Technical Information
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %TEMP%\ai_extui_bin_2712\repairic
- %TEMP%\ai_extui_bin_2712\removico
- %TEMP%\ai_extui_bin_2712\optionslogoicon
- %TEMP%\ai_extui_bin_2712\new
- %TEMP%\ai_extui_bin_2712\custicon
- %TEMP%\ai_extui_bin_2712\backgroundprepare
- %TEMP%\ai_extui_bin_2712\backgroundsurface
- %TEMP%\ai_extui_bin_2712\completi
- %TEMP%\ai_extui_bin_2712\checkbox_for_ctrls
- %TEMP%\ai_extui_bin_2712\sys_min_normal.png
- %TEMP%\ai_extui_bin_2712\sys_min_inactive.png
- %TEMP%\ai_extui_bin_2712\sys_min_hot.png
- %TEMP%\ai_extui_bin_2712\sys_close_normal.png
- %TEMP%\ai_extui_bin_2712\sys_close_inactive.png
- %TEMP%\ai_extui_bin_2712\sys_close_hot.png
- %TEMP%\ai_extui_bin_2712\sys_close_down.png
- %TEMP%\ai_extui_bin_2712\exclamic
- %TEMP%\ai_extui_bin_2712\runapplicationbutton
- %TEMP%\ai_extui_bin_2712\up
- %WINDIR%\temp\nordvpn\nordvpn\prerequisites\.net framework 4.8\ndp48-web.exe.part
- %TEMP%\ai_extui_bin_2712\viewreadmebutton
- %WINDIR%\temp\nordvpn\nordvpn6.29.9\install\check-kb3033929.bat
- %TEMP%\ai_extui_bin_2712\background
- %TEMP%\ai_extui_bin_2712\applogoicon
- %TEMP%\ai_extui_bin_2712\prepareprereqdlgprogress.gif
- %TEMP%\ai_extui_bin_2712\cmdlinkarrow
- %TEMP%\ai_extui_bin_2712\viewer.exe
- %TEMP%\ai_extui_bin_2712\lzmaextractor.dll
- %TEMP%\ai_extui_bin_2712\prereqprogressimage.png
- %TEMP%\ai_extui_bin_2712\aicustact.dll
- %TEMP%\ai_extui_bin_2712\progressimage.png_1
- %TEMP%\ai_extui_bin_2712\dotnetnativeimage.dll
- %TEMP%\ai_extui_bin_2712\datauploader.dll
- %TEMP%\ai_extui_bin_2712\externaluicleaner.dll
- %TEMP%\ai_extui_bin_2712\useraccounts.dll
- %TEMP%\ai_extui_bin_2712\checkbox
- %TEMP%\ai_extui_bin_2712\whitebackground
- %TEMP%\ai_extui_bin_2712\waitlogoicon
- %TEMP%\ai_extui_bin_2712\installlogoicon
- %TEMP%\ai_extui_bin_2712\print.png
- %TEMP%\ai_extui_bin_2712\printico
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %WINDIR%\temp\nordvpn\nordvpn6.29.9\install\6e01f3a\nordvpn setup.msi
- %WINDIR%\temp\nordvpn\nordvpn6.29.9\install\decoder.dll
- %TEMP%\nord.exe
- %TEMP%\1.exe
- %TEMP%\2.exe
- %TEMP%\1.bat
- %TEMP%\2e65.tmp.exe
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\y773bai2\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\9zd93o8l\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\l5d1z6bx\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\85oy4gz6\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %TEMP%\msia29b.log
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %TEMP%\ai_extui_bin_2712\browse.png
- %TEMP%\msi687a.tmp
- %TEMP%\ai_extui_bin_2712\info
- %TEMP%\ai_extui_bin_2712\installbuttonblue.png
- %TEMP%\ai_extui_bin_2712\buttonok.png
- %TEMP%\ai_extui_bin_2712\buttonnext.png
- %TEMP%\ai_extui_bin_2712\buttonback.png
- %TEMP%\ai_extui_bin_2712\button.png
- %TEMP%\ai_extui_bin_2712\metrorunapplicationbutton
- %TEMP%\ai_extui_bin_2712\installericon.png
- %TEMP%\ai_extui_bin_2712\insticon
- %TEMP%\ai_extui_bin_2712\checkbox.png
- %TEMP%\ai_extui_bin_2712\bg.png
- %TEMP%\ai_extui_bin_2712\sys_min_down.png
- %TEMP%\ai_extui_bin_2712\remove.png
- %TEMP%\ai_extui_bin_2712\repair.png
- %TEMP%\ai_extui_bin_2712\modify.png
- %TEMP%\msi69f3.tmp
- %TEMP%\msi69c3.tmp
- %TEMP%\ai_extui_bin_2712\installbutton.png
- %WINDIR%\temp\nordvpn\nordvpn\prerequisites\windows6.1-kb3033929-x64.msu.part
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\85oy4gz6\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\l5d1z6bx\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\9zd93o8l\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\y773bai2\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %TEMP%\msi687a.tmp
- %TEMP%\msi69c3.tmp
- %TEMP%\msi69f3.tmp
- from %WINDIR%\temp\nordvpn\nordvpn\prerequisites\.net framework 4.8\ndp48-web.exe.part to %WINDIR%\temp\nordvpn\nordvpn\prerequisites\.net framework 4.8\ndp48-web.exe
- from %WINDIR%\temp\nordvpn\nordvpn\prerequisites\windows6.1-kb3033929-x64.msu.part to %WINDIR%\temp\nordvpn\nordvpn\prerequisites\windows6.1-kb3033929-x64.msu
- http://94.##0.181.101/VpN.exe
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- DNS ASK download.visualstudio.microsoft.com
- DNS ASK download.microsoft.com
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\2e65.tmp.exe'
- '%TEMP%\2.exe' -pdhfgudtgjCFRTs633bxghshg3736gcFfdted63455hdfnxHgdy -d%LOCALAPPDATA%\Temp
- '%TEMP%\1.exe'
- '%TEMP%\nord.exe'
- '%WINDIR%\temp\nordvpn\nordvpn\prerequisites\.net framework 4.8\ndp48-web.exe' /qn+
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\Temp\NordVPN\NordVPN6.29.9\install\check-KB3033929.bat" "' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\1.bat" "
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\Temp\NordVPN\NordVPN6.29.9\install\check-KB3033929.bat" "
- '%WINDIR%\syswow64\wbem\wmic.exe' qfe where "HotFixID = 'KB3033929'"
- '%WINDIR%\syswow64\find.exe' "KB3033929"