Malware Analysis Report

2025-04-13 20:47

Sample ID 250202-a613waxpe1
Target https://github.com/kat15/NANOCORE-RAT
Tags
nanocore defense_evasion discovery keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/kat15/NANOCORE-RAT was found to be: Known bad.

Malicious Activity Summary

nanocore defense_evasion discovery keylogger spyware stealer trojan

NanoCore

Nanocore family

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Probable phishing domain

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Modifies registry class

Suspicious use of WriteProcessMemory

Delays execution with timeout.exe

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-02 00:50

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-02 00:50

Reported

2025-02-02 00:52

Platform

win11-20241023-en

Max time kernel

113s

Max time network

116s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/kat15/NANOCORE-RAT

Signatures

NanoCore

keylogger trojan stealer spyware nanocore

Nanocore family

nanocore

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\NanoCore_Portable.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Probable phishing domain

Description Indicator Process Target
HTTP URL https://www.hackforums.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=90b631563a48f1ae N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\NanoCore_Portable.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NanoCore_Portable.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mode.com N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133829310303575039" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0\NodeSlot = "4" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000000d38ef0b5625db0158825bf85c25db017de55df85c25db0114000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 19002f433a5c000000000000000000000000000000000000000000 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0 = 56003100000000005759f67112004170704461746100400009000400efbe5759f671425a4d062e0000003e570200000001000000000000000000000000000000fc433d004100700070004400610074006100000016000000 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\MRUListEx = 00000000ffffffff C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\0\0\0\0\0 = 4e00310000000000425a7306100054656d7000003a0009000400efbe5759f671425a73062e00000053570200000001000000000000000000000000000000ff353800540065006d007000000014000000 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \Registry\User\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\NotificationData C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\NanoCore_Portable.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\NanoCore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4320 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 4080 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 684 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4320 wrote to memory of 3844 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/kat15/NANOCORE-RAT

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd9aecc40,0x7ffdd9aecc4c,0x7ffdd9aecc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1712,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1740 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2092 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2136,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4652 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5052,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5000,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5124 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5072,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5084,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5092,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5656 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5540,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5004 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5552,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5160,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5096,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5176,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5672,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5124,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5212,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3248,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3544,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5340,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5104,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5772,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5028,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4932,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5376,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5828,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3080,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5372 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5796,i,2389692471093118876,1721791495542170194,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5608 /prefetch:8

C:\Users\Admin\Downloads\NanoCore_Portable.exe

"C:\Users\Admin\Downloads\NanoCore_Portable.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TempDel.bat" "

C:\Windows\SysWOW64\mode.com

mode 30,20

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak 10

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

"C:\Users\Admin\AppData\Local\Temp\NanoCore.exe"

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak 3

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 172.67.149.47:443 uncoverit.org tcp
US 172.67.149.47:443 uncoverit.org tcp
US 104.21.55.153:443 uncoverit.org tcp
US 104.21.55.153:443 uncoverit.org udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.184.157:443 stats.g.doubleclick.net tcp
GB 142.250.187.227:443 www.google.co.uk tcp
IE 13.74.129.1:443 c.clarity.ms tcp
US 150.171.28.10:443 c.bing.com tcp
US 4.227.249.197:443 u.clarity.ms tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 197.249.227.4.in-addr.arpa udp
US 104.21.112.1:443 api.uncover.us.kg tcp
US 104.21.112.1:443 api.uncover.us.kg udp
GB 142.250.178.4:443 www.google.com udp
US 104.22.71.139:80 hackforums.net tcp
US 104.22.71.139:80 hackforums.net tcp
US 104.22.71.139:443 hackforums.net tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 104.22.71.139:80 hackforums.net tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 216.58.204.74:443 content-autofill.googleapis.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 216.58.204.86:443 i.ytimg.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.201.102:443 static.doubleclick.net tcp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
GB 216.58.204.65:443 yt3.ggpht.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 192.178.128.94:443 beacons.gcp.gvt2.com tcp
US 35.212.156.187:80 lazyshare.net tcp
N/A 10.127.0.1:5351 udp
GB 142.250.200.46:443 play.google.com udp
GB 142.250.200.46:443 play.google.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.187.227:443 www.google.co.uk udp
US 4.227.249.197:443 u.clarity.ms tcp

Files

\??\pipe\crashpad_4320_FJNBOBYPRBEGMUHZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b52e959d2346c39c6664f6b775feacea
SHA1 b33af45227021ff27f3cb4f69c2fde79baaab6c0
SHA256 b4d88bb14fefeddafd30b3f8fac80ced6cdadc996263806264a19a71ea856034
SHA512 1eac169cb9cc38e08e2499dd222377c3f413b7f1ee58019b08f2cd6db11d742829cdd51e22e41bc36103b67b4d1225e32c7e75c8c4ee64a09a4b2fa1e3e8fd41

C:\Users\Admin\Downloads\Unconfirmed 27509.crdownload

MD5 d8097b543928f1ae74e17ae06e941366
SHA1 639cbf9d926c767a850d349dc09d2947ddb50ab2
SHA256 59e59bdde6e394e14326f693cba8ab7604a20e7f3df9806f539844d499a701bc
SHA512 48a25a1799376f1d2b754ebb00203ffde7f28208debbbddcefa6f77b34d7ae95271f8894725aab546d254678954fb918c3cef87f8899b31121b5151c777d6ae0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3b29efd451cc29b0bc14f4ca9840f419
SHA1 b671b219185bcf93b155c207cc0b446abe0ecef2
SHA256 e975eae23c2d3723422f4fb4795d4040db1fc0647d024f3829a5c5c85681a5d9
SHA512 dad054eb93e65e7ff27c42bee58faf54d3ea6529f4290f48732bbdce816ba4303ba5cc16441b63da9b7e0a297f76d3b2cfd637d05c126700e52ef74ebc05d5fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64c7a9a7db66822dcb155b4de8576074
SHA1 968b6150cc79d1285931e2ff5313b2011e74116a
SHA256 8dba5d2ec2fb6d619e6cdb76651c1a5a38c46ef09f3df4b89df69203c487772c
SHA512 b5da405ce6a446e706b71f57b0f810d83dc4a15cacfaa58d9fd1e5badf7bcd69e027cd57ab28310d3564e1071a739fec7f745d84c60f458c9b7c698f94bf5a66

C:\Users\Admin\Downloads\NanoCore_Portable.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 62183729d769008784fe72569bda8040
SHA1 2760ede631b06289db4116bc5f4442de27dd15a2
SHA256 e238550cb3aaa496683dccbd75d158c3dc9ea2362c69898a247928d00bf48d98
SHA512 4e414ae8c07a4529381fb3127ca4338e8a2c11831b62e2538b4a5e9fb06aff858677ec2ff2897fab4394f37634ec74212e5b555a57b254a1e44e1451ae8ebf8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8ae0d538e1359f7f4034b16fc68050f
SHA1 846dcd79f10b581162d1055bc56686b19eeb6bfa
SHA256 3e2e3a95bebdbd309b50ad3266050ff8fcf8fb088a3b1aef94c4227957a1d5dc
SHA512 270b2dbc7e9460691cdd06e95608369418695507cc3b8e6566ff9786699bf613bb1ce3445ead2a476d846512b112ea6640389159dcd5560affc68adc68a214db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 73d3951e1814c9f8ceb4741bc279a8ff
SHA1 b86d7815762080c631441363b9cbafe2d7f15333
SHA256 1d3e293e393ea7520a3382658345c3f2d51633f55c7f065d4fb0111ad1870b28
SHA512 a10c02bfe25d8a5619c91c08fd09f3a48c0ba979ef5fb567b854f5d2fc9c8e4bb2de8ba0ea0aae44de68dce5895fe7fd2286e723c222e06478bfc63697e1e3a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6dd96b758ae6490718f232ff41e24f3f
SHA1 3b68ea1e0790d7920bde645b290ce688248b2862
SHA256 24cee475f0951778309188253a14e1774701a473573c2d9fc8c00bfb8e769eee
SHA512 ace40a4ca3365248768027d846a8c887491e86174b4a392ab45fe316f11228f77159d34b84d627ad3bf60971dbfa9af427a05c2c363c89ab1947c13c24a58079

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91cc6fc92f25994933316077f6952373
SHA1 158dda54a178516b4a5d1c268a4b644baf7a3199
SHA256 b6365631226e36514355a39c3c8e2df705d0cb6b60cb7c9da82f553089b5d3c2
SHA512 20e9985a16c9ef865ee318ab34ef4f4bd0faea0d5d671d787b47b76ae8c0b84028e5b67642ed130c12e482b011994e416fe05a5d15b200e5a45b6f65c8562e0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a096155c0058530f5242d6a589c94d5b
SHA1 d5bd41770254538e5cf7a737e582c80e88adda15
SHA256 f367491f2b9c1127bdea8f4a9e839c55f000a5d6441a0af892a4ce0692b94a58
SHA512 df34e0b2ee9f6ee15844b7bb1ee9636527b20f0b03d339029a7851e78361cafc3f8ec1e3256ac6769e823d35448e8bcf238674e0995e80786e399a597b5ff32f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a25cf8699eba85cfe4ee6cabe055d4fd
SHA1 53f95961dfcf3a93d0f05a8ef929e742b62cf23f
SHA256 e6aa36f42e55a28d86693aa2711251f22acb98708fb1646474a5141dbcbb3b29
SHA512 9e250d5407bfb9424f098b0697492de3a7d4c737e73ffbd1c904394f18e1e1614db996988c61062e44d089bf06b60625eb3ee0ddef5dd07d436c00e551eb6001

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1303976e9320c274e693a146908362dd
SHA1 74bb82899e02a4a7131b75212c2dcc00fe99fd5a
SHA256 b1946692f897590e3f87a7c74a0c11cdf0612b918f02fa5fd2f4d6f386ce437d
SHA512 4693424743efef88e647af91c37a7062a7d604e83ff611ea7d318e05c9916cd8d3c51dda2c9aed52cfa024a60610df0d62c777295e1f3e94689168f0b4802574

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 78b3c068e3f9fb7b0afcbac742302516
SHA1 13c5a99a8621bc9fc7712719161e7316195aaed4
SHA256 5bb906ee8b6ded93d4bf8914bc2f553c3b17f755ce9f703543dd327a7515ad14
SHA512 c2a1f40a685b097c2aaabf8b92d9579e6edfea925326956fa1cb0bff282d7970f927c2b0da046b118fd658471a07276280b11f6e2b9e8652a814396530b5dad7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58c87b.TMP

MD5 2b570831a1870d8b1b8ae6ac302470e3
SHA1 d14b3a3b49dacee511a7c9e84f4181a14b6c7a4b
SHA256 f5020a2a6eeb5f6b0879f415d1078d1c69e372e0b7cc5bb26e53cc3b5a0dec1c
SHA512 a42a4083d77409c0e2c7b5fa1fe5b9440e0b323e783e8ef57f2d5e41da1d2a981be3dd05a948e128fdd387df4e3d51d5cd631e8f2f942d2b0f525faf953a9639

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt.tmp

MD5 2dc0b84b2103f11cf8bc1bef7df8e77c
SHA1 a58cd2043b903f77144d979e393706929c73b647
SHA256 fb5266e9456e1f26c26249a8203eeb0ccd6cbd440de4a41cba5ff4e09fa6b65e
SHA512 1a110eee0b47e2aec97d6917de5c2ec35aaba61e7e20128b8b331a32c3a298917bda0c322098361c85cb183370b4caef24a8faed716580dc38f6d7a7bd921687

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3647044e1e5101791bc17220609b5363
SHA1 1cdfb1456302e9f7f73a41a9c5f81f6aedc90112
SHA256 7b3dea9b56b61974b64c0f5667c4ed54068937ec586554d4e3d04e800feeab1b
SHA512 68b7b39aaa6d63f998ec8b9d2b4a6556b8ee42d94d3aec8549b9e81b724358bf0caa6b9839f97f7b8e308a89b988ba40c31788e5773e83463e2d1236ea4e119e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 749bcbbffe9a615b90ef9189c7d64252
SHA1 5cfb41f12b1ab00c56859cb08cdfa9fd99b3315c
SHA256 b1c8fa5ecf9bcbfeb5c0a2e76e6b1a6051413f3c285013b05ecf0601f29c8a4c
SHA512 41d95ff5a19f9a7d55baafa7b7175bc6f648cc770648c8a911d107644a5980c05113e0e34371e5aad94571ff8dd4f9ab4b7939a5b3ae4e6bc6c8b1cc2c6ce14d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0fb68ad6ae964f0f1c50efcc1d113d15
SHA1 972fca07abe119b27e0f82e5b74dcb6a2ff2e1a8
SHA256 7972c9e6c9625909b9b1d72d13340e0ee80fddb11958f829620fea50c1779cea
SHA512 0c802a2a2c36bbdf2497397a2337a903ad422323c5955678c6a87db687d7887cbf4d27546e626a84fc8a74aa729f317671312cd4089c92dcf9fb2272b8e103c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8cb5de289725972a668e1b1df214f012
SHA1 b367d66449298c73fd48abf8486831ebc8fab611
SHA256 04fd120b36001cf97bd01427201dd1ec033ab8658260b98ee4d48322c47318cd
SHA512 1add95bd83f238fa6f28793c440309432fda18497d2d2bf3dc1f046fcc281934fe981374081cda4f1f0ac21bf8dba08c354b553b7a2344291b1085bcd8520a95

C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_ap.png

MD5 b841c2ebdca6bb23c15c98da4aa671d7
SHA1 42f562132fe6e9a5029247a2b9666395dd5ad9b0
SHA256 b668f1a313e57c97a5abd0212631ea6211aace15b10f1ca82484f23f7d6924b5
SHA512 e093c2c454e8ceb318df0629f5f7e8494213e69caef640dd4554f3c250029e8a06b4c5add9c13e457f901c3d328738b66db524a8404617e486fd8c564dd04c90

C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_cx.png

MD5 fbf02dad6f60392ce777d006d5762248
SHA1 f9d95e6e5e25b83953e4f898bf99636d85511709
SHA256 45203a04468ff78fb3434f46799ca630172e04f97c566f8e143539a80c48bfc5
SHA512 9f5b7b5399cb7c8b41cda202eac5a344524f135fd2e32a5f312917c7684ee13a94976984154355297bb31fd06435efe91456e189bb5f1c9d6010dfad01415b4f

C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_gp.png

MD5 5ac0d15234533136bf6ec230686a4aa5
SHA1 2f208a8baf30d13aa23382d3821cc73c4aa466f0
SHA256 5cceb033c0262b5905f88d5905777471e9f1b0b0d9cb857f2361e88ada73610d
SHA512 d6215183f13e36a268b849056fe1479ebd36eab4b6f175cbdd3a4ecd4ba4df7734189a2f9e9d69ee344ca63baf2c9ef10f62663cc721e9c9c59775d5e84e2268

C:\Users\Admin\AppData\Local\Temp\Resources\ListIcons\flag_sj.png

MD5 4f82c2e83eab05d2bd9baaeff6c81a96
SHA1 e1cd3981d14653bf5df976ece649120134e88546
SHA256 15493361692068154ac1b1baf8878c179b353996dcda4d63e0322ea37f998f9b
SHA512 b69030fffb689094952eb472b272e1d18b40d0f11e3bba647c9b01226ccf072d276cc31ce3a1ffcbc84c5de82bedfe7fc2466fb060ff50e528f7c258179e626d

C:\Users\Admin\AppData\Local\Temp\TempDel.bat

MD5 3b2fb2a8ccaaa86a5fbcab338e641ff1
SHA1 bfd7df0e383c404d6c5cd58687954426a43acd7f
SHA256 34cba91daa5d60239496f52d4da9c526a0ed7680adf8f4fc491b2ddb32d48208
SHA512 cf00ac00845f1ac0cde6a18507c8b629c95a4391170dc1297e596406e0aa5802090b3631aa2bc3dc8632fe6c85c3d33557f9235cb43a833cbb4d8f3d84bc4443

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 92197c1ce147a9737006eb1bfe732b52
SHA1 c22346dfe274d1820cb3913a1291960f3e15b626
SHA256 f0c9daa230478bdcc972739a5ec45c07d478be6d32f94768e674caa63b4f5227
SHA512 9cd86ba4fb7afb8b336ccc0ce2fdcb017a8e576cc8204619eeb89ca5b1a6b129fd818e77c445a34934790b01504243c3b4231689760b6da4c482bd5f75d9b9bf

C:\Users\Admin\AppData\Local\Temp\NanoCore.exe

MD5 1728acc244115cbafd3b810277d2e321
SHA1 be64732f46c8a26a5bbf9d7f69c7f031b2c5180b
SHA256 ec359f50ca15395f273899c0ff7c0cd87ab5c2e23fdcfc6c72fedc0097161d4b
SHA512 8c59fdd29181f28e5698de78adf63934632e644a87088400f1b7ab1653622e4bc3a4145094601211a2db4bcbd04ea5f1ac44129907fbb727fe24a1f3652c7034

C:\Users\Admin\AppData\Local\Temp\ServerPlugin.dll

MD5 952c62ec830c63380beb72ad923d35dc
SHA1 6700baa1fb1877129e79402dfe237f0b84221b69
SHA256 2e5fbfb7932b117a2f6093dc346cdee4a5702e39739d9c40d27bfd1580f6f0d7
SHA512 5dc19d7d6ab7670ded766f357e481328c8df4a96ac3c2a00194a5ccea8c34bca0e34cfea3d9d17934db384d302446be2fec9853438371561d70580665bffe121

C:\Users\Admin\AppData\Local\Temp\builder.log

MD5 0061a98407086fb3106b61fe5d0fbb27
SHA1 c5882467e947fa1cab30dd45fe337b23bce1712a
SHA256 054dbc3e14992bea750e1f366c16f6b0c861bc9db2617be91cbf7306fd25219a
SHA512 b4e0f10067b2a5b7865b404c63be1c93cbda482ed3d20e618ede411fe7f9bc177792d0ab0bb7c13730809f9630ba5160f485a38590096ba8cb8104ab189f2c9d

C:\Users\Admin\AppData\Local\Temp\server.log

MD5 ac6285562e5e3e4e98feb7fe8df884a4
SHA1 4b7fc4ea7c39b95efa7d4e1d68b9b3994c38683b
SHA256 51d9e422386e5e64eadc212bff06b33c2a163bfe355ce98d756ce00afd76ae2a
SHA512 6db244bf0e1948626e64b2b8636b9bf71fa4b2bbe5e7c4877a444da00bcc7964efa9f01f6e4c90963961a3a8bdb3bb8ff7d28660596e6f468b53313ab5e3453b

C:\Users\Admin\AppData\Local\Temp\settings.bin

MD5 daa76574a834b950a015d191e410c400
SHA1 c93dae186bb23e7fc052b6cbc4626c58bc0f60a5
SHA256 c4c2bb97d9abf6e224897855a0f6699d8f886ca816811ea5bfeb8e71d72b7d4f
SHA512 9cd119d3f55a172036fd625738c3ebcd45b534255da36c208b594605eca32a58470ea4d0493026d160e062806d015cd878c44521e2450247eb5a8ae203a8fe6f

C:\Users\Admin\AppData\Local\Temp\System.Data.SQLite.dll

MD5 dd3d6f00b1aba3f1d9338d9727ab5f17
SHA1 faf9364a7ab15f27c93a6e6f97fa025030c9dad7
SHA256 f0d4beab24e94e61f219df451d90dbba3d0f48539f9b6a448f91e0c94b4e80c4
SHA512 0794d850a133a98affe627e3023114b229b982e507d366895ece6a1ef99b42d708554c64b52f0f2ed63673e1c5aeea7e794085d45f0797159e21ba4efdf23cd7

C:\Users\Admin\AppData\Local\Temp\x86\SQLite.Interop.dll

MD5 9b19dcee960dc215e64b1d82348707a9
SHA1 9c1e0f76673eb385787120e17404df179316ca2b
SHA256 3515f704b0012c01fc8be5b717905c0587b29255fc9eb7ad3f2b66a130691d38
SHA512 cc1304ab171feb2ac6df941f4b35aab8ce7b503f96b5539b366b39268cce8b21ea2fdbce16eff809a9a121a60a65ebbd0f59f75360800f541b9e5f93e729a55d

C:\Users\Admin\AppData\Local\Temp\Databases\main.sqlite

MD5 ea522fc387e8e1c1c65e946c9118e2c7
SHA1 0d3fe3c0f59b651f4b9210ec4d7324e7686b5a21
SHA256 ae429dbfca9416cfc6832aed1190fa7b9eb90127328136a249de024349fd3b3b
SHA512 52161556c3d3a1e12fe8de217aab806ac8e8e47135d57f057c257d16576ec08b13bc37aeb7f7234042d89d6deb594a635e0764675f4e04f7abb94836fac1d921

C:\Users\Admin\AppData\Local\Temp\client.bin

MD5 906a949e34472f99ba683eff21907231
SHA1 7c5a57af209597fa6c6bce7d1a8016b936d3b0b6
SHA256 9d3ea5af7dc261bf93c76f55d702a315aa22fb241e4207dc86cd834c262245c8
SHA512 29fd20ae7f1b8bac831c0bb85da4325a62e10961989e14299f5f50776c8f7e669cc1527bf2c3868bd7230e73ac110ba8b1f0491ac0f2923d79d7a2871c7c961d

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\home.png

MD5 0a482ce7f891fe7a64118bbb34a34b9c
SHA1 2aba3c06942273aebc5e616602620e4b2526ebe7
SHA256 76d3e6c51702b37227b73a4f84771e44d7c1a8551b4c1fdd90e341f03a805346
SHA512 0e900eff9109ac2f32137d9d18993a29ed6065299ef96554f2288128fe07d1e8db1a0dac29b39b0eb05bb8a9bdca5f083da8e25dec3c880ef155401fd649107b

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\clients.png

MD5 0331dbac2291c05d567461b58654d350
SHA1 1f89cdf7199983e788fd1f22b873ab9b0500952d
SHA256 8d1339e002540de132326aeb1d17c66a9a60b0af7e3daca9bc40df17e9c96542
SHA512 2d12a85226a21670c49038e4347b39227b8d8bca07b8eb66f2adae0ccf1135270f5ba5f16a40bf526477c70c00c1ca572bfb973306e6eb8dd057600de38da161

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\network.png

MD5 48780574121d519661c2e0bc51b25b68
SHA1 89d8d5e42fbae3d95c8036c1738656b8e6343091
SHA256 28f4c682d85fb4ef531a71b7fed8f0d7ef548f1126da378aaf60349219a681d6
SHA512 7f0d9b6e18b812350b9d57439069ebb9140365830ea6fa247527f793cc58271ed7743c514d7488f026064b6d44afaf93717192bcff3ea8a3b501f2bf7718ff30

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\system.png

MD5 9993c66f33d16d11e701abbabf5a5db8
SHA1 415a0069f21dc5fcbb7bdaa7f17a679eb18e6b1e
SHA256 24c4edf86254f9e2359508909ba52dd683e1f6af0d8c1a52f875c472fc73bd40
SHA512 7a3f0546f4fb12e72fd774f5c4446e8bcc2a26c762aad91675c3bc10931c1c0ac2c40d66a25afd0a376ab665427164367c1cf398c22811eedf88c90ce51a23e7

C:\Users\Admin\AppData\Local\Temp\Resources\TabIcons\builder.png

MD5 d2d498dc06990b948ef42c479c4c1f94
SHA1 eb380e6d156f5cc2ab28baa5add2ba8acda088b3
SHA256 ce8e344d1975972fa3f1b54383ab01cf522217e83b4e01f5c5b8563641bf6550
SHA512 fd9f99b7489507d8208432847085507e5d1823f1eed5d3c7e644c59bc5e5b36d8705d4add01a0c291240029458b25d72894fc05efede8b795bb6872e1e5f9ef9

C:\Users\Admin\AppData\Local\Temp\plugins.bin

MD5 5e709fc806e8ba3385487699004f6d29
SHA1 2f32547ed5b9db3b33969fb4858945610aaeedb2
SHA256 9ecbf989dedf1403db953fb4e5955c9f63415cbe1f6492c3246bac405a4d036f
SHA512 a6706c9f76d837a7e0ab12e3c1c6d94fedde9dc52d4fecd02befd8850752155e2bf801cdf0488a98e49c50c4f0595a3fc4916950badba9bb83a5b7a35d3ffaab

C:\Users\Admin\AppData\Local\Temp\Plugins\CorePlugin.ncp

MD5 7914e7302f72d330aa5f6c5c8c26df43
SHA1 8c411f3fe5297a78cb018539b44df87c0a51606a
SHA256 f66985518b1e56a04f512d110f5b79f21ed91cbcbf6bd3e17eba3dcdfb85f9b5
SHA512 8959843f282162ff0c59d890d04012c4f62dc36058aa7095d708a97a34313082cd4ca5ea5df5623cd2d6b8b91c527297168cab08ec59c1ec48fafac5983ad012

C:\Users\Admin\AppData\Local\Temp\Plugins\ManagementPlugin.ncp

MD5 b612c2c9a6d361a5db14c04ba126119c
SHA1 d2b29e235b0f45242088b78313438bdfd51209dc
SHA256 b86fe4e126a9748a383a34d615b9598c715f2380c0aad957495c66923902026c
SHA512 194d4688935235f3ca686868c9ff53c7945d4e076d4a51fdcbc254bfa1461494766480794c65715bce314256c7cc5268bd6547c937984d3010f54f5a3db4ba9c

C:\Users\Admin\AppData\Local\Temp\Plugins\DucPlugin.ncp

MD5 5eca68a8368e0e144b7016e30b85515c
SHA1 0ba48b49974156e5746958aeeb1c2a26c916b3be
SHA256 e2ce89b3e68b003cb27e2c5652ccba073c8938bef194e51830539b2464a3f676
SHA512 ea1d1363fb072a5c646ce070184855588124be42392dc492ce86c88fe93eae78e23f5de4f2df75fb5b0e8d67bf08ff192dd163ed3c62a1ccfb0b8436ae1df644

C:\Users\Admin\AppData\Local\Temp\Plugins\MiscTools.ncp

MD5 78e3006fc6468eb7dfc7761072b84ac6
SHA1 e46cae768d2754f48a29b7e424a9bddf0d67bcd8
SHA256 3a3a3b105eefb45e3b70cc1592e484df02df7020d5154e8c2e5d7d439e295e46
SHA512 0daa1cc9ddae70f442ee5eed784523dc1378b9d095edfaec1df95e02f00d09b461d60ee180f716f7ba755543ef7b0c87d791a454cf254dde0033b8615b2841e8

C:\Users\Admin\AppData\Local\Temp\Plugins\MultiCore.ncp

MD5 becb82e1e914e906be158e3f9dd658ac
SHA1 725d3d658680ca8dcb610d998db4b28733b5ee52
SHA256 5494adf651fc64e3aa6c08e38165d8dbfec52056cdf4fadae90b76b0e6816a33
SHA512 1d67e7d5686ea225262501afb572bec23e35bbd33c660a57e84b9cad7adfadbe457b128af0059ac705d53c6b65798f5525fe4ed3c16537b0c085414cdca74174

C:\Users\Admin\AppData\Local\Temp\Plugins\NanoCoreSwiss.ncp

MD5 fcb5afd01e75aca8ed9fbd35a46e54f3
SHA1 94b69f8612d31fc0698089d5e08aea1cafea52e7
SHA256 bf0386f6e9b4a35fefe5fe917e2be7c64867efe24521f18e4567f8af5f6dd5e5
SHA512 b587dd23eaea6de486c30864908f8603451c459153cd21b86a5e43bb9c2cca7cbc015daf620808fad76a4d56bbc4e57e127059c8e73be6c85bf958781c1343fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f384f5f4b3f2071087f81b5697333593
SHA1 0358756c88f0e77378933e6c7e96a8279ae819ae
SHA256 347423b5a27ea68dbcd603cb7fc6668505694a2f8b1436732c9ad32f67ae117f
SHA512 5e16e55033553c7613d23d6edf221c4ff099a81fa70458f8e837ca86399f348bf193f6c5b2b507099ef61d6ab5de72fbe21dcc5a67438f273a5469b3e7f42c6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ef8b1ee0af8d92a36089019585382b9d
SHA1 7c36cadc6c7344f185df2a8b3c04380765a8872c
SHA256 7c0c7b6a880b487184e131271cd777c341f50bf7dd5314c43287132056f4d0ce
SHA512 5c41f2f833dc7462aaeb2b3c03f813cf891f432690b6ba2fba309424e61a548cad4b41e19c4c4d97a8c26b5056b9359b52ca9104f438a5fd8137b78e8a849f75

C:\Users\Admin\Downloads\banananana.exe

MD5 423cabe446d4237fdcbdf5feb49b8bdf
SHA1 df7ee92276dc72b05526310c109b9251482fed28
SHA256 b78d8e18706d3be968b34b0a26a9b068bb1d7684e186b669bf141e78a6401dbe
SHA512 6ff7854ab7198d448f017d2f40ca447ca0d45746df74c13fda999a5c134968aba5ce0a59ed5a16f8ccc88cac900c3f49e4149df432dbfb92dcb555c4048525d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a00eba83bbabcbe82a6c83f22c14b53b
SHA1 f204003fd9dd3de0890cdcfe9cc8f5283bd8945a
SHA256 8ea08840871f7baea2b89b0da8aee3d42efbf60281a7beb379d733ec2d264365
SHA512 4f7ba8c8971b8efff019a20d778b9ea5f499c6d349ff1fd8df2adb06c573e998d3e65b834f2ead58486857a61a3f9a34f8870fcf392c6dd313f47537c0af84a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5634d58d90f70c06640e769f5b31dbf
SHA1 172763d38c88b07a8f5132a459ad4125d5026b12
SHA256 7432d050226c467afd76bddb71ef0d478b113ce6f9f7404b65aa1734089aa8f5
SHA512 d3141373feb1168629f7b8ad5d0e2d535234611cba2c86557ae42de31c4e682e44480ada0a1bfe6a47e15e2ccd00903113a95e0386111aced14622b338131828

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 df0cd68cd371af2e8ce4a1f54642a4e7
SHA1 d9ababa143f9289fa60ec17ed0f020a088224bc3
SHA256 60f25cdfab640c432f03274a2bf46c31d8e29e19adb2b87379447d9ddc970e22
SHA512 f9c5ab217a5ad0d1c193692891a38774873a5ea2dc6a6ca8baf1a0c2507ee602a37da1ea5049505542892f70e588e1562ca70cc58550e748bd971dce9c18bb3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 d3bed350858d03c88bd4a89ec890f4e0
SHA1 bc9adc6491dea317055aa73e222f70755924c1bf
SHA256 ec529dcc0b0750dbaacdaa04245b371dfbbe7eac7e665d123da6a46827ed5305
SHA512 b24c59cd88316b44ba4605a5e5ca9bafdd975626d3fa8f7c278bf98e0de69fa9d67dbefa0e669b17dc6e6f00f7f6a42f7b573194f13d1b41aa3a5de261b30f6a