nanocore | ceb348dfa61b34bebce021fa783b0afdb874ea7205f75e7fb42b01898439be75

Resubmissions

30-11-2024 09:47

241130-lr665avndn 10

30-11-2024 09:44

241130-lqny6a1jgz 10

08-11-2024 08:52

241108-ksvn2s1rgl 10

Analysis

max time kernel
605s
max time network
604s
platform
windows11-21h2_x64
resource
win11-20241007-it
resource tags

arch:x64arch:x86image:win11-20241007-itlocale:it-itos:windows11-21h2-x64systemwindows
submitted
30-11-2024 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar
Size

5.8MB
MD5

c75744769bae7a3e7a4a1aec27673851
SHA1

56b0aa88b44c532be4975bc096cb8e4b9e7ecb49
SHA256

ceb348dfa61b34bebce021fa783b0afdb874ea7205f75e7fb42b01898439be75
SHA512

fa0c8d0b3adbb0bf11185b6c85f38c99421ef24ce55d94674e8d999c907f323a3eb0bcf711b60298e31db2958ebfa2dafad9d01cdf1e61251018ebd717934679
SSDEEP

98304:5S+zg4KC/4ObL3j/ZV2tKRcHhMBJcPpylijvjTZi1UBCFCX/IxCF+/h0k98nRDdj:51kC/40z3tKMrcByIT1B2zkA/Ck92thv

Score

10^/10

nanocore discovery evasion keylogger spyware stealer trojan

Malware Config

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Nanocore family
nanocore

Executes dropped EXE 3 IoCs

pid	Process
5096	NanoCore.exe
752	NanoCore.exe
540	test.exe

Loads dropped DLL 26 IoCs

pid	Process
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	test.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	test.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133774340316389090"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 7e003100000000007e59204e11004465736b746f7000680009000400efbe4759e5607e59204e2e0000002c5702000000010000000000000000003e0000000000105717004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	NanoCore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\NodeSlot = "2"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NanoCore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 78003100000000004759e5601100557365727300640009000400efbec5522d607e59204e2e0000006c0500000000010000000000000000003a00000000005228c60055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	NanoCore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 = 9e00310000000000c648257f10004e414e4f434f7e312e305f430000820009000400efbe7e59204e7e59204e2e000000d7aa020000001b00000000000000000000000000000079fa2c004e0061006e006f0043006f0072006500200031002e0032002e0032002e0030005f0043007200610063006b0065006400200042007900200041006c00630061007400720061007a00330032003200320000001c000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000a1a4f16eb118db01f0f6b2140d43db01f0f6b2140d43db0114000000	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	NanoCore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	NanoCore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NanoCore.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	NanoCore.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
4312	chrome.exe
4312	chrome.exe
4512	chrome.exe
4512	chrome.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe
540	test.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5096	NanoCore.exe
752	NanoCore.exe
540	test.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2596	7zFM.exe
Token: 35	2596	7zFM.exe
Token: SeSecurityPrivilege	2596	7zFM.exe
Token: SeDebugPrivilege	5096	NanoCore.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeShutdownPrivilege	4312	chrome.exe
Token: SeCreatePagefilePrivilege	4312	chrome.exe
Token: SeDebugPrivilege	752	NanoCore.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2596	7zFM.exe
2596	7zFM.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4312	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
5096	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe
752	NanoCore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4312 wrote to memory of 1012	4312	chrome.exe	87
PID 4312 wrote to memory of 1012	4312	chrome.exe	87
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1704	4312	chrome.exe	88
PID 4312 wrote to memory of 1736	4312	chrome.exe	89
PID 4312 wrote to memory of 1736	4312	chrome.exe	89
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90
PID 4312 wrote to memory of 4644	4312	chrome.exe	90

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NanoCore 1.2.2.0_Cracked By Alcatraz3222.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3844

C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe
"C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3b28cc40,0x7ffc3b28cc4c,0x7ffc3b28cc58
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:3
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3080,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4340,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3320,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3300,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4324,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3060,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5048,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5180,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4276,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4976,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5348,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,17161538309546095020,13694262592627538761,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:5024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2964

C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe
"C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3b28cc40,0x7ffc3b28cc4c,0x7ffc3b28cc58
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1956,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4300,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3544,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4384,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4420,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5080,i,7045248528601480462,3826625313919378074,262144 --variations-seed-version=20241121-182614.093000 --mojo-platform-channel-handle=3176 /prefetch:8
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1248

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1224

C:\Users\Admin\Desktop\test.exe
"C:\Users\Admin\Desktop\test.exe"
1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D0
1⤵
PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
129695cb13d7a74b2339de2c6556dd72

SHA1
314d3406a078f2c388ddd861d66e41d17985ac35

SHA256
2afff6d4c92cde01a63f9c67fa7a035a1ea17c25dc1ed06f59594880682eb02e

SHA512
085502747eae8f5927ee5b1bda77ae3eef5a3828de370deb3d2e4c199c28aab2dbd0d5bc58c4a61f582548b11dd865ffa2c21e58cbd9376051ab042c1b7337b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3e113377-72f9-483c-adf2-96d05d1f42c9.tmp

Filesize
10KB

MD5
bb5150bf268c4239d31f172a2daea696

SHA1
27ceeefa8a3674512726009b88b100f3b1541a79

SHA256
240be645a6a2c4f4250b55c7bee0ad98b108c54c496b7f935bcafc07bc98c35d

SHA512
423520b3487d3646988d9be1a8a24e666676389052579fd6c835ccb323ffdf9cf4c6a7d0167f93e76fc448b04e781a820aeb4d62d52cb04cb754ed6a8ebbf66a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ec16a5d5c1b37f9a204ece57f82b0b96

SHA1
6beef2b578f99fab1dd2437ac71ebb8140062285

SHA256
e8837842f51401edd4450ea76c72a91967aeb60a1410d1500918758f3a33afb1

SHA512
ef4f8ad69ed128ed0c3fe0b4dea91aeb23684c02c0103f9b774e0dadbdcf78e348d1cdb0c25440bc56cd60300243c6ae89456a8dcdbb30bb39db24b533812c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
0e46ec5204dd56c177fa32560d96b222

SHA1
7e561a039febee4c10a3c0abdc822e87c3eed076

SHA256
362b90b1a595e368b282eca3b49897caaa761316f21fa986cd21d73a5f9aa482

SHA512
8ae559fca4ad55d968b4f07b1aad85469276cbb289eda7d66665b0de50378689d99cd890c64b6b82ded40ba7150e356ae21f35661c0433268661e884757ab583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9361588a0b1559c7bca343052252ecd1

SHA1
aef9bfe9c4dc3e26949c994389b015dd3a471cb9

SHA256
cfd4589415d92bf9aa994ec1282f497cc17967b88447e4b27de23ab5974a8048

SHA512
8fe3a4c82cd0c84210dd50d0974054b6e16ec4f7b72f00aef953e92148347104855173712ac1c3fad93fd7dc1b092e51c4fb1b1b5e3c3792171fd9d5694b9431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a5131b9d79e97ff252bc0f4c98495080

SHA1
1c21b3619913abcfc1929fc4453e65cc69092298

SHA256
827a418e6a738c5b8b549fe3353a1d01532a43dc1ffca5469e0913e70cbcefe5

SHA512
292ce617c6bce2d84881dfd4782d2f565d29f810a6b468c1e7ff614c959d000f8411a6a80592c2f52647e3d1b1481f32cf5585c1f5826b24e2dd490914d51142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a3596af55a83e7292dae7c926d1311a1

SHA1
f609685108149f1ccae824a48ab1be2604bb4086

SHA256
5cd0d5abfcbfb7a1d78a4ab44f6426baa6876afcb9fe580d2ad45e1f2d0ebd2b

SHA512
9faabd5e8f6e125b2e05a4f1d78e0d32c6d4072a3438b4301c23de7cc0b5e82c03ace6a50d4318ec5a199a34c359e154dc38ab9c3cea01403011123a164f709c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9f6b16be0c7be207527a4a2b5dc5ea8d

SHA1
17e6b75ce3190cbacc2fd40d1a04ac86a9d6cca9

SHA256
9c0e222b4a2262b647bc40a8c38ba01616c7c8d2f21fafd2c14f709eb83ff98d

SHA512
7b8db5a3d280cc87d70edb5c244b70366f6bf2f47bbae407f4cd14e7c611003408f336074f9460f0ba65716d62ce80b916473ebb6fdb97d01f22252731ad0ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dfc69f3b008094a5edb8dda9decfb330

SHA1
1000ff31251b803887e7da3d8d144c4f87587d31

SHA256
675b1a573d5081936548e2756259d77521f9123cb2781ad77d2cf9f051ecc237

SHA512
be1ff9dc85e375902f8e939731db889907441577562b7cfda367b7bf4a04ae92b6e539e9e188dd527945678a83f9fe071fa181a5004b1bfc2bf5ac7db70a5536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d7d7ffb75307563550602f80ad89dbd1

SHA1
33d965ae21a02f7f21d973f80221ef8ca405d148

SHA256
09f2c9ccf2615668aed14c55c13dd8b3f58c365644e9dbde9d71fd874727d500

SHA512
37670e529f50a55fa070e538854619a158aea40d4e18601473480c55aeb3b4a7db4aa90ed0d901a1ef4cb1919b5518b0974b0892e75eacda2e8114828ceec72d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ad983837c56986a8c82a0fde8f6268d8

SHA1
7d94519bb267796b21747bd8749af41ad50fbb96

SHA256
d5eee05f647d861c214b5cb4bb12972b9e1ff94a2d82af0189ff6a43b6ea8477

SHA512
51f3aacc936665de0bd2e3a58864901a73a064e36390e75b12462db7c2eca72d2da93a9496de16f3c991a1e7b3412ea73755ba4a25ab516e9bb29e8e586030c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
578b196d678fb29d7c65b0f718b6f70f

SHA1
b9da815607e9e70171991f56644198a63041274c

SHA256
ff5e426477bd32c94fd4cf99ea55e8837860a91e61396e89f1e2fe686bee7868

SHA512
6fe61b8f50d1e63ba048bbfd16d3ff59a63c965a4d8eef65bb29bc27bc11df8f32639b040a5b4594da8f1b0cfa8dd2a7416cbf7777e1365f5a3a404ed324c35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
35dade28b151163ae45a94c29ec9adf3

SHA1
754c14a1ff6f248c7908c4d3151169ddd5bbe5a3

SHA256
8395de0a2d27e98fdbab5e6df5d20dd17af587179c4bef843f5b1d3c4923d653

SHA512
f21345603f07b19004a1dd1fedc75e961b870bd9ac2c15e8bbe3c41609779f92963e49bf124a6086156108b4ce9403623f4c1e2024c07705c0c2afdad1c50fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9939732191be60bfc10e4b6eed2e0e41

SHA1
23316458b158d5d4f250ee995cc9a27470e0f48a

SHA256
8e1d19c30941c30bb57f3a79878df55f22020fe29a090c60a9b897f1e40c7bab

SHA512
bcf2af3737a25817266099126f526cfa613c05f24ece8144d98268e1e7e6d99e53c8abb601a88fbf3811c969022d8a75eaec86fff75991f5f79377cf257ac4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef6858c5794a7c82418ec6003ac1ee55

SHA1
7336d3ee88eb56d910d463832911183b759da925

SHA256
59a03b3d645cf33500fbba284b2c8f557f500dd869d50bdc96c1b109b9cf25cf

SHA512
e04be5245487c9baf299fb8966d65541ae5b4dad4c7e36d576ba840b64b1da519b2f21aee39ef21c63ad4a71456a1d26442918871cc04054df9b23813b97be77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
27ab12776a66ea180a2c8a9b58235729

SHA1
48e3455e9040a4c2a69401ed3220d23cc82bfab1

SHA256
081d2a2febacf83db1e059e101677e9868947f114a42758e12d03964f1530858

SHA512
77530a9ab2d86f674ed1ea50147d8594ca88eeb187c4f4a5f686fdcef8caf88d4cca294e45f96db7e5655fb587d1dcb8c9bd5008800eed138aa5a4b068c9ee7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
873a66da9a2b79fec6e1a2c174f0577f

SHA1
c92a40b993cfd4551155ea3b1c51742744d96d78

SHA256
8c8e203bc6d30be9d886126395f6a39a784f1ff82f217fb39712b992fbca1c77

SHA512
84b1038e5fb030dde3666f79ad0f77be0a5f20701e3d049640943dc7eb8048ef4f305179b16dc8fd9c6775fc889d441a60ca6b46082497956daa7354b0745a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09cf79b4ced2c07d0aab90beb177eaf5

SHA1
9975794854cb440b4a2737b00c42a5dbe573b7dc

SHA256
e1f5a0edc8c85c91f01869cffabaeafa6227a7dfa80e10e35adf8d727828b7b1

SHA512
efa3d43df4f50d15d6facbb42e8a58144b5895ae2115b6421cecaefd8bbc126f60b0c85cb257632b763e0f3a9c45b9d980dbda21015daa1f17bc7793d3dae0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
afceee2f8e6b5a092a4bea272e6f6f68

SHA1
c380439c208d938a14c6987e7f92af2a84c60e2f

SHA256
da415233cd82355f4d7d69a2b79815482767c9f9c88995678ae0cd05872eab0e

SHA512
209ddd673543e4281002fa04d6f74e051e16edee03d16edeadfbfb244410940c823ecc3616641acd30941372712ba9cd1b5198847fa0e8e090bf26317b18af26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37403392be9e71c6976741c5f44dd904

SHA1
0f38187b53ffe5d31ba4872279f75e8e0b7cc3cc

SHA256
e2f3d904b74a286f4ebd2aeba32684b631b9bae435a34f77f7636889d37f5d9a

SHA512
6f0938817699a818f76d4841685f4d54f183704851a340b033cd0257572166db1ef6cc92107c09099f2ce132036fab127e770c22f046e0273ba66f5e39fdfdb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1ec8912dcc467e9c683d1ce0d7cbb4e4

SHA1
989d2b498a0fa59b2d98a1dd186c7a909a438cba

SHA256
51288a78975907dc2c357eece92a6e79fcb945c68011d09a4f245e06467912f4

SHA512
a0f997a8a4778fa6a9acf454b5a2f4704699c33f473b5701c6f988a66cb9621e36776f779bb9fcf908920107978b89c921760c1e1c95888cca8f37bac5b39186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d5bd1343-881e-485d-826e-efcb4450a146.tmp

Filesize
10KB

MD5
fa9f05e79139209c3f304656ca4483d5

SHA1
fc9d56102f201ebcf825927f837d331110946f4b

SHA256
571ba5b419073815c53d3bd134763298260db839d77ab71c88e41d5e872edb9d

SHA512
15f789975740acbc216f67766eb156300fc0336c3011e00cc9a3b6226c1f5bbfa45ef723ea6a346b072cfedbc1c462686d54376aef91d1dad87e76b8b14e5318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
047dbbce5a0dad10e5e4bbb9a5d3f99d

SHA1
05d862d3992d98cf9ed8a79e1addc55025ef11eb

SHA256
7f0c43cbbc004ad777951638ebf0bc75e7e4c45a5f8908ac74270d1bce5db443

SHA512
f5fdf9f672a4a60f2e8063d34cfd8777c582424cfbaec018c3de399064bcde1e298fcfeb27398470b4f9ccba0556ff1cdbe7a23dc79e9ed8f1ddcf46dcb7c8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
baa59ea8793c7066c020a6796bf87beb

SHA1
8f75c6f40842e99e36ff7bddb84e0ec319a41723

SHA256
bb6ed672ae7c06ecd6d4925e3438f5e7b9fb7b0a8c6f9a8625ac9e0759e52040

SHA512
7ba021362cf8b12eebfbdff309ca30604ecc5a1957d655d0498f696fac4cfccab41586208a89b1a1de8fed2f68e92e28761149929a4b46450fc7112833cf06cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
122KB

MD5
e9fc68dd3fa35531ac2c8df87592fb64

SHA1
6e7f6a78bfef70c5454a87c085945da57492718e

SHA256
6998ae74a51aaa86db03ccdc99887416bdead25af96cd5a51b51d8e59b406527

SHA512
f4940e08947f9be7ba877c36bb2029f37a75008e8ba846aa9cbd0e5dd59bab8805164b8bc535b4d693bf4316befc54f78cb823a4e776c42a107df371721f4c5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
311ba7a79423b792545fdaa133e2d10c

SHA1
7d71415a8ed5229d5f096bc3d8033756b076b797

SHA256
63285a19b126211547acc501a43a6f9e89c9bd8b5601af51488df766c85aa832

SHA512
9b2209d8b7a9e2968d87859065e80ce95136f91c2a1483e36125da6b1873197f2ca51280c8865a59cc3c8d844ffe9cc6ed1a7d0029bac7c7a39bffc3621bc3d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE42A49AA8\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_aq.png

Filesize
351B

MD5
b841c2ebdca6bb23c15c98da4aa671d7

SHA1
42f562132fe6e9a5029247a2b9666395dd5ad9b0

SHA256
b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5

SHA512
e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE42A49AA8\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_cx.png

Filesize
626B

MD5
fbf02dad6f60392ce777d006d5762248

SHA1
f9d95e6e5e25b83953e4f898bf99636d85511709

SHA256
45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5

SHA512
9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE42A49AA8\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_gp.png

Filesize
546B

MD5
5ac0d15234533136bf6ec230686a4aa5

SHA1
2f208a8baf30d13aa23382d3821cc73c4aa466f0

SHA256
5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d

SHA512
d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE42A49AA8\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ListIcons\flag_sj.png

Filesize
562B

MD5
4f82c2e83eab05d2bd9baaeff6c81a96

SHA1
e1cd3981d14653bf5df976ece649120134e88546

SHA256
15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b

SHA512
b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ClientPlugin.dll

Filesize
19KB

MD5
bdc8945f1d799c845408522e372d1dbd

SHA1
874b7c3c97cc5b13b9dd172fec5a54bc1f258005

SHA256
61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403

SHA512
4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Databases\core.sqlite

Filesize
3KB

MD5
3732df3263fbaa868bb866bcca1f402c

SHA1
f247dc7dfea7bcbb69116920d48af2dabf85b444

SHA256
716d9992711b5b17eca841836ba5a63db0a62251bd056a92db96deccfa887b41

SHA512
bb99cfe2be9488c6d7e57991b2bbc4e593ade8c8d2c79e4b7056ec5be60fd5e0b88467f65dca71c269540b800f0c3319e4e849e7e77069a6e9b1b89a2d4807fd

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Databases\main.sqlite

Filesize
15KB

MD5
ea522fc387e8e1c1c65e946c9118e2c7

SHA1
0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21

SHA256
ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b

SHA512
52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\NanoCore.exe

Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\AIO.ncp

Filesize
17KB

MD5
60c274ccb344da9e3d77449f6068d253

SHA1
ab25eddf3ddb61ef52104a01e5c9b8a23451c764

SHA256
0a59aaee013c57f3b6190d683160d88ca1c5868565cbf5acbb7b17d3e925c602

SHA512
9600d852b56557f31a5a18a6aa2cb76cf4fabf36ae32bbeccf82677f64737542234e2fb06ac8d917f9839120320b7db212d76e8dea24445f13096d86a474b9c9

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\CorePlugin.ncp

Filesize
119KB

MD5
7914e7302f72d330aa5f6c5c8c26df43

SHA1
8c411f3fe5297a78cb018539b44df87c0a51606a

SHA256
f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5

SHA512
8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\DucPlugin.ncp

Filesize
73KB

MD5
5eca68a8368e0e144b7016e30b85515c

SHA1
0ba48b49974156e5746958aeeb1c2a26c916b3be

SHA256
e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676

SHA512
ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\ManagementPlugin.ncp

Filesize
300KB

MD5
b612c2c9a6d361a5db14c04ba126119c

SHA1
d2b29e235b0f45242088b78313438bdfd51209dc

SHA256
b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c

SHA512
194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MiscTools.ncp

Filesize
66KB

MD5
78e3006fc6468eb7dfc7761072b84ac6

SHA1
e46cae768d2754f48a29b7e424a9bddf0d67bcd8

SHA256
3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46

SHA512
0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\MultiCore.ncp

Filesize
236KB

MD5
becb82e1e914e906be158e3f9dd658ac

SHA1
725d3d658680ca8dcb610d998db4b28733b5ee52

SHA256
5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33

SHA512
1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoBlack.ncp

Filesize
107KB

MD5
794ab16c092ebf2b1d812d6cce158537

SHA1
6dd9edd26b50265d5af4642f9d1f1f8703a44805

SHA256
7919b7998d6b359d7cb700018dc2d69ff6ffb45bd01c9c190b98fb4c9ff4beab

SHA512
e639bb0f7d309344c45ddff3d7f91212b3c6a9db6970d06db35f6bac228b389ed8c32dbda75ae23ad1359bb60f678b0b891caa3ed07245aaad21dcb3ea4a5347

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoBrowser.ncp

Filesize
102KB

MD5
8b13fdc96af0a84c152f5a601dcc6b06

SHA1
1250db70fda8a2c32f37bbdc5638074c6dc171a7

SHA256
997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0

SHA512
536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoCoreSwiss.ncp

Filesize
49KB

MD5
fcb5afd01e75aca8ed9fbd35a46e54f3

SHA1
94b69f8612d31fc0698089d5e08aea1cafea52e7

SHA256
bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5

SHA512
b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoNana.ncp

Filesize
157KB

MD5
c5d40b767bd6b97f88ccce13956d0ad8

SHA1
ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100

SHA256
a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa

SHA512
3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoProtectPlugin.ncp

Filesize
179KB

MD5
e51af633e5f5f4a817a54773fb90d337

SHA1
0cb8a7965f9f042954b1f318ea1026b76e12f8e0

SHA256
b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66

SHA512
6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NanoStress.ncp

Filesize
117KB

MD5
ba6f59df971d6db7a8951edbd5d6691b

SHA1
ed766de1fb4ab0889b3fbc8127f1393eb3cddc15

SHA256
6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581

SHA512
bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\NetworkPlugin.ncp

Filesize
319KB

MD5
70e5b02349742a550fbfcfb5bb78c906

SHA1
2319b68398af74fe08b6a3a7d6943cf700240a4e

SHA256
160030b8444b6fa86775a11d1be35df6a75252070fc5661055884d3f8b07296d

SHA512
bbb5d2fd6eff637da303a4ab2fdb02f781619ffe25c5795c5b9e514214227717771a98ce6c3becc87b29c15303ac4373ee3847060ad5755a2455362e6e26932b

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SecurityPlugin.ncp

Filesize
74KB

MD5
44bd68199bb393d0eeb7ae83b56d9b9f

SHA1
c6cfa069a17ace16c651a11945bd54f4ca6193d1

SHA256
25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12

SHA512
a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SurveillanceExPlugin.ncp

Filesize
423KB

MD5
195fbe66986564288c3285935fe87b27

SHA1
2fe84fbbf109b3e4c7c63b414689021ba847b568

SHA256
a2ce9ed783b26d01d58e07b9c97bcfecace9ced72960cf3ecf471fbd008afbae

SHA512
552161e555d07fdf7062a4c0d3738819b13ad4c9a5c54f09db48dccf6faf49b014eb043037500abdac7af0210ed118c5232d8d54be367d8a4caccfae7904332e

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\SurveillancePlugin.ncp

Filesize
352KB

MD5
ed3edf12bac989d1dd6edf7146feb805

SHA1
776a667bf2341b43e199c3601856ac223b86d221

SHA256
3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040

SHA512
e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\ToolsPlugin.ncp

Filesize
130KB

MD5
699eb468e7d6bee9c429923b5b477545

SHA1
80bc420c3e441c9b9c3813ac05ea9e168cca1e3a

SHA256
d753bc28d842e44ffbf6cf99314febe5ed7759b25a74ca34a47fdd153bf2a6ab

SHA512
5d82a98e918ea3eb024dbb7552e5cdecc317b49635a5789029e7a0035d2f0cb2a3c47ef53e603217afd17d6f59fc78a918e2e5f70266119c619e41b3b647aac9

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Plugins\VisibleMode1.1.ncp

Filesize
49KB

MD5
37c2ef6e5214600396ee87c4168a5664

SHA1
69b6e1f612f5a3435fab05074cffd3ebd1c232fa

SHA256
4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2

SHA512
667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\application_delete.png

Filesize
580B

MD5
333c3e0cc3ff3a57b9ca358de9bd39cb

SHA1
799169a02fc0ad101dad6b8d6d86c5ba76015841

SHA256
9e3de440bec32e23846a9ef37235453ea627a8aeb0a17ac0afedb433fcb448ee

SHA512
3551ad2fba75328aab0ca185290c18d44c1943fc1423f9c3c12b6f450c14be27c4fbfa548d98a664e06693cc706dce1a41c3f5bfaac245440692a25fb11b6b82

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\arrow_refresh.png

Filesize
674B

MD5
9b1a30ac871af0684baa0e4e76911d48

SHA1
c1bf620aa2e493ed63d96729842c650b62c26ab3

SHA256
6141eaf716680ef3030c0db1252bb39bf3145e4a17225d787808c7731ba9358d

SHA512
22c6a8d27ed029cde7812b5cc0442c8e6733fa00f1f62506f6f94cec48026709e0c444fb72dd123b37182c791bb9358d00cac899bd65480c9d05d4b8ce80758d

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\books_stack.png

Filesize
1KB

MD5
f85aa7e604e376846e22060f39ed5cef

SHA1
52682e511e742f72f370946a87022d00e6218e64

SHA256
e10f4dd9daaf95f3aa0f6009e2d82d5c09981cced09c253bf105931a40673750

SHA512
3ccb257db311259887b811ba217122325dc7ff443697abb875a56950be3dd0d1ba481f9ff9b1666c264c277e40938ac403df90179ff1f43749e5882897a9d6b6

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\clipboard.png

Filesize
503B

MD5
bba5acfe2a3448910760402af17b2057

SHA1
b5a17fcaa8462818cc7bab6ec28f0b394f47c553

SHA256
bc6045247ed76340995951f6fdeb18c24b8ee53db3450a3426b8aca85175b308

SHA512
2f27d130675eefb2e6586645a75fd3d0729e9050a3ad7b8dc1671ed86c270831589f9c03f6c39fe1755a7c485fab42af789bb446ee5ab7615e574fe5a0f6fe35

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\computer.png

Filesize
715B

MD5
c0dc4d56147b86b211c7419f727be0a3

SHA1
71740927a6e212b9caaf30a04eba86ad549bf63c

SHA256
b0b606f3f84b5e1f8c7f8558dd3f092adce374f5c810613845276d47a6401d58

SHA512
a1e89366800e611979fe693cc1a87d75d3e0e9629523b2d19a222b87a4f80e813319f861fd972cb861cf227de272d701f7bac508fb48c8f2d025485fe8b75a97

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\control_panel.png

Filesize
636B

MD5
49811b46491e436958be941d0e5e2bd2

SHA1
aab6685832f9de619929f7bdf288ac668f35ce02

SHA256
04030a3e3e23baaf7573e297ca0b83f5d196f905568fceefba0b1e0413d1a063

SHA512
cb078f7341c646f9ec65a2a0e9f20dd3fe83c713bd4999cd79619ba52729ac673fc1a9f24c0b7547058b22664d8ad79df14ab2a3656c5577b8ce3bc751ceb54c

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\database.png

Filesize
684B

MD5
5c58d93fc729fc2713a1b48fd9c75b13

SHA1
4cf70524c5feb288d0685cd3f4c8a47a23a4e229

SHA256
2472976a5d208572c0d535ce14bd46415b205e0bb004a74c2f1a90d82e23fa39

SHA512
8b4fce32089a29ed619b288c7d682c0b833019efd163d5890966476fb436033f0ca1ade418be2a58f8e324f5b4fd1bd8559313bff9e007eff862fbb0d3278f3f

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\disconnect.png

Filesize
661B

MD5
560aa223ee6d663270b49df9fee84d7a

SHA1
5e177aa1e3180cccc15fc81bce5d23ae32ddef6e

SHA256
d79ca587e71fa6dc2fe27b2fb678b84b01b0509a1956ee8bd852417e860d5fa7

SHA512
7a2295769cd2ed15ad9491afda427a7584fe206fe1158caf01d5d229d7d223820b92fe6b804ed0a5681f0cfd25ba3a2a7280b4180a985c0ba67cd3eca2c37487

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\file_manager.png

Filesize
647B

MD5
aa7e817a2d4f55e9873a24a1586ebf54

SHA1
13bbe5a713599e6c7fb7cf043339995e02cd088b

SHA256
4623a50fc347c3f745ae9acb1bcddf6394e18d07bb532036b7fcaef4e161e33b

SHA512
b7dd1ef3b7fdac61ad014283dd2fa6af0ba83ea4162cccbd652576bab215c474c4c1feb343117cefa20741a29390b0e6eff67cf3030af40cd5baefe85b0615f9

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\remove.png

Filesize
399B

MD5
51f8eafbfab6b02f83e24336f4bb7ec8

SHA1
e18154aabac4f28b829197666e0c156b6fe52349

SHA256
e2a8bd43684bf7955927ed689b191b0fb79552c1440342f0c6dd2ab6bccd7b7f

SHA512
56777a5b8a0e1f65c6767325d6c0527de33e19055fa9af6e4a11af4127d5f2ec22c2a957fbd972991eb754202f56effe53ee392a5cf80ccd5fccb47dfc8c90bf

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\system_monitor.png

Filesize
541B

MD5
cbc5a799bd030812570fe27b8a5c804b

SHA1
ef0be2295a7165b76785602e9bd7f5fc13c8cb6d

SHA256
9913c8c7871b787d832a3688db5623e8f72ac547d0517a5c1741e9c24d6ea279

SHA512
ec40b627f37e1c368314cfa7dd6d13adf8d4ab420c96267cb5a1f384a625ec8a4eb8fbbedab0e2b8239906e1eb1961c862a6a104fde83adf14f3fe29109e1197

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\terminal.png

Filesize
538B

MD5
7eea51d284e59c3d2b347bf0eec4c4aa

SHA1
1e5ac6ed716c5450c6330475f03575a62e093996

SHA256
5e5221e3f9e990114b5f747024bcd2c7f6916f46624e8f68d32affc88b1b97ab

SHA512
f0f846c6ef11eeaa97d13b1f7939ca48b7a20e3395cb93270c6d9f6bd4004ee372441deb76e6cafbb04258e3432e6567f8b7854874f809ecb7ce97d4365690ff

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\ContextIcons\wrench.png

Filesize
660B

MD5
da4053b4dd7f25ab2f0fc2efd1ed871a

SHA1
4c5314dbb63ec94c8735bf83cccb66926f4f9d92

SHA256
0149f17649f85866d19b503c0a75c592d5e6a2bd62cac1a11cbb180ecfcb3f79

SHA512
1d039be60f312d58145eaea5d83d16b9214fdd91c13580567f1aa6cccd8dcd497aff95368d0ebfa770f79545a6626f943fea8ed9c19717e405a625269cbe9006

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\builder.png

Filesize
303B

MD5
d2d498dc06990b948ef42c479c4c1f94

SHA1
eb380e6d156f5cc2ab28baa5add2ba8acda088b3

SHA256
ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550

SHA512
fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\clients.png

Filesize
462B

MD5
0331dbac2291c05d567461b58654d350

SHA1
1f89cdf7199983e788fd1f22b873ab9b0500952d

SHA256
8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542

SHA512
2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\home.png

Filesize
343B

MD5
0a482ce7f891fe7a64118bbb34a34b9c

SHA1
2aba3c06942273aebc5e616602620e4b2526ebe7

SHA256
76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346

SHA512
0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\network.png

Filesize
230B

MD5
48780574121d519661c2e0bc51b25b68

SHA1
89d8d5e42fbae3d95c8036c1738656b8e6343091

SHA256
28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6

SHA512
7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\plugins.png

Filesize
14KB

MD5
3191ca0269497a9566299585d427bc15

SHA1
7db0caabd0a466730b264d07c8cceeb62648788c

SHA256
e60d5bbd1aaa36e731ef53f09dd4b010a041dd7c346c4f3ae0b824f63c37959f

SHA512
6d76f44efea93a2f43e3d9ac11bb97d279a9d3fe668382c2e747ec5bcc0e48d5decf59e2772058e804bf32bc74f4b0380db8dcd0f652073661e68abcbe5adb08

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\Resources\TabIcons\system.png

Filesize
273B

MD5
9993c66f33d16d11e701abbabf5a5db8

SHA1
415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e

SHA256
24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40

SHA512
7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\ServerPlugin.dll

Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\System.Data.SQLite.dll

Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\builder.log

Filesize
22KB

MD5
0061a98407086fb3106b61fe5d0fbb27

SHA1
c5882467e947fa1cab30dd45fe337b23bce1712a

SHA256
054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a

SHA512
b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\client.bin

Filesize
130KB

MD5
906a949e34472f99ba683eff21907231

SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6

SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8

SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\plugins.bin

Filesize
240B

MD5
5e709fc806e8ba3385487699004f6d29

SHA1
2f32547ed5b9db3b33969fb4858945610aaeedb2

SHA256
9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f

SHA512
a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\public.bin

Filesize
17B

MD5
602d0cc4e7246f8a3b8a5ee9c7fabe30

SHA1
e9ecc8f782cf27ae68339b0cdfd0f79c69aa4afc

SHA256
6de29ee3e660fd3ab419f568fcf65f8418484eb43d5bfcdbfac5d456fd8488f2

SHA512
ccaf306f4e4b4ee7de6a62954bbebcb52d131da49912d2d6ad39d07012dffe66ec6109dfbd5fbfd166e98e7bcb2c564b75eda0a2eda2ee815f71db5986506f43

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\server.log

Filesize
103KB

MD5
ac6285562e5e3e4e98feb7fe8df884a4

SHA1
4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b

SHA256
51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a

SHA512
6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\settings.bin

Filesize
280B

MD5
daa76574a834b950a015d191e410c400

SHA1
c93dae186bb23e7fc052b6cbc4626c58bc0f60a5

SHA256
c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f

SHA512
9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

Download Submit
C:\Users\Admin\Desktop\NanoCore 1.2.2.0_Cracked By Alcatraz3222\x86\SQLite.Interop.dll

Filesize
792KB

MD5
9b19dcee960dc215e64b1d82348707a9

SHA1
9c1e0f76673eb385787120e17404df179316ca2b

SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38

SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

Download Submit
C:\Users\Admin\Desktop\RCX3118.tmp

Filesize
202KB

MD5
514d269850dae215a22b7750a2a89b41

SHA1
49ed0e93aaab10169eefcfe02c228216e85c60ab

SHA256
4cbace4df1d1b16891915a0bb8f3f4551d42ab5f2d59bc23901e7b869330cdf9

SHA512
8e7ec103c75e3f7ad2999cc1e850b79ec3937d0720d8aa94fa9052157734336a49d90948ec09533dabf524b30627ae4a6b17ca94f6f4696671d6249b77969b5c

Download Submit
C:\Users\Admin\Desktop\test.exe

Filesize
130KB

MD5
20d17dc42f3b4493f0b8fccffee22768

SHA1
4feb5b8d27e20c979ac5188e66b8c71368ffd641

SHA256
02a4bab14e64c8d49b3410b967f394c5e4fed8c16d59c6d29e961267fee2be18

SHA512
d22ca754a60caceb7c2378584b53fb959bb027f9fb06f091c461098e120c65356cef360856c78bb69acb22e0175d7264ec694f96534b8e302c08c05c1986bb1f

Download Submit
memory/5096-1376-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-773-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-846-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-845-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-844-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-783-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-848-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-841-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-790-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-847-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-810-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-840-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-770-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-769-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-839-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-763-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-762-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-761-0x0000000075220000-0x00000000757D1000-memory.dmp

Filesize
5.7MB

Download
memory/5096-760-0x0000000075221000-0x0000000075222000-memory.dmp

Filesize
4KB

Download