nanocore | hxxps://github[.]com/kat15/NANOCORE-RAT

Analysis

max time kernel
243s
max time network
245s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-01-2025 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/kat15/NANOCORE-RAT

Score

10^/10

nanocore defense_evasion discovery keylogger spyware stealer trojan

Malware Config

Signatures

NanoCore
NanoCore is a remote access tool (RAT) with a variety of capabilities.
keylogger trojan stealer spyware nanocore
Nanocore family
nanocore
Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3768	NanoCore_Portable.exe
1244	NanoCore.exe

Loads dropped DLL 13 IoCs

pid	Process
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe
1244	NanoCore.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
33	raw.githubusercontent.com
23	raw.githubusercontent.com
32	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NanoCore_Portable.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore_Portable.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mode.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NanoCore.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3356	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133813534859948971"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\NanoCore_Portable.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1244	NanoCore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1244	NanoCore.exe
1244	NanoCore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2108	1040	chrome.exe	78
PID 1040 wrote to memory of 2108	1040	chrome.exe	78
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3684	1040	chrome.exe	79
PID 1040 wrote to memory of 3648	1040	chrome.exe	80
PID 1040 wrote to memory of 3648	1040	chrome.exe	80
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81
PID 1040 wrote to memory of 3476	1040	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/kat15/NANOCORE-RAT
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80094cc40,0x7ff80094cc4c,0x7ff80094cc58
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1904,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4448,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4244 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5200,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5348,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5508,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5708,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3108,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3720,i,17298820650931212864,3110683536670380730,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3632
- C:\Users\Admin\Downloads\NanoCore_Portable.exe
  "C:\Users\Admin\Downloads\NanoCore_Portable.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3768
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TempDel.bat" "
    3⤵
    - System Location Discovery: System Language Discovery
    PID:420
  - - C:\Windows\SysWOW64\mode.com
      mode 30,20
      4⤵
      System Location Discovery: System Language Discovery
      PID:1872
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /nobreak 10
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\NanoCore.exe
      "C:\Users\Admin\AppData\Local\Temp\NanoCore.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:1244

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5f8a8cc9f98999c3da6c67a786ecbb92

SHA1
c31c30b614027f3d90ccd341dfc5536a403dacdc

SHA256
2b62a2a57c2c63523cc2f7f87835101cfaf69075f73abb9e3191ea74f415e929

SHA512
dcdb45ee0a98ab62fee9aa2107c26b7a73bfa48dccac3c5cf774d4e0d1ba29ba410bc7089b7ae3c74ef18c54fc7668a6834e3adc22332a5666f5579b4fe0166b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0e3ad5a80ba7db88_0

Filesize
280B

MD5
a7170c24db2ce8d37319984edee01ed6

SHA1
71192172481607918071fb40aaa41867150c4462

SHA256
87d0c20cc02bd3a17c362382a9058cf8c6d56b0ecf1ac5230a33f2f50eb83737

SHA512
6a58fd3f36e7772ed430bac0c67fd57fa235858e1622e0c79cb38374b65ec681ceb87031157cc9f29800ae036e36d2fb4ddef8e7604e00db38a25472cbe3b2e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2dfc2c9980366ffb_0

Filesize
19KB

MD5
a3f34572f59387c3ccda727867d589ce

SHA1
ab2e38ced40b36f1c5eb084c97ac8a61115744c4

SHA256
007b45d0a9b1d6fb5840364a1fe92d2d55883d159d656f0afc9c6c50a8c98e06

SHA512
01416854cfeba3aeb4e0733d71f66301eca0016d7f2ff1846e5f36cc053cb65da93fcb7dbb0d42bd446f04a473cfae891dceec7f5b9010413c233c1815d85f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
329d45e2cc93bd7174f5ba54764a0202

SHA1
164444c7a199950ad56ed6882964712532bd0e20

SHA256
db585bf4047a7ebbad0fe583923aa66fcbb735e4f24573268421e62fb3f6e731

SHA512
15133723c433ec2d1d1f142bd33999eda106bf061b285d4592a97ea85849cc3716e56e316242a1919704d9d352db09127c7373e329a811148fb85cc416cf485d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bff3134d857db884c2d7cc6ac3552bef

SHA1
484c20f4b719cc8c42b75ba66f7f0e311233a3e7

SHA256
03145f9f031c939eb4ac5f3bcb938ef46c226263a15dbdfffc988e1b5d416ffc

SHA512
16baca1d3ccda0a8172fe2e31b796b73f0457afb13fb0cba415891766846737d19ae1371a688ab3af2fd5f6f3037aa0b0848397a87f4ade4a156d2b6dee6f1d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9ac56b4bda9c77ef83dbe98be976136e

SHA1
2ee015fb29382f0cf3e4ab2832c36642e3ca88a7

SHA256
a145145e1bda785047de7a3f668d9bd3de1040833cea09af1d76c49b9cef4f78

SHA512
83ac81e327765956158d5a432f9f170e3eb7ec295af80ae82ad2b794c33d8d8656bc28235e51796acb1f8ae4ad59ba0511d81cc48f6dbffa9244a69e92a37dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
df3d4798e85510edd5f5fe4ddde43d08

SHA1
77a73cd16a93d255b24f88ba086f13421660ab94

SHA256
a3a58f5fe775be8b3cb12ed77bcff51ff4c0cc3c5bfa2f48ec907f8f3496a714

SHA512
9b854864ab7848ed6559ae2d877cdd0c7cab038b0088728e0882683dbbe63d275659060a2406e0aefbb9d4d879f83c0b1400901a85a38f3960f916420a4852c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
758c5119eedcc74357022639989705ac

SHA1
f28c0ed52dc911d5c92c5462e42956440e9586aa

SHA256
2a8b8a6293fa98cbc04fda3dc006605608450f03d6d7aaede969e6f5279202ed

SHA512
e0015ac5cd3a9e3a4cff1dd28237ccca0c549c71d22cb42ce87a193b86a3a992d00c44f303cd610a76671c1404dd5d8ca32b71e8e4f9608c9c4d72f1adc8c38f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
19cbc94c14e9bab5d82df74c713e38de

SHA1
0b42ba188360acb7ed7c548fac72f763b06d4b81

SHA256
b4d6749615e34fe2c39cd0d06ff65fda7b536df12c806839ed5cbe5ce754c436

SHA512
1457146b02d79d0f5061db302057c53c62004f20fa3f343a3411be831bfa716f3adb479c2b4d5c4391082d8a86136f63f7f8ae8abb1007789672531d199d999a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
901e5c6e38c8e28ef51258d5a03f67ae

SHA1
2c1f1734033350ef0a0f44f62aa19cf401211c4e

SHA256
cb61d0246d42f94dff8ebaa11ef25264be28b1d0561ddfec604e06ef527d5e1a

SHA512
dcb809a943a598a59001346bd67c8667a7b0b9e52d1619dfa1b1d93d3b17fa405cf4c9770dcc2d407eef65c1ea1654bd9f2dbcc3eeb4d021630267aed500bccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
1f75aa501d583b6790bc4f932060613e

SHA1
38ca09ff0189d4c13819f2ec91faf06870c80d52

SHA256
140d1f21d1ff160f91556a7f24ca5ec3b3ef13f21d2aece4e197c8ce81f1689d

SHA512
1e31c4b7d32cf0ed32828550a5a647edfb1ed28a505d11afa69faafc41d3b7776d0d6419450352c2a087c1d02cd0d2ac10fc8e8d13f830fa8ffb682091fa11f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
791c3c73c4ab8add33826ec24cc421a3

SHA1
9e5498bf82e8442f69a5e43446e07301e5b9755a

SHA256
cdb1fad9a6b22d5bd095b5643c7ab9a9274ced03eb52a54bad288a726fdee73e

SHA512
2c9c00389897b891c28c4c8796f28f34ef6a5d42e8982b82fcf857aa0efa0dbeab593e45c6aeb42cb1f8c7f73c6051c45565cd5ed4d35de2601a51e167f20578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c23dd1308f1b78eb2db664a9caa708fd

SHA1
448a058601c364c0ffe843624722ad07bf25c2eb

SHA256
4ffe0ce5620f54a70bc64e533a11198876afb6f643886fa9f0b9a9bd8aff033e

SHA512
a3840770fbc46433386ea3b4538f20fa112354bd99324f2d09a11534183f4a747f8286342b982e4b7596d56345ad8ba1b5bdcdf3b1fbd4ec8db9104d166f012f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ace72bf920dca1d9fb0a2ce1cbee0242

SHA1
dd95647d2d12645472c7917b471d833e87a48d4e

SHA256
dd334ba7ad47561a40004b48209a231f75f46e00fbdfed20728162bcc9163215

SHA512
fa117e0dce8e524e54a5b38904b2ffd9a8302ebd98c9d5d8e2dcdbf188f2a6dd23840e56a635f251c71925c19feb57a1fe69d22ccb245257bab7a40f609ecc28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
242d6c1ab2d9f65c236f6ff3d713210d

SHA1
7121a5d532c8d2a688edbabb750e0f59ddc9dcdc

SHA256
a6c5629c2efc09be8d3411d32fec23f722edada1a9510d05e7f378bb57556448

SHA512
1ca879fecfceddb204f625b8ea93c68f886d3415fe70e54973cfcf97abc2e766a5b2a591de4d5c18552f64e9c23e64425f505e883f1b7f49f092f4dc34b30a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d494e8fb0480045838ab5ca3b795dc82

SHA1
3b54b7179155cdd6be44f39ce9b0ec2b9636d7d9

SHA256
b13be4613e3fe126c15f10595713a0d6dd12eeb626e1811e45650495bd7e13a4

SHA512
003ee8b7a8316e9b56f8d62bba1f4eac063eb90c72e1273f74e2f93265737ad9c0372c4c34e8f28b71bab210ce766519c45ac8ce18f3cddebe15d206766a638a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
458e6c4c13ae51e75f6b42baa20d3a7a

SHA1
5e6ddbd24a061d5efb86ae7ed1ebc35430e8f187

SHA256
346927fac18a6821f6273367c0c9b64ddfc84719c99042ccf7b18664d682e604

SHA512
8fdb7f30eefde618057741c68c3c5ab04601b9e2d37bab443e3cacd72bfc11617d2dea37ad08c74658f583e3a6f0a976bef74e9506dc8af7c4c8aee6f8f51490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9efedfff2b9fccdaced34f172ecbdd1

SHA1
0a9cbc4cceeb6d0f51dbeaf2f915e41a94a8f547

SHA256
edfd47220af59761e4248f90ccf47388661c8e727f7de5d8ef41d35a1a076614

SHA512
10d2d7f99ea1b6cbe51ab1ee6c5ed3e31ddb5d8a2c70555ad09213b150d98ca02b2a01e1e1d623b85140d4ea737016273d156e49256b28b14adab848146f838b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b855cf5f023bf793c9be1eec7a2c6d9

SHA1
37e2cdf6a53375126065b527f88f30ed81e9face

SHA256
5330114d3a05ca6d00d015873722e8ebf88058f4ae2579789f785c3b4d054a26

SHA512
e93b597dbe1bdcf1155a7d2852ef3ead0979f148df0ba7af57b3f74ce091d7cf4d047c885502c82ad80929de1668efbe154c6b27dca2923f2bd6cb712531bdd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1420a1d3c7f46eed21f94a29009a6d10

SHA1
3618fee6523f94546b91bb6fe04a671ec755e320

SHA256
8bad5d6b1e14980c4df86d33cb644761a59882286e4837035c04a15c06c267f4

SHA512
369af71e194b97e91737008a29021d03035036ce235b6d6fcd2a1aa000ae60834d6b9d172822849ffb839bfe06daaf28802fa43a8406ab80f9f1ad5684a3ad9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f441a1bd5a159b4cdccaf759c8c9cbe

SHA1
612b618131c141bf96267f3dc7aa392a738048f2

SHA256
e06cb22043ae99bea0965a47b97d197897f29b059347192a629dc5732bc6377d

SHA512
dc00cbb82117ea12ae81c29444d3d6044b4b29c2b2e86a825bc8db552f3db71ff0879f3215bb112e47ce296e313616ad4b8f3dbde5b86d54364b81c2d98612b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f77adc2ee34f1b2f7305b3b34aaa019b

SHA1
14a3c10fe28f1fd7808b4d28e448bdb126b28d4a

SHA256
9d210a7bfd08257fe590970b488b900533c405b13ef5b0e84fb6425a4f328b8d

SHA512
455b2fd1ea4db8700e74425f84232f3d759e88a0cff59781bb10996466d332349664570d4ff8f60fc9a9381e5bba8c1aa8d1ce3dd9b99ff37bea7e4f3e18f345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
105d367854ad847060d6ffa06fd2424a

SHA1
f6972909ab8379ba8728db97ac1a8a370b1dd44b

SHA256
216093181912552691362ded2be35e0761ee6957d0cd064440faf6ab65f7e628

SHA512
e6ac107f6c54fb66432ac14a6ea57ff0d52bef7ab0797732e7d9c89a74d1981ae1fdd5cf1be79d110c13a4bcf5e0e0263e5e5d34c8d1e68e642b81375e102586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
de87dedf9cc8aebfa19d06d52d341bda

SHA1
027dcc15ed70ea589428e0d715128928fa57472f

SHA256
0379956e995545259d428e525b8204ad74c9d70336c5dff49bf7b865f986ccec

SHA512
49ba62330a4e64a6d86d2b277e0c2ca39edd32425b3c7e358ba06318a7c5c00f7940d9efb7488b0ba8274bfd63c6ec47eda320792e11c87f97015e9e018d2001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eacc4c18ba224967f27a33389a35a818

SHA1
4a9e1362da5ed48b17e1445bee731fd85b267154

SHA256
a1791a91752466639bec81e1319e495d94e66350bb3f335ec0c46703372620c3

SHA512
7bff9c3a5be59026be294c55ac50490192abdb4006916073a00a9e09b7e02f24b93326e0be4ad167ae127b650da8500c14e7096a68e9dcdeb1bdd35b5a08fe4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e5f58cc0209a9eb66f1428c9a4532454

SHA1
383f76c99195747397e58995441b66cedf8e976a

SHA256
938a540ba72df2343d09bb87b66502291973b25ec31a512855aff3a34e4f8f25

SHA512
0964139230387c1702ced6eeccd4f2e4810ad920242ffcfdfc0c61f453eb5e8dd51df91fc0101841f0fe18e78a5c468d94c6ce790105bab55a4aa2d51d3939c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e87b57c24cc7a64aa37a0521645da00c

SHA1
d3b1abb361012377a31ac81945bde1f078fd9319

SHA256
95c04f6acd6f9ced102ecde6b6188b64caee5fdcd0971a22ffeb72a140290615

SHA512
d6cef6fe6729c7ac9875d96f56a80f19130b982e7a38064ddc2f84aa18afe9978c9bf3457996de9e1ea2600b6816d00dee998132d821911938074e38c5e2860c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b7ed27b231c3979991132d98a3ed294

SHA1
93a3d442994d0e0d0f5d08d6d20bce13f62c2721

SHA256
cd5c1aa006dc7293f7e3f7d2d37f1cad4eb005b1a57a8ab6b111c3072ddf084a

SHA512
dc66f7e05ddff6a06ad03c80123aa408a6217780c1680cfdfa7c60e99cfe852d64c9b98af97376c28c5bf5c959e63399fc2a3d356b07c6d3f16a2c42e8f50554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
315e71a0ad3d41e921d73145e4824471

SHA1
fe96484d42bafd712104cbc78cbbfc67ec115722

SHA256
3a520f98a3cf5228dac5e7aaaaadcb428d780dd31d4faf7ec73d3c248bd3caee

SHA512
66a2309058e0af3eab0351933a7dba2d6db4cf499db9a7548579875dc3ac27273b0fdae63047a75b771ebd22833d019c1436b4a59d66c537f697854b13eefe32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89787bab960378bba395d5816a7795df

SHA1
d6771a1966842840f4bc6794954e99484ecddfc9

SHA256
bea900607ff4a4765af3e274f80d2943252892a534e99c6d97a5cf80b9160a3b

SHA512
58815a776fce34eb2222dfe4a5a561383e96d62169599df9d228d28a0ae78c2207090fc620ca03f136b95dc2778e5bd8be372de587024caef505c5b4c6e0d800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
a0b55d5bc0cb1e93d25d976a86d52b64

SHA1
88ce24c724fc43d08bcd4e805edf6de0be428737

SHA256
965ba1519f45c2db3de1a8de35b731256acedbc37a9a48e7c2d191139ab3f4b7

SHA512
77f8a4209b53c721f7b420e667d2cbc40da999933fa8358e7077685ce9bf5348e20abbc7fe98816e3a5d55a0cef1f3f06469d7da594d145288f1c37ff720e696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
2f8ab7a30a1611752f0d9bec714fa3ca

SHA1
23a6cb1044343ac3fd0e0997adc53154508c4c4b

SHA256
896873fa255c321e6f2474e58b4f5bf4b6cd62aa6f627a7e972da66662a8cae6

SHA512
25be88c265d67d19411695d621224247f85d5db0d23bb258c83fb9da8ad2823c79bb7aa310c4bbdc4e2982cae9d6e886dd128e6d5faba8771892d02ff07c1084

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
520701d3168225eda1c8f3d1e7f0746f

SHA1
a93b4bf1b19e751dd9b9201760af24842edd7e45

SHA256
5bac26a42268e5613c50b6201e15d5b082a373de4c1ff3cc6e6af30d96c4031b

SHA512
8c9eaf830224fba04feca80862815fb344d5ccd59b2f89007a1f42b07cdfbc7b4e9824f3f38bd5918a8749a0c88fabf3f01bc01f7e5017eb7820406351e76cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ClientPlugin.dll

Filesize
19KB

MD5
bdc8945f1d799c845408522e372d1dbd

SHA1
874b7c3c97cc5b13b9dd172fec5a54bc1f258005

SHA256
61e9d5c0727665e9ef3f328141397be47c65ed11ab621c644b5bbf1d67138403

SHA512
4fa0ed4ef66e4c442f5fc628e8bfc8a4f84cb213210643996d9387027edb619c054f6104ac889ae77cece09f0304f95d5f20e14d66847e2d382ef51eecec0962

Download Submit
C:\Users\Admin\AppData\Local\Temp\Databases\main.sqlite

Filesize
15KB

MD5
ea522fc387e8e1c1c65e946c9118e2c7

SHA1
0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21

SHA256
ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b

SHA512
52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

Download Submit
C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

Filesize
1.4MB

MD5
1728acc244115cbafd3b810277d2e321

SHA1
be64732f46c8a26a5bbf9d7f69c7f031b2c5180b

SHA256
ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b

SHA512
8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\AIO.ncp

Filesize
17KB

MD5
60c274ccb344da9e3d77449f6068d253

SHA1
ab25eddf3ddb61ef52104a01e5c9b8a23451c764

SHA256
0a59aaee013c57f3b6190d683160d88ca1c5868565cbf5acbb7b17d3e925c602

SHA512
9600d852b56557f31a5a18a6aa2cb76cf4fabf36ae32bbeccf82677f64737542234e2fb06ac8d917f9839120320b7db212d76e8dea24445f13096d86a474b9c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\CorePlugin.ncp

Filesize
119KB

MD5
7914e7302f72d330aa5f6c5c8c26df43

SHA1
8c411f3fe5297a78cb018539b44df87c0a51606a

SHA256
f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5

SHA512
8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\DucPlugin.ncp

Filesize
73KB

MD5
5eca68a8368e0e144b7016e30b85515c

SHA1
0ba48b49974156e5746958aeeb1c2a26c916b3be

SHA256
e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676

SHA512
ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\ManagementPlugin.ncp

Filesize
300KB

MD5
b612c2c9a6d361a5db14c04ba126119c

SHA1
d2b29e235b0f45242088b78313438bdfd51209dc

SHA256
b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c

SHA512
194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\MiscTools.ncp

Filesize
66KB

MD5
78e3006fc6468eb7dfc7761072b84ac6

SHA1
e46cae768d2754f48a29b7e424a9bddf0d67bcd8

SHA256
3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46

SHA512
0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\MultiCore.ncp

Filesize
236KB

MD5
becb82e1e914e906be158e3f9dd658ac

SHA1
725d3d658680ca8dcb610d998db4b28733b5ee52

SHA256
5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33

SHA512
1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBlack.ncp

Filesize
107KB

MD5
794ab16c092ebf2b1d812d6cce158537

SHA1
6dd9edd26b50265d5af4642f9d1f1f8703a44805

SHA256
7919b7998d6b359d7cb700018dc2d69ff6ffb45bd01c9c190b98fb4c9ff4beab

SHA512
e639bb0f7d309344c45ddff3d7f91212b3c6a9db6970d06db35f6bac228b389ed8c32dbda75ae23ad1359bb60f678b0b891caa3ed07245aaad21dcb3ea4a5347

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoBrowser.ncp

Filesize
102KB

MD5
8b13fdc96af0a84c152f5a601dcc6b06

SHA1
1250db70fda8a2c32f37bbdc5638074c6dc171a7

SHA256
997c41b05150480bcfae9abb3132fc807f6c6b511b810b554fdb5aedf89f5db0

SHA512
536d4e1b9e7c95ebac762d0a438106a5409c69e990940d3411709364783f957015d4a5dc0651b33591e37dcda8549e689a87b853e32f3ad065391a2d8190a552

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoCoreSwiss.ncp

Filesize
49KB

MD5
fcb5afd01e75aca8ed9fbd35a46e54f3

SHA1
94b69f8612d31fc0698089d5e08aea1cafea52e7

SHA256
bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5

SHA512
b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoNana.ncp

Filesize
157KB

MD5
c5d40b767bd6b97f88ccce13956d0ad8

SHA1
ef7f7fdd9d5ea0b55ffbb17c171ee6a46b347100

SHA256
a3c39444ac74bb91f14f3f2ae6918d9b1d368268e137aca310450fefbc8983aa

SHA512
3fcb5a6afdc7de59bac645d8b4dc6368b0405a51985ff86c95fc8cd579bd59bc423cab940dc0ab3de9a0cd0d9e04dad82e380ef18030330d72b2e72936a95ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoProtectPlugin.ncp

Filesize
179KB

MD5
e51af633e5f5f4a817a54773fb90d337

SHA1
0cb8a7965f9f042954b1f318ea1026b76e12f8e0

SHA256
b37602dbb924bb94df0d9745d13fcace8a6642397fb738fbe02a88f667f3ab66

SHA512
6454305121597073d4ea2b8f57a4bb4a4fe7fafbd05336c91265534faea5a5cdec7504c1329ea0c8cb344a4f32d59c60af5348dfd89375876ae95ee2c15f0c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NanoStress.ncp

Filesize
117KB

MD5
ba6f59df971d6db7a8951edbd5d6691b

SHA1
ed766de1fb4ab0889b3fbc8127f1393eb3cddc15

SHA256
6b33a572e019266749a3e04966e2c57822e247c5197f6f9bd6a4bb8792633581

SHA512
bbd50d7cb2b2799055b8864da3d3d6037bbac41312ce8582c4627611ef856ae38ecff67dc4223e236d1b555bf02a7c0c7284a76ab90007621a2f2997b6bc5dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\NetworkPlugin.ncp

Filesize
319KB

MD5
70e5b02349742a550fbfcfb5bb78c906

SHA1
2319b68398af74fe08b6a3a7d6943cf700240a4e

SHA256
160030b8444b6fa86775a11d1be35df6a75252070fc5661055884d3f8b07296d

SHA512
bbb5d2fd6eff637da303a4ab2fdb02f781619ffe25c5795c5b9e514214227717771a98ce6c3becc87b29c15303ac4373ee3847060ad5755a2455362e6e26932b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\SecurityPlugin.ncp

Filesize
74KB

MD5
44bd68199bb393d0eeb7ae83b56d9b9f

SHA1
c6cfa069a17ace16c651a11945bd54f4ca6193d1

SHA256
25b1b0836838740d394cd35eaefc660e9eabeb611a701a451eb1119f6427fc12

SHA512
a02b82e40f66dc925de3324c03e8a0a497bfdb6ed44549001efbf86f2e5381aaf9259978908cce9ecc7798f083d3691f007b207ea301a9dc73f2430662146bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\SurveillanceExPlugin.ncp

Filesize
423KB

MD5
195fbe66986564288c3285935fe87b27

SHA1
2fe84fbbf109b3e4c7c63b414689021ba847b568

SHA256
a2ce9ed783b26d01d58e07b9c97bcfecace9ced72960cf3ecf471fbd008afbae

SHA512
552161e555d07fdf7062a4c0d3738819b13ad4c9a5c54f09db48dccf6faf49b014eb043037500abdac7af0210ed118c5232d8d54be367d8a4caccfae7904332e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\SurveillancePlugin.ncp

Filesize
352KB

MD5
ed3edf12bac989d1dd6edf7146feb805

SHA1
776a667bf2341b43e199c3601856ac223b86d221

SHA256
3301f9fd4700458a18589956fd2bb6e5101b15c14f52d5e079ae1c3a008da040

SHA512
e6873a5d1caada8954907bdb3120aa2c60a4137fb9d04abdbb74ade58f35ada1ff87a447cf6a35f5798dbd0e1e0ed813d62e34d98de8d6402b6432746aa80413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\ToolsPlugin.ncp

Filesize
130KB

MD5
699eb468e7d6bee9c429923b5b477545

SHA1
80bc420c3e441c9b9c3813ac05ea9e168cca1e3a

SHA256
d753bc28d842e44ffbf6cf99314febe5ed7759b25a74ca34a47fdd153bf2a6ab

SHA512
5d82a98e918ea3eb024dbb7552e5cdecc317b49635a5789029e7a0035d2f0cb2a3c47ef53e603217afd17d6f59fc78a918e2e5f70266119c619e41b3b647aac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plugins\VisibleMode1.1.ncp

Filesize
49KB

MD5
37c2ef6e5214600396ee87c4168a5664

SHA1
69b6e1f612f5a3435fab05074cffd3ebd1c232fa

SHA256
4a8d45e13a38c502a3109d2ea17a81905fb9eabbf643ae611b62f62ef11f09b2

SHA512
667ad370f48470d60dbd437b0601eb05de421ab59b281adcf9c6f54b9c6fd272d3aa34c35e7e6df889771dc5fbdfa9bc683a4bf156727827595edf6eb2fe8cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_ap.png

Filesize
351B

MD5
b841c2ebdca6bb23c15c98da4aa671d7

SHA1
42f562132fe6e9a5029247a2b9666395dd5ad9b0

SHA256
b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5

SHA512
e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_cx.png

Filesize
626B

MD5
fbf02dad6f60392ce777d006d5762248

SHA1
f9d95e6e5e25b83953e4f898bf99636d85511709

SHA256
45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5

SHA512
9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_gp.png

Filesize
546B

MD5
5ac0d15234533136bf6ec230686a4aa5

SHA1
2f208a8baf30d13aa23382d3821cc73c4aa466f0

SHA256
5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d

SHA512
d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_sj.png

Filesize
562B

MD5
4f82c2e83eab05d2bd9baaeff6c81a96

SHA1
e1cd3981d14653bf5df976ece649120134e88546

SHA256
15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b

SHA512
b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\builder.png

Filesize
303B

MD5
d2d498dc06990b948ef42c479c4c1f94

SHA1
eb380e6d156f5cc2ab28baa5add2ba8acda088b3

SHA256
ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550

SHA512
fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\clients.png

Filesize
462B

MD5
0331dbac2291c05d567461b58654d350

SHA1
1f89cdf7199983e788fd1f22b873ab9b0500952d

SHA256
8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542

SHA512
2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\home.png

Filesize
343B

MD5
0a482ce7f891fe7a64118bbb34a34b9c

SHA1
2aba3c06942273aebc5e616602620e4b2526ebe7

SHA256
76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346

SHA512
0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\network.png

Filesize
230B

MD5
48780574121d519661c2e0bc51b25b68

SHA1
89d8d5e42fbae3d95c8036c1738656b8e6343091

SHA256
28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6

SHA512
7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\system.png

Filesize
273B

MD5
9993c66f33d16d11e701abbabf5a5db8

SHA1
415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e

SHA256
24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40

SHA512
7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

Filesize
28KB

MD5
952c62ec830c63380beb72ad923d35dc

SHA1
6700baa1fb1877129e79402dfe237f0b84221b69

SHA256
2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7

SHA512
5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

Download Submit
C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

Filesize
256KB

MD5
dd3d6f00b1aba3f1d9338d9727ab5f17

SHA1
faf9364a7ab15f27c93a6e6f97fa025030c9dad7

SHA256
f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4

SHA512
0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempDel.bat

Filesize
204B

MD5
3b2fb2a8ccaaa86a5fbcab338e641ff1

SHA1
bfd7df0e383c404d6c5cd58687954426a43acd7f

SHA256
34cba91daa5d60239496f52d4da9c526a0ed7680adf8f4fc491b2ddb32d48208

SHA512
cf00ac00845f1ac0cde6a18507c8b629c95a4391170dc1297e596406e0aa5802090b3631aa2bc3dc8632fe6c85c3d33557f9235cb43a833cbb4d8f3d84bc4443

Download Submit
C:\Users\Admin\AppData\Local\Temp\builder.log

Filesize
22KB

MD5
0061a98407086fb3106b61fe5d0fbb27

SHA1
c5882467e947fa1cab30dd45fe337b23bce1712a

SHA256
054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a

SHA512
b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\client.bin

Filesize
130KB

MD5
906a949e34472f99ba683eff21907231

SHA1
7c5a57af209597fa6c6bce7d1a8016b936d3b0b6

SHA256
9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8

SHA512
29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

Download Submit
C:\Users\Admin\AppData\Local\Temp\plugins.bin

Filesize
240B

MD5
5e709fc806e8ba3385487699004f6d29

SHA1
2f32547ed5b9db3b33969fb4858945610aaeedb2

SHA256
9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f

SHA512
a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\public.bin

Filesize
17B

MD5
602d0cc4e7246f8a3b8a5ee9c7fabe30

SHA1
e9ecc8f782cf27ae68339b0cdfd0f79c69aa4afc

SHA256
6de29ee3e660fd3ab419f568fcf65f8418484eb43d5bfcdbfac5d456fd8488f2

SHA512
ccaf306f4e4b4ee7de6a62954bbebcb52d131da49912d2d6ad39d07012dffe66ec6109dfbd5fbfd166e98e7bcb2c564b75eda0a2eda2ee815f71db5986506f43

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.log

Filesize
103KB

MD5
ac6285562e5e3e4e98feb7fe8df884a4

SHA1
4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b

SHA256
51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a

SHA512
6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

Download Submit
C:\Users\Admin\AppData\Local\Temp\settings.bin

Filesize
280B

MD5
daa76574a834b950a015d191e410c400

SHA1
c93dae186bb23e7fc052b6cbc4626c58bc0f60a5

SHA256
c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f

SHA512
9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll

Filesize
792KB

MD5
9b19dcee960dc215e64b1d82348707a9

SHA1
9c1e0f76673eb385787120e17404df179316ca2b

SHA256
3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38

SHA512
cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

Download Submit
C:\Users\Admin\Downloads\NanoCore_Portable.exe

Filesize
6.4MB

MD5
d8097b543928f1ae74e17ae06e941366

SHA1
639cbf9d926c767a850d349dc09d2947ddb50ab2

SHA256
59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc

SHA512
48a25a1799376f1d2b754ebb00203ffde7f28208debbbddcefa6f77b34d7ae95271f8894725aab546d254678954fb918c3cef87f8899b31121b5151c777d6ae0

Download Submit
C:\Users\Admin\Downloads\NanoCore_Portable.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit