d104cc344e847f71ef6cda

SHA512
655be63fbea96c02cfddb6c59c309641ef638d084064115694dfcaa5b4c71a57567603292d9c633444551b9dececa6e681ace10493f065468016e0257fba6487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
60680f10c790c86640f0119cc65cc413

SHA1
6327a52b1d3855fa3f44795d8f1818ac0dfb1686

SHA256
95c2c51e8f1b560d80edc69c53366ce4a443bd3008bf556454f627002c7f2423

SHA512
8c4a7236581015b37f0608e7b559bb6f9c4f2586b1eb526723a3f7625ff191a38a6e8483072aff91fee19f5b268f1872c90f6093eeed1da213725bb601774fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
a6d346f58cbec0a6e4015327b25f1537

SHA1
750056e65a8b1c20b1a6051f5adcdf35821a6ac1

SHA256
1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

SHA512
74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
efffc599cf87a61ddba9315a3da2aa0a

SHA1
813ba1d2b1c2235e2543141f01e7c8d5fc516f36

SHA256
5b8aba127c4c7050711c5a57d3ef459676b555662d481610e0860458766efa62

SHA512
b3ed0a8eb98a48178a248a15e6faf050ddea6ac8dc89cdab22c49425a92e9b3c44f6d89aa9fca7cccf3b40ba183cd96b5d9e11e435cd4306b5394b0771ff543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e8f3f5419c1864152b9ac8ddc61a17a

SHA1
04c8d5ebbc51094729d6b4bd86dbcb3588c3c3e8

SHA256
fceb3ff9e438b20c33df59833f74d41e8b91553b21c7710384fff36dba2b11cf

SHA512
975f4defff13a6f3d2521f5df532a7eff945a5db68d7a0595c488edcde08844d60e5f618664467bdb5ff4f4c3ceb40ba11fd140e0525d190bd989a16273403a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8ec61c82e4c93551c1d7c5df3505427

SHA1
a9f375e6f6a8b42f9cd996dca04f61c3c7ee6ce5

SHA256
ed0fd0fda9bd775192e0afd1bf91d626af0a2720178d600d5f009f70a0701c05

SHA512
2b94f6d46d49de2fe467df28d2e35105ce7fd246ae14845eb6a15327e99aa9add43e8cabe89d15586873d7636569b061b6363ef83187244bbcee4860b9545462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3326a56f00c212066453b8569ededce3

SHA1
aebf6cd19a2b5f003c8d8ec6bec3bdf0f606ced5

SHA256
7780da7bd8961e99e8d8b0966adca275f030e86149492109e57bee65a8f20581

SHA512
c3f337d01b27f5fe0c5c16e5d9c10ae860fe9f3740d1ab395b8ae2547adabbcd65db17c732068b2886cc69a73167375ea4635fc5c6e54c273eb99a7c62aef893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
927f4a2a8be4553cd09a6a99e4eea0c9

SHA1
be688c0d801b05f32e94a359b62f33d4e6edf8f6

SHA256
40f16990b2643d9fc076578b84333f0c268aa13d78ea158a397350ccec022638

SHA512
b24738e30a5821c746beaec94f870aa96b402be80288ccf7933d9293dd0b207b3c6ca65b1e7f0235e9761cdecec0567b5e6f44a2706de218e79f96f6d9f57b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e01070b9df0211a9990f941ba62cc35

SHA1
cf28ddedd1d0e5f1030edbdda021da67f5081774

SHA256
b14f2182908a19949e87db51edab363096090806c2f19fbdde46095fd49eb8b6

SHA512
09af7318b9035fea5061acb7fb8b2756a727a4254069d333862174eaa38f257378dbf4b7d0444c867f5dab1ba9502b2b8a8a11f7d9ece486fe7613e14fa9d192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb7ba4babcdb037153ced8dce60001c5

SHA1
bfce3042f549a6759a42264886ef35bda7a2bbb4

SHA256
5e92e1981f06df4f81d1a0bedfc3192148583aadc4dacdd6629b97a5fd245031

SHA512
68fbd9a28caec81232c6f3caf3cec15375d9452dad06d27042f4629ad86ee48cad557f045805de4faf045ca3e47a24af90acee8796440d7821ed5a9a355737e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813a2.TMP

Filesize
874B

MD5
f69e1ad7c83c1ad22b8a6149700721f1

SHA1
1db534ce69f8f0932fbcc1dc861ffa4f483e6db5

SHA256
4e8480456d08631410764ac1fe99519b4d31062d11633cd7bf591468408ebae5

SHA512
de5053ed1d1253a9bb9e35d9a0904847934ec579dae942426644cd3622124db3d323e4a24a9193f3ba6f0656f5b2496d1eb060b023ad90cbe16386bccc1a3174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b7fff547-cb28-4443-8f98-6cb40ac78be2.tmp

Filesize
6KB

MD5
c70c5e24de9b07204d5e1113707b4a72

SHA1
b609c0d87eb2ec35d74d75df4508681bdfd8b90e

SHA256
1cad1f6a9781d5d02ea655b6feea371881c13b399923bcd6cf13bfca8af30dd7

SHA512
b3fb56f09c8c4b933f6d46e6d28a5d2aefa09dbec9c7b0a3d42563f5d4834ce56d65aecbeef5dd1a6f499920ebe484167559527d5ab850c49b3d609442efdd2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d982d9da10308e091d00d79fb589d2f

SHA1
9a649abafc8d8d2a3b1f31cb7a0b01d2279195fe

SHA256
a16ab0f5f61d4e5ee08894372a4fb2c59b18ad6ba803eef78fece09495b15d36

SHA512
98ab011d924a222eb5de3f10e2ee62fab894f6091e99c836d12483dc3bb2ba429cf8ca74ab6e8a0a03850a516689b275382cba0fbd6a1cd72d61fdbb2ad782e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37ba486c423ef360de33ab669fb24093

SHA1
1c3f694ced9381729310dcbf7462e6cdbf0f0dc4

SHA256
8887b5ddd705f60039ca267cc4f2f3709ac60c27e36bb609065cdd1276d1eaab

SHA512
ad23f67e7292e47f9d2c2947040636ccbee0b9f99d5334bd3fa0987d413f75c1c565c1ea33f0c84efc0d95a04b6689763d7cf94286033cfb434cb0c962fb0651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
084d93a1a90683f5a1551d62f5ccc92f

SHA1
93f6923ca535cd31ec6fe3c2c4a93a008a9855ff

SHA256
72f7e3f03e298eeff7b3c665376defebb3a5bf94dee8438567e550ac13f1d528

SHA512
d16ada22dda3620aac83d1cc45158dff5c6724d26668b468649364e073c8178994f6a71b9335966f48cc2f8cbd8bdbcdc0fcb159a93ee09c46be9fe68bf2c7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d195a5ded157dc16e5f3111834f72397

SHA1
e4cc8332ae0db9ee9e5f06ab9eebbcf5f15cf79b

SHA256
b862fa7c4139aa019c8498aca0f35d02e90ebd83a755285c7cf89e5fcda04ba3

SHA512
50f0d8d2698380b3c99463302bad6141e2edf316f257d85529f89b111ff686fed46539944e660bb3d1e739f6385871db17bc793262fe71dd178f674a5278911c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
43799afaf43101188a424cb9f299295a

SHA1
ce1814a9eb9064d0cf67e4f8132f6f7a3fc9263e

SHA256
58dc47b826221c160c56d3c6cffa98889030b7f1a37db24f2cc21829d29acbff

SHA512
2ef4755cac7d29a6cddf4195053e59e4f8c5947bc1650abd26c8fff73478bd0580a5139840f44e4c8a4fe9e4ad045f116a4b9ae4f63b944307b7a39870075b91

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ClientPlugin.dll

Filesize
19KB

MD5
bdc8945f1d799c845408522e372d1dbd

SHA1
874b7c3c97cc5b13b9dd172fec5a54bc1f258005

SHA256
61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403

SHA512
4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Databases\core.sqlite

Filesize
3KB

MD5
3732df3263fbaa868bb866bcca1f402c

SHA1
f247dc7dfea7bcbb69116920d48af2dabf85b444

SHA256
716d9992711b5b17eca841836ba5a63db0a62251bd056a92db96deccfa887b41

SHA512
bb99cfe2be9488c6d7e57991b2bbc4e593ade8c8d2c79e4b7056ec5be60fd5e0b88467f65dca71c269540b800f0c3319e4e849e7e77069a6e9b1b89a2d4807fd

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Databases\main.sqlite

Filesize
15KB

MD5
ea522fc387e8e1c1c65e946c9118e2c7

SHA1
0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21

SHA256
ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b

SHA512
52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe

Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\AIO.ncp

Filesize
17KB

MD5
60c274ccb344da9e3d77449f6068d253

SHA1
ab25eddf3ddb61ef52104a01e5c9b8a23451c764

SHA256
0a59aaee013c57f3b6190d683160d88ca1c5868565cbf5acbb7b17d3e925c602

SHA512
9600d852b56557f31a5a18a6aa2cb76cf4fabf36ae32bbeccf82677f64737542234e2fb06ac8d917f9839120320b7db212d76e8dea24445f13096d86a474b9c9

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\CorePlugin.ncp

Filesize
119KB

MD5
7914e7302f72d330aa5f6c5c8c26df43

SHA1
8c411f3fe5297a78cb018539b44df87c0a51606a

SHA256
f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5

SHA512
8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\DucPlugin.ncp

Filesize
73KB

MD5
5eca68a8368e0e144b7016e30b85515c

SHA1
0ba48b49974156e5746958aeeb1c2a26c916b3be

SHA256
e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676

SHA512
ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\ManagementPlugin.ncp

Filesize
300KB

MD5
b612c2c9a6d361a5db14c04ba126119c

SHA1
d2b29e235b0f45242088b78313438bdfd51209dc

SHA256
b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c

SHA512
194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MiscTools.ncp

Filesize
66KB

MD5
78e3006fc6468eb7dfc7761072b84ac6

SHA1
e46cae768d2754f48a29b7e424a9bddf0d67bcd8

SHA256
3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46

SHA512
0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MultiCore.ncp

Filesize
236KB

MD5
becb82e1e914e906be158e3f9dd658ac

SHA1
725d3d658680ca8dcb610d998db4b28733b5ee52

SHA256
5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33

SHA512
1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoBlack.ncp

Filesize
107KB

MD5
794ab16c092ebf2b1d812d6cce158537

SHA1
6dd9edd26b50265d5af4642f9d1f1f8703a44805

SHA256
7919b7998d6b359d7cb700018dc2d69ff6ffb45bd01c9c190b98fb4c9ff4beab

SHA512
e639bb0f7d309344c45ddff3d7f91212b3c6a9db6970d06db35f6bac228b389ed8c32dbda75ae23ad1359bb60f678b0b891caa3ed07245aaad21dcb3ea4a5347

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoBrowser.ncp

Filesize
102KB

MD5
8b13fdc96af0a84c152f5a601dcc6b06

SHA1
1250db70fda8a2c32f37bbdc5638074c6dc171a7

SHA256
997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0

SHA512
536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoCoreSwiss.ncp

Filesize
49KB

MD5
fcb5afd01e75aca8ed9fbd35a46e54f3

SHA1
94b69f8612d31fc0698089d5e08aea1cafea52e7

SHA256
bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5

SHA512
b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoNana.ncp

Filesize
157KB

MD5
c5d40b767bd6b97f88ccce13956d0ad8

SHA1
ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100

SHA256
a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa

SHA512
3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoProtectPlugin.ncp

Filesize
179KB

MD5
e51af633e5f5f4a817a54773fb90d337

SHA1
0cb8a7965f9f042954b1f318ea1026b76e12f8e0

SHA256
b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66

SHA512
6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoStress.ncp

Filesize
117KB

MD5
ba6f59df971d6db7a8951edbd5d6691b

SHA1
ed766de1fb4ab0889b3fbc8127f1393eb3cddc15

SHA256
6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581

SHA512
bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NetworkPlugin.ncp

Filesize
319KB

MD5
70e5b02349742a550fbfcfb5bb78c906

SHA1
2319b68398af74fe08b6a3a7d6943cf700240a4e

SHA256
160030b8444b6fa86775a11d1be35df6a75252070fc5661055884d3f8b07296d

SHA512
bbb5d2fd6eff637da303a4ab2fdb02f781619ffe25c5795c5b9e514214227717771a98ce6c3becc87b29c15303ac4373ee3847060ad5755a2455362e6e26932b

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SecurityPlugin.ncp

Filesize
74KB

MD5
44bd68199bb393d0eeb7ae83b56d9b9f

SHA1
c6cfa069a17ace16c651a11945bd54f4ca6193d1

SHA256
25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12

SHA512
a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SurveillanceExPlugin.ncp

Filesize
423KB

MD5
195fbe66986564288c3285935fe87b27

SHA1
2fe84fbbf109b3e4c7c63b414689021ba847b568

SHA256
a2ce9ed783b26d01d58e07b9c97bcfecace9ced72960cf3ecf471fbd008afbae

SHA512
552161e555d07fdf7062a4c0d3738819b13ad4c9a5c54f09db48dccf6faf49b014eb043037500abdac7af0210ed118c5232d8d54be367d8a4caccfae7904332e

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SurveillancePlugin.ncp

Filesize
352KB

MD5
ed3edf12bac989d1dd6edf7146feb805

SHA1
776a667bf2341b43e199c3601856ac223b86d221

SHA256
3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040

SHA512
e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\ToolsPlugin.ncp

Filesize
130KB

MD5
699eb468e7d6bee9c429923b5b477545

SHA1
80bc420c3e441c9b9c3813ac05ea9e168cca1e3a

SHA256
d753bc28d842e44ffbf6cf99314febe5ed7759b25a74ca34a47fdd153bf2a6ab

SHA512
5d82a98e918ea3eb024dbb7552e5cdecc317b49635a5789029e7a0035d2f0cb2a3c47ef53e603217afd17d6f59fc78a918e2e5f70266119c619e41b3b647aac9

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\VisibleMode1.1.ncp

Filesize
49KB

MD5
37c2ef6e5214600396ee87c4168a5664

SHA1
69b6e1f612f5a3435fab05074cffd3ebd1c232fa

SHA256
4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2

SHA512
667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\computer.png

Filesize
715B

MD5
c0dc4d56147b86b211c7419f727be0a3

SHA1
71740927a6e212b9caaf30a04eba86ad549bf63c

SHA256
b0b606f3f84b5e1f8c7f8558dd3f092adce374f5c810613845276d47a6401d58

SHA512
a1e89366800e611979fe693cc1a87d75d3e0e9629523b2d19a222b87a4f80e813319f861fd972cb861cf227de272d701f7bac508fb48c8f2d025485fe8b75a97

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_aq.png

Filesize
351B

MD5
b841c2ebdca6bb23c15c98da4aa671d7

SHA1
42f562132fe6e9a5029247a2b9666395dd5ad9b0

SHA256
b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5

SHA512
e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_cx.png

Filesize
626B

MD5
fbf02dad6f60392ce777d006d5762248

SHA1
f9d95e6e5e25b83953e4f898bf99636d85511709

SHA256
45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5

SHA512
9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_gp.png

Filesize
546B

MD5
5ac0d15234533136bf6ec230686a4aa5

SHA1
2f208a8baf30d13aa23382d3821cc73c4aa466f0

SHA256
5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d

SHA512
d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_sj.png

Filesize
562B

MD5
4f82c2e83eab05d2bd9baaeff6c81a96

SHA1
e1cd3981d14653bf5df976ece649120134e88546

SHA256
15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b

SHA512
b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\builder.png

Filesize
303B

MD5
d2d498dc06990b948ef42c479c4c1f94

SHA1
eb380e6d156f5cc2ab28baa5add2ba8acda088b3

SHA256
ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550

SHA512
fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\clients.png

Filesize
462B

MD5
0331dbac2291c05d567461b58654d350

SHA1
1f89cdf7199983e788fd1f22b873ab9b0500952d

SHA256
8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542

SHA512
2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\home.png

Filesize
343B

MD5
0a482ce7f891fe7a64118bbb34a34b9c

SHA1
2aba3c06942273aebc5e616602620e4b2526ebe7

SHA256
76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346

SHA512
0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\network.png

Filesize
230B

MD5
48780574121d519661c2e0bc51b25b68

SHA1
89d8d5e42fbae3d95c8036c1738656b8e6343091

SHA256
28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6

SHA512
7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\system.png

Filesize
273B

MD5
9993c66f33d16d11e701abbabf5a5db8

SHA1
415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e

SHA256
24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40

SHA512
7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ServerPlugin.dll

Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\System.Data.SQLite.dll

Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\builder.log

Filesize
22KB

MD5
0061a98407086fb3106b61fe5d0fbb27

SHA1
c5882467e947fa1cab30dd45fe337b23bce1712a

SHA256
054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a

SHA512
b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\client.bin

Filesize
130KB

MD5
906a949e34472f99ba683eff21907231

SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6

SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8

SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\hh.exe

Filesize
130KB

MD5
567fa21cf881b73dbb91714d91c2aee6

SHA1
409ab4e1616415bb256d1ed2ab6deea8bf29b35e

SHA256
832164c2d7c096a01f8f801a2dde4a47e5d6cbf42245bb1946563f9950aea813

SHA512
ac188878a21d50369ba23580902d862c8de834c7d32370fe6a10bb8af7aad1facb7ea3e75e2e8b4bff3d573fe0bfed4a10c19c090e4ced803df5714b28c956c7

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\plugins.bin

Filesize
240B

MD5
5e709fc806e8ba3385487699004f6d29

SHA1
2f32547ed5b9db3b33969fb4858945610aaeedb2

SHA256
9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f

SHA512
a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\public.bin

Filesize
17B

MD5
602d0cc4e7246f8a3b8a5ee9c7fabe30

SHA1
e9ecc8f782cf27ae68339b0cdfd0f79c69aa4afc

SHA256
6de29ee3e660fd3ab419f568fcf65f8418484eb43d5bfcdbfac5d456fd8488f2

SHA512
ccaf306f4e4b4ee7de6a62954bbebcb52d131da49912d2d6ad39d07012dffe66ec6109dfbd5fbfd166e98e7bcb2c564b75eda0a2eda2ee815f71db5986506f43

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\server.log

Filesize
103KB

MD5
ac6285562e5e3e4e98feb7fe8df884a4

SHA1
4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b

SHA256
51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a

SHA512
6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\settings.bin

Filesize
280B

MD5
daa76574a834b950a015d191e410c400

SHA1
c93dae186bb23e7fc052b6cbc4626c58bc0f60a5

SHA256
c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f

SHA512
9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

Download Submit
C:\Users\Admin\Downloads\NanoCore-main\NanoCore-main\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore 1.2.2.0_Cracked By Alcatraz3222\x86\SQLite.Interop.dll

Filesize
792KB

MD5
9b19dcee960dc215e64b1d82348707a9

SHA1
9c1e0f76673eb385787120e17404df179316ca2b

SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38

SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 620044.crdownload

Filesize
5.7MB

MD5
d959bc04c57bab80ceb182ee42522f90

SHA1
8528fdcaa5456a2ce0c0d8842761d69529a8cdd2

SHA256
efadedfc9c786183024fc058a6ea83c2a219d04100fbde03559ddc05807fda0e

SHA512
85efe033c53a3408514feb7482ba744976ff207b1a57ffeba40cc99c6fc1b16b9feccf023b970d96af6e6a564c5bf3e386fc5ab8af538a3764cf67937bddfa72

Download Submit