0% found this document useful (0 votes)

167 views

Global Verdict Report 4

This document summarizes the analysis of a suspicious file. The file was found to be benign on one virtual machine but exhibited malicious behavior on another, including modifying file times, creating and modifying files, starting processes, modifying the Windows registry to enable auto-start, opening command prompts, querying user accounts, and creating executables in user folders. These behaviors suggest the file may be malware that aims to establish persistence and maintain itself on infected systems.

Uploaded by

Fabricio Vindas

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

167 views

Global Verdict Report 4

Uploaded by

Fabricio Vindas

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 35

1 File Information

File Type PE

File Signer nordvpn s.a.

SHA-256 de73ece9255286b498b78a9c11d43079d01637fed1435d4cfb44dd68cc104614

SHA-1 3fbb5503d76322fdd5b1f5b88b40fc9118399c59

MD5 bda5f85a3c990bf7b082edbe93bd3603

File Size 79863408bytes

First Seen Timestamp 2023-07-03 13:22:20 UTC

Verdict Malware

Antivirus Coverage VirusTotal Information

2 Static Analysis

2.1. Suspicious File Properties

This sample was not found to contain any high-risk content during a pre-screening
analysis of the sample.

Contains sections with size discrepancies

Sections with a large discrepancy between raw and virtual sizes may indicate a packed or obfuscated PE file.

Contains overlay data

Overlay data is extra data appended to the end of a PE image. Many legitimate files, including all files that
are digitally signed, contain overlay data. However, malware often uses overlays to embed encoded or
encrypted data as well.

Contains non-standard section names

Standard section names are defined by the compiler. Non-standard section names may indicate a packed or
obfuscated PE file.

Contains sections with zero size

Sections with zero size indicate a packed or obfuscated PE file.

PE file has embedded security directory

PE file has embedded security directory.

3 Dynamic Analysis

1/36
3.1. VM1 (Windows 7 x64 SP1, Adobe Reader 11, Flash 11, Office
2010)

3.1.1. Behavioral Summary

This sample was found to be benign on this virtual machine.

Behavior Severity

Created an executable file in a user folder

User folders are storage locations for music, pictures, downloads, and other user-specific files. Legitimate applications
rarely place executable content in these folders, while malware often does so to avoid detection.

Created or modified a file

Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify files
to deliver malicious payloads or maintain persistence on a system.

The idle time between two API events are too long.
The idle time between two API events are too long.

Boot or Logon Autostart Execution

Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain
persistence or gain higher-level privileges on compromised systems

Crashed with GPF.

This sample cause crash with a general protection fault.

3.1.2. Network Activity

No network data available.

3.1.3. Host Activity

Process Activity

Process Name - sample.exe

(command: C:\Users\Administrator\sample.exe)

File Activity

File Action Size(B) File Type Hash

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nsc7408.tmp Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nsi76D8.tmp Create N/A N/A sha1:N/A
sha256:N/A

md5:0d7ad4f45dc6f5
aa87f606d0331c6901
sha1:48df0911f0484c
be2a8cdd5362140b6
C:\Users\ADMINI~1\AppData\Local\Temp\nsi76D8.tmp\System.dll Create 12288 dll 3c41ee457
sha256:3eb38ae9965
3a7dbc724132ee240f
6e5c4af4bfe7c01d31
d23faf373f9f2eaca

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nsc7408.tmp Delete N/A N/A sha1:N/A
sha256:N/A

2/36
md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nsi76D8.tmp Delete N/A N/A sha1:N/A
sha256:N/A

Created Mutexes

Mutex Name

f7c32559-6c31-590a-9972-0bea54b04213

Event Timeline

1 Created Process C:\Users\Administrator\sample.exe

2 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nsc7408.tmp

3 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nsc7408.tmp

4 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nsi76D8.tmp

5 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nsi76D8.tmp

6 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nsi76D8.tmp\System.dll

7 Created mutex f7c32559-6c31-590a-9972-0bea54b04213

3.2. VM2 (Windows 10 x64, Flash 22, Adobe Reader 11, Office 2019)

3.2.1. Behavioral Summary

This sample was found to be malware on this virtual machine.

Behavior Severity

Sample used SetFileTime to modify file last write time.

Created or modified a file

Legitimate software creates or modifies files to preserve data across system restarts. Malware may create or modify files
to deliver malicious payloads or maintain persistence on a system.

Started a process
A process running on the system may start additional processes to perform actions in the background. This behavior is
common to legitimate software as well as malware.

Modified the Windows Registry

The Windows Registry houses system configuration settings and options, including information about installed
applications, services, and drivers. Malware often modifies registry data to establish persistence on the system and avoid
detection.

Modified the Windows Registry to enable auto-start

The Windows Registry Run keys allow an application to specify that it should be launched during system startup. Malware
often leverages this mechanism to establish persistence on the system and ensure that it will be run each time the system
boots up.

Opened a Command Prompt window

Command Prompt is the built-in Windows command-line interface. While it is common for users to open Command Prompt
windows, legitimate applications rarely do so.

Opened a Windows PowerShell window

Windows PowerShell is an enhanced command-line interface and scripting environment for administrators. While it is
common for users to open PowerShell windows, legitimate applications rarely do so.

Called WMI Query for User Accounts.

ICalled WMI Query for User Accounts on a computer system running Windows.

Created a file in the Windows folder

The Windows folder contains the core components of the Windows operating system. Malware often modifies the contents
of this folder to manipulate the system, establish persistence, and avoid detection.

3/36
Created an executable file in a user folder
User folders are storage locations for music, pictures, downloads, and other user-specific files. Legitimate applications
rarely place executable content in these folders, while malware often does so to avoid detection.

Started a process from a user folder

User folders are storage locations for music, pictures, downloads, and other user-specific files. Malware often runs
executable content out of these folders to avoid detection, while legitimate applications are usually run out of the
Windows, Windows system, or Program Files folders.

Boot or Logon Autostart Execution

Adversaries may configure system settings to automatically execute a program during system boot or logon to maintain
persistence or gain higher-level privileges on compromised systems

Modified the Windows Registry with reg.exe

The Windows Registry houses system configuration settings and options, including information about installed
applications, services, and drivers. Malware often modifies registry data using reg.exe, rather than directly, to avoid
detection.

Identify System domain DNS controller

Identify System domain DNS controller on an endpoint using nslookup LDAP query. This command is being abused by
malware to gather information on the domain controller of the targeted or compromised host.

Modified the Windows Registry to enable auto-start for a file in a user folder
The Windows Registry Run keys allow an application to specify that it should be launched during system startup. Malware
often leverages this mechanism to ensure that it will be run each time the system boots up, and may run content out of a
user folder to avoid detection.

Check presence of security software

The presence of security software such as anti-virus or endpoint protection is occasionally checked by software vendors,
however it is mostly observed in malware to determine its course of action and execution.

Sample talk to a domain which also acts as its own name server.
Sample talk to a domain which also acts as its own name server.

Used SSL
SSL is a certificate-based cryptographic protocol for secure communication over the Internet. Malware often
communicates over SSL to hide its traffic from network security systems, like most firewalls and IPSes, that do not offer
SSL decryption.

Called WMI ExecQuery.

Sample used SetFileTime to modify file creation time.

3.2.2. Network Activity

DNS Queries

Domain Name Query Type DNS Response

debug2.nordpass.com A 104.18.29.90

api.nordpass.com A 104.18.29.90

api-toggle.nordpass.com A 104.18.28.90

cloudflare.net NS ns4.cloudflare.net

downloads.npass.app A 104.18.26.211

debug2.nordpass.com A 104.18.28.90

secure.globalsign.com A 104.18.21.226

api.nordpass.com A 104.18.28.90

secure.globalsign.com A 104.18.20.226

s1.npass.app A 104.18.26.211

cloudflare.net NS ns2.cloudflare.net

centralus.cloudapp.azure.com NS ns10-201.azure-dns.net

cloudflare.net NS ns1.cloudflare.net

4/36
npass.app NS seth.ns.cloudflare.com

centralus.cloudapp.azure.com NS ns12-201.azure-dns.info

npass.app NS lily.ns.cloudflare.com

downloads.npass.app A 104.18.27.211

centralus.cloudapp.azure.com NS ns9-201.azure-dns.com

s1.npass.app A 104.18.27.211

cloudflare.net NS ns3.cloudflare.net

cloudflare.net NS ns5.cloudflare.net

nordpass.com NS seth.ns.cloudflare.com

api-toggle.nordpass.com A 104.18.29.90

nordpass.com NS lily.ns.cloudflare.com

centralus.cloudapp.azure.com NS ns11-201.azure-dns.org

Connections

Host Port Protocol Country

104.18.29.90 443 TCP US

104.18.28.90 443 TCP US

104.18.27.211 443 TCP US

3.2.3. Host Activity

Process Activity

Process Name - sample.exe

(command: C:\Users\Administrator\sample.exe)

Process Activity

Child Process Action

,cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq NordPass.exe" | %SYSTEMROOT%\System32\find.exe "NordPass.exe" Create

,powershell -Command cmdkey /list | ForEach-Object{if($_ -like '*Target:*' -and $_ -like '*NordPass/*'){cmdkey /del:($_ -replace ' ','' -replace
Create
'Target:','')}}

File Activity

File Action Size(B) File Type Hash

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nseEBC8.tmp Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\System.dll Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\StdUtils.dll Create N/A N/A sha1:N/A
sha256:N/A

5/36
md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\installerHeaderico.ico Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\SpiderBanner.dll Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\nsExec.dll Create N/A N/A sha1:N/A
sha256:N/A

md5:f58697f2e09953
060aacd3cc722991a
7
sha1:f96d7e95be520
deb5ae698647a9877
C:\Users\Administrator\AppData\Local\Programs\nordpass\uninstallerIcon.ico Create 118059 unknown c3d64591c7
sha256:57b0bec3ec6
fb57734de148dd871
a931033d491de5103
edc09265fd2ccf670b
7

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\app-64.7z Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\nsis7z.dll Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\chrome_100_percent.pak
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\chrome_200_percent.pak
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\icudtl.dat Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\LICENSE.electron.txt
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\LICENSES.chromium.html
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\af.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\am.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ar.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\bg.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\bn.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ca.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\cs.pak Create N/A N/A sha1:N/A
sha256:N/A

6/36
md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\da.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\de.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\el.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\en-
Create N/A N/A sha1:N/A
GB.pak
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\en-
Create N/A N/A sha1:N/A
US.pak
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\es-
Create N/A N/A sha1:N/A
419.pak
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\es.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\et.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fa.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fi.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fil.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fr.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\gu.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\he.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hi.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hr.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hu.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\id.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\it.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ja.pak Create N/A N/A sha1:N/A
sha256:N/A

7/36
md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\kn.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ko.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\lt.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\lv.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ml.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\mr.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ms.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\nb.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\nl.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pl.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pt-
Create N/A N/A sha1:N/A
BR.pak
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pt-PT.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ro.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ru.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sk.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sl.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sr.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sv.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sw.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ta.pak Create N/A N/A sha1:N/A
sha256:N/A

8/36
md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\te.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\th.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\tr.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\uk.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ur.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\vi.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\zh-
Create N/A N/A sha1:N/A
CN.pak
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\zh-
Create N/A N/A sha1:N/A
TW.pak
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources.pak Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\app-
Create N/A N/A sha1:N/A
update.yml
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\resources\app.asar
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\resources\app.asar.unpacked\dist\desktop\main\addon.node
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\resources\app.asar.unpacked\dist\desktop\main\binding.node
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\resources\app.asar.unpacked\dist\desktop\main\keytar.node
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\snapshot_blob.bin
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\v8_context_snapshot.bin
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\vk_swiftshader_icd.json
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\d3dcompiler_47.dll
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\ffmpeg.dll Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\libEGL.dll Create N/A N/A sha1:N/A
sha256:N/A

9/36
md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\libGLESv2.dll Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\NordPass.exe Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\resources\elevate.exe
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\resources\nordpass-background-app.exe
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Create N/A N/A sha1:N/A
out\vk_swiftshader.dll
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\vulkan-1.dll Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\Administrator\AppData\Local\Programs\nordpass\Uninstall
Create N/A N/A sha1:N/A
NordPass.exe
sha256:N/A

md5:N/A
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start
Create N/A N/A sha1:N/A
Menu\Programs\NordSec\NordPass.lnk
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\WinShell.dll Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\Administrator\Desktop\NordPass.lnk Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nseEBC8.tmp Delete N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp Delete N/A N/A sha1:N/A
sha256:N/A

md5:443C58245EEB2
33D319ABF7150B99
C31
sha1:f889ce632bd8cf
bb68ee9a6d8252e58
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 135956 unknown b63e492d
out\chrome_100_percent.pak
sha256:99CA6947D9
7DF212E45782BBD5
D97BFB42112872E1C
42BAB4209CEEDF66
DC760

md5:81B5B74FE16C7
C81870F539D5C2633
97
sha1:27526cc2b68a6
d2b539bd75317a20c
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 195935 unknown 9c5e43c889
out\chrome_200_percent.pak
sha256:CB4FD141A5
C4D188A3ECB203E9
D41A3AFCA6487241
60E212289ADCAC66
6FBFF4

md5:45FE4E7E27658
DB30BBD40AF2490F
7C3
sha1:9b0db7c67a047
1963e92992dc11e94
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 4917672 PE 998bed05eb
out\d3dcompiler_47.dll
sha256:F4B8ADE822
052E6C38E1039AEE1
A11B3DA0B4F12559
14220040A4803948D
6DA9

10/36
md5:CD9CD08783D8
F153844AA892E4174
F37
sha1:6acd551751e70
d20722215e9ddea66
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\ffmpeg.dll Delete 2889640 PE b37c6f5f9
sha256:54E63E92C67
67BF748BD59C8E3C
E627154678ACB55F5
00013D767D0DB397
4AA8

md5:2134E5DBC46F
B1C46EAC0FE1AF710
EC3
sha1:dbecf2d193ae5
75aba4217194d4136
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\icudtl.dat Delete 10544880 unknown bd9291d4db
sha256:EE3C8883EFF
D90EDFB0FF5B758C5
60CBCA25D1598FCB
55B80EF67E990DD19
D41

md5:EE86E6B8EF07A
E3FA5AD3AA292D4D
72F
sha1:d2622ac3fb24a
7eb48e8e44cb16ab0
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\libEGL.dll Delete 490920 PE c2e039cdd
sha256:15D3391A1A
26862F28D4623DE96
3BFED2D6520FD0C4
D263FD50D75836A1
B960C

md5:873E833F6E15B
9C57548419EFE1CD3
F8
sha1:cd62d5e4ead66
b55aedb9d6213309a
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\libGLESv2.dll Delete 7417256 PE 377a704817
sha256:6DF8803FF13
35F5627085C76BBFA
927380ECDA1998392
8A00CF4AE7B448A3
A46

md5:4D42118D3594
1E0F664DDDBD83F6
33C5
sha1:2b21ec5f20fe96
1d15f2b58efb1368e6
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 1096 unknown 6d202e5c
out\LICENSE.electron.txt
sha256:5154E165BD
6C2CC0CFBCD89164
98C7ABAB0497923B
AFCD5CB07673FE848
0087D

md5:D5B1F4D67BBB
923AE30F5D5AC424
B269
sha1:e751270f329f8f
5cc882e6151578914
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 8242535 unknown 21f569c79
out\LICENSES.chromium.html
sha256:6BB288835B
C59B4550338D8034E
F8FB9F05714E890EC
08C327149C82142CB
4EA

md5:B293CC5EA7DB
02649BD7D386B8FA
0624
sha1:32169b9d9b7a0
fb7ecdaf650c989e95
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\af.pak Delete 390307 unknown 6291772
sha256:7BB75ADEF0
2D28819F1BD3B42F
A46ED56D6DFBEAE0
72341997B09B8C1F5
2D8DC

11/36
md5:D3F48B60620C5
BBE519DB9C0CFB63
4DE
sha1:7b54a0bf25b2e
cfd78c2ad7dfb6f6a0
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\am.pak Delete 634666 unknown 9bfd20abc
sha256:1974DE0984
976556288A4612D5F
38FE0FF21E868BDD8
77BA5D5FDE3BB4C9
E36D

md5:0FF7A127CA014
98E946394AAD36486
74
sha1:a7ae6aaeced53
b096a8f3005c666fef
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ar.pak Delete 696410 unknown 3f1138db0
sha256:DA3294B3C8
CD12000A4FC661061
8A96B82D1CA67A76
4FB6387C7EDB388B
6C6FC

md5:5F629042A1C50
1B290EEC5EA3FCC67
79
sha1:d6b304838630b
bbb375c21a0e6de3e
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\bg.pak Delete 723768 unknown 1ea600ead8
sha256:571E87F9C62
CFEA2A2303674F93B
A879D9B899AFCE4D
D7E47DDF5E6781B7
D4A6

md5:35F1083544E86
BB85FE5860B36B743
E2
sha1:27ad8b23fc03f9
b26eb5125e886d18e
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\bn.pak Delete 933489 unknown e3798765b
sha256:28E1441C495
0A90717EBD0641B1F
0B4A087CBDDEAC39
EDB2618B7D24FBF5
A58D

md5:A69946C79799
DDE4EAD4EE6F27D7
FBC4
sha1:f304240b57df7
81eb38eb3968b8110
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ca.pak Delete 440997 unknown db24f18de3
sha256:6CF25816859
B95A5BA7B50578C1
4630105AA5C078338
A4D67F15DF0AAB58
233F

md5:F311807C2F5DB
6FBDD8F513F660BE9
38
sha1:f5ec379b83e53
0e67ab44964e75aed
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\cs.pak Delete 451998 unknown 409984dc03
sha256:60CAD724B1
FD9820FA6ED7278B6
1E65A410255ABB033
5EEC2E5195147E827
939

md5:4BFEE234AC9E0
4FE60D97F67F881EB
B1
sha1:bf2b676c62685
80b179fd9716d54cd7
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\da.pak Delete 410100 unknown fbca36334
sha256:D4D8CE557A
333310FF0F59D6225
C41CBDE396FCCF08
72605252425A91723
0894

12/36
md5:169D036FC7855
4A8011C72644D7C8
129
sha1:5bf6df20d0f438
3c1162e787d019e82
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\de.pak Delete 438169 unknown 2cea6a87e
sha256:5883C8B60F4
3C5E12437EEFA5D74
DACF9C16E6187526
DF74A53F2ECA9E6F3
D62

md5:33309B3685F75
753AAE6316B8D4AFF
8A
sha1:4d53b3f62f020
e2556bbdc4aa6adc0
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\el.pak Delete 793598 unknown 50fee36d96
sha256:795BAA943E
85A4C4B425163C7A
27F08FD02A825E413
87E24330921BCA2A4
A35E

md5:F7754EEFDF5E7
91032E71502C7943F
2F
sha1:aa9cde895db45
56e55cd6d408793a5
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\en-
Delete 356693 unknown 3f4dd3977c
GB.pak
sha256:04820F38B26
1B4AE387B2A77EE6F
5F1DDFABFE0D7FE7E
61AB92D5E23823B2
9F0

md5:06D28839EA0B
3AAB4597BA8646A5
3A96
sha1:9c6a74aae8c78
3546d613c6f38cbfc8f
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\en-
Delete 359427 unknown 5e3736f1
US.pak
sha256:69C1A2E1B3
0D83612DECF1A8DD
7B124A04F58E9F246
5876726F02F7F7D5E
B54A

md5:0493A22F5FC4A
D6C1A80B20BD9798
125
sha1:cea3f467fc1f4c
d62b84bc31b61f4c8e
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\es-
Delete 435475 unknown 3bcdfd3
419.pak
sha256:9B1E39D81D
F128A6CF0EA6336BE
FE3336D8FEA3872C7
50600CB382A8D44A
A39A

md5:EFC938DF6436E
429C5C3EA6D03DEE
875
sha1:aa0b1458fa0a7
549254f647cc9434ea
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\es.pak Delete 435669 unknown f396aae44
sha256:591E454D9E
530561540460448DA
5E346BD5A034FE5B
A153B81284F820B91
4329

md5:CCD361017778
964DE23BF1D741CB
888A
sha1:5b03055387629
8791b7a8332635f3d
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\et.pak Delete 393348 unknown 7996c09dd
sha256:41883AF1E49
CC180FB48E02659E7
5B0169D974D77373
CF7BB2A4EA02DD65
4E26

13/36
md5:F036F51B53F87
AAA9BFEE6FE62D863
78
sha1:c9441fe85d557
eabd084283380bd12
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fa.pak Delete 644142 unknown 93a29f54ca
sha256:89CB2E20CA
3DA9E670D5E56523
C3159FC59CC451C00
F568FE85DEE71690E
3649

md5:F87A1CCBCF3D
B6988E95E94333BC5
A4F
sha1:e85f8446eb74d
8bd4318354ec98135
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fi.pak Delete 401959 unknown c17afe3248
sha256:052A72C9D6
F2BB55F02FB1C5C4C
68525A32B8CC9120
C270D07D7B813D60
4F7DC

md5:2E6A6728BD5A
09339AC01A38BF686
310
sha1:619e27f3c99eff
8f2df3ba2287c6f7fe0
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fil.pak Delete 453534 unknown b5b063
sha256:E8F03C2E9C8
8ADB04648EF93F9EA
3CFF87641638AC97C
9A6752B751E7F7A8A
20

md5:3CD3E6B45351
BE7521934D3FEE163
7D3
sha1:412dd48092448
2ff5231a10146966e7
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fr.pak Delete 470906 unknown 1980c6f8c
sha256:7D8B3DBB97
92891088E60B26265
CD7B4F044D3EC213
0A95E249EF979B7B7
B286

md5:0C33E2A35EAA
ED3572F31E7B24D44
93B
sha1:278498568109e
a7d6cb34c634316f95
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\gu.pak Delete 907786 unknown b4155b64
sha256:0F0FEE8A2F2
2F80A0C4A758E7F4F
D90D40BE4048DCAB
0D824135CAA5E92EF
D5D

md5:0B47E584B7CA
CAEC9DB4202CFBB6
9BAF
sha1:fc08bee15ac6a
3a94a7ffeb87e76f73
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\he.pak Delete 562854 unknown 77e490f75
sha256:F7D753020BF
136D4B878AAB4F82
6C31DD283486AA50
9CD488326FDC25F77
F80E

md5:A11BD9D8C3A1
EF8C200EFB0B5C496
022
sha1:652d2532f0605
2b31dd31d27e91447
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hi.pak Delete 950423 unknown ca1c692b5f
sha256:40CD407204
BC8F9148014D45914
3A78C33D2C61A140
F05091AA9C20817B2
2BC5

14/36
md5:FD00F07CD205
ACFD59941B551A0E
8FE7
sha1:d61f986a21919
4b926faa5a5daf7dc5
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hr.pak Delete 438449 unknown daeda8023
sha256:104192F0C9F
A89C7B08CC53CEE8
E7DE4D4779B9C197
99E2296CFA7341654
6B92

md5:2FEF83993A62F
73F8E4B40A6E28A08
5C
sha1:8bae181f3eed8
d5ea8fb0f912c679e6
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hu.pak Delete 472048 unknown 08ee7c008
sha256:CA4B4C7C7B
E45EA0871ABF7D566
8AB948F712A02FAC
DC1D6BBC189B1B35
22446

md5:E926CF6B6239D
AF87C77242E379A7F
29
sha1:41737fcfdbe836
8062c7b8e7f15a03f5
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\id.pak Delete 386874 unknown b46af480
sha256:3201D504A7
772113FBD4209DE39
EA16AA5A1D567827
C51468BF50ECC92D
1B616

md5:16F657640D67F
10D93BF0BAC80D23
D82
sha1:fdf210da4f37f0
4142aad1fd5369839
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\it.pak Delete 427790 unknown 2c91dbe4f
sha256:E4F9CF33C2
DD8ADB450029FD43
F603B1E0730DD0ED
66599AFB0CFF7D78F
AFB2E

md5:9192661C73A42
19398C34364FF9572
80
sha1:8ddd5fa769088
120ae9d952ba87900
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ja.pak Delete 521880 unknown 6c80815886
sha256:92DF6A6DB0
21B480F76B91249BE
DE4102DAC600B7A4
59FBF4446457AF8C2
9081

md5:DBEBAC707A3E
A23EE21AD16F4C99E
7DE
sha1:e0cf7cddcb2c5d
0d4dc19b00fd2adcb7
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\kn.pak Delete 1047485 unknown 0e06a6e
sha256:9ACC6BB863
29A1606F9ECD6170B
77F212A1B8EF85CED
F65B2320ECA715C4C
6A8

md5:FDE2B0F2A810A
2D853A46BDA17D45
2F6
sha1:8a04e5473be00
bf3dd80bc44eb5e019
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ko.pak Delete 439662 unknown 6f4fb0622
sha256:70F9B65C9B
554AC64B4E690C77
BFC7A524C4C483CC
063254BEDEEA20EE4
37D15

15/36
md5:F40E916FC2E1A
BBFF97D39964250D0
E2
sha1:957a575fa4b0cf
406201aa15fc39d849
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\lt.pak Delete 474696 unknown 11d66ab9
sha256:3F380B4772A
A391AE562318247B7
D981D7EA128CB416
57C25A9BFD1052E69
8C1

md5:EFBFFD8C85DF4
A3A1D190F1F50C0D
82B
sha1:363df0e02faba
e4339d90e3daa2172
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\lv.pak Delete 472365 unknown 576c355ab0
sha256:AF1F3DEB4B
AD0A8933AC9BA122
557901061518A6BC4
1CBAB129B3A1A173
62BCB

md5:D7B31F00E4F65
0F40E10C2C8379AB7
B0
sha1:da94e2b3fbb93
5a9abe76d08e0f85cb
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ml.pak Delete 1091747 unknown e631cb16
sha256:6F203A64BC
4766CCE23BA6FF575
6875B450E945E894A
FE471D998BD2AC71
DBC0

md5:F6E22BEB66334
014C49C721CF4BE0F
77
sha1:b5f59891b4819
785dbcb1c168a51ba
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\mr.pak Delete 891799 unknown 0eae462392
sha256:D0D4352ECF
8BF9592E810DF2DC4
0E6BA162014A17826
C6BFB1B8BD8DB840
75F3

md5:2C4056D84B98
0267FAADD69D52C1
7086
sha1:3b3c5fcf182d86
a170c8f35c41bf3869
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ms.pak Delete 404856 unknown a82b362
sha256:163EB7BA5F
0C61ACB6443709C2
4E38CA6370A33F89A
12E13D0A57C258A8
7CA16

md5:D4E75AF4416E9
8C406000CDABB1F4
70D
sha1:bc68b12f3ad68
1ee65d0cc4e0659a8
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\nb.pak Delete 396011 unknown 548dda1f
sha256:7A69A2BD54
012986BAD91B32F04
5D85555319EFB9A9F
817FEFD8289A9AD23
119

md5:E3B4D575DC7A
CAE2F29AD962B6F07
3A8
sha1:7947434ebc6ea
720668f3e10cf9f5a9
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\nl.pak Delete 408326 unknown 674a431f1
sha256:71EBA0A028
0BF70A7CD596CAD9
7AB4569217AE3278A
046C6BA8DACD987A
23DF4

16/36
md5:CEC7E878F86C3
D60D9B37A1BF9E1C
792
sha1:f0deab58aa38a
4d925d742b8956753
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pl.pak Delete 455676 unknown 55d6dd367d
sha256:2E9384816D
17EB39240B0B26E93
CAA5BEE232836DEE
6384F76A4C1BA98DF
C734

md5:CA1F076B81611
85811CA14D7C2469
B65
sha1:b7e3a34e79c29
180c52e84dd2cb98c
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pt-
Delete 429318 unknown 6383e37485
BR.pak
sha256:FACA8D85FB
57806F3801160C297
FA568DF1D82C24F16
CA487EE338E7AA3E4
BF1

md5:446671881E826
6FF7A625D36E75C1E
8F
sha1:f4600e32d359d
2af354a609e48e36f0
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pt-PT.pak Delete 431100 unknown c917c6dec
sha256:1C90B118FB
760F6ACBCD000E90
8A390EF4687447BA7
2003CF42FD998B4D0
E239

md5:6805D8F53FB30
1AA1C70EC9886DF8
769
sha1:78cf4ca5fd24ce
88e912c172da308bb
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ro.pak Delete 445092 unknown 1cb6b1070
sha256:A322744798
D3930738FECACFCD
B5A474A4DE656AEB
363F2B2F11503E633
3801B

md5:287AC572F9F68
01D22D129CBDF6CA
56D
sha1:7f6c98136e754
8412825ce2456afa86
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ru.pak Delete 728615 unknown c34aa35b0
sha256:6D9FB7DEF1
3400D9FC49FA16A65
F9DD8D68A3A49DBB
5F8C6A984E6EBBB41
5384

md5:055B58E866D3E
20E1ACE65308D3A1
91D
sha1:1a34b45acb6f9
3a629748736ffeb00a
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sk.pak Delete 459338 unknown ffb376283
sha256:4F5E6EF643F
E4B26E6607D7AB52
9515B356BADAA50C
CAF9142FE6275EB57
BF0D

md5:1B02B0834B8B
BD12A77F7FFF09E1D
81A
sha1:1898cfedde55a
ae37f7578b88cb0bca
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sl.pak Delete 443886 unknown f61e1d52
sha256:B36E1FE2405
CC4B9F34587E30DA
2FEADAA6F03124769
B02F79333ADACADD
B49B

17/36
md5:A1D591D8E167
48B52720094042F3F
60F
sha1:945c33657af95
1882718bd21ca72fe0
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sr.pak Delete 682491 unknown a56315ee
sha256:F4B900D292
5F823FDC1740F1156
F9900C44BA6A6E12B
C3690F0AB70CA7A8
4EDA

md5:094D695448165
35E4D040EF0CE9231
00
sha1:5891cdc73bc4c
112855d099ee112da
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sv.pak Delete 398582 unknown 0c3e9cea81
sha256:110112C2F7F
F5D3C8599036669D1
56E96EC19E70515FB
BA3BBCB2043AB994
680

md5:C7B196938B6C
5678D58CED6DBA76
E77E
sha1:5a2da5121689b
6d216f4757fea97118
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sw.pak Delete 418265 unknown b43c7316
sha256:BDD5F68349
E39363558B3CFB6B0
B7DAECA53CBAFC46
4009F32E96C9561FC
C95D

md5:ABF95E05D7980
43ABF4F2F514C0517
A9
sha1:b8c6c1cdcbfea0
3fb106c7a44385a3a8
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ta.pak Delete 1078050 unknown e6806aa6
sha256:9CD624A974
93282AFED3B9B1E84
8B12639234FA54C04
B22128169924F9C92
777

md5:446AE5F5A5320
274D26B4CD3FA221
7E6
sha1:d68d91e0739f3
c4982f123e5376f9e3
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\te.pak Delete 997253 unknown 1d6fe95
sha256:5FC26BE9164
230DA66408E764006
C77BC0769648392D
A36AA4EADA7B5701
22D4

md5:4D33F6F44EDCF
206F2408120F507B1
C3
sha1:52fe9f58177eec
f7476ac8f827580504
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\th.pak Delete 836893 unknown 210470e1
sha256:E1D9FEEF119
988BD7D3800CC318
EEBC92E0D00B9025
58C073D634052A974
34A4

md5:675C7B24716EF
5781214724865077A
03
sha1:77b32a5adcf96
b9969d0f9adbb0580
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\tr.pak Delete 425819 unknown 262bc30968
sha256:2CCDAB4226
ED4DD1FBAFC2F38C
D24C27D985EF90CD
45EFC2BAD75F46E38
3F2B0

18/36
md5:0F50471F97053
C4965025495F0A859
E2
sha1:d2d1c5427fab4
ebedba9c54b424265
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\uk.pak Delete 728809 unknown 2772e5b13
sha256:393298AAAD
C405DE720AAA7EDE
4B16D3D57337160B
C52FF0B66DB5E1F7A
F5FD7

md5:D85CB34C33A9
5AE444D49CA58F809
B00
sha1:f85c7c5c1a5f4b
441fb70436f100b029
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ur.pak Delete 637078 unknown 7711608
sha256:710F92EC980
615110DD4EE669000
60E2FBBC14DD2C42
DAB006C690AB3C23
D520

md5:F82332DD74B7
7F5FD87368545A086
7F4
sha1:d70b461978c97
2b119556bc1f018a8c
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\vi.pak Delete 504079 unknown dd96fadb6
sha256:C95B2816A6
BEC4A75F8999BDCB
FF5466012458F0DAD
12D549D87D84C819
CF028

md5:DB6958F5B69EE
A00CAF17BC0812929
A8
sha1:2b6861ff24ddd
bafa08a17ab81b762
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\zh-
Delete 365939 unknown b03c1df3
CN.pak
sha256:8143A221D6
8B5AE06B040BCD95
677C2781021D006A
D88241B3CBFE9985
D3BC49

md5:2577B46FD051C
4707CF4C8AE6C0399
F7
sha1:ff22154ec825a7
63e7b44073cdfc7dfd
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\zh-
Delete 361866 unknown dd8abc4a
TW.pak
sha256:ABD9E0B229
9D4366834C65EF550
8D7A0389EA0F4DA3
6AED9199EB81ADB7
02F42

md5:AD4C917B22E7
7A1F64B50F54DD571
16A
sha1:6f908556b1cc8
cf0f9e9a6cb93275f4
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\NordPass.exe Delete 163426216 PE 75b92478
sha256:F522B94A643
91159ED8AAA73EFF1
902D7A74F3D5A6A2
CF2733DB5AB5EC26
8A38

md5:0671DA16472B
02A0BC5CBC476475
FFFE
sha1:f30602e6c6d47
1226185004355dec5
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\app-
Delete 97 unknown 867a9b48b
update.yml
sha256:2287F48036C
E2DF8EC17118ABF1E
D191D6D481F7F3988
F0C718A91EDE0E771
35

19/36
md5:E6EADBFBAD6E
7CE90C14CD31CB8A
27D4
sha1:d7a275577abfd
559ffd50752c555947
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 20490758 unknown 784d19ff
out\resources\app.asar
sha256:4109099378
D6137BC2F69C020D
1BA663963261FAF01
1540171D3117E8757
B383

md5:68C32253E1E8F
7F9CF7F137B5721B1
3F
sha1:3da5af7ec475fc
43482973db3de43e8
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 97280 PE bc1831316
out\resources\app.asar.unpacked\dist\desktop\main\addon.node
sha256:8714B5FC8D
83E298736564FA06B
F5CE74D446A5A5F70
9058192C5A0F0042E
8E4

md5:0A435F262C6C3
E89701516DEBEA3D
ED5
sha1:6f4c2ab29b559
9e9c8b84a06abf0509
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 151552 PE ce5472b97
out\resources\app.asar.unpacked\dist\desktop\main\binding.node
sha256:986B281C74
2824D0664493A2A8F
D17CE461A7606AE3
DC1D767E105C2E51
6E364

md5:C5C99144E2E15
89628E14999BA59A
D73
sha1:9c80f8de6b5cd
af38677d5368b5287
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 707584 PE bacb9e465a
out\resources\app.asar.unpacked\dist\desktop\main\keytar.node
sha256:90E35DE89A
B5E5F9290E4FF1BBA
DCF221A82B2AA0D9
B922187DC980ADFF
3C831

md5:792B92C8AD13
C46F27C7CED081069
4DF
sha1:d8d449b92de20
a57df722df46435ba4
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 107520 PE 553ecc802
out\resources\elevate.exe
sha256:9B1FBF0C11
C520AE714AF8AA9AF
12CFD48503EEDECD
7398D8992EE94D1B
4DC37

md5:C2B496B64C6C
46C54BD76A44BF15
4690
sha1:41ac511cbd646
ac3904bc77a0d9bb0
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 5224872 PE 396afa089
out\resources\nordpass-background-app.exe
sha256:517888A1237
609EF0DD7B50D174
00B93CE427EE76FA1
D88436EB7BC310BC
E593

md5:D955A310B7B6
7AE978B0D55E20049
842
sha1:a713f0c1368b8
1875f8211b6ead0c2b
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources.pak Delete 5176972 unknown fba10c55
sha256:27BDA5C351
AFFB61DDDFFEE5CC
ACD9BBADAFFCE521
7EFC2C4E3E13BAFD
CEA9B4

20/36
md5:ECCF1651CABB
FA3FA87C0A52C5971
A5D
sha1:3b4b1523c42b5
d05a351c36e351ca8
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 259202 unknown 82144cc72f
out\snapshot_blob.bin
sha256:F2B23A9D26
BCC0C37BDF22B478
E0E185C37EFFD71EB
61C9FFEE734C67A4F
6B6A

md5:705DC4D81DFE
9854BC12FADFA4A8F
EC6
sha1:b5ab386233215
b11623cd1fcabf0bd3
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 578034 unknown 750b17f1
out\v8_context_snapshot.bin
sha256:4D76EDA777
BF56F16DF5D5F9F2F
C5972F963CE89AAF4
3C58995A5ED3A29E
764F

md5:107ECD447E6D
5FC2EB77AC0AFE641
77A
sha1:bd4a421e951a2
1c2a213c8d8a8ed38
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 5261736 PE 7e672e65d5
out\vk_swiftshader.dll
sha256:D7A83764B6
3B9F55682558F9A3B
B56918890F177C41C
768E2E586A8E5345D
F8E

md5:8642DD3A87E2
DE6E991FAE08458E3
02B
sha1:9c06735c31cec
006fd763a92f8112d8
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-
Delete 106 unknown 5bd12a
out\vk_swiftshader_icd.json
sha256:32D83FF113F
EF532A9F97E0D2831
F8656628AB1C99E90
60F0332B1532839AF
D9

md5:2BB300861B8D
70F0887BFC160025F
3D6
sha1:f7fefaaa24308d
0d9cc1982b1c482bc2
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\vulkan-1.dll Delete 942504 PE 05b2eee
sha256:128C72C5A6
FC453D5A1B5FE39B8
6B47BEC9CA9EDF23
F4F9C49C43300AF7D
20F2

md5:A32D57B073AF
7BAFC34855315EFFF
C35
sha1:c25a0093dd8e2
68a1a53717224f7c27
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\app-64.7z Delete 79191856 unknown 29c036b73
sha256:511FCFD24B
4C7D53E9D3753A67
F1B3F59B58483D1D
B14A7A0AFBDE6D3C
3AC571

md5:F58697F2E0995
3060AACD3CC72299
1A7
sha1:f96d7e95be520
deb5ae698647a9877
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\installerHeaderico.ico Delete 118059 unknown c3d64591c7
sha256:57B0BEC3EC
6FB57734DE148DD8
71A931033D491DE5
103EDC09265FD2CC
F670B7

21/36
md5:EC0504E6B8A11
D5AAD43B296BEEB8
4B2
sha1:91b5ce085130c
8c7194d66b2439ec9
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\nsExec.dll Delete 6656 PE e1c206497c
sha256:5D9CEB1CE5
F35AEA5F9E5A0C0ED
EEEC04DFEFE0C7789
0C80C70E98209B58B
962

md5:80E44CE489530
4C6A3A831310FBF8C
D0
sha1:36bd49ae21c46
0be5753a904b4501f
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\nsis7z.dll Delete 434176 PE 1abca53508
sha256:B393F05E8FF
919EF071181050E18
73C9A776E1A0AE832
9AEFFF7007D0CADF5
92

md5:17309E33B596B
A3A5693B4D3E85CF
8D7
sha1:7d361836cf53df
4221c7f2b148aec945
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\SpiderBanner.dll Delete 9216 PE 8818c01
sha256:996A259E53
CA18B89EC36D038C
40148957C978C0FD6
00A268497D4C92F88
2A93

md5:C6A6E03F77C31
3B267498515488C57
40
sha1:3d49fc2784b94
50962ed6b82b46e9c
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\StdUtils.dll Delete 102400 PE 3c957d7c15
sha256:B72E9013A6
204E9F01076DC38D
ABBF30870D44DFC6
6962ADBF73619D43
31601E

md5:0D7AD4F45DC6
F5AA87F606D0331C6
901
sha1:48df0911f0484c
be2a8cdd5362140b6
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\System.dll Delete 12288 PE 3c41ee457
sha256:3EB38AE996
53A7DBC724132EE2
40F6E5C4AF4BFE7C0
1D31D23FAF373F9F2
EACA

md5:1CC7C37B7E0C
8CD8BF04B6CC283E
1E56
sha1:b9519763be662
5bd5abce175dcc59c9
C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\WinShell.dll Delete 3072 PE 6d100d4c
sha256:9BE85B986E
A66A6997DDE658AB
E82B3147ED2A1A3D
CB784BB5176F41D2
2815A6

Registry Activity

Registry Key Value Action

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\f7c32559-6c31-590a-9972- C:\Users\Administrator\AppData\Local\Programs\nordpass Set
0bea54b04213\InstallLocation

22/36
\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\f7c32559-6c31-590a-9972- true Set
0bea54b04213\KeepShortcuts

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\f7c32559-6c31-590a-9972- NordPass Set
0bea54b04213\ShortcutName

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\f7c32559-6c31-590a-9972- NordSec Set
0bea54b04213\MenuDirectory

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c3255 NordPass Set
9-6c31-590a-9972-0bea54b04213\DisplayName

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
"C:\Users\Administrator\AppData\Local\Programs\nordpass\Uninstall
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c3255 Set
NordPass.exe" /currentuser
9-6c31-590a-9972-0bea54b04213\UninstallString

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c3255 5.4.13 Set
9-6c31-590a-9972-0bea54b04213\DisplayVersion

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
C:\Users\Administrator\AppData\Local\Programs\nordpass\uninstallerI
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c3255 Set
con.ico
9-6c31-590a-9972-0bea54b04213\DisplayIcon

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c3255 NordPass Team Set
9-6c31-590a-9972-0bea54b04213\Publisher

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c3255 1 Set
9-6c31-590a-9972-0bea54b04213\NoModify

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c3255 1 Set
9-6c31-590a-9972-0bea54b04213\NoRepair

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c3255 261961 Set
9-6c31-590a-9972-0bea54b04213\EstimatedSize

\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\
6 Set
CurrentVersion\Explorer\GlobalAssocChangedCounter

HKEY_CURRENT_USER\Software\f7c32559-6c31-590a-9972-
6 Create
0bea54b04213

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\U
6 Create
ninstall\f7c32559-6c31-590a-9972-0bea54b04213

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
6 Create
Explorer

Created Mutexes

Mutex Name

f7c32559-6c31-590a-9972-0bea54b04213

Local\SessionImmersiveColorMutex

Local\SM0:2384:64:WilError_01

Global\SyncRootManager

Process Name - cmd

(command: cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq NordPass.exe" |

%SYSTEMROOT%\System32\find.exe "NordPass.exe")

23/36
Process Activity

Child Process Action

C:\Windows\system32\tasklist.exe,tasklist /FI "USERNAME eq Administrator" /FI "IMAGENAME eq NordPass.exe" Create

C:\Windows\System32\find.exe,C:\Windows\System32\find.exe "NordPass.exe" Create

Process Name - tasklist.exe

(command: C:\Windows\system32\tasklist.exe)

Registry Activity

Registry Key Value Action

HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM Create

Process Name - find.exe

(command: C:\Windows\System32\find.exe)

Process Name - powershell

(command: powershell -Command cmdkey /list | ForEach-Object{if($_ -like '*Target:*' -and $_ -like '*NordPass/*')
{cmdkey /del:($_ -replace ' ','' -replace 'Target:','')}})

Process Activity

Child Process Action

,"C:\Windows\system32\cmdkey.exe" /list Create

File Activity

File Action Size(B) File Type Hash

md5:N/A
C:\Users\Administrator\AppData\Local\Temp\aboh4fzg.gsp.ps1 Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Users\Administrator\AppData\Local\Temp\jdzxuycx.cmk.psm1 Create N/A N/A sha1:N/A
sha256:N/A

md5:N/A
C:\Windows\Temp\powershell\20230702\PowerShell_transcript.XTCS290669781
Create N/A N/A sha1:N/A
01.fo5yurtX.20230702101911.txt
sha256:N/A

md5:N/A
C:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupPr
Create N/A N/A sha1:N/A
ofileData-NonInteractive
sha256:N/A

md5:N/A
C:\Users\Administrator\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\power
Create N/A N/A sha1:N/A
shell.exe.log
sha256:N/A

md5:C4CA4238A0B9
23820DCC509A6F758
49B
sha1:356a192b7913b
04c54574d18c28d46
C:\Users\Administrator\AppData\Local\Temp\aboh4fzg.gsp.ps1 Delete 1 unknown e6395428ab
sha256:6B86B273FF3
4FCE19D6B804EFF5A
3F5747ADA4EAA22F1
D49C01E52DDB7875
B4B

24/36
md5:C4CA4238A0B9
23820DCC509A6F758
49B
sha1:356a192b7913b
04c54574d18c28d46
C:\Users\Administrator\AppData\Local\Temp\jdzxuycx.cmk.psm1 Delete 1 unknown e6395428ab
sha256:6B86B273FF3
4FCE19D6B804EFF5A
3F5747ADA4EAA22F1
D49C01E52DDB7875
B4B

Registry Activity

Registry Key Value Action

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Microsoft\SystemCertificates\CA

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Policies\Microsoft\SystemCertificates\CA

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA Create

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Cer
Create
tificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CR
Create
Ls

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTL
Create
s

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificate
Create
s\CA

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\CA\Certificates

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\CA\CRLs

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\CA\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA Create

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
Create
Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
Create
CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
Create
CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Microsoft\SystemCertificates\Disallowed

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates

25/36
\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Policies\Microsoft\SystemCertificates\Disallowed

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Cer Create
tificates

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRL Create
s

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTL Create
s

HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Disall
Create
owed

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallo
Create
wed\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallo
Create
wed\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Disallo
Create
wed\CTLs

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificate
Create
s\Disallowed

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\Disallowed\Certificates

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\Disallowed\CRLs

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\Disallowed\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Dis
Create
allowed

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disa
Create
llowed\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disa
Create
llowed\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Disa
Create
llowed\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Microsoft\SystemCertificates\Root

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root Create

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Create
Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Create
CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Create
CTLs

26/36
HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthR
Create
oot

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR
Create
oot\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR
Create
oot\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthR
Create
oot\CTLs

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificate
Create
s\Root

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\Root\Certificates

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\Root\CRLs

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\Root\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Ro
Create
ot

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Roo
Create
t\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Roo
Create
t\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Roo
Create
t\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Smart
Create
CardRoot

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Smart
Create
CardRoot\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Smart
Create
CardRoot\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Smart
Create
CardRoot\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Flight
Create
Root

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightR
Create
oot\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightR
Create
oot\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\FlightR
Create
oot\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Microsoft\SystemCertificates\SmartCardRoot

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certific Create
ates

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Microsoft\SystemCertificates\TrustedPeople

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certifica Create
tes

27/36
\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Policies\Microsoft\SystemCertificates\TrustedPeople

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\ Create
Certificates

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\ Create
CRLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\ Create
CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Truste
Create
dPeople

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Truste
Create
dPeople\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Truste
Create
dPeople\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\Truste
Create
dPeople\CTLs

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificate
Create
s\TrustedPeople

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\TrustedPeople\Certificates

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\TrustedPeople\CRLs

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\TrustedPeople\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\Tru
Create
stedPeople

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trus
Create
tedPeople\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trus
Create
tedPeople\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trus
Create
tedPeople\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Microsoft\SystemCertificates\trust

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\Software\Policies\Microsoft\SystemCertificates\trust

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificat Create
es

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs

28/36
\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
Create
500\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\trust Create

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\C
Create
ertificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\C
Create
RLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\trust\C
Create
TLs

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificate
Create
s\trust

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\trust\Certificates

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\trust\CRLs

\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificate
Create
s\trust\CTLs

HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\tru
Create
st

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trus
Create
t\Certificates

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trus
Create
t\CRLs

\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\Trus
Create
t\CTLs

\REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-
500\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Create
Providers\Software Publishing

Process Name - cmdkey.exe

(command: "C:\Windows\system32\cmdkey.exe" /list)

Event Timeline

1 Created Process C:\Users\Administrator\sample.exe

2 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nseEBC8.tmp

3 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nseEBC8.tmp

4 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp

5 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp

6 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\System.dll

7 Created mutex f7c32559-6c31-590a-9972-0bea54b04213

8 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\StdUtils.dll

9 Created mutex Local\SessionImmersiveColorMutex

10 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\installerHeaderico.ico

11 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\SpiderBanner.dll

12 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\nsExec.dll

Created Process cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq NordPass.exe" |
13
%SYSTEMROOT%\System32\find.exe "NordPass.exe"

29/36
14 Created Process C:\Windows\system32\tasklist.exe

15 Created Process C:\Windows\System32\find.exe

16 Created file C:\Users\Administrator\AppData\Local\Programs\nordpass\uninstallerIcon.ico

17 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\app-64.7z

18 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\nsis7z.dll

19 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\chrome_100_percent.pak

20 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\chrome_200_percent.pak

21 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\icudtl.dat

22 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\LICENSE.electron.txt

23 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\LICENSES.chromium.html

24 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\af.pak

25 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\am.pak

26 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ar.pak

27 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\bg.pak

28 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\bn.pak

29 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ca.pak

30 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\cs.pak

31 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\da.pak

32 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\de.pak

33 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\el.pak

34 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\en-GB.pak

35 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\en-US.pak

36 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\es-419.pak

37 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\es.pak

38 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\et.pak

39 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fa.pak

40 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fi.pak

41 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fil.pak

42 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fr.pak

43 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\gu.pak

44 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\he.pak

45 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hi.pak

46 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hr.pak

47 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hu.pak

48 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\id.pak

49 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\it.pak

50 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ja.pak

51 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\kn.pak

30/36
52 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ko.pak

53 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\lt.pak

54 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\lv.pak

55 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ml.pak

56 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\mr.pak

57 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ms.pak

58 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\nb.pak

59 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\nl.pak

60 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pl.pak

61 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pt-BR.pak

62 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pt-PT.pak

63 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ro.pak

64 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ru.pak

65 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sk.pak

66 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sl.pak

67 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sr.pak

68 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sv.pak

69 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sw.pak

70 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ta.pak

71 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\te.pak

72 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\th.pak

73 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\tr.pak

74 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\uk.pak

75 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ur.pak

76 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\vi.pak

77 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\zh-CN.pak

78 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\zh-TW.pak

79 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources.pak

80 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\app-update.yml

81 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\app.asar

Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-

82
out\resources\app.asar.unpacked\dist\desktop\main\addon.node

Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-

83
out\resources\app.asar.unpacked\dist\desktop\main\binding.node

Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-

84
out\resources\app.asar.unpacked\dist\desktop\main\keytar.node

85 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\snapshot_blob.bin

86 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\v8_context_snapshot.bin

87 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\vk_swiftshader_icd.json

31/36
88 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\d3dcompiler_47.dll

89 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\ffmpeg.dll

90 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\libEGL.dll

91 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\libGLESv2.dll

92 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\NordPass.exe

93 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\elevate.exe

94 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\nordpass-background-app.exe

95 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\vk_swiftshader.dll

96 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\vulkan-1.dll

97 Created mutex Local\SM0:2384:64:WilError_01

98 Created mutex Global\SyncRootManager

99 Created file C:\Users\Administrator\AppData\Local\Programs\nordpass\Uninstall NordPass.exe

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-500\SOFTWARE\f7c32559-6c31-590a-9972-

100
0bea54b04213\InstallLocation to value C:\Users\Administrator\AppData\Local\Programs\nordpass

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-500\SOFTWARE\f7c32559-6c31-590a-9972-

101
0bea54b04213\KeepShortcuts to value true

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-500\SOFTWARE\f7c32559-6c31-590a-9972-

102
0bea54b04213\ShortcutName to value NordPass

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-500\SOFTWARE\f7c32559-6c31-590a-9972-

103
0bea54b04213\MenuDirectory to value NordSec

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

104 500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\DisplayName to value
NordPass

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

105 500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\UninstallString to value
"C:\Users\Administrator\AppData\Local\Programs\nordpass\Uninstall NordPass.exe" /currentuser

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

106 500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\QuietUninstallString to
value "C:\Users\Administrator\AppData\Local\Programs\nordpass\Uninstall NordPass.exe" /currentuser /S

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

107 500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\DisplayVersion to value
5.4.13

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

108 500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\DisplayIcon to value
C:\Users\Administrator\AppData\Local\Programs\nordpass\uninstallerIcon.ico

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

109 500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\Publisher to value
NordPass Team

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

110
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\NoModify to value 1

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

111
500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\NoRepair to value 1

Set key \REGISTRY\USER\S-1-5-21-608543049-1786121171-496283654-

112 500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7c32559-6c31-590a-9972-0bea54b04213\EstimatedSize to value
261961

113 Created file C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NordSec\NordPass.lnk

114 Created file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\WinShell.dll

115 Created file C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NordSec\NordPass.lnk

32/36
116 Created file C:\Users\Administrator\Desktop\NordPass.lnk

117 Created file C:\Users\Administrator\Desktop\NordPass.lnk

Set key
118 \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter to
value 6

Created Process powershell -Command cmdkey /list | ForEach-Object{if($_ -like '*Target:*' -and $_ -like '*NordPass/*'){cmdkey
119
/del:($_ -replace ' ','' -replace 'Target:','')}}

120 Created file C:\Users\Administrator\AppData\Local\Temp\aboh4fzg.gsp.ps1

121 Created file C:\Users\Administrator\AppData\Local\Temp\jdzxuycx.cmk.psm1

122 Deleted file C:\Users\Administrator\AppData\Local\Temp\aboh4fzg.gsp.ps1

123 Deleted file C:\Users\Administrator\AppData\Local\Temp\jdzxuycx.cmk.psm1

124 Created file C:\Windows\Temp\powershell\20230702\PowerShell_transcript.XTCS29066978101.fo5yurtX.20230702101911.txt

125 Created Process "C:\Windows\system32\cmdkey.exe" /list

126 Created file C:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

127 Created file C:\Users\Administrator\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

128 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\chrome_100_percent.pak

129 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\chrome_200_percent.pak

130 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\d3dcompiler_47.dll

131 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\ffmpeg.dll

132 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\icudtl.dat

133 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\libEGL.dll

134 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\libGLESv2.dll

135 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\LICENSE.electron.txt

136 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\LICENSES.chromium.html

137 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\af.pak

138 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\am.pak

139 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ar.pak

140 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\bg.pak

141 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\bn.pak

142 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ca.pak

143 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\cs.pak

144 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\da.pak

145 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\de.pak

146 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\el.pak

147 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\en-GB.pak

148 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\en-US.pak

149 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\es-419.pak

150 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\es.pak

151 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\et.pak

33/36
152 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fa.pak

153 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fi.pak

154 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fil.pak

155 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\fr.pak

156 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\gu.pak

157 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\he.pak

158 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hi.pak

159 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hr.pak

160 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\hu.pak

161 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\id.pak

162 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\it.pak

163 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ja.pak

164 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\kn.pak

165 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ko.pak

166 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\lt.pak

167 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\lv.pak

168 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ml.pak

169 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\mr.pak

170 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ms.pak

171 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\nb.pak

172 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\nl.pak

173 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pl.pak

174 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pt-BR.pak

175 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\pt-PT.pak

176 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ro.pak

177 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ru.pak

178 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sk.pak

179 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sl.pak

180 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sr.pak

181 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sv.pak

182 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\sw.pak

183 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ta.pak

184 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\te.pak

185 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\th.pak

186 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\tr.pak

187 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\uk.pak

188 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\ur.pak

189 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\vi.pak

34/36
190 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\zh-CN.pak

191 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\locales\zh-TW.pak

192 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\NordPass.exe

193 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\app-update.yml

194 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\app.asar

Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-

195
out\resources\app.asar.unpacked\dist\desktop\main\addon.node

Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-

196
out\resources\app.asar.unpacked\dist\desktop\main\binding.node

Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-

197
out\resources\app.asar.unpacked\dist\desktop\main\keytar.node

198 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\elevate.exe

199 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources\nordpass-background-app.exe

200 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\resources.pak

201 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\snapshot_blob.bin

202 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\v8_context_snapshot.bin

203 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\vk_swiftshader.dll

204 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\vk_swiftshader_icd.json

205 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\7z-out\vulkan-1.dll

206 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\app-64.7z

207 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\installerHeaderico.ico

208 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\nsExec.dll

209 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\nsis7z.dll

210 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\SpiderBanner.dll

211 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\StdUtils.dll

212 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\System.dll

213 Deleted file C:\Users\ADMINI~1\AppData\Local\Temp\nskED21.tmp\WinShell.dll

35/36

The 14 Amazon Leadership Principles: Common Questions For Each Principle
No ratings yet
The 14 Amazon Leadership Principles: Common Questions For Each Principle
19 pages
Compliance - CA
100% (1)
Compliance - CA
3 pages
New - Lab Manual 4 - Malware Hunting - Updated2022 - V2
No ratings yet
New - Lab Manual 4 - Malware Hunting - Updated2022 - V2
14 pages
Macbeth Teacher Guide Com
100% (6)
Macbeth Teacher Guide Com
27 pages
Advocacy: Help To Fight Global Poverty Locally and Globally Name: Eula Angeli G. Dumlan Issue: Environment
No ratings yet
Advocacy: Help To Fight Global Poverty Locally and Globally Name: Eula Angeli G. Dumlan Issue: Environment
2 pages
Wildfire Sample Report
No ratings yet
Wildfire Sample Report
132 pages
No Zip PDF
No ratings yet
No Zip PDF
4 pages
global-verdict-report
No ratings yet
global-verdict-report
2 pages
6. Malware Analysis
No ratings yet
6. Malware Analysis
45 pages
Practical Malware Analysis
No ratings yet
Practical Malware Analysis
45 pages
Practical Malware Analysis
No ratings yet
Practical Malware Analysis
45 pages
ch2 3
No ratings yet
ch2 3
45 pages
Global Verdict Report
No ratings yet
Global Verdict Report
3 pages
Malware Analysis on Windows 10 Virtual Machine
No ratings yet
Malware Analysis on Windows 10 Virtual Machine
4 pages
ch2 3
No ratings yet
ch2 3
45 pages
Global Verdict Report
No ratings yet
Global Verdict Report
8 pages
EDR originating Processes
No ratings yet
EDR originating Processes
3 pages
? Malware Analysis Report
No ratings yet
? Malware Analysis Report
16 pages
Malware Analysis
No ratings yet
Malware Analysis
15 pages
Dynamic Malware Analysis (2)
No ratings yet
Dynamic Malware Analysis (2)
9 pages
Incident Response and Digital Forensics
No ratings yet
Incident Response and Digital Forensics
50 pages
Report TreatGrid
No ratings yet
Report TreatGrid
201 pages
Week 2 - Lecture
No ratings yet
Week 2 - Lecture
43 pages
Dokumen - Tips - Malware Hunting With The Sysinternals Tools
No ratings yet
Dokumen - Tips - Malware Hunting With The Sysinternals Tools
58 pages
Lab 4
No ratings yet
Lab 4
15 pages
task 3.0
No ratings yet
task 3.0
33 pages
1745213572774
No ratings yet
1745213572774
9 pages
Basic Malware Cleaning
No ratings yet
Basic Malware Cleaning
19 pages
SYSTEMBC RAT Malware Analysis
No ratings yet
SYSTEMBC RAT Malware Analysis
18 pages
Proj 4. Basic Dynamic Analysis (30 PTS)
No ratings yet
Proj 4. Basic Dynamic Analysis (30 PTS)
8 pages
Malware Analysis Checklist
No ratings yet
Malware Analysis Checklist
7 pages
ECAT Hunting Cheatsheet - v1.1
No ratings yet
ECAT Hunting Cheatsheet - v1.1
3 pages
IHP - UI Workshop - Windows Malware Analysis - Sept 2019
No ratings yet
IHP - UI Workshop - Windows Malware Analysis - Sept 2019
57 pages
Malware Analysis
100% (1)
Malware Analysis
21 pages
Advanced Malware Analysis and Incident Response Evaluation Using ANY - RUN
No ratings yet
Advanced Malware Analysis and Incident Response Evaluation Using ANY - RUN
18 pages
Week 1 - Lecture
No ratings yet
Week 1 - Lecture
46 pages
Report
No ratings yet
Report
287 pages
Threat Analysis Report
No ratings yet
Threat Analysis Report
18 pages
ch0 1
No ratings yet
ch0 1
78 pages
Report PDF
No ratings yet
Report PDF
306 pages
Threat Analysis Report: Hash Values File Details Environment
No ratings yet
Threat Analysis Report: Hash Values File Details Environment
24 pages
Report c9ee1d6a90be7524b01814f48b39b232 Compressed
No ratings yet
Report c9ee1d6a90be7524b01814f48b39b232 Compressed
74 pages
Taking Advantage of PE Metadata
No ratings yet
Taking Advantage of PE Metadata
9 pages
Threat Analysis Report: Hash Values File Details Environment
No ratings yet
Threat Analysis Report: Hash Values File Details Environment
25 pages
Threat Analysis Report: Paymentinv
No ratings yet
Threat Analysis Report: Paymentinv
54 pages
CH1- Introduction to malware analysis-v1
No ratings yet
CH1- Introduction to malware analysis-v1
23 pages
Practical Malware Analysis
No ratings yet
Practical Malware Analysis
55 pages
LAB 8
No ratings yet
LAB 8
23 pages
Continuation of the previous post. Stealer, RAT
No ratings yet
Continuation of the previous post. Stealer, RAT
8 pages
ch0 1
No ratings yet
ch0 1
72 pages
Malware Analysis
100% (1)
Malware Analysis
4 pages
IRM 7 Windows Malware Detection
No ratings yet
IRM 7 Windows Malware Detection
2 pages
IRM 7 WindowsMalwareDetection
No ratings yet
IRM 7 WindowsMalwareDetection
2 pages
Pres Malware Getting Your Hands Dirty
No ratings yet
Pres Malware Getting Your Hands Dirty
23 pages
Detect Malware W Memory Forensics
100% (1)
Detect Malware W Memory Forensics
27 pages
IMPORTANT Malware Behavior Ch11
No ratings yet
IMPORTANT Malware Behavior Ch11
59 pages
Malware DynamicAnalysis 1
No ratings yet
Malware DynamicAnalysis 1
31 pages
Practical Malware Analysis: CH 7: Analyzing Malicious Windows Programs
No ratings yet
Practical Malware Analysis: CH 7: Analyzing Malicious Windows Programs
69 pages
report-f11948edf3ad78021e0d404c10b56ab4
No ratings yet
report-f11948edf3ad78021e0d404c10b56ab4
36 pages
Alissa Torres @sibertor #Sansenterprisesummit 3 Jun 2019
No ratings yet
Alissa Torres @sibertor #Sansenterprisesummit 3 Jun 2019
40 pages
Malware Sandboxing PDF
100% (1)
Malware Sandboxing PDF
19 pages
Evasive Malware A Field Guide to Detecting Analyzing and Defeating Advanced Threats 1 / converted Edition Kyle Cucci - The ebook in PDF and DOCX formats is ready for download
100% (1)
Evasive Malware A Field Guide to Detecting Analyzing and Defeating Advanced Threats 1 / converted Edition Kyle Cucci - The ebook in PDF and DOCX formats is ready for download
43 pages
Inspiring Powershell Articles
From Everand
Inspiring Powershell Articles
Murat Yildirimoglu
No ratings yet
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
From Everand
Footprinting, Reconnaissance, Scanning and Enumeration Techniques of Computer Networks
Dr. Hidaia Mahmood Alassouli
No ratings yet
Valia Polytechnic College
No ratings yet
Valia Polytechnic College
6 pages
RIVATE AND CONFIDENTIAL letter of engagement Talal
No ratings yet
RIVATE AND CONFIDENTIAL letter of engagement Talal
2 pages
Angora Textile Limited.: Introduction of The Organization
No ratings yet
Angora Textile Limited.: Introduction of The Organization
31 pages
Affordable Housing For Rent
No ratings yet
Affordable Housing For Rent
1 page
Cameroon IWRM
No ratings yet
Cameroon IWRM
19 pages
1. English Language - 7 - Ut2
No ratings yet
1. English Language - 7 - Ut2
2 pages
Claw 1 Company
No ratings yet
Claw 1 Company
24 pages
Option Trading Workbook
No ratings yet
Option Trading Workbook
28 pages
Foreign Exchange Management
No ratings yet
Foreign Exchange Management
11 pages
Updated National Disaster Risk Reduction and Management Plan (NDRRMP)
100% (2)
Updated National Disaster Risk Reduction and Management Plan (NDRRMP)
3 pages
Smart Cloud Enterprise BP Own Use Order Request Form - July 2011
0% (1)
Smart Cloud Enterprise BP Own Use Order Request Form - July 2011
2 pages
Enactus 2018 Template Cover Letter
No ratings yet
Enactus 2018 Template Cover Letter
1 page
GGG Ibex Contractor Financier Solar Power Mou 2 9 2015v01
100% (1)
GGG Ibex Contractor Financier Solar Power Mou 2 9 2015v01
6 pages
L'Oréal Paris
No ratings yet
L'Oréal Paris
17 pages
Snowman Logistic
No ratings yet
Snowman Logistic
18 pages
Project Teams
No ratings yet
Project Teams
10 pages
Semi-Formal Report 2
No ratings yet
Semi-Formal Report 2
12 pages
Sample TEACHERS-PROGRAM-SY-2022-2023-floating-teachers - Emergency Class
No ratings yet
Sample TEACHERS-PROGRAM-SY-2022-2023-floating-teachers - Emergency Class
1 page
Made in China Backgrounder PDF
No ratings yet
Made in China Backgrounder PDF
9 pages
United States v. David Duran, 141 F.3d 1186, 10th Cir. (1998)
No ratings yet
United States v. David Duran, 141 F.3d 1186, 10th Cir. (1998)
8 pages
Chapter 1 - Overview of Government Accounting (Notes)
No ratings yet
Chapter 1 - Overview of Government Accounting (Notes)
6 pages
A Prayer For My Daughter WB Yeats
No ratings yet
A Prayer For My Daughter WB Yeats
5 pages
Transaction Cost Theory Complete Explanation
No ratings yet
Transaction Cost Theory Complete Explanation
18 pages
Yes-No Questions
No ratings yet
Yes-No Questions
3 pages
Health Literacy
100% (2)
Health Literacy
367 pages
Phantom Glass LTD Case Study
No ratings yet
Phantom Glass LTD Case Study
8 pages