nanocore | 8c7d7698d6377193d9795727b59475d36cdddea75f525e5468b87c61da68d04e

Analysis

max time kernel
76s
max time network
57s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-11-2024 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NanoCore 1.2.2.0.rar
Size

11.0MB
MD5

4538860fa47e6d6ea3271b362004e371
SHA1

c4f632049928aa82d36d932665718c689c86bcf5
SHA256

8c7d7698d6377193d9795727b59475d36cdddea75f525e5468b87c61da68d04e
SHA512

1cbc244a3942394ae960615471a40d3d57a54017ee606e95da4c113f53644ed20e9c0f1e0528e3ed77c172189ac01672fec28e384203f7fe0c62d351f01f89ab
SSDEEP

196608:dxwI8RUUyA1RB2bkj+gegzJowW3Wx0u8CU3ymPhB26kRgJzj1DFeYMRjWcJ:dxmRUUTeOHRSWxsCU33nMGMRDJ

Score

10^/10

nanocore discovery execution keylogger persistence spyware stealer trojan

Malware Config

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Nanocore family
nanocore

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3736	powershell.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Startup.lnk	Launcher.exe

Executes dropped EXE 6 IoCs

pid	Process
1980	NanoCore.exe
3504	Launcher.exe
4500	nc.exe
528	Windows Services.exe
1500	Secure System Shell.exe
3784	Runtime Explorer.exe

Loads dropped DLL 15 IoCs

pid	Process
3504	Launcher.exe
3504	Launcher.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe
4500	nc.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime Explorer = "C:\\Windows\\IMF\\\\Windows Services.exe"	Launcher.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\IMF\Runtime Explorer.exe	Launcher.exe
File opened for modification	C:\Windows\IMF\Secure System Shell.exe	Launcher.exe
File created	C:\Windows\IMF\Windows Services.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\LICENCE.zip	Launcher.exe
File created	C:\Windows\IMF\LICENCE.dat	Launcher.exe
File created	C:\Windows\IMF\Secure System Shell.exe.tmp	Launcher.exe
File opened for modification	C:\Windows\IMF\Windows Services.exe	Launcher.exe
File created	C:\Windows\IMF\LICENCE.zip	Launcher.exe
File created	C:\Windows\IMF\Runtime Explorer.exe.tmp	Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Windows Services.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Secure System Shell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Runtime Explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Launcher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3504	Launcher.exe
3736	powershell.exe
3736	powershell.exe
528	Windows Services.exe
528	Windows Services.exe
528	Windows Services.exe
528	Windows Services.exe
1500	Secure System Shell.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeRestorePrivilege	5036	7zFM.exe
Token: 35	5036	7zFM.exe
Token: SeSecurityPrivilege	5036	7zFM.exe
Token: SeDebugPrivilege	3504	Launcher.exe
Token: SeDebugPrivilege	3736	powershell.exe
Token: SeDebugPrivilege	4500	nc.exe
Token: SeDebugPrivilege	528	Windows Services.exe
Token: SeDebugPrivilege	1500	Secure System Shell.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5036	7zFM.exe
5036	7zFM.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3784	Runtime Explorer.exe
4500	nc.exe
4500	nc.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 3504	1980	NanoCore.exe	86
PID 1980 wrote to memory of 3504	1980	NanoCore.exe	86
PID 1980 wrote to memory of 3504	1980	NanoCore.exe	86
PID 3504 wrote to memory of 3736	3504	Launcher.exe	87
PID 3504 wrote to memory of 3736	3504	Launcher.exe	87
PID 3504 wrote to memory of 3736	3504	Launcher.exe	87
PID 1980 wrote to memory of 4500	1980	NanoCore.exe	89
PID 1980 wrote to memory of 4500	1980	NanoCore.exe	89
PID 1980 wrote to memory of 4500	1980	NanoCore.exe	89
PID 3504 wrote to memory of 528	3504	Launcher.exe	90
PID 3504 wrote to memory of 528	3504	Launcher.exe	90
PID 3504 wrote to memory of 528	3504	Launcher.exe	90
PID 528 wrote to memory of 1500	528	Windows Services.exe	91
PID 528 wrote to memory of 1500	528	Windows Services.exe	91
PID 528 wrote to memory of 1500	528	Windows Services.exe	91
PID 528 wrote to memory of 3784	528	Windows Services.exe	92
PID 528 wrote to memory of 3784	528	Windows Services.exe	92
PID 528 wrote to memory of 3784	528	Windows Services.exe	92

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2604

C:\Users\Admin\Desktop\NanoCore 1.2.2.0\NanoCore.exe
"C:\Users\Admin\Desktop\NanoCore 1.2.2.0\NanoCore.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Launcher.exe
  "C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Launcher.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3504
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" add-mppreference -exclusionpath C:\Windows\IMF\
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3736
- - C:\Windows\IMF\Windows Services.exe
    "C:\Windows\IMF\Windows Services.exe" {Arguments If Needed}
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:528
  - - C:\Windows\IMF\Secure System Shell.exe
      "C:\Windows\IMF\Secure System Shell.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1500
  - - C:\Windows\IMF\Runtime Explorer.exe
      "C:\Windows\IMF\Runtime Explorer.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3784
- C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\nc.exe
  "C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\nc.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\Resources\ListIcons\flag_aq.png

Filesize
351B

MD5
b841c2ebdca6bb23c15c98da4aa671d7

SHA1
42f562132fe6e9a5029247a2b9666395dd5ad9b0

SHA256
b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5

SHA512
e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\Resources\ListIcons\flag_cx.png

Filesize
626B

MD5
fbf02dad6f60392ce777d006d5762248

SHA1
f9d95e6e5e25b83953e4f898bf99636d85511709

SHA256
45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5

SHA512
9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\Resources\ListIcons\flag_gp.png

Filesize
546B

MD5
5ac0d15234533136bf6ec230686a4aa5

SHA1
2f208a8baf30d13aa23382d3821cc73c4aa466f0

SHA256
5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d

SHA512
d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\Resources\ListIcons\flag_sj.png

Filesize
562B

MD5
4f82c2e83eab05d2bd9baaeff6c81a96

SHA1
e1cd3981d14653bf5df976ece649120134e88546

SHA256
15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b

SHA512
b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\wpnclient\Resources\ListIcons\flag_ax.png

Filesize
501B

MD5
4ae673575f11db0b2934308ce1c92190

SHA1
31bdeda888dfecf35e3b8a278b1bddd1d4154855

SHA256
bee6cbdada24b441e920ec43be7c0225fc6055db1fd8b8a55b478751e1df19b5

SHA512
88d378227378f388469ba282c3d1366fe7960a494df1b6e2c43bd17983eb313cf4b9669a2fe7fba2755e93cd1d048fbf0289c9843e377e6eb932dd8f26b8928b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\wpnclient\Resources\ListIcons\flag_eh.png

Filesize
538B

MD5
2ae81f24c0ad633631872e262ea44d69

SHA1
21cc59676364f57710050ee058f29bc8cc5c4cdf

SHA256
ccff90eb951ac70f01134e0ad8736d0567060b7a535dc742b9508f8a5d69bb33

SHA512
302c7e62af7f9d61a8cbd1a718ed666274b442ac66de457d45942c2dba6e05ab3465b9b6f758e6fccd0b75e3ceddd2264a4f4dcbb6df9c854f62556e4b29d997

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\wpnclient\Resources\ListIcons\flag_iq.png

Filesize
492B

MD5
458a340415689f3e1804e6fea70b95be

SHA1
7badfd77fd48158f447e7ba10ee31e5e5ec8c607

SHA256
05f9e0f0b718791d3da5d81d73e8d57c3ac5650a05561584e981fd58bd51cbaa

SHA512
6e15693692b8841c8d6303b9d859289041bdd2d2903c6877e1bf0969856bedbc2ff72f633ac684d9d33c6a9f56343ed637058516390b5d690c5e62f92e46e3f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\wpnclient\Resources\ListIcons\flag_nz.png

Filesize
641B

MD5
522755a2f4275cd5d5f858d879a9ca05

SHA1
02c4fa14b8dcb9e054813cf4c4f5ac3e3327cae9

SHA256
ad76983c860e3f7645ba50b60660ef3b1020a874546f0c8a0d3911a72b842949

SHA512
57b7d798d22508c59ca8fdb11ff3cbf7a71879a5c94b1ff807d3a5e162fdaa92683dd48ad0c1f8fbc34f60fc96f7716531ef714918b15d9162ec7dea774dd15f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zECA318FD7\NanoCore 1.2.2.0\wpnclient\Resources\ListIcons\plugins.png

Filesize
14KB

MD5
3191ca0269497a9566299585d427bc15

SHA1
7db0caabd0a466730b264d07c8cceeb62648788c

SHA256
e60d5bbd1aaa36e731ef53f09dd4b010a041dd7c346c4f3ae0b824f63c37959f

SHA512
6d76f44efea93a2f43e3d9ac11bb97d279a9d3fe668382c2e747ec5bcc0e48d5decf59e2772058e804bf32bc74f4b0380db8dcd0f652073661e68abcbe5adb08

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zdxfe2qw.huh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\Launcher.exe

Filesize
53KB

MD5
c6d4c881112022eb30725978ecd7c6ec

SHA1
ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

SHA256
0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

SHA512
3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\NanoCore.exe

Filesize
233KB

MD5
aa989fa9c089c1cca0b1a6d58101cf72

SHA1
d3ad799de70084c469d04bc0338ac37da92d5506

SHA256
df58c0fe4c94a532528b483853ce8728d07147b574a741287d813d98cc4d056f

SHA512
edc491128f121536d6ad3a99b8bbf043e53e5e891f96fa61da8f45035663d051d809bf784e4f9918f41f667228ddfce29c8bd5ab675cb688c87677580dae600c

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\ClientPlugin.dll

Filesize
19KB

MD5
bdc8945f1d799c845408522e372d1dbd

SHA1
874b7c3c97cc5b13b9dd172fec5a54bc1f258005

SHA256
61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403

SHA512
4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Databases\core.sqlite

Filesize
3KB

MD5
3732df3263fbaa868bb866bcca1f402c

SHA1
f247dc7dfea7bcbb69116920d48af2dabf85b444

SHA256
716d9992711b5b17eca841836ba5a63db0a62251bd056a92db96deccfa887b41

SHA512
bb99cfe2be9488c6d7e57991b2bbc4e593ade8c8d2c79e4b7056ec5be60fd5e0b88467f65dca71c269540b800f0c3319e4e849e7e77069a6e9b1b89a2d4807fd

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Databases\main.sqlite

Filesize
15KB

MD5
7e5bd3213820f34abd87f04eef517abf

SHA1
61920b9cdde2fe528394328f0793c2f2f85411af

SHA256
619d94868f74007a8327336b19bb1dd7c55a3f56376d8cca1f29ef667fdeb003

SHA512
3fb0427ee80ddb342f762768e68d885e3552bad50891c9b0eef733125372a4bca0cdddc97f9f58d67463c0f200f2d187ceef7c8663d38406be2c22eee27c5827

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Ionic.Zip.dll

Filesize
480KB

MD5
f6933bf7cee0fd6c80cdf207ff15a523

SHA1
039eeb1169e1defe387c7d4ca4021bce9d11786d

SHA256
17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

SHA512
88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\LICENCE.dat

Filesize
74KB

MD5
f7d55578b3709f1519805272e3e64c33

SHA1
5f1f8f05a629052ef5289c0f7e438625c559339d

SHA256
3147a9c9015f7e54c8acdb8d413da93ef3e4b04fb27ec578dcd188a70bb53301

SHA512
3a853dd66f731dc0c929b1f65f28a64a51e47c82058e05689e6ca0877d50bcd32503c734bf1e4f246f3cf341029496685cf4c741d0af54f0428f07ded24b65fd

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\AIO.ncp

Filesize
17KB

MD5
60c274ccb344da9e3d77449f6068d253

SHA1
ab25eddf3ddb61ef52104a01e5c9b8a23451c764

SHA256
0a59aaee013c57f3b6190d683160d88ca1c5868565cbf5acbb7b17d3e925c602

SHA512
9600d852b56557f31a5a18a6aa2cb76cf4fabf36ae32bbeccf82677f64737542234e2fb06ac8d917f9839120320b7db212d76e8dea24445f13096d86a474b9c9

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\CorePlugin.ncp

Filesize
119KB

MD5
7914e7302f72d330aa5f6c5c8c26df43

SHA1
8c411f3fe5297a78cb018539b44df87c0a51606a

SHA256
f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5

SHA512
8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\DucPlugin.ncp

Filesize
73KB

MD5
5eca68a8368e0e144b7016e30b85515c

SHA1
0ba48b49974156e5746958aeeb1c2a26c916b3be

SHA256
e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676

SHA512
ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\ManagementPlugin.ncp

Filesize
300KB

MD5
b612c2c9a6d361a5db14c04ba126119c

SHA1
d2b29e235b0f45242088b78313438bdfd51209dc

SHA256
b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c

SHA512
194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\MiscTools.ncp

Filesize
66KB

MD5
78e3006fc6468eb7dfc7761072b84ac6

SHA1
e46cae768d2754f48a29b7e424a9bddf0d67bcd8

SHA256
3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46

SHA512
0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\MultiCore.ncp

Filesize
236KB

MD5
becb82e1e914e906be158e3f9dd658ac

SHA1
725d3d658680ca8dcb610d998db4b28733b5ee52

SHA256
5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33

SHA512
1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\NanoBlack.ncp

Filesize
107KB

MD5
794ab16c092ebf2b1d812d6cce158537

SHA1
6dd9edd26b50265d5af4642f9d1f1f8703a44805

SHA256
7919b7998d6b359d7cb700018dc2d69ff6ffb45bd01c9c190b98fb4c9ff4beab

SHA512
e639bb0f7d309344c45ddff3d7f91212b3c6a9db6970d06db35f6bac228b389ed8c32dbda75ae23ad1359bb60f678b0b891caa3ed07245aaad21dcb3ea4a5347

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\NanoBrowser.ncp

Filesize
102KB

MD5
8b13fdc96af0a84c152f5a601dcc6b06

SHA1
1250db70fda8a2c32f37bbdc5638074c6dc171a7

SHA256
997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0

SHA512
536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\NanoCoreSwiss.ncp

Filesize
49KB

MD5
fcb5afd01e75aca8ed9fbd35a46e54f3

SHA1
94b69f8612d31fc0698089d5e08aea1cafea52e7

SHA256
bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5

SHA512
b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\NanoNana.ncp

Filesize
157KB

MD5
c5d40b767bd6b97f88ccce13956d0ad8

SHA1
ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100

SHA256
a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa

SHA512
3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\NanoProtectPlugin.ncp

Filesize
179KB

MD5
e51af633e5f5f4a817a54773fb90d337

SHA1
0cb8a7965f9f042954b1f318ea1026b76e12f8e0

SHA256
b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66

SHA512
6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\NanoStress.ncp

Filesize
117KB

MD5
ba6f59df971d6db7a8951edbd5d6691b

SHA1
ed766de1fb4ab0889b3fbc8127f1393eb3cddc15

SHA256
6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581

SHA512
bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\NetworkPlugin.ncp

Filesize
319KB

MD5
70e5b02349742a550fbfcfb5bb78c906

SHA1
2319b68398af74fe08b6a3a7d6943cf700240a4e

SHA256
160030b8444b6fa86775a11d1be35df6a75252070fc5661055884d3f8b07296d

SHA512
bbb5d2fd6eff637da303a4ab2fdb02f781619ffe25c5795c5b9e514214227717771a98ce6c3becc87b29c15303ac4373ee3847060ad5755a2455362e6e26932b

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\SecurityPlugin.ncp

Filesize
74KB

MD5
44bd68199bb393d0eeb7ae83b56d9b9f

SHA1
c6cfa069a17ace16c651a11945bd54f4ca6193d1

SHA256
25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12

SHA512
a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\SurveillanceExPlugin.ncp

Filesize
423KB

MD5
195fbe66986564288c3285935fe87b27

SHA1
2fe84fbbf109b3e4c7c63b414689021ba847b568

SHA256
a2ce9ed783b26d01d58e07b9c97bcfecace9ced72960cf3ecf471fbd008afbae

SHA512
552161e555d07fdf7062a4c0d3738819b13ad4c9a5c54f09db48dccf6faf49b014eb043037500abdac7af0210ed118c5232d8d54be367d8a4caccfae7904332e

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\SurveillancePlugin.ncp

Filesize
352KB

MD5
ed3edf12bac989d1dd6edf7146feb805

SHA1
776a667bf2341b43e199c3601856ac223b86d221

SHA256
3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040

SHA512
e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\ToolsPlugin.ncp

Filesize
130KB

MD5
699eb468e7d6bee9c429923b5b477545

SHA1
80bc420c3e441c9b9c3813ac05ea9e168cca1e3a

SHA256
d753bc28d842e44ffbf6cf99314febe5ed7759b25a74ca34a47fdd153bf2a6ab

SHA512
5d82a98e918ea3eb024dbb7552e5cdecc317b49635a5789029e7a0035d2f0cb2a3c47ef53e603217afd17d6f59fc78a918e2e5f70266119c619e41b3b647aac9

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Plugins\VisibleMode1.1.ncp

Filesize
49KB

MD5
37c2ef6e5214600396ee87c4168a5664

SHA1
69b6e1f612f5a3435fab05074cffd3ebd1c232fa

SHA256
4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2

SHA512
667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Resources\TabIcons\builder.png

Filesize
303B

MD5
d2d498dc06990b948ef42c479c4c1f94

SHA1
eb380e6d156f5cc2ab28baa5add2ba8acda088b3

SHA256
ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550

SHA512
fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Resources\TabIcons\clients.png

Filesize
462B

MD5
0331dbac2291c05d567461b58654d350

SHA1
1f89cdf7199983e788fd1f22b873ab9b0500952d

SHA256
8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542

SHA512
2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Resources\TabIcons\home.png

Filesize
343B

MD5
0a482ce7f891fe7a64118bbb34a34b9c

SHA1
2aba3c06942273aebc5e616602620e4b2526ebe7

SHA256
76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346

SHA512
0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Resources\TabIcons\network.png

Filesize
230B

MD5
48780574121d519661c2e0bc51b25b68

SHA1
89d8d5e42fbae3d95c8036c1738656b8e6343091

SHA256
28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6

SHA512
7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\Resources\TabIcons\system.png

Filesize
273B

MD5
9993c66f33d16d11e701abbabf5a5db8

SHA1
415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e

SHA256
24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40

SHA512
7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\ServerPlugin.dll

Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\System.Data.SQLite.dll

Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\client.bin

Filesize
130KB

MD5
906a949e34472f99ba683eff21907231

SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6

SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8

SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\nc.exe

Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\plugins.bin

Filesize
240B

MD5
5e709fc806e8ba3385487699004f6d29

SHA1
2f32547ed5b9db3b33969fb4858945610aaeedb2

SHA256
9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f

SHA512
a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\public.bin

Filesize
17B

MD5
602d0cc4e7246f8a3b8a5ee9c7fabe30

SHA1
e9ecc8f782cf27ae68339b0cdfd0f79c69aa4afc

SHA256
6de29ee3e660fd3ab419f568fcf65f8418484eb43d5bfcdbfac5d456fd8488f2

SHA512
ccaf306f4e4b4ee7de6a62954bbebcb52d131da49912d2d6ad39d07012dffe66ec6109dfbd5fbfd166e98e7bcb2c564b75eda0a2eda2ee815f71db5986506f43

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\server.log

Filesize
22KB

MD5
65e4637976be6bc6b34111fddeef103e

SHA1
d3ae1271ad4e0e381b59a503399ed11709c445cc

SHA256
6b08829282b7737dd5f7677da8c74478e52b395e87bd88395c92829e1b37a31f

SHA512
1116ffacc5c6599df88d1f754521b04ad54d451df8dbf21113b5506f26769b0ec12ec88afd6399d02d45872d462c4c8747c06d2901a0541127210a803aa40b95

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\settings.bin

Filesize
88B

MD5
2e33490fe473c4025edbbdd49f1e43af

SHA1
d2733dc6580b3795f2c0c17ba4e8d13811db69c8

SHA256
af1b18f5fc34dcefd95c30c044db14c05809ea09ee03b0bceec8f236ea95544b

SHA512
5168e472d21c43bb3abab57ce97d0d42897fe89f20e9adf8c8fc08e94e4e9ede33a438e7ca4a0518029c89617a34659920dc3a1969b2f2f2b4b13c1d029d03da

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0\wpnclient\x86\SQLite.Interop.dll

Filesize
792KB

MD5
9b19dcee960dc215e64b1d82348707a9

SHA1
9c1e0f76673eb385787120e17404df179316ca2b

SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38

SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

Download Submit
C:\Windows\IMF\Runtime Explorer.exe

Filesize
144KB

MD5
ec70c6f4dc443c5ab2b91d64ae04fa8e

SHA1
43eb3b3289782fced204f0b4e3edad2ba1b085b7

SHA256
276f1bfc6256f4c1ddd544d5a556d299ebddcf200a64ee7c9c3edef686df727d

SHA512
6217c232edbcf60ae1337120aa9b51956e06f591c660fd720b02fe8abf01923dd4dca28f69ece88c12c705a4c3a392d0cbb6f4f6c6759306123db141ed05d584

Download Submit
C:\Windows\IMF\Secure System Shell.exe

Filesize
45KB

MD5
7d0c7359e5b2daa5665d01afdc98cc00

SHA1
c3cc830c8ffd0f53f28d89dcd9f3426be87085cb

SHA256
f1abd5ab03189e82971513e6ca04bd372fcf234d670079888f01cf4addd49809

SHA512
a8f82b11b045d8dd744506f4f56f3382b33a03684a6aebc91a02ea901c101b91cb43b7d0213f72f39cbb22f616ecd5de8b9e6c99fb5669f26a3ea6bcb63c8407

Download Submit
C:\Windows\IMF\Windows Services.exe

Filesize
46KB

MD5
ad0ce1302147fbdfecaec58480eb9cf9

SHA1
874efbc76e5f91bc1425a43ea19400340f98d42b

SHA256
2c339b52b82e73b4698a0110cdfe310c00c5c69078e9e1bd6fa1308652bf82a3

SHA512
adccd5520e01b673c2fc5c451305fe31b1a3e74891aece558f75fefc50218adf1fb81bb8c7f19969929d3fecb0fdb2cb5b564400d51e0a5a1ad8d5bc2d4eed53

Download Submit
memory/528-1611-0x0000000000740000-0x0000000000752000-memory.dmp

Filesize
72KB

Download
memory/1500-1655-0x0000000000010000-0x0000000000022000-memory.dmp

Filesize
72KB

Download
memory/1980-1526-0x00000000053D0000-0x00000000053DA000-memory.dmp

Filesize
40KB

Download
memory/1980-1552-0x0000000074890000-0x0000000075041000-memory.dmp

Filesize
7.7MB

Download
memory/1980-1528-0x0000000074890000-0x0000000075041000-memory.dmp

Filesize
7.7MB

Download
memory/1980-1527-0x00000000056E0000-0x0000000005736000-memory.dmp

Filesize
344KB

Download
memory/1980-1525-0x00000000054C0000-0x0000000005552000-memory.dmp

Filesize
584KB

Download
memory/1980-1524-0x0000000005A70000-0x0000000006016000-memory.dmp

Filesize
5.6MB

Download
memory/1980-1523-0x0000000005420000-0x00000000054BC000-memory.dmp

Filesize
624KB

Download
memory/1980-1522-0x00000000008E0000-0x0000000000920000-memory.dmp

Filesize
256KB

Download
memory/1980-1521-0x000000007489E000-0x000000007489F000-memory.dmp

Filesize
4KB

Download
memory/3504-1583-0x0000000006300000-0x0000000006376000-memory.dmp

Filesize
472KB

Download
memory/3504-1535-0x0000000006640000-0x00000000066BE000-memory.dmp

Filesize
504KB

Download
memory/3504-1531-0x0000000000570000-0x0000000000584000-memory.dmp

Filesize
80KB

Download
memory/3504-1584-0x00000000062E0000-0x00000000062FE000-memory.dmp

Filesize
120KB

Download
memory/3736-1536-0x0000000004C10000-0x0000000004C46000-memory.dmp

Filesize
216KB

Download
memory/3736-1627-0x0000000007620000-0x0000000007631000-memory.dmp

Filesize
68KB

Download
memory/3736-1616-0x00000000076A0000-0x0000000007736000-memory.dmp

Filesize
600KB

Download
memory/3736-1615-0x0000000007490000-0x000000000749A000-memory.dmp

Filesize
40KB

Download
memory/3736-1613-0x0000000007410000-0x000000000742A000-memory.dmp

Filesize
104KB

Download
memory/3736-1612-0x0000000007A50000-0x00000000080CA000-memory.dmp

Filesize
6.5MB

Download
memory/3736-1607-0x00000000072D0000-0x0000000007374000-memory.dmp

Filesize
656KB

Download
memory/3736-1596-0x00000000066B0000-0x00000000066CE000-memory.dmp

Filesize
120KB

Download
memory/3736-1586-0x000000006DE80000-0x000000006DECC000-memory.dmp

Filesize
304KB

Download
memory/3736-1585-0x0000000007280000-0x00000000072B4000-memory.dmp

Filesize
208KB

Download
memory/3736-1555-0x00000000060F0000-0x000000000613C000-memory.dmp

Filesize
304KB

Download
memory/3736-1554-0x00000000060B0000-0x00000000060CE000-memory.dmp

Filesize
120KB

Download
memory/3736-1553-0x0000000005B90000-0x0000000005EE7000-memory.dmp

Filesize
3.3MB

Download
memory/3736-1540-0x0000000005A90000-0x0000000005AF6000-memory.dmp

Filesize
408KB

Download
memory/3736-1539-0x0000000005A20000-0x0000000005A86000-memory.dmp

Filesize
408KB

Download
memory/3736-1538-0x0000000005210000-0x0000000005232000-memory.dmp

Filesize
136KB

Download
memory/3736-1537-0x0000000005280000-0x00000000058AA000-memory.dmp

Filesize
6.2MB

Download
memory/3736-1672-0x0000000007650000-0x000000000765E000-memory.dmp

Filesize
56KB

Download
memory/3736-1674-0x0000000007660000-0x0000000007675000-memory.dmp

Filesize
84KB

Download
memory/3736-1675-0x0000000007760000-0x000000000777A000-memory.dmp

Filesize
104KB

Download
memory/3736-1676-0x0000000007750000-0x0000000007758000-memory.dmp

Filesize
32KB

Download