darkcomet | hxxps://github[.]com/PaleoMenace/NanoCore

Resubmissions

04-09-2024 00:25

240904-aqpd5s1cqn 3

02-09-2024 11:19

240902-ne4xcazdrb 10

Analysis

max time kernel
297s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2024 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/PaleoMenace/NanoCore

Score

10^/10

darkcomet nanocore discovery keylogger rat spyware stealer trojan

Malware Config

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore

Executes dropped EXE 1 IoCs

pid	Process
652	NanoCore.exe

Loads dropped DLL 13 IoCs

pid	Process
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe
652	NanoCore.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
193	raw.githubusercontent.com
194	raw.githubusercontent.com
74	raw.githubusercontent.com
75	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DarkComet.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{2FC0769B-CA67-48A1-8490-EFF2D130FE35}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{0BC8C6AF-B706-4C16-8139-9679196A8047}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4380	msedge.exe
4380	msedge.exe
2644	identity_helper.exe
2644	identity_helper.exe
2320	msedge.exe
2320	msedge.exe
1896	msedge.exe
1896	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
1148	msedge.exe
1148	msedge.exe
3484	msedge.exe
3484	msedge.exe
4652	identity_helper.exe
4652	identity_helper.exe
2188	msedge.exe
2188	msedge.exe
2636	msedge.exe
2636	msedge.exe
260	msedge.exe
260	msedge.exe
3076	msedge.exe
3076	msedge.exe
3908	msedge.exe
3908	msedge.exe
4024	identity_helper.exe
4024	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2436	OpenWith.exe
652	NanoCore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	4052	7zG.exe
Token: 35	4052	7zG.exe
Token: SeSecurityPrivilege	4052	7zG.exe
Token: SeSecurityPrivilege	4052	7zG.exe
Token: SeDebugPrivilege	652	NanoCore.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4052	7zG.exe
652	NanoCore.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
368	DarkComet.exe
368	DarkComet.exe
368	DarkComet.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
2436	OpenWith.exe
652	NanoCore.exe
652	NanoCore.exe
368	DarkComet.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 4444	4380	msedge.exe	83
PID 4380 wrote to memory of 4444	4380	msedge.exe	83
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4004	4380	msedge.exe	84
PID 4380 wrote to memory of 4704	4380	msedge.exe	85
PID 4380 wrote to memory of 4704	4380	msedge.exe	85
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86
PID 4380 wrote to memory of 4040	4380	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/PaleoMenace/NanoCore
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa928946f8,0x7ffa92894708,0x7ffa92894718
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3332 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10080475885588932385,17859582244533934504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2436
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar
  2⤵
  PID:4832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1568

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22309:142:7zEvent30521
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4052

C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe
"C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa928946f8,0x7ffa92894708,0x7ffa92894718
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,9098853115036830149,3223310625570771223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3508

C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe
"C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\DarkComet.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://darkcomet-rat.com/lounge.dc
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of SendNotifyMessage
  PID:3908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa928946f8,0x7ffa92894708,0x7ffa92894718
    3⤵
    PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
    3⤵
    PID:3824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:2056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
    3⤵
    PID:4772
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
    3⤵
    PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5131099133842933789,16571431521371759656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b67f9950a92b0a3d34200c01055d2bc

SHA1
ed33f307b4a539a7a64424fd6f41d666a0f9762d

SHA256
3de9d119e29b751197466d38815a0e435679fd9533be17497c7a85945972c008

SHA512
f9ff55175ce1051c8dcd156ecbf762cadae057964b225f60ddeb6a2d6f91e47a0fe9c73597dbee5162d8f3fcf010f98e2334e929216f04a4e0437121c1d8eaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c1b453bc9de8817bf45c099dd3021c0

SHA1
a0d38559d08d8f57d9335f26a6f37135e9c073d2

SHA256
9da1fedaa64c0c2b9faac7bbfe46efa74e1af3dbfef9fec3a28b3d094209ed72

SHA512
cd888a805ab470942f221b885aa019a519e40848d3779302bd1cfbfcb7ade90ae9ce2f41d2cd18f50478ced508f82f7ed303bcf2e6166f772cb7490eb9e76b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e26d18031616ade1e0a9909578d807c8

SHA1
a53bc4077c39f5d58d75d8b0b7a3ce419beba0e6

SHA256
d9e4f1a170b0ede428dfdb5b3f9fac930d6f07d154974f8ffb6dea4b48daab2b

SHA512
295fe4f8f8af7a7a8fc7fc3f16e878a82a030fb34305a105db76ffb0b3e2f2ee87d103c2bda66ba31d6ea1d4c591a10386a5c4ed3f71357169de3e24d6685f1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0a2907d2-86fc-4e7a-9c87-aba162ea1b18.tmp

Filesize
6KB

MD5
66cd3c28ac01e9ef78b66e20c1f5eea9

SHA1
d8d5212a759173b01e21970c68b409ce90c2b594

SHA256
e80547c757a0297b33879007f0758808e509302c8fcb42ee4b15d72754f5935a

SHA512
b68f86865d2bfc34c045324e6a3b375811a20b8944c8b7d1c96be2bba8fea65958bceb8924ab9bf75e8f1262a3332c5cacef15048ee76849c83c5843ae5c3417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\489ae05e-380f-4560-b840-f8982bb6e1e3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
14.6MB

MD5
9f9347ecf2cc6541fb64acd6fc0a5749

SHA1
6c0d454ec2068d1c7d502a167ca02c8dafd0b244

SHA256
bfe9a76229e6e502b7c542007cd976dd3b5e0d26190cdf7cc8a5e5aab0a63f7d

SHA512
f0367a7c7265d38e52936bac40e0a18236d6544827da7dcdd1f2b19d2d3193b0039f5860a61a30f4e28bca3d2ef06a9c51f1b2c7f05927fad6ba37741ff015f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cf4f69c72b3bbd579d9b4fd9c42440c2

SHA1
37c188aabd7f9cd9f9a6f004d8700baf97141bc7

SHA256
54858544b2731c646df65e4f32281724d02d1f7929f066cc0656cec63c9bb687

SHA512
06eeeaf8d4886a78ad27954d04648f657af4ea4bbda7faa68a417a5c5c7ae4737be7e2306706908db0b90585c8cb710b32e3aabf062bbf3dc0b03d56f8e843a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
719aabae1829ecedbbcbec033b5a0493

SHA1
9f8d14f27263511d98d295097312708b0ece36c6

SHA256
d2cb430cb27be54b35ac346fab669bd4b38f1cd8bfbd5958663f407ea1ac8b5d

SHA512
b99bc872c6a86fcd5bce3ca8d3d82f4c94014773222229b2539ad0fcf7dfdec75ad357b1c22022b607a847072646adee26120c2990784b226fa70479469f18a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
756bf411e8db81beea7eabaf2d51bbe1

SHA1
44a53fc5363195bf44ba0afab5893df9f85823c1

SHA256
f022c0de7662d4803bf13657d2ab98f0bbb0e00f46bdf0a8cf0841fe44528dfb

SHA512
85a0019084c279931996b709064fc0dacaa2a6019a54c0e3c3578eb4c86dd86a3ed24b9702704ce79eaf7c80f4c47d84fd273da1dd7331558ca7db421b3c5267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
d22266ba3d8db30279b96944f0cec985

SHA1
44e288cdfe75a5e8299ce32e75dd9e0705cdbac9

SHA256
77873629fa695e434160c86ae9116906ff65a97666d7d35a3ed63221b627c0bf

SHA512
d463aecbdac835dace5544b4267c86c2ed7d3165ba95095db6dfc3a25655f2391fa202a81d37b4a76a36f04456ed86df137302ad0e456fd59ecdfee3c69c6c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d3117cefddf53412741da1dccd4d7c52

SHA1
ff763635b608cd2126ce1181b0c42e9e5aab8d1b

SHA256
2b45fec99703861e8111958daab51e685cfa7fa9417a0db5255e49fc57e75979

SHA512
dd5bc744d23d13806543942c573d5ff76df4310107eb368890aec22f906ab24057457f9dca2a6a4ee4365dd8c7d4312c4c5177f373aca35e90ebdc24a766ccc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b8b783ba70f9962da94313d9b88794de

SHA1
d514f12384268ae533cc28bfe93f2d5ad9579a5f

SHA256
967d229e0b24211ae5f0fbc25e1eaecc97730172d971de324add6794c3030704

SHA512
89ec9b666cf0287ad1314c8a259c278555315481a78f88be6531023046a124c22427c1f6542df5621f97f3b71a09be1ff5a5814b64217b900f464e6aa548691f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
89548a2aff8f3a1271c2fa2a38848c65

SHA1
e2cafc180d289cfc5525d2e73a54cb845f9b8eba

SHA256
a88bdf204eb16fcbbb447416bb34dd45423fd0dff8702d6ea8b74c4ddbf8ad6c

SHA512
38b97ec61a47c6e2dd0151c2bfee1118de295b0e718e9a008cdcaaed713298bd221004902d5d578bc340f37f66c03f92b3a410bfa2efcb677787b6d68da1e236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7211258b05ecfa525f6493c51bd6080

SHA1
d7db62fb5568b21e53c7afc4ab944d924af9e40c

SHA256
86f3d251542fe267f68ec1a45d4b7d65fd515bfb8c9d37fa78d37dcec8351ac4

SHA512
06c91aef1ce12d1faca9a0b52efd24289a3abcc7583969e6d528f8beda1cd4e2bb92c953c874f8ae82b175850e79669b8b4a43ee98cba475b3a408a67db94dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8348df3ff0ba74851c3eb38f8b9752eb

SHA1
549bb57416bf87699f5f8d2f7444bd8d4ff2bc05

SHA256
cb962d29503ee63bf33ce7153da27e2130a8cdb0169a3e11e58faee7ccee45dc

SHA512
0783c38ee4203149140559f0dd391352de1baab596e6dc32a00bd95b87ed08f9a1c8d73a202509a033a8640670034f84b9767a75438ed7d66e1a1827fe3d18e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4ce5375935d7ee831fc6d871d9529e8e

SHA1
587bcc68a5940e68ba51ef9dfc8a9b0287e96594

SHA256
8fdc6d6717c807ebfb5c4c45544cf6fb45c4402cb3d4bf9681e7ca01697796c6

SHA512
7b22f02014a2184f9835a39ce459e2521811d45507ecd90824106f50384ed11dd02b63b24713e2c28cb19f8ee31fec0144b06bcaf7561bf10a1ab0371c053cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
95044cc44f33e39b1c4d9bbcc843b243

SHA1
c0bf52f9b511302d80da3cac4efc68c6fb9d9fae

SHA256
172ab45c75311a464a6cf47b678755534a59cc282a2ab71f98af8461be53c1b1

SHA512
6092ee92aab522cbdd6e55f3b6cd90809670be247f91f1a3c8861b70019d6c1e1392d4d2627b4e8d01fc25c8567864930e317676136fb3f89080544821614edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f0549c4346ae06da0eafe121a9a9068e

SHA1
1dc76f77d2af1f2a3b821f0d8dd7923b45ba0273

SHA256
bd4201ae8312767389dc5b5de4e5fce3478fee856021c244e0168e4c5f6449ba

SHA512
ca12abe587d8567a270c8bcab2491a548e1fe1f90433418d8bc80abaa2cfbbf2d4eeac2950a0ebe8b4b4447d1048fbffdf08ed847862385c84d473a867397e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aab9579d492194d7f2e2d2b72e7b9037

SHA1
9873c530526df34c4a00152e75251fc460a80a6f

SHA256
3ada15788f1d5d03452d3a4bd9fd147c39c37224856ee7979734d75d5364f136

SHA512
4213238beb0568d3e76b9d0fbd4b33e76e6f51a2c63e47be93099486df69387d33c34fbb73f94aaea9fb291a4168896c60af8013eb153e3303bde3b23d3702be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
81f5d3a50c40ee1eb605baf10074059e

SHA1
0062286f001e16c6c56248cbc4194f566f3338f1

SHA256
351e6348fe7c949c80e6dd3d8e29835e67192b68bbebc7625b7eaccf418115c3

SHA512
53bf717ae99aa4b053a9ee271a5e8a6b48d6afeda58ccba5536495ecbf33c8c9abfb55b2e83d9a531c2267af3c3ae74c051b5b72e8ef3d94220fb9de3f5d3693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05627b2ee391cb34f2ddbefd12efdac0

SHA1
123ba457ba196b5bd3fd099c8689cb5d24c4ac97

SHA256
2186526475cf3fe2a254edc389bc6e42ce3477ebdc760f6467c8246db91d2500

SHA512
ff8361097347d92eca697a6572ade5b159c07c5b10e434e5b32730e8b11f82fd415311f3ff35cfc0eb03182ccd7d7b69084da5732b2101a5ffd3c60d311e2c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b3097f305d1627b7f4b0ff4e60832c6d

SHA1
9b0810dcedf2b9ece3613ea0642c68fea22001ef

SHA256
7cb5bc560a457ec2c605e49a398fc29995c690ef2b4fb6e1bdd409d67d1ace7f

SHA512
8c66e47cb59f19d6d9b3c05a5ffbe574618237dd71cecc4832c0109b5a2b50c7f799923ce794a825328949e5c38ac05cfb98431dc2464e97bd8f3dbfb2751279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c0e06a89a6165a8d995d30ccb5ce45b1

SHA1
b57409265663378e9f73bf57935373e4791ec138

SHA256
c7af5750a273385fae116c828db57d368dc94209e2853e3b09ed2ffa665414f3

SHA512
85a67832eae25b5c590ea660e942eb5e6314576b2762f99a9efd1885ef7c518923bd008f253a6c616a8c9e2a0375b75082a7a45b224aa4d778a1d1b4a4c94907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1ac1b166aac58fd12db67c3e9b3cf015

SHA1
95f28e76191b11b04aee9bb560bf7d309097081d

SHA256
fd5c85062388ef9c7c3a9c81284d8529c0f8a80e5f8de3ea06cc05f3317e84c0

SHA512
5533512ab0dde17360f7f0ff54483469110b334ff435cef05edd66f1bf36024f0b1c9a912aa2a8c1538d88c4e9ea6a27170230cb40d3bf57cd9f4ae6f65a8530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c1bb90125892b8b566128cd289102c97

SHA1
3174b21b158b5599fca6e3701e0670f2b0c89a7b

SHA256
4e9e67998c3a2176af9a7ad459f8bc1f6d79abe65258f766f35c65371277af81

SHA512
c0580f7547bf69819c6e306cd9ea22e7e6dd54a5ba8e2439b6195aee951acf6d29eb25bbd8f6fac3d633b104dfd789174dee8dcfcdefb5974ed9e989643a56c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3311d6bab96aaca4d98492fb21f8a3c9

SHA1
2b298772462ef0a6acf6263b17a264d9c6e9de2d

SHA256
e9f394fe69f2dccb610a2e7e984e0e4ac10b6522cd5be4a0ff4339316f9e2ccc

SHA512
945068c0c45a18f836b3a1e8c19856930e0f3629820278a037e2f692e0fe93276bc0a2a9fde96476e83a243df9783e8ca93714d3e21fde8af324d0f63e02c5df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5920bd.TMP

Filesize
48B

MD5
073028f202c64036583e96ac412b1e01

SHA1
5533261ef8971689e8a7b00bdebc3fc9bf543c2a

SHA256
e0786137ab5bfc67c71f87564115be4c45c020f896d566e2c9d21aea7f83d884

SHA512
ffcbde694a9d581546e00be65fce23a9265c27b65e011b07e6f8a475f8e29cf436457632d6ba3f8e9344d929afd6222db4470ebfe72fe39f58a5f0a01c1d5be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c13d1ed3fe4afa7b07543db6388126a4

SHA1
833dffa7f6af44d2d3befd93a4177f50c8fd5fe9

SHA256
9a5c503125f67be1fb5b5334f8de03340db05442e3a18b4f3779ca8b22e8dec1

SHA512
2035ebdee7fbf470fc739828ba86937d8920fcdb2e391050fd3683b58b5377d09dce77a403fa620a2df9f8c1ded3ca46a089ee0d0b35b8b352cf7805c10b8eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
adbdf879aad082547c0dbb671b54fa2f

SHA1
1ef8eba401c945ab1a7650375b6dc1a119474819

SHA256
e474ec9249a426a92fd07a9dfbb0676b02595bae403875b24168a0b7c3a96036

SHA512
317186b20459753ab0e9add014cde5314a281bbb6536a19a87019683086d20f5e9bb31c98d58d14e7fd35df4a982dd1aef2c392e8a3ae8d3faac782506123fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c256d9c9b838dcaf96077c48fe2ba8a3

SHA1
e3aab9b84d90439632a61b80972beba5178cfdd3

SHA256
18011a740bda91cdc6b46a60a007355fb8b94f2d4571be260861587f6b2a9c60

SHA512
55cc365106ba40a98c522023bcdeb9f51ece442fce34739c940ce26d3b19b99ffcf05da3382bc7d8e98e5a8863e31299be2991046914373eb8ccbfdd0dc7d66e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6ce9e9ab51e5728f18bcf5eef97ba169

SHA1
f9ca5d724467a523ea7510426c3ae937badad8a8

SHA256
dbc767af77735162d519b128ae5c0e39f30a6cadbffc7ec10e45c2b98fe05509

SHA512
4a29609708e3d4cd37948749a3debb580545cc06328308f42ed420f615f876b9771a25efd69c810b647d31213876309620d8a025b808a0f2066f666544a09f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88da15be0fb879ff25d981f52ff8905e

SHA1
b6895f4b61db81e923976409124004e0067b9951

SHA256
f081d01944d1ee66081566adbaa4700bfb66dd1ea7b92a853a942463df0cbb69

SHA512
17772e813e8522db9f883729305c1973f57a6880356c20b6bcbef9b74127228e9c3629317baea17555525b55c0dbee582b8edac1340b12041638663106c29dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2e66d787c8daca09bf2ae609a499ea55

SHA1
2b31b7fa568fa2c48b5c352a83a515117f642a9c

SHA256
85199ea714cc3242e6e4ca19b651f4438b6c8e78ce8d3f493fe8b8fa61dc8a84

SHA512
76f68ce20a59f45686a30826669e89f6064360fa439d7a9fa8ce7ecd3ebcb3e8e2bec9d4d0cdb729d5d0a5ed208cb93832dcc2613394c79790bb9a5c31dadaae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c8e6d8827866bef2e96a382925655f54

SHA1
b8cd17757d22d0b0b9a59ec346bd12094e27be4b

SHA256
f0cf283ce946de671a7be34c27c5af7a1dc9d730b640f4034dbf2c5819d66206

SHA512
fc1ae3aaf0cb226aad1ff864288ed3e3ca2c525119ab921b55357d85b13852005574e9303b0425089e22db033950c765f617d27347b9bc633e8b2bfc25ce6802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588dc4.TMP

Filesize
874B

MD5
9882ee4d9f8307828b6d65c5aeaa3a6a

SHA1
c88fa28281b4fe8be830290589cb38d309279b7b

SHA256
4041a8f7e346ef221a466c4fc7b43082b552168c26ba346892c64da5d40c009f

SHA512
ebc48a54a09e7c1cd93bcd44ae834d7edb49415de4b86186084464e3408ec54db0f19107b4a11c433f61c2ddfaeae55325c2e4c65924b9fa5d5a806b4dd02caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\8a377af2-9976-4c2a-9363-271feb8087c3\1

Filesize
9.6MB

MD5
f49b5722b409d7b97d5c4542f3b01b78

SHA1
902ebe16f7f3d95e7b949ba1ff9e25db26ce4011

SHA256
3ca41e2d59f4055758d2d4e97b9c5408e6dc1b0cbbbcf2c93b12e391fc37c91b

SHA512
68e6be2a69e79451211bd8d55adea6d6f62776962e83e8d7ec115ff643bf377efafa5a30517e4314eceee28d46b6a995687508ae7c6bb7af79bac4ab06b4278f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6a07acd167b03d822a8d500474d603f0

SHA1
0b757f1c01c6458a058c445def37ed221e9717f8

SHA256
5dbc48bc061712228e7c00e7152f64af8200c62ad3413af53099c5814b248260

SHA512
6f70350145da44fcbf59589401d65b7e2bbb5adda6abab3b5eeb26a748524c3bf8b064e8248e5699561b047233b33d9847fb3143a3d8a5c00cb31acac07e249a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6b4096d7ebee46ae058144fcfafc363a

SHA1
112001c08965254cd8f62838bfdc3d81becdc6fe

SHA256
522bf8436edc609f11deb12bf8daac7a3d08199a0175f3672c13e7846c8584a2

SHA512
ca9ea3cf384765ca1dc14a76875aab657b612be53dea224bb680c4153ff57dab1cc77a8228cd68cefdc0d8635ca50ceca92b6b8c81e6b5dd00db34dab6ad7075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de13d42133c44dbb560cb6c1c7f518c7

SHA1
13f86b36c7f450ba356f502ec907ca68e1942379

SHA256
eada9b1302a33efcd3ea7db2b713913b626cecf8c49658a51d04b77c68a98406

SHA512
8e3b9bd144b24df8cb3051dbf51117afa6e3d3abe6a283551c1d2ff52026ca66c001707597f56321b31ae107ea0bc82cbc1526ddd861661392a904af7cb924fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04782064af609ec69390aa0d987a7b1b

SHA1
4ef39e9775abc9687b8b05cd5bda94ade62221e8

SHA256
3da1d62ae82da4d5152a821b056518564c22c41f3c3908c82bf8f8ed35cac28d

SHA512
4a140a10bec47592ed270f097ae1c8b76f38bdcae8b136972b67a101160b450b413a2fe68e379a1b66f97e965e5c5e1c62fadb7111ffeee45bd1131235f73c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2e96259f0fe22e53e2f11eee04998244

SHA1
3f7f4907a31f1006adfa5745074d4bcb538fbb97

SHA256
294e994d1bc02472444d174576a293c8610034b6536d74143c8a9f3b420bec8d

SHA512
26f46a934bfae5ed01bf8fbd0092b587cc27ebb2f3b0750716a14632ca9d8764399cb6937dd5615b41866dfaf6ae23e1a2c62918e920e6004c3f7e2bb6c327d7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a89ebc1f333c9bc0aeaab4de76c4293a

SHA1
b8535ea111f2f0663c2f562ea857b15a24e8e0c9

SHA256
23008a6ac029daddfb910e8f1322d7caecf69fec72ac7f37c612ed16e9539de3

SHA512
32181b102bf2ab8e2a873ef547903867f6a68bdd18ef4a92a26a6d4360b13e5ffd587ba5d7c6641ce40beae65f87d9f2035872188aa5de690b1e68f01beb16e3

Download Submit
C:\Users\Admin\Desktop\Darkcomet RAT 5.3.1\config.ini

Filesize
522B

MD5
0a5baccb60ddf613c9ef2b18e0b1863f

SHA1
39bb75213fab1a7b9ab51089ef54f43086d8b1f3

SHA256
21a222e00ea35f663dc6c397c0a0aa6d80e52187644b170cee9e186892a22f4e

SHA512
b24b4e15fc975f81e5e5216cc098f8a34faeb5f7b3f10fe8f9f4a19157abe62f293b4687440434744e5c5284736a9a472fc5d04f5fda72e94fe5e7140b36de9b

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Databases\main.sqlite

Filesize
15KB

MD5
ea522fc387e8e1c1c65e946c9118e2c7

SHA1
0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21

SHA256
ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b

SHA512
52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe

Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\CorePlugin.ncp

Filesize
119KB

MD5
7914e7302f72d330aa5f6c5c8c26df43

SHA1
8c411f3fe5297a78cb018539b44df87c0a51606a

SHA256
f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5

SHA512
8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\DucPlugin.ncp

Filesize
73KB

MD5
5eca68a8368e0e144b7016e30b85515c

SHA1
0ba48b49974156e5746958aeeb1c2a26c916b3be

SHA256
e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676

SHA512
ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\ManagementPlugin.ncp

Filesize
300KB

MD5
b612c2c9a6d361a5db14c04ba126119c

SHA1
d2b29e235b0f45242088b78313438bdfd51209dc

SHA256
b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c

SHA512
194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MiscTools.ncp

Filesize
66KB

MD5
78e3006fc6468eb7dfc7761072b84ac6

SHA1
e46cae768d2754f48a29b7e424a9bddf0d67bcd8

SHA256
3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46

SHA512
0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MultiCore.ncp

Filesize
236KB

MD5
becb82e1e914e906be158e3f9dd658ac

SHA1
725d3d658680ca8dcb610d998db4b28733b5ee52

SHA256
5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33

SHA512
1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoBrowser.ncp

Filesize
102KB

MD5
8b13fdc96af0a84c152f5a601dcc6b06

SHA1
1250db70fda8a2c32f37bbdc5638074c6dc171a7

SHA256
997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0

SHA512
536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoCoreSwiss.ncp

Filesize
49KB

MD5
fcb5afd01e75aca8ed9fbd35a46e54f3

SHA1
94b69f8612d31fc0698089d5e08aea1cafea52e7

SHA256
bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5

SHA512
b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\builder.png

Filesize
303B

MD5
d2d498dc06990b948ef42c479c4c1f94

SHA1
eb380e6d156f5cc2ab28baa5add2ba8acda088b3

SHA256
ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550

SHA512
fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\clients.png

Filesize
462B

MD5
0331dbac2291c05d567461b58654d350

SHA1
1f89cdf7199983e788fd1f22b873ab9b0500952d

SHA256
8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542

SHA512
2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\home.png

Filesize
343B

MD5
0a482ce7f891fe7a64118bbb34a34b9c

SHA1
2aba3c06942273aebc5e616602620e4b2526ebe7

SHA256
76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346

SHA512
0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\network.png

Filesize
230B

MD5
48780574121d519661c2e0bc51b25b68

SHA1
89d8d5e42fbae3d95c8036c1738656b8e6343091

SHA256
28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6

SHA512
7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\system.png

Filesize
273B

MD5
9993c66f33d16d11e701abbabf5a5db8

SHA1
415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e

SHA256
24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40

SHA512
7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ServerPlugin.dll

Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\System.Data.SQLite.dll

Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\builder.log

Filesize
22KB

MD5
0061a98407086fb3106b61fe5d0fbb27

SHA1
c5882467e947fa1cab30dd45fe337b23bce1712a

SHA256
054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a

SHA512
b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\client.bin

Filesize
130KB

MD5
906a949e34472f99ba683eff21907231

SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6

SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8

SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\plugins.bin

Filesize
240B

MD5
5e709fc806e8ba3385487699004f6d29

SHA1
2f32547ed5b9db3b33969fb4858945610aaeedb2

SHA256
9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f

SHA512
a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\server.log

Filesize
103KB

MD5
ac6285562e5e3e4e98feb7fe8df884a4

SHA1
4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b

SHA256
51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a

SHA512
6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\settings.bin

Filesize
280B

MD5
daa76574a834b950a015d191e410c400

SHA1
c93dae186bb23e7fc052b6cbc4626c58bc0f60a5

SHA256
c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f

SHA512
9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\x86\SQLite.Interop.dll

Filesize
792KB

MD5
9b19dcee960dc215e64b1d82348707a9

SHA1
9c1e0f76673eb385787120e17404df179316ca2b

SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38

SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar

Filesize
5.8MB

MD5
c75744769bae7a3e7a4a1aec27673851

SHA1
56b0aa88b44c532be4975bc096cb8e4b9e7ecb49

SHA256
ceb348dfa61b34bebce021fa783b0afdb874ea7205f75e7fb42b01898439be75

SHA512
fa0c8d0b3adbb0bf11185b6c85f38c99421ef24ce55d94674e8d999c907f323a3eb0bcf711b60298e31db2958ebfa2dafad9d01cdf1e61251018ebd717934679

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_aq.png

Filesize
351B

MD5
b841c2ebdca6bb23c15c98da4aa671d7

SHA1
42f562132fe6e9a5029247a2b9666395dd5ad9b0

SHA256
b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5

SHA512
e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_cx.png

Filesize
626B

MD5
fbf02dad6f60392ce777d006d5762248

SHA1
f9d95e6e5e25b83953e4f898bf99636d85511709

SHA256
45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5

SHA512
9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_gp.png

Filesize
546B

MD5
5ac0d15234533136bf6ec230686a4aa5

SHA1
2f208a8baf30d13aa23382d3821cc73c4aa466f0

SHA256
5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d

SHA512
d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

Download Submit
C:\Users\Admin\Downloads\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_sj.png

Filesize
562B

MD5
4f82c2e83eab05d2bd9baaeff6c81a96

SHA1
e1cd3981d14653bf5df976ece649120134e88546

SHA256
15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b

SHA512
b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

Download Submit
memory/368-2204-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/368-2203-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download
memory/368-2234-0x0000000000400000-0x0000000000F67000-memory.dmp

Filesize
11.4MB

Download