Analysis
-
max time kernel
359s -
max time network
357s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
10-03-2024 13:34
General
-
Target
NordVPNSetup.exe
-
Size
1.7MB
-
MD5
59cb69a08fdd9cb4b0539e3356df1d4d
-
SHA1
0c773a0a76f821780c002d527bee387b98904569
-
SHA256
bea34078c360c71fcadc1a86ebd397d081f0d589913ad43970c1a3983231f522
-
SHA512
51d4f3d396d183bc5dcaaa0a26cf024fade9b5e5c0e73e1d2ee7663ba26bc55e799beb488d5bab8d8252147b33df6ea1209ebd730124a919940e899758842ec2
-
SSDEEP
24576:u7FUDowAyrTVE3U5Fg23TD2D+Fz3ifFUwo433RfFcdnOtksSm:uBuZrEUWq0t9D7l
Malware Config
Signatures
-
Downloads MZ/PE file
-
Drops file in Drivers directory 3 IoCs
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 15 IoCs
-
Loads dropped DLL 64 IoCs
-
Modifies file permissions 1 TTPs 18 IoCs
-
Registers COM server for autorun 1 TTPs 4 IoCs
-
Unexpected DNS network traffic destination 8 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 44 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 10 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Kills process with taskkill 1 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 31 IoCs
-
Modifies system certificate store 2 TTPs 21 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 28 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe"C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-SEQ7S.tmp\NordVPNSetup.tmp"C:\Users\Admin\AppData\Local\Temp\is-SEQ7S.tmp\NordVPNSetup.tmp" /SL5="$901CA,890440,866304,C:\Users\Admin\AppData\Local\Temp\NordVPNSetup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe"C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe" /webinstaller=true /DIR="C:\Program Files\NordVPN" /guid=3998bf15-b5ef-4fc1-aeb0-60363fb479a23⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-NSCRT.tmp\NordVPNSetup.tmp"C:\Users\Admin\AppData\Local\Temp\is-NSCRT.tmp\NordVPNSetup.tmp" /SL5="$50066,46811598,866304,C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exe" /webinstaller=true /DIR="C:\Program Files\NordVPN" /guid=3998bf15-b5ef-4fc1-aeb0-60363fb479a24⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exe"C:\Windows\system32\taskkill.exe" /f /im NordVPN.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exe"C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exe" /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /NORESTART /RESTARTEXITCODE=3010 /NOCLOSEAPPLICATIONS5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-VGAA0.tmp\NordUpdaterSetup.tmp"C:\Users\Admin\AppData\Local\Temp\is-VGAA0.tmp\NordUpdaterSetup.tmp" /SL5="$2024C,3309281,910336,C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exe" /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /NORESTART /RESTARTEXITCODE=3010 /NOCLOSEAPPLICATIONS6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Program Files\NordUpdater" /inheritance:r7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Program Files\NordUpdater" /grant *S-1-5-32-545:(OI)(CI)(RX)7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Program Files\NordUpdater" /grant *S-1-5-32-544:(OI)(CI)(F)7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Program Files\NordUpdater" /grant *S-1-5-18:(OI)(CI)(F)7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater /inheritance:d7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater /remove Users /T7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater /grant Users:(RX)7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater\logs /grant Users:(OI)(CI)(RX)7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordUpdater\updates /grant Users:(OI)(CI)(RX)7⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN /inheritance:d5⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN /remove Users /T5⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN /grant Users:(RX)5⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN\logs /grant Users:(OI)(CI)(RX)5⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" C:\ProgramData\NordVPN\affiliates.json /grant Users:(RX)5⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Program Files\NordVPN" /inheritance:r5⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Program Files\NordVPN" /grant *S-1-5-32-545:(OI)(CI)(RX)5⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Program Files\NordVPN" /grant *S-1-5-32-544:(OI)(CI)(F)5⤵
- Modifies file permissions
-
C:\Windows\system32\icacls.exe"C:\Windows\system32\icacls.exe" "C:\Program Files\NordVPN" /grant *S-1-5-18:(OI)(CI)(F)5⤵
- Modifies file permissions
-
C:\Program Files\NordVPN\NordVPN.exe"C:\Program Files\NordVPN\NordVPN.exe"5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\NordUpdater\NordUpdateService.exe"C:\Program Files\NordUpdater\NordUpdateService.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\NordVPN\nordvpn-service.exe"C:\Program Files\NordVPN\nordvpn-service.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /C pnputil /enum-devices /class Net /drivers2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\pnputil.exepnputil /enum-devices /class Net /drivers3⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /C pnputil /add-driver "C:\Program Files\NordVPN\7.19.4.0\Drivers/OemVista.inf" /install2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\pnputil.exepnputil /add-driver "C:\Program Files\NordVPN\7.19.4.0\Drivers/OemVista.inf" /install3⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
C:\Program Files\NordVPN\7.19.4.0\TapDriver\tapctl.exe"C:\Program Files\NordVPN\7.19.4.0\TapDriver/tapctl.exe" list --hwid tapnordvpn2⤵
- Executes dropped EXE
-
C:\Program Files\NordVPN\7.19.4.0\TapDriver\tapctl.exe"C:\Program Files\NordVPN\7.19.4.0\TapDriver/tapctl.exe" create --hwid tapnordvpn2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Windows\TEMP\{eaa5b5bb-857e-c24b-8915-c44d3385c41b}\OemVista.inf" "9" "45e106d67" "000000000000014C" "Service-0x0-3e7$\Default" "0000000000000158" "208" "C:\Program Files\NordVPN\7.19.4.0\Drivers"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "1" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:3beb73aff103cc24:tapnordvpn.ndi:9.0.0.23:tapnordvpn," "42b53aaff" "000000000000014C"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\NordVPN\NordVPN.exe"C:\Program Files\NordVPN\NordVPN.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\NordVPN\NordVPN.exe"C:\Program Files\NordVPN\NordVPN.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\NordVPN\NordVPN.exe"C:\Program Files\NordVPN\NordVPN.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\NordVPN\NordVPN.exe"C:\Program Files\NordVPN\NordVPN.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\NordVPN\NordVPN.exe"C:\Program Files\NordVPN\NordVPN.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
File and Directory Permissions Modification
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\NordUpdater\1.4.2.146\Bugsnag.dllFilesize
80KB
MD50ac686b5a48d31841c3a551e9273cc2d
SHA13c1feec435368a2835f4b9257a1292c74073bba4
SHA2561e72d04ef57e39126b94ebbd890176a231ff535c84bf04e73c2dc4263513dd0e
SHA51270d10a222a682a2b4039725e9343ebf05968ff2ef5f0cd299d72d145f0ef7b943763cd84112a7a14871c7f39048efe47f2dc687793fc6c96d40a5e736f2a7f02
-
C:\Program Files\NordUpdater\1.4.2.146\Flare.Net.dllFilesize
53KB
MD55509f1d9cad6b8e9f115d2fcd7ecf15f
SHA1ed5a6749b1bb73a25b7cb140be6071a56eac9bee
SHA256193b23e5fd12147dfb9881e1ebfa7f91fb5557f40763f6be6534f6d3f8617778
SHA512daa4f90720faa28b9a67e623a226eb9d7a0b52d201adf25300facb999b8fe1db7198d653ee4624052cfc009fed03dc7e850145e40f55613ed7094cb264000d5d
-
C:\Program Files\NordUpdater\1.4.2.146\Google.Protobuf.dllFilesize
451KB
MD5b2f02e02cd7172e3e106a3c5f696ddc1
SHA19a3738bd26d6f246ca382690fb00103796cb695c
SHA256319c4c3f9d4a0f792076b652aeac44899ec505e30a055cad25afeabf422f12c1
SHA5127ec7a28a4b7db771d25529c086505d72e518b83817dc31d572c68ba99749f76eb7cd1315a3f82efe4390d2a64e2532c86e148369697d49be1f6f93a7241f3a39
-
C:\Program Files\NordUpdater\1.4.2.146\Grpc.Core.Api.dllFilesize
68KB
MD5578d1aafa4a7af470efcf4a13fd149a0
SHA162ca6a257554cb23413bb40a02ab601ee3299363
SHA2566e713703d71beb479a6890ccc8f577b8ba155a6258f7ae0390a1e9e37e68bc0f
SHA512100815092348b89c3cdc751a62fe1b4a20981b4577b4131ce36570c79879d75ec28f9ee0952d00f1f9017d681a85db939bba228c8cff2058a3ab150e805452c5
-
C:\Program Files\NordUpdater\1.4.2.146\Liberation.Configuration.dllFilesize
16KB
MD558f22270aa830debe165171b61089599
SHA1c46effc685d4d6aae5649b4fac9511bdea0a2e59
SHA2565c16a6927e07efcd24fa09689d618bc7650a15fb07af44e9b776b903ef721ffa
SHA512f13cf4794e3ebd8312bb22f117e815c5804aaf209f48b92e6e3f4aa927b17237905648dd2bc745ba5aa2067e7797f371dfdaf826b73656841e840ef9c1a2c37b
-
C:\Program Files\NordUpdater\1.4.2.146\Liberation.OS.dllFilesize
113KB
MD58360e53bad6e7c42782840add24e2b70
SHA1aa123595d2e19058725fcaacf9acb2adc2f0228a
SHA2564e981cc535e12fbb728aba0d544e0b628377aea41c2520530dd7865902dd76c0
SHA51275f000579cc480c9b9dcd66da36609b4eefbe95c966736769ea45a6eb1efdb3d6974503dd9b4aad18bbc183c66063acca35b278a67cdcaaf6bc9998fe4255eb0
-
C:\Program Files\NordUpdater\1.4.2.146\Microsoft.AppCenter.Analytics.dllFilesize
27KB
MD51de2f5747d6b92e477b82c275b56a87a
SHA1dcf7fdfd1d6fd4fb91ed2d0af9450bb2a520a6c0
SHA25635dbbf633d82f3045cff04dcfebb345d97ca591ef65e15d3c34bdb8e73b731ff
SHA5128ab9a786fe0fb25d473e3c66d592dc4d1b65695bfcc3d6b9f6f4834e24fc413fe239cf30fa2d691853200f7e7ed809da703c0f13d4b996fad3cda532a9c708f3
-
C:\Program Files\NordUpdater\1.4.2.146\Microsoft.AppCenter.Crashes.dllFilesize
53KB
MD59b1a9a9a6e59eae42761d7d663e657a3
SHA13bdae1f8cb7a4cff32d61e384722f107d6840366
SHA25655c69e05b12bd022c6245bf42e7af9642da5ccb5a17464ea706c50d705356905
SHA5129a0182610433fffd2e43460830f9c06ee83ab6774f607e011d53c01c2521e626b4236c19d46c2f88aaaf0fbad6a4abba096f82cfed9e3a6d12cabb15bd79ad9d
-
C:\Program Files\NordUpdater\1.4.2.146\Microsoft.AppCenter.dllFilesize
128KB
MD536ea619d40b33c56dff55c65560f8995
SHA1d19b328ab592677375fe469fdb8bccaf510df2ee
SHA256b598fb64ab003c4dfef5c29acc764f7f537fafdaea19264836b862a84c960a33
SHA5121ebe91519ffd0a91716ed6229a950a273969a377984b22b5150eb058b194d0a21e0697ce27651696a3f64181ed17587968910ae87924b5c7f477542cc69c91b3
-
C:\Program Files\NordUpdater\1.4.2.146\Microsoft.Bcl.AsyncInterfaces.dllFilesize
23KB
MD5651cb444aef25ba4e052c006b1fb180a
SHA185870805e5606d40f53c97d82efeae79fd607863
SHA2564c8a7521ac501203f0b43859de5237629e5b30d62db6908b1f9a837d6230125b
SHA5127816196bf90f7cd8819466d7a570ef1f14e695443fa900f093d084e8587afd9e4f82d36388d113f572dc2f3c94a4f8c7cba601698b4bf8ef065b70ceed5d27ca
-
C:\Program Files\NordUpdater\1.4.2.146\Microsoft.Extensions.DependencyInjection.Abstractions.dllFilesize
48KB
MD52d704374f4b6b0cfa0a941e8c291e9a4
SHA1865855aa4a398044e8271792a040459aa1c94503
SHA256c6d54bbe9977c760a5033393150cebbc3931b9b17bf84e9c47112a3ef85888fa
SHA51268c68facb074d3bb21e82fa7a1d80b47cd6b1c7296bc13d556cbceca16d5ece7cda89a785f121c4232ecc0e55f5a50325daae4e4909ed189c296b8f46cedbe83
-
C:\Program Files\NordUpdater\1.4.2.146\Microsoft.Extensions.DependencyInjection.dllFilesize
84KB
MD5ba6665530c8ce8ce241bc20ee1a67e6e
SHA144feebf7aaa1f99008656a938c4fb7f49a8eb7ce
SHA25624ac15611ffc08058c9a5e96cb3bbb0daba5b30a86c83c434f2a85632f4db0b6
SHA512bb0822af4e2e846ef2f06c9ccb9541c917b04e9acecf5426eedef24c6f2ecda2994f583bf9ab0f56306505d99ed0fbc251fca869a5054b0f556cbe964ed95b01
-
C:\Program Files\NordUpdater\1.4.2.146\Microsoft.Win32.Registry.dllFilesize
28KB
MD578df142d938d554c47870fe0db67da1e
SHA1f77d900b816087c71c92660bf8d1646c1f5691c8
SHA256e648015d94e83b6e2a18afcd859a998423b330dcce8f82bb23149b95ba12d925
SHA5127ffefd8014c9974ddde5ce738d27dc1baad66b2d9b358e32be0b52fca7ad2f9c2d710e624b39d467d2d9c2eba6fd410268341c18662194081792d638b533cfa3
-
C:\Program Files\NordUpdater\1.4.2.146\NLog.dllFilesize
928KB
MD597683f51f9b45723a391c8aa7b48f1ae
SHA1e377bc4445cc4ace5d39c186a1aef5d0099f3fa8
SHA256051bcff9b3d1d59d4ecf5e3e0be1d58896e4b19c9fd414a3a2c88371535933f9
SHA512dfde063e791e6a6ef5bf8966cd273b99fb9e62fc0e9942c21088ad2fd922423b71af0565e73844bce46bf76fe7f3aba74e6ad761951a41728120d494b71f74cf
-
C:\Program Files\NordUpdater\1.4.2.146\Newtonsoft.Json.dllFilesize
694KB
MD5077dae3610c77bdcd2fdb8c4d0b6bab0
SHA16e07d149def44e00a787d40c83e238756448a07b
SHA256b2fd18df7f77e114370344a80890cae9199a77305b4b53c21467d346dce493f3
SHA5126d635be8ecd5df1b10d8a98992884d6529337b0b691449f8fe5123a02fb10aa74fedf5583a8b73db642c9fe013065692c74e1032cfc8970235719e245e0d55e1
-
C:\Program Files\NordUpdater\1.4.2.146\Nord.Communication.UpdateService.NordSecurityCenter.dllFilesize
60KB
MD5504196b75838cda7c828b55159986360
SHA1c404f019858815cc6dc266355fdaea0adf54a519
SHA256553a349ca98bbbfbea35d6999a771dadfa6dd206cbe19f20476da374f21b4d36
SHA512554da02cfb873086fcd5cb9667cd7e9a862b0a618cdc2c209d5ab2e06769728610f582ee0eee51eb93d0ee8b450c3f457045e2826c8c0b74bcce1a99b0abbdd6
-
C:\Program Files\NordUpdater\1.4.2.146\Nord.Communication.UpdateService.dllFilesize
69KB
MD5a7c6b02fda76fcabdcd30329340b32ff
SHA15dbd42c1ff496aad623f7d7f8837886a31b60303
SHA25601b488f6f57aa32c7b4c23ad293bec4571143b40b02ccdf954073672062b9c3a
SHA512b5aa969fc843bdfbb269aa7eb41c5603c7d33fadd0eb01049ae4f0eec9c42bbba7180ca90253b25fde16cb6e8cd6fa6824fe32b8838079d88bde58ca97fbd9d0
-
C:\Program Files\NordUpdater\1.4.2.146\Nord.Grpc.NamedPipes.dllFilesize
74KB
MD508084a60edb8e593ddfd69f4ded4a18a
SHA1d161ff7c951d76a8b970dcbb33ab292578645d88
SHA2566001190c9d3a4f11ce615695785cafaeb3f869d96228fb5f091c4cf53fd7da07
SHA51242f39a4b160d4cddbb5fd6c5c1bc151b5f6e544a5db81f7fc6932c34d736e07b8a204153dd551fcda0a388409e635304cc7e0b705203a5b17da3b4c5f64df44c
-
C:\Program Files\NordUpdater\1.4.2.146\Nord.Logging.Abstractions.dllFilesize
19KB
MD53a2a6b1a57b3352e21ef5cba11c1e866
SHA191122af5fbddcaf52ba63fa18665404494aec6a0
SHA256f5a72b066436abd1c4a1e2399199291a7e442010be88ae362ec5f179223d5fd4
SHA512c12c21552e3685f5601c545d15f66ebeb980cd43ba15c4a4388e044a9289a7504aa85736d9c708a6c5d5139badb9b2b1af5f9a5b05c1505f2663cb8fcd3c2edc
-
C:\Program Files\NordUpdater\1.4.2.146\Nord.Logging.dllFilesize
28KB
MD502ca991de34de519966627b527410d0a
SHA1912a81290499c8e6e9cb278c3d85e25bb47ce61a
SHA2565ab9bedd0b484f9404cdfda8d974d08795f10cb12158cf21c0bac21286c2a25b
SHA512e21364feca009c5c7acfe5af61178ed0bb7a12f4841c365a0f60cb03132219129532638ac2d4bd26015fad8596e6279d52035ad509b1522be72947a3aa192cf3
-
C:\Program Files\NordUpdater\1.4.2.146\Nord.SecureData.dllFilesize
18KB
MD51c940a2dbbcffd32b34a8b4ee11d25e5
SHA104df5eb9b45b0ba9b311a3e2cbd5f84c169edfe7
SHA2561d4ae768697a12cb2e54ed56f274d66ee93d13ab9ff5003f7bed6fbbb0af61bc
SHA51278b40eb68a4acb5ae836b6406861e88ad55f46d275913e4d73cf9bb468ee97e4d9cf2fe7d61dc50509c199b468bc44d6e292952d8bd4cb155ec2cd90dc01fe86
-
C:\Program Files\NordUpdater\1.4.2.146\NordSecurity.Communication.Ipc.Annotations.dllFilesize
36KB
MD54bdc7137a6e6c226daafa154f8af6db4
SHA18cee4cb03ca33d194ef9a85e8f6625a8bf5f377f
SHA256d579fac203a388804d2e979bb7b421578690b9fe7fa5b0345bc0d5ec8a77d6ff
SHA5120432a09a30a780d6adca8011513096cc469925265eaf7100340556b7ba70de02b85a111c37bfe23004e9ffbe769d9a1d3865ca3d86b14a4733a029b0e20800dd
-
C:\Program Files\NordUpdater\1.4.2.146\NordSecurity.Communication.Ipc.Core.dllFilesize
81KB
MD5971730c37ad5479bbea26b03fdab3a99
SHA1ad8b37012075f00f43538e36f12b52cab2d10c26
SHA25601a5f6d4e76f726b1be3e9a4e6eb396e90230c788436f6dc92cfc5d677958023
SHA51293110ad5694f915d1fcef98671ebcd9f58da5ae9aa91ed95323579980acc8468f8f071103a93b2e46a1c994b597bb41f64bcc474e858a03ca47fe2bfb8f2ce38
-
C:\Program Files\NordUpdater\1.4.2.146\SQLitePCLRaw.batteries_v2.dllFilesize
22KB
MD5236f90748eef78702fc000299b595691
SHA1a08fad01d3383ebf1ccd58cfb2d8ef599406730e
SHA256896b328e11fe2f4f882bb0b488896cc7cf7b4d9256283ef15fb395c10093785c
SHA512573b91b21bb22226fec5459f848baa927511047ad1d01a63bba46c939299af18d579864672bbc196c540ab9eb374ae113f7f279563d9035d4b2391ee775b2bd2
-
C:\Program Files\NordUpdater\1.4.2.146\SQLitePCLRaw.core.dllFilesize
60KB
MD5dbde17a7f6bbb946f796f4164e0d5751
SHA1afde4bc909c41dd5162899775ce799234a2aa383
SHA25620b6d144cc043b25c716b2ab4a8ddb3aa7552b0caf0229a1114e55dc4522cd2e
SHA5121e6121c8759bfba037bfb6b4a0478b92816d40548d7d96f55713f4faa43e6a253efec78b21582f83b0abf83c0bbd0f351bf2419f85528b878cdd87b029dfabf1
-
C:\Program Files\NordUpdater\1.4.2.146\SQLitePCLRaw.provider.dynamic_cdecl.dllFilesize
74KB
MD599784af99a867e4d39485c35beb33967
SHA18e00e2edbb4ea3595ea5c71fd9de4da50e4c77af
SHA25601525cd0551c92dd1d42a59352ddb029f7fb7485f85b65f58a6913fa641f1a94
SHA51216e16bb78d77df12774f2a240b9276ca9aa747d2fd6547910b0f6cfefb88f2c2acaa29ece1aec428d612c5f44d6e2c52d62e6868d2fc5f78575e9a4d6b37f4a1
-
C:\Program Files\NordUpdater\1.4.2.146\SQLitePCLRaw.provider.winsqlite3.dllFilesize
50KB
MD55322ae9e71be1739e627457504c56244
SHA131b087ba274a62fe077ee1d5c5865a9449720f9e
SHA2566169f3dba4157c16d2331a75120b0aea6499ef8f9f641993bed0c09d502948ab
SHA512af70ddb3ffbc9da59c0ab81fbd75e3c67e7411e157b9ec7b2cbe031eed7b119d96900729a39aea8a2d6447a856022412a3c832dfdba788a3c2600e072136d5c1
-
C:\Program Files\NordUpdater\1.4.2.146\System.Buffers.dllFilesize
22KB
MD5f7cc0cfa9abba6625adb02dcf3c3b6b7
SHA17936a41ecb2ef695ffefd18660663620ec0a4166
SHA256851ab00b1de3990ce21122cce6b7ba66f25129e6acaa41777c64d060eaaf6cad
SHA5120ac672b63d05ecb0813f3319b578a744903738d9656c0c237e3e360bca27f322571c935c1e116acf42406749da398490c0b6b7021f9adfe43d09a724aa74d19e
-
C:\Program Files\NordUpdater\1.4.2.146\System.Memory.dllFilesize
140KB
MD5450fdce96c012f80f48a5d2148c177e1
SHA11971e069e0fc1dd0bcb9ab94b7b29059f553bb9c
SHA256a569747b83b59e5995abf69f6a3f2ba82257f3f37965aee7d1ad6e7da8cde3d1
SHA5129cac0d87eb9e8482e8b7679d55f5c53fe5b2add7dc6ef7220611e1fa489f67d901347b38671f82098c2e54f57072adba2a76e34549a0d22d80e5b69314bd3c22
-
C:\Program Files\NordUpdater\1.4.2.146\System.Numerics.Vectors.dllFilesize
108KB
MD5116e776bf3e5c939f2063160eccd1b3c
SHA1d076a91154bbfa3fb99837da2ad71b63154e5359
SHA25614965daff02f14c99e36918a31824f3f0c1f5a420c789d9a08bb3cf3c26d9224
SHA512756e48ffea705ca6a54eae53ca0a0441605e58916edb3e855b41d0b300e2375a9f5e3a4d3904eab738a4cd83fa4b5ace4d951ddbc6ef1995e956470d078582fc
-
C:\Program Files\NordUpdater\1.4.2.146\System.Runtime.CompilerServices.Unsafe.dllFilesize
19KB
MD57fbcd312a3a30032d0fe422c15342d73
SHA124bfdcc803de48e4b73ad350a8972d8126b6b899
SHA2564ca0b277015056db623028e8245e2a5d0045d9cc3749ff7c9ee4f484a4367f73
SHA512c58db49187c64dbb70e650e0a6d9a5731f8987e38722ffcdee525c3d0a8f24d11698e01df870cd77e16f86e492f0e75fca9cd78f5d17dacb61e57169f1b02343
-
C:\Program Files\NordUpdater\1.4.2.146\System.Security.Cryptography.ProtectedData.dllFilesize
20KB
MD5a374cc5f0f5cdbd301606573fdd723c3
SHA147464e52923f5c09d6256ea731654ad989f122d2
SHA2562386bb2d7ce20b691e96fa64ba40f146480ba08ac0405f002e85f8b5e50c9c0c
SHA512a5c607341b549a644ffcdf4c103a7fbdf091c5dee56c1af49ed780240c99ad053a327943e7b8b2b350b7856534e4d260377ad6c4cc285e928d5b0e5815d90618
-
C:\Program Files\NordUpdater\1.4.2.146\System.Threading.Tasks.Extensions.dllFilesize
27KB
MD5c9558593dbae3c54e66f210dcea89aa3
SHA14b6a51df96f9228594f00141b5ea1b4cd6dba111
SHA256fa46976e1b1d06052b7c6a002aa7a27e7efec935a6f7b7fc41c4356f3265d3e7
SHA51263da07afad850dcf038585f4eec009a16e562b0dba28b256fe98fe8e5c4a095621c946552f92e865daee9a5226264ac54c4555a889a806162552607f7acf3890
-
C:\Program Files\NordUpdater\1.4.2.146\UpdaterWindowsService.dllFilesize
260KB
MD5a33a8eb9e4d175745e5db872d85e0ea2
SHA1c12bcb05dcc8e4823d68ecb6cb96413ec5162562
SHA2562a7676c19aa23b83824902af6271dde3fb5073fe51d921a0258747f49c64c133
SHA512e8231f851af82025a2c74eca1003b1e5a4458838fc3c6b8c2c8511d45d3b405081d02f00f0d28c63c466bd19281280c332e8d78ac8da8f64a36fc68d497e0e17
-
C:\Program Files\NordUpdater\1.4.2.146\e_sqlite3.dllFilesize
1.6MB
MD5d9c41ea1a7a9e090102da6a0323098a0
SHA199cff5e9ab8b62e9ac33c1b859c5e2e468b3ca51
SHA25674393f64419aaf6655d60dff125c7ecd3adf1a76a7aba0afc38e6dc362ed7902
SHA512fb37edcb561e0b33afceb39b8875c8db4b527eadcf59ab9874736fe74579c058b8d0a7b30cae21d995516dca0c11840121e20df16d7c67cd8ee757206c7e84cd
-
C:\Program Files\NordUpdater\Nord.Common.dllFilesize
41KB
MD593b54ae5ab538c423aa42e0ad9f21369
SHA154217b5a2fb10b7f786837c3a9dca98ddc03a07c
SHA256c748e1761528e54cb6637e46a50c39a1bb5e8f951ae19ebe64c3f424eb774181
SHA5123bcd7772251c0c59e76f345c218e972cb07dcf14dedc3f07ab90d658470770883d41ae0671bc87796097b6fcfa12476202d1d0633c07ef4fd0d338ac00d214ac
-
C:\Program Files\NordUpdater\NordUpdateService.exeFilesize
290KB
MD5c59d83ce3b43dd07757910b4c1694b40
SHA17671aad5be051ef18ecd733c36ad58edb8a98297
SHA256e99fd45109ffdf65e427a60c6846aa7adc6da833a97273ae99c7f6dcade0f7ca
SHA512aac5b5c549f47ffbafac11a8f132d5202e9edf4389c4a4d25b569f7031c898e5aa490d8a56d4b4db5644ffc0d54d3e76492eec775b5ce3352a60c31b949570af
-
C:\Program Files\NordUpdater\unins000.datFilesize
65KB
MD535e1449d17a9f689b4cfe839e34e017d
SHA1f4b7f7ba311abf37115f9b4b0131a93857ef9633
SHA25651d205adc2b7aa539e2666c5771df5282421cdb495b1d3c9afe9786ed919fd8b
SHA512b2b1bb280bf2d54361b723b6ec0b083873cedbef2bd60a16b3a12d8be2ddf3ff906ce14dde9cf8d887d65e98569c1b553a13f1f98c0c082ddeb44c62224f52e1
-
C:\Program Files\NordUpdater\unins000.exeFilesize
14KB
MD59a3a0890693b43897e344124b247a3ed
SHA18d8f342a3618451cb860b82de5abf9a7ae634647
SHA256c53e27f2ae6063b02ccbf4af76e8cb4cce20d861fa0c1da578800e028680078b
SHA512bdac94fc251fa217f58c9988adde4d7ea5ce8d69874fc2ccb8cde688f8b7aab0af69a1a3d101d5b05132ee04087eca578da813e9a576604fe22e659b468a7a53
-
C:\Program Files\NordUpdater\unins000.msgFilesize
14KB
MD5934e647fc033ab8e188ba9e2959e4667
SHA10a9fa3f67eb5f6765d09cdc00090ed8002ce9be3
SHA256c0a4a53df934afa491b8d7d2f7432c2b0b2ed18ba39722946fda2a7292b142ba
SHA5124469408e04df9de06b1edb59459aa3ff11a65ef7585c4856bc3569160c070552e289eb620fa6f764dcab071e787ee61883448cf7b932b0fbbb88b56a2ea7d3a3
-
C:\Program Files\NordVPN\7.19.4.0\Diagnostics.exeFilesize
384KB
MD5e372fb56e39e8e80805cf029a7694929
SHA1c511eff7ec70f5a49a25a6b46c4e9ebe0ca33d14
SHA25651402a655c74a29f165e958842c7e5207759d99cdd68b4a169a78d6278c4427f
SHA512442ee1a70ed95ec375641a887780463fb718caa95b923d05ed89aa85bcd8c8f3cf236a35873e836b7f837f6bf98bc309c93b40fc4b861d6ca5874ca435489ae9
-
C:\Program Files\NordVPN\7.19.4.0\Nord.Common.dllFilesize
40KB
MD54029f5f83160e495ece0c84ef6fe7420
SHA1ad0b784e16343c3a25c3c7e4eb2dde7331a1f9fa
SHA256bde128af8478d5c60917fd637bd9d62cccffd1fb2e594779595f30abcc6b6b21
SHA512303fc5145c964bc2f0c4060a86d57ccce21cb09a2c13fb8559fef44917355c06e43f9091cc792757c8ffb588d8b6b069dfb26d6ab2e280156a016e22808804b2
-
C:\Program Files\NordVPN\NordVPN.exeFilesize
257KB
MD5ff4568edc9fce6309a363f53e8265850
SHA174f421d5b757f9e5a9526ba390b59f4a871ce3da
SHA2566788f84fe5b1c321575c35da92f6ba775dea7937fcad83409119dbf8ba2d8aa0
SHA512a7e13a77e3bffb697fdb019eccd9a8d629659c875e8a47203b57e886ae241f96a6a97600404d4fbf9eb010a1a31d6fe282a9c6685a970af5a13960fb350d74fe
-
C:\Program Files\NordVPN\Resources\toast.icoFilesize
87KB
MD581cddd84c0faeb97dfb495ddfea1764d
SHA165c4da96f72f73489623e1d3c2ce32ec2e804147
SHA256d1c0c7eaf223cab955a8d29e019566028227b7d8b74fc8aa8fe65fa782e02738
SHA512a5fe3fe49aae367e2ed6c9c740db8b322bf5a781d5f0c23637fdde950502e4aaea7fc5e7d55315896cd382222bb42043918856d8a2325571ff2a2f7dbbcd7641
-
C:\ProgramData\NordVPN\affiliates.jsonFilesize
4B
MD573792b9af3fc811b105441cc773526b1
SHA13dbd0a28528cc971d576c7a6dd2bda7edda4042f
SHA256bac6a76645c48064f198e711301492ace386110831d381f33ba68a3db6847bd4
SHA512e936ca3804e4d2e2eca9700f143f01db1e07f01f4f5cd1fd2cfa94f19ba5a33812d6ea320364edeeb5b9ae86ca309ea48f16039accb12f86e0eb1cbd980b76a5
-
C:\ProgramData\NordVPN\configs\templates\template.xsltFilesize
3KB
MD5c79bd4b94b0b83d4a3e1588614524a95
SHA126a2ac217abd39a15773d2e3d2a6aa2ac7d45369
SHA256d6ed263761188a215ce302b69fe0b73b6dc796f5935206c56d2f9e1694c00635
SHA512b0e4926b49ec76fc0fb66021598f836e34b61a7540769346b9a0689ca7dc11bb65309ced8444f7a9d80727858720387b99b1eb49d6819b07f257acbd7f3ef0ea
-
C:\ProgramData\NordVPN\configs\templates\xor_template.xsltFilesize
4KB
MD5542e0102aa5dc40e3cb21c84ae94d053
SHA1e48cc5b7c06513b86180c52270e85dd08e74c86a
SHA25656c2e8781f54a083aa5a3b19b8e018ab96917e0bfe79be8593161f2f2954276c
SHA51274d2394514e8f13244517c225c2e4dc17f2a9f796b437d7c7f7ac8635654f4677a490e8879a1e52aa8ffe0b769124dfe173db3ae97f9ccb369fd67e7d12eaf27
-
C:\ProgramData\NordVPN\nordvpn-service\7.19.4.0\ju2mjnan.newcfgFilesize
902B
MD5b395a6db5cd3e99a5ecbc41c35758049
SHA1dab92fcb83db2b28feba50ecca39c0f604b080c2
SHA25675db4c95ba71c05aa6c913ac23f72051ae0ed3189cfa4c8baf98d80c99965ea8
SHA512e08b368897208139e87d13b385e72bd6c9048be5ece3c50ddce32e9414a13a65295ac93a25e33a6f5e5a8911316d71a6a556fbc82ec297cfc4a4dbc45700c426
-
C:\ProgramData\NordVPN\nordvpn-service\7.19.4.0\nordvpn-service.configFilesize
1KB
MD516daa4a64136fa2c988375d10796b52a
SHA150631093219f3885b1d2c8593db00245184e4b97
SHA256c7b5952e9d6005865df46521887dc56659dbf49a11f14b8cf92ad3b50875cb8e
SHA51299771c4181bd51037c18da79f49c47e5cc68590420cf23f7d8a001ba6e025d0fa268acd27b48f05d9a45241b3cb93d6d42a8315eec0aa672641758b859f0c88d
-
C:\ProgramData\NordVPN\nordvpn-service\7.19.4.0\rgjodbdu.newcfgFilesize
901B
MD521324aa4f306fe524fd1a940b6bfbe1c
SHA1e99e918c548feb355679a9a16b71d37f6d687bf0
SHA25661bac056613aa8aed2d5a554648865382effbba6dad0efe36c87b3da5fae9993
SHA512e8aa0e891f596cb755fb32121218976d9191b054526baf2f71cc7a6804e8d78549e0672cd99982133dd8fb899f99f17bdbfa91fc33c9c7337e086959a8c95c5f
-
C:\ProgramData\NordVPN\records\auditeventsFilesize
8KB
MD58360789ce2861de7b27a441bfb591aaf
SHA11b25fcb243cd36eeb17bb51a57dbd3317d8fc1df
SHA2566f0775bdf95a341c645718620c3056b1fa268384d1a005f521cce7de262b404c
SHA5126600fe617b1b194d6a10a97772eb74d0e0b9c7fe9af58be4e9e2a5374caf02ffe6c849084569c1f5d967fa386d78c782f1b4480affb629644323b9d6f61b68be
-
C:\ProgramData\NordVPN\records\auditeventsFilesize
32KB
MD5e69fc42de2b34378c0c9d3f629d26620
SHA19d4cf89bfdec02f7ce7937d254394835d27c2194
SHA2569c10af70340bd845988f862de8025b73c8b6462965c9e6bf80d81d80004df533
SHA5129a0c40cc810194a139965b5ae5af8bc2e03465db142b81bd1a0862db0f2767f75a364651c89d70d0354ab0f1797777d46d9a6b0b24ea4573a4835cadd7729713
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\NordVPNSetup.tmp.logFilesize
932B
MD587c54d4da204ea1d4fc9489bd45d06e3
SHA1f9ca47f0b16aa375eaf991dc83aec09678e6f749
SHA256c282cbbfd81749788f382185502d567ca75e78030781b498e9ba976fe4d96f63
SHA512172fe3085c22a5b595929e2837174412d1007335b3ef6682ac560b9ec728b2d27664ddb458a79adc59fe1344077a71719660b3b911f926b7080bfb49bff9dc21
-
C:\Users\Admin\AppData\Local\NordVPN\NordVPN.exe_Path_lyd2et14emxyzyihmgzycn2rdelxpwpj\7.19.4.0\iflotzce.newcfgFilesize
14KB
MD5b54e1270a9f3cae97344c3df86d733a1
SHA1df40eb62ad32e9c6b192f4d164fbd787579f0f7e
SHA256b6d162820d84dbea379e092473198e74c5a5a3b14968b4d1234cdd7e1f599300
SHA512b1568ba2d2f42676fc1eeb522981970d73bff52c5406074b40b8976f49798b8d507aed294487f24ced56a9708fa40dfff61da1d84593a6c7cb51fcb6201140e6
-
C:\Users\Admin\AppData\Local\NordVPN\NordVPN.exe_Path_lyd2et14emxyzyihmgzycn2rdelxpwpj\7.19.4.0\user.configFilesize
14KB
MD5caab8986ed616467fe0b29e20018bac3
SHA1acdf1996271ad16f536f649e8b54a7d0d114297a
SHA256c7cef86cdac3cfa830934d2ee9b1cc93826fa4f6c23795109964396ea9c7abb0
SHA5128f0e615c07a0d3533c49230bdb2a0c9d3ee22809e7e40fcb3e6a34db50c09034fe8cbf51b9bd5fe39ce9da8fba5254c2095537a9ed0dfcbf32154a35dacceab1
-
C:\Users\Admin\AppData\Local\NordVPN\NordVPN.exe_Path_lyd2et14emxyzyihmgzycn2rdelxpwpj\7.19.4.0\user.configFilesize
14KB
MD5afa38120ecb33009e9eef559c7e6ab81
SHA1fd3c3852ee76da101ae8a0a0e43ab82cd42f6f11
SHA2562719c8c0ca07d96d96a25ce6b9e78d5a739b2debb0757666683d9f64544a11e1
SHA51246fa85c885eb572504e35926515679b6a018922deee46d1c6a17b90a6f01cdccc389b7e14ed06956c60af0c5197446a6410431f69d24eea5a34f4a98246fbde1
-
C:\Users\Admin\AppData\Local\NordVPN\NordVPN.exe_Path_lyd2et14emxyzyihmgzycn2rdelxpwpj\7.19.4.0\user.configFilesize
1KB
MD50b100aafa19f8083696d78921cbef6ea
SHA14d8cec5423420504a7dc3352b571f925e2c7cfaf
SHA256ee6510bfc617cd9b8020228c7be54fcf8dd2db981d5d0fac51a10d47f6d59bc5
SHA51247943775a783227d673df0f0fe22fc17444eed84f5c4c430c71a067726454b7ea116638404f52e3bb00e5ee12ab9f28d694f9b4d9996db8e1da71ca59f5276c6
-
C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\Nord.Setup.dllFilesize
40KB
MD5b18bd486c5718397bc65d77a16ce2593
SHA158fe73e27c5c04e6915c5358f698f7fe8c2b5af8
SHA2560bbf32b0553ca1292602e8c2c0458e075fdee2c8b6ef8ea81e924a86bc065f3c
SHA512f4ffa1c8983914c41657fecc11c9324caa5899ad875b9687da8ffcf79ab189f19d6f926e16f09f240de9e6b22e26691fae785ed95657af310de5bf6c58ce8e0e
-
C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exeFilesize
22.8MB
MD57d8e75625345de31a28d3e02109bbd92
SHA16863b702c34793fd09d7ba8fb2a27dd49f880a55
SHA2566c79acea11afe807cd798f3bcffe22b50655d43fa1409491e41e4be46300c75a
SHA5128547deb41db355689f9c8696b5d0c56a9f5652ec0ccea9497aad3ec293a4495e04ac3fab1e0c80ecf18c8729c0cff6739c0ddf2689aa19cab3d710cb37b94564
-
C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exeFilesize
260KB
MD5ae83624c3dde1a8e3cd118129af1552c
SHA13426473e947b2ce9a5a1564cf1bb1db71473f24c
SHA256bb5a76ccb14e1679581ad2db35a3930df7d7c98944b0bc557a14b404e019f1b6
SHA5124f4bcdb78456be0acfb5f7eb1228ac3075bb081911f42e921a6673e5ea743eea3054531eb513bc4b81ed33c5c30188b3476095fca8802c8ebc6b45c6120e42fa
-
C:\Users\Admin\AppData\Local\Temp\is-JDQU9.tmp\NordVPNSetup.exeFilesize
15.0MB
MD5e6c64703bbcac6db122ea2a7153f8fbc
SHA16310c8892dd07a9397636dda1daf2bff646149ef
SHA256b68fe91323a097e19c470a8242fe2afa1f450b51c8f81c3055c8da6eec51cf86
SHA512c73d28b72cf4c786863149f88a084ae67954fbc782c4a566d00b3de9005aa71cbfe5bece32445932f8a973e60eda1e7d684314a5372a991755804af147d359f9
-
C:\Users\Admin\AppData\Local\Temp\is-NSCRT.tmp\NordVPNSetup.tmpFilesize
3.1MB
MD5db18234544148ad0ee00d1126807ad88
SHA106d4cfd67b26d14af03239b2ceeba1da3fca2064
SHA2566323e212f9925316b00e110c1b217e9ec239b90afe2d93bb3e6999e1aae29fad
SHA5127a367b7d71510009b0bef73beb64818b2503a0423f350c2ef73a28519873e03702ef53c55969ef14cb6dddc421bb9b694fa714fdda19ba57fc4d102d8bc56531
-
C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\Nord.Setup.dllFilesize
43KB
MD580e4af01f2399fde9fcba64fc25afd88
SHA143791db4576e119f6e762fca5a97e008b11172d2
SHA2566b30244e8b857f10073e2015930b5f54938f90e80970208b5a39ef0f008e199f
SHA5129d8044d935669567289bb7cf3a2452d407262ad81905d9b5474ba77aa289c15e0bacc5123661516744eb86d36ae81aa73ec432e77fba0598bd8b9b99e100611b
-
C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exeFilesize
2.4MB
MD59250141e4619953f35327e91446ad7ac
SHA14096915e8c9079a9eaba71b217a807597a2f3bbd
SHA25664d851bc0129e19d2d86591d6d69c5a3e6c9280671e95f38182fdc22c0358cb1
SHA5125d8ca221e5ec1882772c3564433dd8b4f2e5547b1666e45906631f593f0415cd155c2dbe4e5a418296162bbaa8440bde8bf9a4a5421090486d2e1e989095db3b
-
C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\NordUpdaterSetup.exeFilesize
576KB
MD51b767c430cf1445cad3a864d92a10ab2
SHA1a77d19d4d532d14a1e6b340c56f3ed58b885c8c9
SHA2565ff251b9c5527f0229fa299b586941961d7c9ee3b321300bb932dc74eb5f89cb
SHA51201bacb9db85312599f77935ccd254258232aa15e945e278733070cc1946e577fcb6d4a796cf8b5134b7511ae1673ec8d29e9c9b1e9556477211d0228b4df5522
-
C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\VerifyTrust.dllFilesize
85KB
MD5def84359897fe0ae2cabce3c578c0e17
SHA1fd2e3532c4f36cd978ead93f4e8093cf657edae0
SHA25663049b84528a9c18886902c9497ec302a562212c1fbee3254b57d4cbe5c94a95
SHA512932d75e63c22d616d5a842ddcf793c7f20bedacabd6c964f105a7fb7ee370bb6a12b118619eddd1447dd8b3882e0dbfc3ad7eeb340d3a02ccceb07b94dc93f9c
-
C:\Users\Admin\AppData\Local\Temp\is-Q2C98.tmp\isxdl.dllFilesize
169KB
MD57998a1a52eedde342de34b4147006419
SHA18fad49145668b4387d233e296b6f57342c7a1a55
SHA25648003909f632c53e9ab7edaf8660b6a12070325d733c7c14f0e3c2d72487a8fc
SHA5125d217922dfeecae213dfa950c3bdd402c27fc8ffec0de31ec6a457811c45a230e0a940d2dd8736be192785dfb77cfeba7bb6bda74ff0050a9ee1b05c3c4486b4
-
C:\Users\Admin\AppData\Local\Temp\is-QS3NT.tmp\VerifyTrust.dllFilesize
85KB
MD59b43bdd1a7462708a192f4429d9c8404
SHA17ad954e4a8a365d1bdf1d35f40543185503ffa74
SHA256d28b6de6ac3cc185909696f030ef278f92605f37e6c864e60bb1190f2d264014
SHA5128de746fd4bc7aa765c117e5a116d0bbe7ad514feb9b9a0ce270b5f9edce0f338a4db96f32aa6e26087a95624717e9049508f04db7b826cfbefbce520499c7e3e
-
C:\Users\Admin\AppData\Local\Temp\is-QS3NT.tmp\isxdl.dllFilesize
170KB
MD50f714846f9ae8a60f5cdb4811377b23f
SHA180033367772bac128fefa8707ad64b4b27cf0c34
SHA25698d547efb2bb65c32cc278beed99c4c9ce83e63f0032ad327fbc5241cdbaab90
SHA5125149814592ffd2f756f60dbfc8bf10dc7c91e3c8b4a8d1c881dc0c3b2ecc6ffcf98fbd6b7e0cbf2d85d02e314b8ccf8f6d1646198553365c5560fb267bacddf7
-
C:\Users\Admin\AppData\Local\Temp\is-SEQ7S.tmp\NordVPNSetup.tmpFilesize
3.1MB
MD529ca787f3a0d83846b7318d02fccb583
SHA1b3688c01bef0e9f1fe62dc831926df3ca92b3778
SHA256746b972e21acb59e4086b5b25fe53ef2cddcecfa94dd56ad68c8e5bab9960c3c
SHA512a6c21bf5590dc91a5d9bc729d9c04c20b54341d3270efd2fb7d2b548d7dc7b23a1a351147a07dfd569e901a608cb44533304de10725cb02fec781cada80b8e3b
-
C:\Users\Admin\AppData\Local\Temp\is-VGAA0.tmp\NordUpdaterSetup.tmpFilesize
3.1MB
MD5f4a031a108c586a85e5646fbecd1dadd
SHA1c3e3d1edc6752a7b05419cb147851dcd249fb3bd
SHA256601f7293c047baeae7f1467311794706476d1087a955bc3813236d3c0366cf04
SHA5126dd791bf95d808854c2ff3ef8c83f81f73ba7d8e270a9abf407d5f00d5a47a64b7bba74f40e4c871ac6121c5b9e94a8f178bcb333d0d926b3284cb480a939576
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2bcef060ace5a6db.customDestinations-msFilesize
10KB
MD53b7eb2a32ea564ec9fb6af3277f8b0be
SHA1940ec62faf1d392c54788522e456acb3b7492505
SHA2567365ee21447d4341a5e7a4f5060f8ded23b4478cb70f49b48ef12cddc0466bef
SHA512e3f5bd5f5f39a265e1fe2e2118f594c05e3994739ec19d1e0b5d3a4938095d71f90c3c52b88a28fee2d88d463570ed5a9768158332a517311c3f9330191500a2
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2bcef060ace5a6db.customDestinations-msFilesize
10KB
MD586dccacd210ad1f1fdd6c2c964f3bdb6
SHA13d90eab8c2dbb62d46decb5430fc637f04235064
SHA256b53a9f808294f113e413bef40d9516c8f2ad1765240c42d1268430358d207358
SHA51222d0c641938d6ee6cda9131dbfc5e588f6fafcad2005dae7af3d5b3b614a7ed72c64b49e98681f6835a709053e267ced1eac4ce835079f79effae47cd12b26f6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2bcef060ace5a6db.customDestinations-msFilesize
10KB
MD5a14d9d54a3b6aeeec908b67005062409
SHA1dae019db586f960de983a894455284f4065af71b
SHA256e1edfaf0787b3200ccd50a7861ef7a23baad85036ecea1f2cc3a3d9c413ecf91
SHA512b65dcf70fc719b03a47de2d0a6a2a3323da21fe8af82e08695874d3a7976387e19fa0ea6145ea636234e8dfe11539ee19c5c7cb155cb0fc7f6ec0b10e598909b
-
C:\Windows\Temp\Tmp3F51.tmpFilesize
782B
MD54ee28ea0e8c6d8bee2db4e4521123b53
SHA10c42741f31bc5c915fc0d4a2908ee43f372d06bd
SHA256fb1aa055dff33e58012f7c6b9d85eaf7234ecdce31e05f7caadebb76ee4fadad
SHA512f95e1a3e4f5e32bda6d1f9d30c6d750e61fee372f5eea5519b83bfaffe6008ac508547306957b4de3bf5b43bbd2f684f1b8042312eebbc6ea3614c4b13cbbe8c
-
C:\Windows\Temp\Tmp3F72.tmpFilesize
804B
MD58120a2a5bbe15b94b00ec360f3b58674
SHA1a52a5eec1c4b8400f6649bfdd55e8c39f0f53c12
SHA256669fce0c7d292a008fd26854c1aa1dd3a7af9c255f0091af809c6eb21f6f70d6
SHA51287d7ac253c7deb10c03ecd8f7a239dab778f4da1fc91e64c6960299e756e10e7bd52c6420e54311b7cb34a0689f99edac8f4995c33e484ba9f90cd7ea84e89dd
-
C:\Windows\Temp\{eaa5b5bb-857e-c24b-8915-c44d3385c41b}\OemVista.infFilesize
7KB
MD50d719e9779f64ab6499ccf7452f99c9b
SHA18e170acbbb222588a05d4b22105ce056c342859a
SHA256fa56f77404e9fa7723d95a493f206f1bfd2644d83af984b92a45c94a2ea4f7e5
SHA5126904c34f93a3fc4276f113faffd14084a50e136a7bb5e31129c3bf030fe2b6d1b5c2f919eafa2e322f01db57a5376a2c2fca37f402a8e51f7161c5d016565050
-
C:\Windows\Temp\{eaa5b5bb-857e-c24b-8915-c44d3385c41b}\tapnordvpn.catFilesize
10KB
MD5ae5e7a3609077ef8ef287a90fa34599e
SHA10046cf86bb16e8aa8f036684a79e8ee2e47a6e96
SHA25650315c54f0f5727df5b00047757ab038d9946e2859deeacfa8d5d9d050b3fd8a
SHA51208efcec283a564a4956c7583209b403d6727e1cec08a4ac5241e897f40bbbb6b3f6bf3d4a08e2d2df7ac89826168367bb56a39dd1ad5d0cfcf3ce72760d5f0c0
-
C:\Windows\Temp\{eaa5b5bb-857e-c24b-8915-c44d3385c41b}\tapnordvpn.sysFilesize
48KB
MD5adbefa4c0ad655eae60fd5b58e6e7be4
SHA1c18fcab0dbaaf6407441a596411f33c454d8a345
SHA256b64ae9f92a2542ec8ce063f81ba96894076f2d5eba37e25c47018d0db38ef503
SHA512acb5498c70cc57e9b5667e1115ef1dcd7b345f619cf7a8734117f1f85dd2091787a4f9be3af8c306ba0b897b04644c936f242ef65d7b397a1a60cfa6a315ca66
-
memory/1836-296-0x0000000000400000-0x00000000004EB000-memory.dmpFilesize
940KB
-
memory/1836-155-0x0000000000400000-0x00000000004EB000-memory.dmpFilesize
940KB
-
memory/1840-982-0x000001A0EFC00000-0x000001A0EFC18000-memory.dmpFilesize
96KB
-
memory/1840-1125-0x000001A0EE1A0000-0x000001A0EE1B0000-memory.dmpFilesize
64KB
-
memory/1840-983-0x000001A0EFBB0000-0x000001A0EFBBC000-memory.dmpFilesize
48KB
-
memory/1840-995-0x000001A0EFD00000-0x000001A0EFD14000-memory.dmpFilesize
80KB
-
memory/1840-1124-0x00007FFC79E50000-0x00007FFC7A911000-memory.dmpFilesize
10.8MB
-
memory/1840-1057-0x000001A0EE1A0000-0x000001A0EE1B0000-memory.dmpFilesize
64KB
-
memory/1840-1058-0x000001A0EFD80000-0x000001A0EFD92000-memory.dmpFilesize
72KB
-
memory/1840-1055-0x000001A0F0520000-0x000001A0F0594000-memory.dmpFilesize
464KB
-
memory/1840-1052-0x000001A0EFD60000-0x000001A0EFD76000-memory.dmpFilesize
88KB
-
memory/1840-990-0x000001A0EFCE0000-0x000001A0EFCF4000-memory.dmpFilesize
80KB
-
memory/1840-1044-0x000001A0EFD20000-0x000001A0EFD3E000-memory.dmpFilesize
120KB
-
memory/1840-428-0x000001A0EE040000-0x000001A0EE050000-memory.dmpFilesize
64KB
-
memory/1840-979-0x000001A0EFBD0000-0x000001A0EFBF2000-memory.dmpFilesize
136KB
-
memory/1840-373-0x000001A0D5AD0000-0x000001A0D5ADE000-memory.dmpFilesize
56KB
-
memory/1840-372-0x000001A0D5AA0000-0x000001A0D5AAE000-memory.dmpFilesize
56KB
-
memory/1840-377-0x00007FFC79E50000-0x00007FFC7A911000-memory.dmpFilesize
10.8MB
-
memory/1840-378-0x000001A0EE1A0000-0x000001A0EE1B0000-memory.dmpFilesize
64KB
-
memory/1840-412-0x000001A0EE090000-0x000001A0EE0D4000-memory.dmpFilesize
272KB
-
memory/1840-978-0x000001A0F06B0000-0x000001A0F0836000-memory.dmpFilesize
1.5MB
-
memory/1840-440-0x000001A0EE070000-0x000001A0EE090000-memory.dmpFilesize
128KB
-
memory/1840-443-0x000001A0EE0E0000-0x000001A0EE0FA000-memory.dmpFilesize
104KB
-
memory/1840-444-0x000001A0EE050000-0x000001A0EE058000-memory.dmpFilesize
32KB
-
memory/1840-451-0x000001A0EE060000-0x000001A0EE06A000-memory.dmpFilesize
40KB
-
memory/1840-476-0x000001A0EEF60000-0x000001A0EF04A000-memory.dmpFilesize
936KB
-
memory/1840-503-0x000001A0EE120000-0x000001A0EE138000-memory.dmpFilesize
96KB
-
memory/1840-508-0x000001A0EE110000-0x000001A0EE11A000-memory.dmpFilesize
40KB
-
memory/1840-519-0x000001A0EE100000-0x000001A0EE10A000-memory.dmpFilesize
40KB
-
memory/1840-532-0x000001A0EE140000-0x000001A0EE150000-memory.dmpFilesize
64KB
-
memory/1840-558-0x000001A0EEC60000-0x000001A0EEC88000-memory.dmpFilesize
160KB
-
memory/1840-912-0x000001A0EF0F0000-0x000001A0EF108000-memory.dmpFilesize
96KB
-
memory/1840-580-0x000001A0EE150000-0x000001A0EE160000-memory.dmpFilesize
64KB
-
memory/1840-583-0x000001A0EE160000-0x000001A0EE16A000-memory.dmpFilesize
40KB
-
memory/1840-689-0x000001A0EF110000-0x000001A0EF1C2000-memory.dmpFilesize
712KB
-
memory/1840-704-0x000001A0EF1D0000-0x000001A0EF246000-memory.dmpFilesize
472KB
-
memory/1840-827-0x000001A0EE170000-0x000001A0EE17A000-memory.dmpFilesize
40KB
-
memory/1840-828-0x000001A0EED70000-0x000001A0EED82000-memory.dmpFilesize
72KB
-
memory/1840-839-0x000001A0EED90000-0x000001A0EEDA6000-memory.dmpFilesize
88KB
-
memory/1840-852-0x000001A0EF050000-0x000001A0EF076000-memory.dmpFilesize
152KB
-
memory/1840-855-0x000001A0EE190000-0x000001A0EE198000-memory.dmpFilesize
32KB
-
memory/1840-858-0x000001A0EE180000-0x000001A0EE188000-memory.dmpFilesize
32KB
-
memory/1840-887-0x000001A0EF0E0000-0x000001A0EF0E8000-memory.dmpFilesize
32KB
-
memory/1840-886-0x000001A0EE1A0000-0x000001A0EE1B0000-memory.dmpFilesize
64KB
-
memory/2744-162-0x0000000000A00000-0x0000000000A01000-memory.dmpFilesize
4KB
-
memory/2744-295-0x0000000000400000-0x0000000000727000-memory.dmpFilesize
3.2MB
-
memory/3196-118-0x0000000000400000-0x00000000004E1000-memory.dmpFilesize
900KB
-
memory/3196-26-0x0000000000400000-0x00000000004E1000-memory.dmpFilesize
900KB
-
memory/3196-0-0x0000000000400000-0x00000000004E1000-memory.dmpFilesize
900KB
-
memory/3584-1713-0x0000000070BC0000-0x0000000070BE1000-memory.dmpFilesize
132KB
-
memory/3584-1591-0x0000000070BF0000-0x0000000070D0F000-memory.dmpFilesize
1.1MB
-
memory/3584-1714-0x0000000070AD0000-0x0000000070BBE000-memory.dmpFilesize
952KB
-
memory/3584-1715-0x00000000709D0000-0x0000000070AC3000-memory.dmpFilesize
972KB
-
memory/3584-1716-0x0000000070910000-0x00000000709C3000-memory.dmpFilesize
716KB
-
memory/3584-1717-0x00000000708F0000-0x0000000070905000-memory.dmpFilesize
84KB
-
memory/4160-25-0x0000000007CA0000-0x00000000081CC000-memory.dmpFilesize
5.2MB
-
memory/4160-5-0x0000000000A10000-0x0000000000A11000-memory.dmpFilesize
4KB
-
memory/4160-27-0x0000000000400000-0x000000000071B000-memory.dmpFilesize
3.1MB
-
memory/4160-62-0x00000000742E0000-0x0000000074A90000-memory.dmpFilesize
7.7MB
-
memory/4160-23-0x0000000003780000-0x0000000003790000-memory.dmpFilesize
64KB
-
memory/4160-19-0x00000000742E0000-0x0000000074A90000-memory.dmpFilesize
7.7MB
-
memory/4160-116-0x00000000742E0000-0x0000000074A90000-memory.dmpFilesize
7.7MB
-
memory/4160-115-0x0000000000400000-0x000000000071B000-memory.dmpFilesize
3.1MB
-
memory/4160-18-0x00000000042E0000-0x00000000042F0000-memory.dmpFilesize
64KB
-
memory/4160-61-0x0000000000400000-0x000000000071B000-memory.dmpFilesize
3.1MB
-
memory/4160-55-0x0000000000400000-0x000000000071B000-memory.dmpFilesize
3.1MB
-
memory/4160-58-0x0000000000A10000-0x0000000000A11000-memory.dmpFilesize
4KB
-
memory/4160-112-0x0000000000400000-0x000000000071B000-memory.dmpFilesize
3.1MB
-
memory/4160-24-0x0000000074B80000-0x0000000074B90000-memory.dmpFilesize
64KB
-
memory/4160-60-0x00000000042E0000-0x00000000042F0000-memory.dmpFilesize
64KB
-
memory/4572-71-0x0000000000400000-0x00000000004E1000-memory.dmpFilesize
900KB
-
memory/4572-1347-0x0000000000400000-0x00000000004E1000-memory.dmpFilesize
900KB
-
memory/4572-63-0x0000000000400000-0x00000000004E1000-memory.dmpFilesize
900KB
-
memory/4740-145-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-1056-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-69-0x00000000008F0000-0x00000000008F1000-memory.dmpFilesize
4KB
-
memory/4740-1289-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-120-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-366-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-141-0x00000000035F0000-0x0000000003600000-memory.dmpFilesize
64KB
-
memory/4740-1149-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-157-0x0000000073E60000-0x0000000074610000-memory.dmpFilesize
7.7MB
-
memory/4740-154-0x00000000035F0000-0x0000000003600000-memory.dmpFilesize
64KB
-
memory/4740-149-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-146-0x00000000008F0000-0x00000000008F1000-memory.dmpFilesize
4KB
-
memory/4740-890-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-1345-0x0000000000400000-0x000000000071C000-memory.dmpFilesize
3.1MB
-
memory/4740-140-0x0000000003720000-0x0000000003730000-memory.dmpFilesize
64KB
-
memory/4740-143-0x0000000073E60000-0x0000000074610000-memory.dmpFilesize
7.7MB
-
memory/4740-142-0x0000000074700000-0x0000000074710000-memory.dmpFilesize
64KB
-
memory/4920-1375-0x0000000070BF0000-0x0000000070D0F000-memory.dmpFilesize
1.1MB
-
memory/4920-1761-0x0000000070860000-0x000000007086F000-memory.dmpFilesize
60KB
-
memory/4920-1759-0x0000000070870000-0x00000000708E8000-memory.dmpFilesize
480KB
-
memory/4920-1150-0x00000230FB360000-0x00000230FB36E000-memory.dmpFilesize
56KB
-
memory/4920-1151-0x00000230FB390000-0x00000230FB39E000-memory.dmpFilesize
56KB
-
memory/4920-1155-0x00007FFC79E50000-0x00007FFC7A911000-memory.dmpFilesize
10.8MB
-
memory/4920-1760-0x00000000709D0000-0x0000000070AC3000-memory.dmpFilesize
972KB