bbb95f2e2fff202e4c53e2d21b3bb3953d0694c91d87ca5f5a4d54114085f354

Analysis

max time kernel
141s
max time network
149s
platform
windows10_x64
resource
win10v20201028
submitted
30-10-2020 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fall Guys Ultimate Knockout Generator.msi
Size

1.1MB
MD5

c6bda3eb7bed85863b0c8a2ffed22751
SHA1

0c3ed7891da82fd8170b11cb77787de474700b4b
SHA256

bbb95f2e2fff202e4c53e2d21b3bb3953d0694c91d87ca5f5a4d54114085f354
SHA512

331fd5099f74969792dc857c61a3886e8e0dd39f4adcd304a670e30a0c2d97f5804ef506bc190efe0f54c645a5d35cf4a4da078956a96a86d56d7d4f237cd9fc

Score

10^/10

discovery persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs
persistence

Registry Run Keys / Startup Folder
T1060
Blacklisted process makes network request 3 IoCs

Processes:

msiexec.exe

flow pid process

8 3304 msiexec.exe
11 3304 msiexec.exe
13 3304 msiexec.exe

flow	pid	process
8	3304	msiexec.exe
11	3304	msiexec.exe
13	3304	msiexec.exe

Executes dropped EXE 9 IoCs

Processes:

NativeDorstenia.exeDorsteniaoNative.exenotepad++.exenotepad++.exegup.exenpp.7.9.Installer.exenotepad++.exegup.exenotepad++.exe

pid	process
1020	NativeDorstenia.exe
2152	DorsteniaoNative.exe
3456	notepad++.exe
4036	notepad++.exe
3292	gup.exe
2212	npp.7.9.Installer.exe
2236	notepad++.exe
3972	gup.exe
828	notepad++.exe

Loads dropped DLL 40 IoCs

Processes:

DorsteniaoNative.exeregsvr32.exeregsvr32.exenotepad++.exenotepad++.exegup.exenpp.7.9.Installer.exeregsvr32.exeregsvr32.exenotepad++.exegup.exenotepad++.exe

pid	process
2152	DorsteniaoNative.exe
2152	DorsteniaoNative.exe
2152	DorsteniaoNative.exe
2152	DorsteniaoNative.exe
2152	DorsteniaoNative.exe
2152	DorsteniaoNative.exe
3476	regsvr32.exe
484	regsvr32.exe
3456	notepad++.exe
4036	notepad++.exe
3292	gup.exe
3456	notepad++.exe
3456	notepad++.exe
3456	notepad++.exe
3456	notepad++.exe
3456	notepad++.exe
3456	notepad++.exe
4036	notepad++.exe
4036	notepad++.exe
4036	notepad++.exe
4036	notepad++.exe
4036	notepad++.exe
4036	notepad++.exe
2212	npp.7.9.Installer.exe
2212	npp.7.9.Installer.exe
2212	npp.7.9.Installer.exe
2212	npp.7.9.Installer.exe
2212	npp.7.9.Installer.exe
2212	npp.7.9.Installer.exe
3848	regsvr32.exe
980	regsvr32.exe
2236	notepad++.exe
3972	gup.exe
2236	notepad++.exe
2236	notepad++.exe
2236	notepad++.exe
2236	notepad++.exe
2236	notepad++.exe
2236	notepad++.exe
828	notepad++.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

JavaScript code in executable 15 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\NativeDorstenia\NativeDorstenia.exe	js
C:\Users\Admin\AppData\Roaming\NativeDorstenia\NativeDorstenia.exe	js
C:\Program Files (x86)\Notepad++\langs.model.xml	js
C:\Users\Admin\AppData\Roaming\Notepad++\langs.xml	js
C:\Program Files (x86)\Notepad++\updater\libcurl.dll	js
\Program Files (x86)\Notepad++\updater\libcurl.dll	js
C:\Program Files (x86)\Notepad++\plugins\Config\nppPluginList.dll	js
C:\Program Files (x86)\Notepad++\autoCompletion\python.xml	js
C:\Program Files (x86)\Notepad++\autoCompletion\perl.xml	js
C:\Program Files (x86)\Notepad++\autoCompletion\lua.xml	js
C:\Program Files (x86)\Notepad++\autoCompletion\javascript.xml	js
C:\Program Files (x86)\Notepad++\autoCompletion\cpp.xml	js
\Program Files (x86)\Notepad++\updater\libcurl.dll	js
C:\Program Files (x86)\Notepad++\updater\libcurl.dll	js
C:\Program Files (x86)\Notepad++\plugins\Config\nppPluginList.dll	js

Drops file in Program Files directory 98 IoCs

Processes:

DorsteniaoNative.exenpp.7.9.Installer.exeNativeDorstenia.exe

description	ioc	process
File created	C:\Program Files (x86)\Notepad++\notepad++.exe	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\localization\english.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll	npp.7.9.Installer.exe
File opened for modification	C:\Program Files (x86)\Notepad++\functionList.xml	npp.7.9.Installer.exe
File opened for modification	C:\Program Files (x86)\Notepad++\uninstall.exe	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\cs.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\php.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\functionList.xml	DorsteniaoNative.exe
File opened for modification	C:\Program Files (x86)\Notepad++\updater\GUP.exe	npp.7.9.Installer.exe
File opened for modification	C:\Program Files (x86)\Notepad++\localization\english.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\cpp.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\updater\libcurl.dll	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\contextMenu.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\lisp.xml	npp.7.9.Installer.exe
File opened for modification	C:\Program Files (x86)\Notepad++\stylers.model.xml	npp.7.9.Installer.exe
File opened for modification	C:\Program Files (x86)\Notepad++\LICENSE	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\xml.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\nsis.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\autoit.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\css.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\change.log	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\vhdl.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\actionscript.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\langs.model.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\shortcuts.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\sql.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\DorsteniaNativeoaoInstall\DorsteniaoNative.exe	NativeDorstenia.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\c.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\html.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\java.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\lua.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\html.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\SciLexer.dll	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\uninstall.exe	DorsteniaoNative.exe
File opened for modification	C:\Program Files (x86)\Notepad++\readme.txt	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\rc.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\vb.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\tex.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\autoit.xml	DorsteniaoNative.exe
File opened for modification	C:\Program Files (x86)\Notepad++\notepad++.exe	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\batch.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\LICENSE	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\NppShell_06.dll	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\java.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\BaanC.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\javascript.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\python.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\cmake.xml	DorsteniaoNative.exe
File opened for modification	C:\Program Files (x86)\Notepad++\SciLexer.dll	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\vb.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\perl.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\javascript.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\actionscript.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\coffee.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\coffee.xml	DorsteniaoNative.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\c.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\php.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\cmake.xml	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\batch.xml	npp.7.9.Installer.exe
File opened for modification	C:\Program Files (x86)\Notepad++\plugins\Config\nppPluginList.dll	npp.7.9.Installer.exe
File opened for modification	C:\Program Files (x86)\Notepad++\langs.model.xml	npp.7.9.Installer.exe
File opened for modification	C:\Program Files (x86)\Notepad++\NppShell_06.dll	npp.7.9.Installer.exe
File created	C:\Program Files (x86)\Notepad++\autoCompletion\BaanC.xml	DorsteniaoNative.exe

Drops file in Windows directory 7 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSI89A8.tmp	msiexec.exe
File created	C:\Windows\Installer\f7485fe.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f7485fe.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{2649E77C-3A4C-4602-B0FA-894075BEFF30}	msiexec.exe

Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

2108 timeout.exe

pid	process
2108	timeout.exe

Modifies registry class 32 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Maxtext = "25"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\ShowIcon = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Maxtext = "25"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\ = "ANotepad++64"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Custom	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Title = "Edit with &Notepad++"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Custom	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32\ = "C:\\Program Files (x86)\\Notepad++\\NppShell_06.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Path = "C:\\Program Files (x86)\\Notepad++\\notepad++.exe"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Dynamic = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++64\ = "{B298D29A-A6ED-11DE-BA8C-A68E55D89593}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\*\SHELLEX\CONTEXTMENUHANDLERS\ANOTEPAD++64	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\SETTINGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\ = "ANotepad++64"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++64	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Dynamic = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\INPROCSERVER32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\ShowIcon = "1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Path = "C:\\Program Files (x86)\\Notepad++\\notepad++.exe"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++64\ = "{B298D29A-A6ED-11DE-BA8C-A68E55D89593}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Title = "Edit with &Notepad++"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32\ = "C:\\Program Files (x86)\\Notepad++\\NppShell_06.dll"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msiexec.exeNativeDorstenia.exe

pid process

3504 msiexec.exe
3504 msiexec.exe
1020 NativeDorstenia.exe
1020 NativeDorstenia.exe
1020 NativeDorstenia.exe
1020 NativeDorstenia.exe

pid	process
3504	msiexec.exe
3504	msiexec.exe
1020	NativeDorstenia.exe
1020	NativeDorstenia.exe
1020	NativeDorstenia.exe
1020	NativeDorstenia.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

Processes:

msiexec.exemsiexec.exeNativeDorstenia.exe

description	pid	process
Token: SeShutdownPrivilege	3304	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3304	msiexec.exe
Token: SeSecurityPrivilege	3504	msiexec.exe
Token: SeCreateTokenPrivilege	3304	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3304	msiexec.exe
Token: SeLockMemoryPrivilege	3304	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3304	msiexec.exe
Token: SeMachineAccountPrivilege	3304	msiexec.exe
Token: SeTcbPrivilege	3304	msiexec.exe
Token: SeSecurityPrivilege	3304	msiexec.exe
Token: SeTakeOwnershipPrivilege	3304	msiexec.exe
Token: SeLoadDriverPrivilege	3304	msiexec.exe
Token: SeSystemProfilePrivilege	3304	msiexec.exe
Token: SeSystemtimePrivilege	3304	msiexec.exe
Token: SeProfSingleProcessPrivilege	3304	msiexec.exe
Token: SeIncBasePriorityPrivilege	3304	msiexec.exe
Token: SeCreatePagefilePrivilege	3304	msiexec.exe
Token: SeCreatePermanentPrivilege	3304	msiexec.exe
Token: SeBackupPrivilege	3304	msiexec.exe
Token: SeRestorePrivilege	3304	msiexec.exe
Token: SeShutdownPrivilege	3304	msiexec.exe
Token: SeDebugPrivilege	3304	msiexec.exe
Token: SeAuditPrivilege	3304	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3304	msiexec.exe
Token: SeChangeNotifyPrivilege	3304	msiexec.exe
Token: SeRemoteShutdownPrivilege	3304	msiexec.exe
Token: SeUndockPrivilege	3304	msiexec.exe
Token: SeSyncAgentPrivilege	3304	msiexec.exe
Token: SeEnableDelegationPrivilege	3304	msiexec.exe
Token: SeManageVolumePrivilege	3304	msiexec.exe
Token: SeImpersonatePrivilege	3304	msiexec.exe
Token: SeCreateGlobalPrivilege	3304	msiexec.exe
Token: SeRestorePrivilege	3504	msiexec.exe
Token: SeTakeOwnershipPrivilege	3504	msiexec.exe
Token: SeRestorePrivilege	3504	msiexec.exe
Token: SeTakeOwnershipPrivilege	3504	msiexec.exe
Token: SeRestorePrivilege	3504	msiexec.exe
Token: SeTakeOwnershipPrivilege	3504	msiexec.exe
Token: SeRestorePrivilege	3504	msiexec.exe
Token: SeTakeOwnershipPrivilege	3504	msiexec.exe
Token: SeRestorePrivilege	3504	msiexec.exe
Token: SeTakeOwnershipPrivilege	3504	msiexec.exe
Token: SeDebugPrivilege	1020	NativeDorstenia.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

3304 msiexec.exe
3304 msiexec.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

notepad++.exenotepad++.exenotepad++.exe

pid process

3456 notepad++.exe
4036 notepad++.exe
2236 notepad++.exe

pid	process
3304	msiexec.exe
3304	msiexec.exe

pid	process
3456	notepad++.exe
4036	notepad++.exe
2236	notepad++.exe

Suspicious use of WriteProcessMemory 53 IoCs

Processes:

msiexec.exeNativeDorstenia.execmd.exeDorsteniaoNative.exeregsvr32.exeexplorer.exenotepad++.exegup.exenpp.7.9.Installer.exeregsvr32.exeexplorer.exenotepad++.exe

description	pid	process	target process
PID 3504 wrote to memory of 1020	3504	msiexec.exe	NativeDorstenia.exe
PID 3504 wrote to memory of 1020	3504	msiexec.exe	NativeDorstenia.exe
PID 3504 wrote to memory of 1020	3504	msiexec.exe	NativeDorstenia.exe
PID 1020 wrote to memory of 2152	1020	NativeDorstenia.exe	DorsteniaoNative.exe
PID 1020 wrote to memory of 2152	1020	NativeDorstenia.exe	DorsteniaoNative.exe
PID 1020 wrote to memory of 2152	1020	NativeDorstenia.exe	DorsteniaoNative.exe
PID 1020 wrote to memory of 3728	1020	NativeDorstenia.exe	cmd.exe
PID 1020 wrote to memory of 3728	1020	NativeDorstenia.exe	cmd.exe
PID 1020 wrote to memory of 3728	1020	NativeDorstenia.exe	cmd.exe
PID 3728 wrote to memory of 2108	3728	cmd.exe	timeout.exe
PID 3728 wrote to memory of 2108	3728	cmd.exe	timeout.exe
PID 3728 wrote to memory of 2108	3728	cmd.exe	timeout.exe
PID 3728 wrote to memory of 3760	3728	cmd.exe	cmd.exe
PID 3728 wrote to memory of 3760	3728	cmd.exe	cmd.exe
PID 3728 wrote to memory of 3760	3728	cmd.exe	cmd.exe
PID 3728 wrote to memory of 1988	3728	cmd.exe	cmd.exe
PID 3728 wrote to memory of 1988	3728	cmd.exe	cmd.exe
PID 3728 wrote to memory of 1988	3728	cmd.exe	cmd.exe
PID 2152 wrote to memory of 3476	2152	DorsteniaoNative.exe	regsvr32.exe
PID 2152 wrote to memory of 3476	2152	DorsteniaoNative.exe	regsvr32.exe
PID 2152 wrote to memory of 3476	2152	DorsteniaoNative.exe	regsvr32.exe
PID 3476 wrote to memory of 484	3476	regsvr32.exe	regsvr32.exe
PID 3476 wrote to memory of 484	3476	regsvr32.exe	regsvr32.exe
PID 2152 wrote to memory of 2280	2152	DorsteniaoNative.exe	explorer.exe
PID 2152 wrote to memory of 2280	2152	DorsteniaoNative.exe	explorer.exe
PID 2168 wrote to memory of 3456	2168	explorer.exe	notepad++.exe
PID 2168 wrote to memory of 3456	2168	explorer.exe	notepad++.exe
PID 2168 wrote to memory of 3456	2168	explorer.exe	notepad++.exe
PID 2152 wrote to memory of 4036	2152	DorsteniaoNative.exe	notepad++.exe
PID 2152 wrote to memory of 4036	2152	DorsteniaoNative.exe	notepad++.exe
PID 2152 wrote to memory of 4036	2152	DorsteniaoNative.exe	notepad++.exe
PID 3456 wrote to memory of 3292	3456	notepad++.exe	gup.exe
PID 3456 wrote to memory of 3292	3456	notepad++.exe	gup.exe
PID 3456 wrote to memory of 3292	3456	notepad++.exe	gup.exe
PID 3292 wrote to memory of 2212	3292	gup.exe	npp.7.9.Installer.exe
PID 3292 wrote to memory of 2212	3292	gup.exe	npp.7.9.Installer.exe
PID 3292 wrote to memory of 2212	3292	gup.exe	npp.7.9.Installer.exe
PID 2212 wrote to memory of 3848	2212	npp.7.9.Installer.exe	regsvr32.exe
PID 2212 wrote to memory of 3848	2212	npp.7.9.Installer.exe	regsvr32.exe
PID 2212 wrote to memory of 3848	2212	npp.7.9.Installer.exe	regsvr32.exe
PID 3848 wrote to memory of 980	3848	regsvr32.exe	regsvr32.exe
PID 3848 wrote to memory of 980	3848	regsvr32.exe	regsvr32.exe
PID 2212 wrote to memory of 3196	2212	npp.7.9.Installer.exe	explorer.exe
PID 2212 wrote to memory of 3196	2212	npp.7.9.Installer.exe	explorer.exe
PID 2220 wrote to memory of 2236	2220	explorer.exe	notepad++.exe
PID 2220 wrote to memory of 2236	2220	explorer.exe	notepad++.exe
PID 2220 wrote to memory of 2236	2220	explorer.exe	notepad++.exe
PID 2236 wrote to memory of 3972	2236	notepad++.exe	gup.exe
PID 2236 wrote to memory of 3972	2236	notepad++.exe	gup.exe
PID 2236 wrote to memory of 3972	2236	notepad++.exe	gup.exe
PID 2212 wrote to memory of 828	2212	npp.7.9.Installer.exe	notepad++.exe
PID 2212 wrote to memory of 828	2212	npp.7.9.Installer.exe	notepad++.exe
PID 2212 wrote to memory of 828	2212	npp.7.9.Installer.exe	notepad++.exe

C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Fall Guys Ultimate Knockout Generator.msi"
1⤵
- Blacklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3304

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3504

C:\Users\Admin\AppData\Roaming\NativeDorstenia\NativeDorstenia.exe
"C:\Users\Admin\AppData\Roaming\NativeDorstenia\NativeDorstenia.exe" "C:\Users\Admin\AppData\Local\Temp\Fall Guys Ultimate Knockout Generator.msi"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1020

C:\Program Files (x86)\DorsteniaNativeoaoInstall\DorsteniaoNative.exe
"C:\Program Files (x86)\DorsteniaNativeoaoInstall\DorsteniaoNative.exe" 670691150437975822 9f7OjgymguER/Bmkc6hA9aVBjcZnst+2xHkWqBco6YOx5xnjoMjkNUttVb8ZWBI+8I/KRs4bYYKtsF1mBK7qzfTXGZQNVgdoGMAas0b9W4yZnnpyEwkgt2dY8iGlAYIWlQqYA81sm8edKPsiKLciEDe2yDxVI+UCgB8+dqgBuaPm35dn20GRKuFEzhy5fylkEqxSn7dsutFrYALN9C06wHWqBYjJi3nhUy2uKSDaxfTDAc3xVHcZVw9CT8KcvsFV gtUZ3Aln5J01bEGj6XlESsqh+V2D9RLLp08Lt5S0o9ah6br0DCGiB5q3PeqdYH62QU3h6yeNAE+wGDkkL6sMHE8wfNT3YhEsKjzxknF9l9MMZvVcqNhCcdhZaLeBSgOE
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2152

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Program Files (x86)\Notepad++\NppShell_06.dll"
4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3476

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Notepad++\NppShell_06.dll"
5⤵
- Loads dropped DLL
- Modifies registry class
PID:484

C:\Windows\explorer.exe
"C:\Windows\explorer.exe" "C:\Program Files (x86)\Notepad++\notepad++.exe"
4⤵
PID:2280

C:\Program Files (x86)\Notepad++\notepad++.exe
"C:\Program Files (x86)\Notepad++\notepad++.exe" "C:\Program Files (x86)\Notepad++\change.log"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4036

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /d /c timeout 5 & cmd /d /c del /f /q "C:\Users\Admin\AppData\Roaming\NativeDorstenia\NativeDorstenia.exe" & cmd /d /c del /f /q "C:\Users\Admin\AppData\Local\Temp\Fall Guys Ultimate Knockout Generator.msi""
3⤵
- Suspicious use of WriteProcessMemory
PID:3728

C:\Windows\SysWOW64\timeout.exe
timeout 5
4⤵
- Delays execution with timeout.exe
PID:2108

C:\Windows\SysWOW64\cmd.exe
cmd /d /c del /f /q "C:\Users\Admin\AppData\Roaming\NativeDorstenia\NativeDorstenia.exe"
4⤵
PID:3760

C:\Windows\SysWOW64\cmd.exe
cmd /d /c del /f /q "C:\Users\Admin\AppData\Local\Temp\Fall Guys Ultimate Knockout Generator.msi""
4⤵
PID:1988

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2168

C:\Program Files (x86)\Notepad++\notepad++.exe
"C:\Program Files (x86)\Notepad++\notepad++.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3456

C:\Program Files (x86)\Notepad++\updater\gup.exe
"C:\Program Files (x86)\Notepad++\updater\gup.exe" -v7.88
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3292

C:\Users\Admin\AppData\Local\Temp\npp.7.9.Installer.exe
"C:\Users\Admin\AppData\Local\Temp\npp.7.9.Installer.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2212

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Program Files (x86)\Notepad++\NppShell_06.dll"
5⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3848

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Notepad++\NppShell_06.dll"
6⤵
- Loads dropped DLL
- Modifies registry class
PID:980

C:\Windows\explorer.exe
"C:\Windows\explorer.exe" "C:\Program Files (x86)\Notepad++\notepad++.exe"
5⤵
PID:3196

C:\Program Files (x86)\Notepad++\notepad++.exe
"C:\Program Files (x86)\Notepad++\notepad++.exe" "C:\Program Files (x86)\Notepad++\change.log"
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:828

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2220

C:\Program Files (x86)\Notepad++\notepad++.exe
"C:\Program Files (x86)\Notepad++\notepad++.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236

C:\Program Files (x86)\Notepad++\updater\gup.exe
"C:\Program Files (x86)\Notepad++\updater\gup.exe" -v7.9
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3972

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DorsteniaNativeoaoInstall\DorsteniaoNative.exe
MD5
f043baf22717c77655fe3813771841e1

SHA1
4d2dd16f9de05bdcca8fbde686578d2c010fd544

SHA256
811e586a3e3d85f7533b33a77e04d357dffd87c0a15b0937e4b5218b8b9a42a6

SHA512
610e329ee717cb9bc848965188953bb2a90ea57958d207c8498202a219fe7e38ae842bde6471a7fbee5b62db38e62aab3e0374ca085830fa9247a5056d1c20ee

Download Submit
C:\Program Files (x86)\DorsteniaNativeoaoInstall\DorsteniaoNative.exe
MD5
f043baf22717c77655fe3813771841e1

SHA1
4d2dd16f9de05bdcca8fbde686578d2c010fd544

SHA256
811e586a3e3d85f7533b33a77e04d357dffd87c0a15b0937e4b5218b8b9a42a6

SHA512
610e329ee717cb9bc848965188953bb2a90ea57958d207c8498202a219fe7e38ae842bde6471a7fbee5b62db38e62aab3e0374ca085830fa9247a5056d1c20ee

Download Submit
C:\Program Files (x86)\Notepad++\LICENSE
MD5
6c37fdf964076fd0f9ee7792dd682473

SHA1
e69e9eb6602479bd819ef0b8c917608e7b11e494

SHA256
01587c7ea52f973e595ec81a6f9b25301c0a170267f35ceb10709f41e5b75668

SHA512
aad60c0feaec07fe9731e3b084467c9ed5ffdf4ac5c837c19656eaad00958b5d7d610c9bcde7c4fd043b43831d4ddd1a33cc115acd387c207a510327d31c54a4

Download Submit
C:\Program Files (x86)\Notepad++\NppShell_06.dll
MD5
e4ed9c5f1223f9e7e4cf4a13f25bff40

SHA1
f324870e26253c242f68547571f29705c119a61b

SHA256
e1e629386ac0b8dfe75cdf7989ca448b8b965e198b13487bea0719c0b2d6ac09

SHA512
5a27efba0bc3165c8f2e79962b3e93546e14737e89c66e310ece18dace1be327ef4fcacf431e0970d94b9f0f234374982419a503dbe7e0c83f924d0e90cb8bd5

Download Submit
C:\Program Files (x86)\Notepad++\NppShell_06.dll
MD5
0c67d6c622848c536c0f7ea3760c39d9

SHA1
46c47c3917be00c34570df249cdb68c883ba7ba2

SHA256
b98f6a2d2ea4dfcbbbb20cc9702ce1d520c2d5290af068e1f0c27a3661a36556

SHA512
b558a5f70101ebc1ebcc4d2a45eb6e0bb551032b8896db4f2fd7cff9e4d36bbe064d48a27d83b19a9f397c8177aa445c116144a57e8f77351fcfb407c150415d

Download Submit
C:\Program Files (x86)\Notepad++\SciLexer.dll
MD5
981fdcada2bfea753c646a1c4f19a4c3

SHA1
b4044497fc928557551ff19d16e0aa0b8323c482

SHA256
2c05172bb17cfe93975fd4aa33c4ed02648e42f6f1e72b412cc2babcf4f8d02c

SHA512
7985e338bd5227dcde7645f5c5dec1c9c39dc36e5667cafb04924cf396d295abee4d77a92e236cfbdbd12c90e8d24e403c78141a2531fd42395b87d44a5cc408

Download Submit
C:\Program Files (x86)\Notepad++\SciLexer.dll
MD5
0240a3b291d3d74d1a76669cf257e626

SHA1
8e5dc6afc39868c03db0f4016f4ee08943f5e40f

SHA256
a45e8977e12995326e6ccd023f705353b750c75d010524bfbf86c8c6b1bc1db1

SHA512
062af4b6f34211c0cffb8fce47657309fd0f358e12d4eb5cfe092793ec0785adea36b0526fe95f4f4969170684e0a8ec3348b237e2b0a6111ddd08e1cdf696ff

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\BaanC.xml
MD5
2537a01a4619a19962fb1b85cbee9a13

SHA1
adaf66583cc60a53f0a08b030e63cc2652badd17

SHA256
9780d21f36eca4cb7f85c67fe9113c3c223822662812f6ab533c011cd2f56e7e

SHA512
f982a312a393cdcf2008b5cc76192b766e25e3cce8fe2c3bd3d775d4e814333259197b88c7749d78d81a902e6717b00e57d705cfa1950c8ddd60ae2e51576cf5

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\actionscript.xml
MD5
f8876462309eeb4204eaaf5777dc4eea

SHA1
167b0f169340f0cf7d2a53d0f4c4b20f694ff12a

SHA256
7bdab6f3b572773331a17bfbb6cc4bbd71dfd89e4f11e404b7466925678a3a26

SHA512
ac1947a0b70e52a20d2b8be956ad36752565a41d7aaeab79d1da872ee32184d46193d6908c361b709c0f78e120776f77f58f170dba2c6c2e09d5d792220c40c7

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\autoit.xml
MD5
24091974377d7e76106add1210d5853a

SHA1
7663d568323f753fb62c15f684eea1ff9014ce5b

SHA256
07cb7ea3f8d1eee1142bcdf876e29f14e6ae2a72ef28f2310263da531c7e8711

SHA512
c8f7898d23ddf7cc5aa550f32466fb5734a4c93bd1e9be628ad2a69786f6af1f0c1a61b11a62d4c3e164d5a061f4944d489449b412c29fa64eeb2fe628a976aa

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\batch.xml
MD5
713831a4916810500b39efbdb41435a2

SHA1
6b9c9d965f73f71fafb786d547be09f5ef398643

SHA256
d43ce011aa2d5a946c36b4c3a6a0a98fd9570253bc461a267d3b44aaec3cb6b0

SHA512
3d01cf5ff64dc51f7b61310de91663429fa65a5ed4aa45aa6a5ee1ad9b1290370cf456c3a79d92629629204f6e824aea128ee39b7761cba6dd4e79be85b9bad0

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\c.xml
MD5
16d6838637685dd1d1e52ada09b4f5d5

SHA1
d16dddea069047dc92ba53b1f8ae09869806c0ae

SHA256
3ce935da02821b1cffb430f8a81863ff7e58427c9c70ff2ab61a0628ae874759

SHA512
354d4a256d8d9ceef28431afcaa665db35f8ab7de416122975bcb8b549d0d592e5efab056f0798fbad58e995a083bf0147396d391d6e09d205e885a2d9e718dc

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\cmake.xml
MD5
6c33239d9a59e3b2aa74913b117b2342

SHA1
b3b685494715c4a1ec9c71fc4ea45e89cf0d5457

SHA256
55f04796c0dfb130cf438a01ae8e7f96d99a9320a2d9c8e66a9a670640ca5cc9

SHA512
09ef4ac440599cc7c69f074187cb644db57d95b96e55146486679bcc367c639014a0133068730bb1eb17cbbacf8848fd6783a03fc16db55f90bcdc5bc1ac1110

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\coffee.xml
MD5
633f1e56a9f5b7e1c7c75e6dff944b25

SHA1
55f1f86306161a2b743fe13927e852c2570bfaf7

SHA256
46d379e7ad5565fc197a32b62d04ceb1be4452af2ae45663415809bc7badb0bd

SHA512
97e5459a2055dc33bca32ba8bd1cedf273883653d013ab8e44a921baa94caf092885791e4d9f35e3bfb483a696b407882ad798b19cc7c5802fa4c36ebcecf65f

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\cpp.xml
MD5
f4cb67fe4a25e319a715b8582ac6f06a

SHA1
67b7c49c8c5e69caf6bd74dbd3567f4aaddde24e

SHA256
649599e3b752e59ed10ffc367ea1e0668fdac9bede6987d1918fdf006b7cb27c

SHA512
d64d00d413e98b45640843006990068cda1c43ec67e6f2c735a91815187ac31b011355abe86c931c22cc1ef4f41f5cf77ca09b0d042f89e58870aef46d1785d3

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\cs.xml
MD5
c9bc2acde59532d2a9b65e7f9cd55d4f

SHA1
d4a0e2d2b20e0b0cc40a0bf3a5274800d1eb6ea7

SHA256
32076a244afd75a07cd38f1fa27b08eea3a4a697111cde8a1cb636c46c708c17

SHA512
48b199df367edc2a3463b80ea82f20ed6731b3889fbeb9bef14b9bd9f835b836ebda317d6dbc81f429062ffe6ee059df313371431b4408c2812e93d4970ad7e9

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\css.xml
MD5
d2affd6da8aa4fd9457db7b0dcb87517

SHA1
427e170083be87d570df3f9ea4b0eff0eb60a8f4

SHA256
776187ab9beec87648e5701137f153adeef88c579b15b181c5d4eee2f02262f8

SHA512
1e92277082312a9c3c9daecd370bd729038d3058cbc15b0a534019b5b816f297c98c42331abe5911d3efe12e8a6d387284d4c1ec3957aa9f16ac0cdef99ca647

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\html.xml
MD5
4025e1158c027cf56c2625e65eb724ec

SHA1
439fea1f13f3a35d2c3176d99db0327a6d216d3f

SHA256
4300b3a71f387c91548984d017033884e176546ad5b74bac2e4df59caa163530

SHA512
c50848129563ddc5d2c2919366f844325edda13814e0499becabf487f1e5cae6fecd217c5cc76d59b83eeed4d722b01de68e9d9766eba6327c10b14143cdf465

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\java.xml
MD5
4690cead3d2bffe2ed519f6ea5002266

SHA1
dabc1ba868dc058b06dd426365c83bf5ff5bf716

SHA256
862a83be2906ce28b6d3f1fdfb589d18cd6e971a7eaa51a1c7096cfff929b35b

SHA512
d450ef298b04617af02da2b9fde5bb92229bef9e8d0492081ed696d0a9a447726708bb21abd80afbe9ff668a4e4d585871bae681a62f2d36b1a2d9e28f8e8a40

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\javascript.xml
MD5
c9528cebd21cc8d7cd358e847decf674

SHA1
66b53ecac92292457e979a3b78bb783b5c26f34f

SHA256
02a01d2fd9b6eb563b03a3de839b588b8b073aba9676d40ad86483a1b79317a0

SHA512
b1844b9cefb48d059c47ccdcdd7362fefa18ebf3d8d59c91f3b53af1e7486fbcf1080689e2ddc10cb14220f37ce4342c546452b8bec1f147276d79781ca7c248

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\lisp.xml
MD5
6f370232b66261718bacf250c21b7e38

SHA1
4a47f13a680b891f6692020d2db59e164ddba920

SHA256
b2a1b6e3478a4f37f63028ab5b998518f115cae4cd53c394f7638bed6e97d78e

SHA512
34729a4e9cd73830ab936cb9b5c468fb1a3d847d0844840fbdce75d5a5acfcccba2802a72dda45af32b4a42aafcb299ed447a22e95955421a93709db706b64bc

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\lua.xml
MD5
bdb4f044ba52f6a83953ffd659c9252a

SHA1
25ca6e9f4be716377126ca21f332beefef8f1549

SHA256
3daa67cc9dd0370566566ce0492597a3698b7d9edd361a759c58e1fbd7abb349

SHA512
5af1b30c553a0d9e099ba13aa715cbba07d1f4c381092b2d500a6e211d37bd31bdabd5cefe1a76023bf99fdd68767d01ac0909c96ed629fe821bf22983858ba6

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\nsis.xml
MD5
7985ac923ccbf94742d29d96c405c843

SHA1
e77f9a3ef026127de4d47538c1f121c771eb7727

SHA256
5c1482f16fc8a1b99ec87eb4edef5c1d3f2d1c750f1647416369c6124498ad3e

SHA512
3f1514f224af9b9abb65e00f84598d7fc51d2d507fcc22086c96d26e98ea955224f5d7eb0d1e26ec88a24c240b177d15fdd16f855a3cddd47200396d40cfe0c9

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\perl.xml
MD5
7c1a02621e9bcb47e41642023b3bf940

SHA1
39fc9b97ecc737166da15bff111e00f5b5e74e17

SHA256
8b6a82f9c789a003f0df63cbf214e2ba696cdef2966bcad6cc97250b879e78d5

SHA512
9c53f52db9243ab05ad224e8b0bb0e780484cfd0fbd34886f718d882e0e0537edb3313e66f4cd7829b98f4d633de0892aeedf99cfe20cb7a03ab644d6e7ccf9c

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\php.xml
MD5
1e9d31476dddc00249463ede7ba491d7

SHA1
7d6f0047913e58aecf891f24c1e712d269e78bad

SHA256
43391307f2829b77df05725a13670f6ad0650f8b92b4503cba65d7901e1dda10

SHA512
af74431d200e9c33d387f8360c330473abedd7c990d559452d79b4b1c8357d5d795f8b1fd6aeda0fc5314ac59821fe6fc9f652aa12898697670f0c5b100ed10f

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\python.xml
MD5
7bedd66d0b8a71da1467f63db6184420

SHA1
c425dd0d93cd23e091ad0623c82d2edde21dbe06

SHA256
cc27e0ea6542eb7bb249d169f42f9ac6fcbb794c2ef5d85f2b502e124ceef916

SHA512
f2e974f725d4a260976c3b6919cd7d20b92baf403c9298070a291d7b4173ce76c5df67c40c2c5faeee6a1a69cede956b72ca877e5ecab5f645b252613f4de56f

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\rc.xml
MD5
12b972b69130e664e50ac111d298379b

SHA1
413141253cf170a010f7f3a05a9ee1cfd4d37e25

SHA256
12ad067aa1227b92141bbf9faca8efa74549cff6dabde85899db9272eb7e2dff

SHA512
01686042037f9477e707b45ff61674a298eed81ba5617695fe02be87f7bc54b965aeb1e85bc8481d366564b81ec77303a5f36382487f5051b831cbbc3acea2e3

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\sql.xml
MD5
056b92b4d2e16984505990cf379b5486

SHA1
7571c99732917dad3dd465f29d5bf28619a09fa7

SHA256
620fe159db5ce323b78b4768f9f6a3a95ca2c4fa4806ea5145afadac21dcc74d

SHA512
2e0ce39585e43e343ee326d54f50c2c5ae1a49ae1f3d0b5e79e1f9877c79d0baad790b5dc28e03f28de2099e175b25b190ac969409112161f9d86d11df0c3f10

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\tex.xml
MD5
03f74d2063099160e73faa1a5dee7f9a

SHA1
89a19baacde3f98c9439861a52239df8c5e964ba

SHA256
d19fe5a6b68b50e0820641489fd73368ba4ba58adb07948e39073ddce8e08d37

SHA512
10c7ca39467a250163e7884fdcc38aba16dc6325f29aea26c34c50f227429d96ce70a71bf6ac0ce1190b442535c477e5b2f75e6890ae35cb2c86dcc54d5763c7

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\vb.xml
MD5
cb6d0cff9916fa1eae0a4faafc9db82a

SHA1
0bb7663a45ac8a0e8ed5ee3296f7fedc24c4a3e6

SHA256
74b6701e0c8f2c92eedd563165b61d4813f519f3747b67b3a043a4b85de41401

SHA512
44eb9032d830d060d876edfc475951a80a358b235064c12c858e56332a499e8abe32bdc588fff4e0888c91bc1b74fedd925322b5b9cc8720f938cb84c9532a1f

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\vhdl.xml
MD5
1ba07e9e9c7ccbf095fee8c248375527

SHA1
668325f597bb9fa517e41f304f07c5d0a0421160

SHA256
29967c6650ce9fce73b7b9dda3390ae3b5cff4ad8ef2265f2c6980da55f42f97

SHA512
6cab0a05e7bb4f9089c28aa774852bdfba081f3233bdffe2d83c111276f08ebe20619db19ba731d97b98749fbf85189ae80873e802937398b7ff62ef365236f9

Download Submit
C:\Program Files (x86)\Notepad++\autoCompletion\xml.xml
MD5
432b0a7d34b59ad7512c347f8670ff23

SHA1
d4ff6d0b283f7b2b8d1792b0c9671d9afb43d3f7

SHA256
7cdfb59901b0dbda488745f9bd749ce9a1c3e228931162e3a5764c5674330601

SHA512
8abb06ad7ba00ddeda3fffb5272f35d45fa35e21df4f6b9159541249df1cd5198391edb813b46ad52fe02abf05698d46561b6450d904406799e2412bd32b1b0f

Download Submit
C:\Program Files (x86)\Notepad++\change.log
MD5
3dc3d423c3d0d544feff6e71acd68142

SHA1
2e868b20aa5f74dbfbdd63a613514d593d176e5c

SHA256
2721958ede3d72d32cf6060c70a3715f9fe573075fdd56fb12808186eec16b34

SHA512
a08928d9274b1111a10a1b265e31ede24e370f48d98db84ab0bc62ee6ca146a189f419286b558a2b074672d94b69d61bbf6e2ab5ebdef03e3544641b232cda46

Download Submit
C:\Program Files (x86)\Notepad++\change.log
MD5
0e2c0ac3a7c4452a421063d5ec8b8953

SHA1
6e00c24bead40609c5b4bde6cbd9df66ae2110c3

SHA256
4123057fa0752cf392395d4293ac31b1aeb2b39d21bcb2c86a6f433373d6ee5d

SHA512
8ee536b1916d26d7cc86aa57aaf8ade0313ff076fc629bd227b90c0e8c5c98f08bde606d890a6eb85b20b66f1d810bb1b1efa4d7dd1f51a6bd0e570afb7e98a9

Download Submit
C:\Program Files (x86)\Notepad++\contextMenu.xml
MD5
632e4272b94d0e35e1383421b196bf44

SHA1
0bbb1e28fad9f24660878dea219fb61565a2eec4

SHA256
5e9df6d39b25455a16f0b33e0bfe3f4558cf449b0e4b121d258deee9a5ed5916

SHA512
7e7fbed2eeb7b338c2784fc5d5812e4dd0f6bf753690e57ed336fec236f36de9c371b25b50fe4942676afdfea5893b06dcd1785d9fbd5e4f44b1124c8f217045

Download Submit
C:\Program Files (x86)\Notepad++\functionList.xml
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files (x86)\Notepad++\langs.model.xml
MD5
315831c7ea773681afe09cef4ee21909

SHA1
a4ba07d38388f2246494a50a7e60ef52e4d23263

SHA256
0186681e5545c2ffff8e34f20e801932434718c0210127a9db1c61bdb042a3b9

SHA512
124f50b68397fa2a0f639741ba7a90f470bf20e0a21a749b95504692330f56c647f800cc3613809bf27e3dd21a6ebc472a4220117a11bd6a0a15e4b869c9d3d7

Download Submit
C:\Program Files (x86)\Notepad++\localization\english.xml
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files (x86)\Notepad++\notepad++.exe
MD5
b2c0f12d8a7bd69c003c1eed0c7f0689

SHA1
7aacccd07821339666ca2fb798952767a18ef4df

SHA256
38baa3ff72cf43f016a9d0df9e7cb6c1e6a7481b5f2ae2f599ad53dddec873d8

SHA512
60da033cb8604c4f4025a5cdccb17d65d43194e1b5465928a703d177f1a66a0b2c8e197e39b07838a0348f0662c8002153f1d754e92def0238f5c11de209a366

Download Submit
C:\Program Files (x86)\Notepad++\notepad++.exe
MD5
b2c0f12d8a7bd69c003c1eed0c7f0689

SHA1
7aacccd07821339666ca2fb798952767a18ef4df

SHA256
38baa3ff72cf43f016a9d0df9e7cb6c1e6a7481b5f2ae2f599ad53dddec873d8

SHA512
60da033cb8604c4f4025a5cdccb17d65d43194e1b5465928a703d177f1a66a0b2c8e197e39b07838a0348f0662c8002153f1d754e92def0238f5c11de209a366

Download Submit
C:\Program Files (x86)\Notepad++\notepad++.exe
MD5
b2c0f12d8a7bd69c003c1eed0c7f0689

SHA1
7aacccd07821339666ca2fb798952767a18ef4df

SHA256
38baa3ff72cf43f016a9d0df9e7cb6c1e6a7481b5f2ae2f599ad53dddec873d8

SHA512
60da033cb8604c4f4025a5cdccb17d65d43194e1b5465928a703d177f1a66a0b2c8e197e39b07838a0348f0662c8002153f1d754e92def0238f5c11de209a366

Download Submit
C:\Program Files (x86)\Notepad++\notepad++.exe
MD5
456f5dcc3979596f8a23485463e54961

SHA1
9875e6c76e3c6bfb4d162580f9aea87c506d574e

SHA256
db3db8e510f67bd4824481ff43f98f34cc3f718da396a0ebb4bc3b929cad5605

SHA512
3243c0b58659c32554949ab7416402c415978edf25037f8471c10e7cae335694adca665df56c64e93ae45acfbc4d657716c59cc2e3f1f19ee022bb340bc93661

Download Submit
C:\Program Files (x86)\Notepad++\notepad++.exe
MD5
456f5dcc3979596f8a23485463e54961

SHA1
9875e6c76e3c6bfb4d162580f9aea87c506d574e

SHA256
db3db8e510f67bd4824481ff43f98f34cc3f718da396a0ebb4bc3b929cad5605

SHA512
3243c0b58659c32554949ab7416402c415978edf25037f8471c10e7cae335694adca665df56c64e93ae45acfbc4d657716c59cc2e3f1f19ee022bb340bc93661

Download Submit
C:\Program Files (x86)\Notepad++\notepad++.exe
MD5
456f5dcc3979596f8a23485463e54961

SHA1
9875e6c76e3c6bfb4d162580f9aea87c506d574e

SHA256
db3db8e510f67bd4824481ff43f98f34cc3f718da396a0ebb4bc3b929cad5605

SHA512
3243c0b58659c32554949ab7416402c415978edf25037f8471c10e7cae335694adca665df56c64e93ae45acfbc4d657716c59cc2e3f1f19ee022bb340bc93661

Download Submit
C:\Program Files (x86)\Notepad++\plugins\Config\nppPluginList.dll
MD5
e013fa45d2e436ba93a7213720b6c39a

SHA1
0ebcd89a095988d6c1c0f58c510467bc9bc16766

SHA256
539167bda324a38b9e5d7fcaf79da1c011d0a24034b8e3affa8a154076469757

SHA512
b767346e9f5292ab3c3549b06a406b988fb85c9dbdf14bb1f25bd7435b1327fc5ab29103fcc7608801f301347b9192dff11624557f0f60199633d7a31569b9be

Download Submit
C:\Program Files (x86)\Notepad++\plugins\Config\nppPluginList.dll
MD5
7b2f6abef0982c930e381a2981a3d065

SHA1
3126b2e519baa89ed1bd072ed6ee266542d531fb

SHA256
3fe6f0583079e6b5114a45cad88220aa2382dd8bda8b20fc6e6c472b9123d858

SHA512
77ed2da2a94972de04ada10157d4d23609ca7b0d957b7e9499864e3575fd3c8516f88acc0e5ab12cf718e295df45566668798c0e52090ee6b442891b535d9a78

Download Submit
C:\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll
MD5
653ddcbc04c3ad013ff97b4a5297537f

SHA1
36161f109ff080f47c350c9959c01c5bded933a4

SHA256
8da562abdf903da3445524100e21069eb72af5977fcd73827f978f32137b7433

SHA512
70b4c6ac542bfa983c1058019e29159712bda72f547e8419021fe0a77a5c4ac6581ee8955f86769f327a248c9b3d0cae078a453c3994bc59c127e7b8a6cc39f3

Download Submit
C:\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll
MD5
8956f07770ad9b60c40b7a3512f3afbf

SHA1
d3bdfdb66a48b5a4179320e15cf0a4ddf895d5c2

SHA256
c7bff286339fb200d4d83f19393112e8431befed591ec361b59d9755a5f8d81a

SHA512
e088006726ad786704bcdee2d7275ee8bf5a821c607de28dbf16776eab9aa570acaf8cb66eb233eab3af51b363c12be7701b161036ee118b5e7a5f96b910e2af

Download Submit
C:\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll
MD5
c0a24b6ed33abed25d2cb48ad7a4c4ee

SHA1
968165824d2cbbfb646e0890263854c3e165ee0b

SHA256
523ad9f941145187617bc87a740a3c6ac78eceea0f5d6782934d31e59bc8dfc0

SHA512
ad55e4d218b4288d1af20bcc2d8f99cd7e09acb74ae5e489f0e261dd7cc45283ee2a31cdf8d3cddf31738cfdd9f26a37fe6de14c7114ffd9b2b5a5d42a5774cc

Download Submit
C:\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll
MD5
5cff618486805c64838f63e66d0d4bea

SHA1
e28d5b386e11085a5daa2a5df575bb5d773f9218

SHA256
62106b55c57e67b724003bd62f10604b1eaf2f9a76500609a802694bacb76d92

SHA512
91bff9520654cf4c0bb42de7d7c037ed16e9581e0bab99117a02b6875c7783fc26c243519d6022ebf37e06c2898e959dc53fc7ccfe31c9bd0ea31faecb4d113b

Download Submit
C:\Program Files (x86)\Notepad++\plugins\mimeTools\mimeTools.dll
MD5
0e4f2c1416c7b0c0d7dc1691475c67ef

SHA1
485481f586176582be44cc7f1fdf8ac5c1973b5c

SHA256
6b05342e165b70d085379131adea253087353ad9fc3def82a03479fda76dd624

SHA512
4ca094fd7cee4d2d138c8239cff46d0c6b57c13dfb81c849f8ba38604d19ee2d700a3b6298b800104dea80310fc45874c90bf4c8e443cf3f7281d6518513ac26

Download Submit
C:\Program Files (x86)\Notepad++\plugins\mimeTools\mimeTools.dll
MD5
6f35a1492c6c9f5b602cba15b4627d81

SHA1
341e05ec89a45ece29080196aa9b6c054d53e485

SHA256
83a4696bc8cf5efedd8f813790323d55be52241d3fec821b3ab9d2feb4b75629

SHA512
966650ef4087d43614b25548fd4d6a28933c9bc63961be5cbf6709fe20ed99801b11af5a86be300b1e54dc10f16c2c0d10ce5f99ba8541d568d15e3bd985a506

Download Submit
C:\Program Files (x86)\Notepad++\readme.txt
MD5
11b0a85dcd7045352f71e46d83de6d7e

SHA1
77b65e52e20a64441c01c57510dc3d60b33afa16

SHA256
bc661498305746c6deacbee301522f7c283566a804184e290481d3b57af675b1

SHA512
8037c0c3dcd6162d4363126dd80e5b7954ff7f06b276b29591fcf35d5592d10174993972854fa416b40324e683e838edefe636f35f5d3904c282e433da5bfd7d

Download Submit
C:\Program Files (x86)\Notepad++\shortcuts.xml
MD5
f11d96162bc521f5cf49ffe6b6841c9b

SHA1
37c96380179a17fadb2a6dc26d3f80fb7cd332d0

SHA256
be9aeaeab5a2e4899ba7e582274ba592c1b9baf688b340a754b8ef32b23cfa9c

SHA512
a3305486df0e8d200ef8ca17e5c64a0b88502d3984b17aacc75471da823799507b483520aa5b085c2c4e7d0145bece1a84bdc286bcf13e32c808a8e747a6ef95

Download Submit
C:\Program Files (x86)\Notepad++\stylers.model.xml
MD5
00e79525ff054ecaf9b38a2937f50cac

SHA1
40866b6ded2f8e5193282bedb06380134605df54

SHA256
38265f7590a60a226d471cd1816a27e967f4250e95ec1443b3a17e5ce728c2bb

SHA512
f70208a8d88068d1dd7341e0cc871725c22d386b3b39b15d0ecb3664cf46723118971d83fc9176ea7370d6887270ca3358dec266b630a29d6fb6dba2548878d0

Download Submit
C:\Program Files (x86)\Notepad++\uninstall.exe
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files (x86)\Notepad++\updater\GUP.exe
MD5
ce7d021195c1919a479720a826961888

SHA1
cddeedc201902c9aa5baa77446a1b8c277d17a89

SHA256
802cf5ed5394e4a3f9c0ad9dc3f940755aeea0873667234982ed8d8a38068756

SHA512
ff30fa81eb76435ecb8e7969cffe54c16c30f048ec8b79263806ba5c0611b1858059a3e129707036b361568352228a87a4682331e0392112f86000f785685a0a

Download Submit
C:\Program Files (x86)\Notepad++\updater\GUP.exe
MD5
3f311b73407c94cd8257de7424396cee

SHA1
7e00c32baeafe20472c2ef0d2e4a4f70310b5f2e

SHA256
14a938654d7b7c7f96824bb7a96dfa4c43bd4807d7a1548aa881a85ae70e16de

SHA512
b2dcc8dbb457bbff930c14f4593651eb0d31cec27a31fa765e3af3edab90d271bb3e5e8fe12bc1a48c42f0d6a52a8252c0d49575d30e18740f1c5833ea86deaa

Download Submit
C:\Program Files (x86)\Notepad++\updater\LICENSE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files (x86)\Notepad++\updater\README.md
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files (x86)\Notepad++\updater\gup.exe
MD5
ce7d021195c1919a479720a826961888

SHA1
cddeedc201902c9aa5baa77446a1b8c277d17a89

SHA256
802cf5ed5394e4a3f9c0ad9dc3f940755aeea0873667234982ed8d8a38068756

SHA512
ff30fa81eb76435ecb8e7969cffe54c16c30f048ec8b79263806ba5c0611b1858059a3e129707036b361568352228a87a4682331e0392112f86000f785685a0a

Download Submit
C:\Program Files (x86)\Notepad++\updater\gup.exe
MD5
3f311b73407c94cd8257de7424396cee

SHA1
7e00c32baeafe20472c2ef0d2e4a4f70310b5f2e

SHA256
14a938654d7b7c7f96824bb7a96dfa4c43bd4807d7a1548aa881a85ae70e16de

SHA512
b2dcc8dbb457bbff930c14f4593651eb0d31cec27a31fa765e3af3edab90d271bb3e5e8fe12bc1a48c42f0d6a52a8252c0d49575d30e18740f1c5833ea86deaa

Download Submit
C:\Program Files (x86)\Notepad++\updater\gup.xml
MD5
b023cc4d768b34a5401f317479740a53

SHA1
4ca45db707b120bca9cb6cd8404b9e6ecabdb2d2

SHA256
d3e6404c7286961cbab82d4c49f82bcb166db9b5a13eacaa0eeb59a0709a0c14

SHA512
82829b0d22cdb857cf1d299a9898d1862b61cd3c22eb05cb638391d3a54b12d5dd7a824ef838a9453e2c2b85c516eacad18b6d19221ad24f0bcedc2fff942e25

Download Submit
C:\Program Files (x86)\Notepad++\updater\gup.xml
MD5
b023cc4d768b34a5401f317479740a53

SHA1
4ca45db707b120bca9cb6cd8404b9e6ecabdb2d2

SHA256
d3e6404c7286961cbab82d4c49f82bcb166db9b5a13eacaa0eeb59a0709a0c14

SHA512
82829b0d22cdb857cf1d299a9898d1862b61cd3c22eb05cb638391d3a54b12d5dd7a824ef838a9453e2c2b85c516eacad18b6d19221ad24f0bcedc2fff942e25

Download Submit
C:\Program Files (x86)\Notepad++\updater\libcurl.dll
MD5
9715635a75a3525bd94d0450f39b81b8

SHA1
5441e39e17e6b0b56d9fd09e9571df236132535f

SHA256
957093a9649465e0a654dde10465b30f75b2d951194668f9be5a0c96e051c832

SHA512
95a5b8fd628bbb1990c9af41a54136a7e8ed9522e12a4f5b8d7be8443d15d951fe24c38af7037ab6f556918671f002c538b8b6a83734b217097d12f9f4a729dd

Download Submit
C:\Program Files (x86)\Notepad++\updater\libcurl.dll
MD5
f8ddb49c200304854311893defb0082c

SHA1
f28ebd80753c42f6eeb5709550809b189c89f487

SHA256
81f783918b8887220bf2088337ff8f8a7df3c170ae1fd30f868967e2effa622b

SHA512
a26dbf82896e1a0d48d30f7fadd0f06889c20a98ad1dfb5d2e34e70b055e2c718abe0bf37032d2cc7d4a0603dfd654efe80c71682c8e8cd29158db9bc170a22c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0972B7C417F696E06E186AEB26286F01_D0A15851E78F28E33467584A33BA5369
MD5
c6f8c294305660cfc46cb2d5b33849c9

SHA1
3515d79d9c6adc4131bddced3c57a9077e2b34b4

SHA256
8be38bde4a3d486385def5f4513583745e9b42227ce78e8ae71343d9379cbcf5

SHA512
4c8641b9ba11441f2f4826c5c0e694e0b82bd9fd1cbfb9ae6b3589263ea986afadcccfa29b55a27bd5a511f685e6c361ef56ec839ce2c8360762981d92af3009

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F
MD5
81422f05f88494993bbdfcb9c5a8aec8

SHA1
de2aa7a0ebdb4737d9ca8ffcefa3cd57353c7faa

SHA256
8e56fd0e32c5a01958dab5b7d46a803f1590ad7f87aa91d2d60b6532c6f58be0

SHA512
32ead12a08cd1388d40f59e2293813521b11082b529ade107a58719a48ba3b9e49e4c4eba455cfdadc3d19207cdb5951a67b58e1c8c0b35f0eb5c49c1310f381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0972B7C417F696E06E186AEB26286F01_D0A15851E78F28E33467584A33BA5369
MD5
f37ff9ff44c30e500afea229f714e419

SHA1
f77d8717384d95681e55de2ec1c8e88a91ff74d2

SHA256
4467b9c35d8323720e46502fd7801b631a47e6296a8159159f97f255db3be956

SHA512
cbdae906a9935e3b85f0239ea1bcb93b29c52c201048a3c7fd88a2b60e05964c16fea8dee24c8e69abca5174251742e3dc2809d632ac6e30892600e50d437146

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F
MD5
c0ad17c4eff3e7a56a687424263abfaa

SHA1
c99bcf9fa1b7af909da061d9f41af442a2a2fd43

SHA256
c6dd5675cd38d75b68fdb797afdcbe084eaac9e527b1fa9cc2def4c108ea87c8

SHA512
52f0fc1d472d1632b8e1534173376fb19c4e6b571bacd6be128c0ff1e3751f540ffe4bd18605d8d20703e7194ab8deac3e529cd86e3b24d47e3b86de0d65bcf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\npp.7.9.Installer.exe
MD5
00f37c33134626b2682e258ed50349c2

SHA1
4ce0560a10c19c1e2ce747e5ff46d8086acf5a9b

SHA256
4747b67f7e2ca69b3ee829fa22b01fc61f500fba530ff928e31a3d5c62be7ffa

SHA512
d8b056894c7fcd1ae34e4b160539580608af63b739964a7178a397d7d5b8c060cbcfc2ca6559f0ef4e90f089bf5ad93ccefa11921b582d82bfe68e60798b3e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\npp.7.9.Installer.exe
MD5
00f37c33134626b2682e258ed50349c2

SHA1
4ce0560a10c19c1e2ce747e5ff46d8086acf5a9b

SHA256
4747b67f7e2ca69b3ee829fa22b01fc61f500fba530ff928e31a3d5c62be7ffa

SHA512
d8b056894c7fcd1ae34e4b160539580608af63b739964a7178a397d7d5b8c060cbcfc2ca6559f0ef4e90f089bf5ad93ccefa11921b582d82bfe68e60798b3e8e

Download Submit
C:\Users\Admin\AppData\Roaming\NativeDorstenia\NativeDorstenia.exe
MD5
a4ca15d48f389c223c9d1d9a04ca0e44

SHA1
74ca1174d182c70f249767d1fa93c47fa9bd50be

SHA256
278b73121a224e100d81ef238daa93effb3b38d0340beb217f06b00ed2b2b276

SHA512
113a2dc7d49055786b36dd992ace378da84b119e10ac80b21f7579f8da8b5084370a580a44a49dc348be863cfc761bcdf8e2fdeb293cf8eb9b65fa9ecc25f766

Download Submit
C:\Users\Admin\AppData\Roaming\NativeDorstenia\NativeDorstenia.exe
MD5
a4ca15d48f389c223c9d1d9a04ca0e44

SHA1
74ca1174d182c70f249767d1fa93c47fa9bd50be

SHA256
278b73121a224e100d81ef238daa93effb3b38d0340beb217f06b00ed2b2b276

SHA512
113a2dc7d49055786b36dd992ace378da84b119e10ac80b21f7579f8da8b5084370a580a44a49dc348be863cfc761bcdf8e2fdeb293cf8eb9b65fa9ecc25f766

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\config.xml
MD5
78fc519fcc642c5a59a5c2102ed41e80

SHA1
3dcf8cb0e1f6f8052a9743bef2bb2b3220e3c6af

SHA256
20077caeb73b35ddae26852610b9bbfd569bdfd8f55214d9e984f105a5d15127

SHA512
c2056aa2c72be990dda80648285c91dd8424cd81a5f8cb21dcdfde0e53a2a0033af27874a3044f71557f94d0c918477ec9dfdfaf6456668898ba970123741fcc

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\config.xml
MD5
78fc519fcc642c5a59a5c2102ed41e80

SHA1
3dcf8cb0e1f6f8052a9743bef2bb2b3220e3c6af

SHA256
20077caeb73b35ddae26852610b9bbfd569bdfd8f55214d9e984f105a5d15127

SHA512
c2056aa2c72be990dda80648285c91dd8424cd81a5f8cb21dcdfde0e53a2a0033af27874a3044f71557f94d0c918477ec9dfdfaf6456668898ba970123741fcc

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\contextMenu.xml
MD5
632e4272b94d0e35e1383421b196bf44

SHA1
0bbb1e28fad9f24660878dea219fb61565a2eec4

SHA256
5e9df6d39b25455a16f0b33e0bfe3f4558cf449b0e4b121d258deee9a5ed5916

SHA512
7e7fbed2eeb7b338c2784fc5d5812e4dd0f6bf753690e57ed336fec236f36de9c371b25b50fe4942676afdfea5893b06dcd1785d9fbd5e4f44b1124c8f217045

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\langs.xml
MD5
315831c7ea773681afe09cef4ee21909

SHA1
a4ba07d38388f2246494a50a7e60ef52e4d23263

SHA256
0186681e5545c2ffff8e34f20e801932434718c0210127a9db1c61bdb042a3b9

SHA512
124f50b68397fa2a0f639741ba7a90f470bf20e0a21a749b95504692330f56c647f800cc3613809bf27e3dd21a6ebc472a4220117a11bd6a0a15e4b869c9d3d7

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\plugins\Config\converter.ini
MD5
f70f579156c93b097e656caba577a5c9

SHA1
8abfdad2ac85b7433318952b7a7e385a8c18674c

SHA256
b926498a19ca95dc28964b7336e5847107dd3c0f52c85195c135d9dd6ca402d4

SHA512
1e79b8e6df1ac158317d4670a01d5fb811470ace0f1f0f547ae979b3eff9bfee65770ad8134a6bddf2e871dc8fa553e146c7d7d94d2c3e139ae4b4942562b5fe

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\session.xml
MD5
6915ba48f0b5709ea84f5832ed285446

SHA1
a90b34a4808ffc4a1c44e73cc036f29c39a2905f

SHA256
509697392aca2e05d82cbbf7ebfdaf2b2fdf5e99bb94ae430baac166e0f5a18b

SHA512
0b86e1fc111c94be4a75d5361136ca3ca38f2606858e2c79984795a4c6aaa8995bfd4963bdc6debb1a4d2a17393834f763c34af02412692dfb74d9edf2fc408a

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\session.xml
MD5
6915ba48f0b5709ea84f5832ed285446

SHA1
a90b34a4808ffc4a1c44e73cc036f29c39a2905f

SHA256
509697392aca2e05d82cbbf7ebfdaf2b2fdf5e99bb94ae430baac166e0f5a18b

SHA512
0b86e1fc111c94be4a75d5361136ca3ca38f2606858e2c79984795a4c6aaa8995bfd4963bdc6debb1a4d2a17393834f763c34af02412692dfb74d9edf2fc408a

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\shortcuts.xml
MD5
f11d96162bc521f5cf49ffe6b6841c9b

SHA1
37c96380179a17fadb2a6dc26d3f80fb7cd332d0

SHA256
be9aeaeab5a2e4899ba7e582274ba592c1b9baf688b340a754b8ef32b23cfa9c

SHA512
a3305486df0e8d200ef8ca17e5c64a0b88502d3984b17aacc75471da823799507b483520aa5b085c2c4e7d0145bece1a84bdc286bcf13e32c808a8e747a6ef95

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\stylers.xml
MD5
00e79525ff054ecaf9b38a2937f50cac

SHA1
40866b6ded2f8e5193282bedb06380134605df54

SHA256
38265f7590a60a226d471cd1816a27e967f4250e95ec1443b3a17e5ce728c2bb

SHA512
f70208a8d88068d1dd7341e0cc871725c22d386b3b39b15d0ecb3664cf46723118971d83fc9176ea7370d6887270ca3358dec266b630a29d6fb6dba2548878d0

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\userDefinedLang-markdown.default.modern.xml
MD5
e6edb9c859b5b97800da9c664a0606c8

SHA1
a0529bfe949f37d87349f89e44ac03a0f39d90c6

SHA256
b7a3e70c69f661e76cc7b6279db21fb32f275a8a3c205a75ae22e40224136031

SHA512
a02e9af4be1e274a9af548f222c00434ae4e02437eede890b3a2f0313c0bd3c3f1596d20f9f859865f807b5e8679abb4f2e13fdd4f7b1e4e7f2a787428acb443

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\userDefinedLang-markdown.default.modern.xml
MD5
e6edb9c859b5b97800da9c664a0606c8

SHA1
a0529bfe949f37d87349f89e44ac03a0f39d90c6

SHA256
b7a3e70c69f661e76cc7b6279db21fb32f275a8a3c205a75ae22e40224136031

SHA512
a02e9af4be1e274a9af548f222c00434ae4e02437eede890b3a2f0313c0bd3c3f1596d20f9f859865f807b5e8679abb4f2e13fdd4f7b1e4e7f2a787428acb443

Download Submit
\Program Files (x86)\Notepad++\NppShell_06.dll
MD5
e4ed9c5f1223f9e7e4cf4a13f25bff40

SHA1
f324870e26253c242f68547571f29705c119a61b

SHA256
e1e629386ac0b8dfe75cdf7989ca448b8b965e198b13487bea0719c0b2d6ac09

SHA512
5a27efba0bc3165c8f2e79962b3e93546e14737e89c66e310ece18dace1be327ef4fcacf431e0970d94b9f0f234374982419a503dbe7e0c83f924d0e90cb8bd5

Download Submit
\Program Files (x86)\Notepad++\NppShell_06.dll
MD5
e4ed9c5f1223f9e7e4cf4a13f25bff40

SHA1
f324870e26253c242f68547571f29705c119a61b

SHA256
e1e629386ac0b8dfe75cdf7989ca448b8b965e198b13487bea0719c0b2d6ac09

SHA512
5a27efba0bc3165c8f2e79962b3e93546e14737e89c66e310ece18dace1be327ef4fcacf431e0970d94b9f0f234374982419a503dbe7e0c83f924d0e90cb8bd5

Download Submit
\Program Files (x86)\Notepad++\NppShell_06.dll
MD5
0c67d6c622848c536c0f7ea3760c39d9

SHA1
46c47c3917be00c34570df249cdb68c883ba7ba2

SHA256
b98f6a2d2ea4dfcbbbb20cc9702ce1d520c2d5290af068e1f0c27a3661a36556

SHA512
b558a5f70101ebc1ebcc4d2a45eb6e0bb551032b8896db4f2fd7cff9e4d36bbe064d48a27d83b19a9f397c8177aa445c116144a57e8f77351fcfb407c150415d

Download Submit
\Program Files (x86)\Notepad++\NppShell_06.dll
MD5
0c67d6c622848c536c0f7ea3760c39d9

SHA1
46c47c3917be00c34570df249cdb68c883ba7ba2

SHA256
b98f6a2d2ea4dfcbbbb20cc9702ce1d520c2d5290af068e1f0c27a3661a36556

SHA512
b558a5f70101ebc1ebcc4d2a45eb6e0bb551032b8896db4f2fd7cff9e4d36bbe064d48a27d83b19a9f397c8177aa445c116144a57e8f77351fcfb407c150415d

Download Submit
\Program Files (x86)\Notepad++\SciLexer.dll
MD5
981fdcada2bfea753c646a1c4f19a4c3

SHA1
b4044497fc928557551ff19d16e0aa0b8323c482

SHA256
2c05172bb17cfe93975fd4aa33c4ed02648e42f6f1e72b412cc2babcf4f8d02c

SHA512
7985e338bd5227dcde7645f5c5dec1c9c39dc36e5667cafb04924cf396d295abee4d77a92e236cfbdbd12c90e8d24e403c78141a2531fd42395b87d44a5cc408

Download Submit
\Program Files (x86)\Notepad++\SciLexer.dll
MD5
981fdcada2bfea753c646a1c4f19a4c3

SHA1
b4044497fc928557551ff19d16e0aa0b8323c482

SHA256
2c05172bb17cfe93975fd4aa33c4ed02648e42f6f1e72b412cc2babcf4f8d02c

SHA512
7985e338bd5227dcde7645f5c5dec1c9c39dc36e5667cafb04924cf396d295abee4d77a92e236cfbdbd12c90e8d24e403c78141a2531fd42395b87d44a5cc408

Download Submit
\Program Files (x86)\Notepad++\SciLexer.dll
MD5
0240a3b291d3d74d1a76669cf257e626

SHA1
8e5dc6afc39868c03db0f4016f4ee08943f5e40f

SHA256
a45e8977e12995326e6ccd023f705353b750c75d010524bfbf86c8c6b1bc1db1

SHA512
062af4b6f34211c0cffb8fce47657309fd0f358e12d4eb5cfe092793ec0785adea36b0526fe95f4f4969170684e0a8ec3348b237e2b0a6111ddd08e1cdf696ff

Download Submit
\Program Files (x86)\Notepad++\SciLexer.dll
MD5
0240a3b291d3d74d1a76669cf257e626

SHA1
8e5dc6afc39868c03db0f4016f4ee08943f5e40f

SHA256
a45e8977e12995326e6ccd023f705353b750c75d010524bfbf86c8c6b1bc1db1

SHA512
062af4b6f34211c0cffb8fce47657309fd0f358e12d4eb5cfe092793ec0785adea36b0526fe95f4f4969170684e0a8ec3348b237e2b0a6111ddd08e1cdf696ff

Download Submit
\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll
MD5
653ddcbc04c3ad013ff97b4a5297537f

SHA1
36161f109ff080f47c350c9959c01c5bded933a4

SHA256
8da562abdf903da3445524100e21069eb72af5977fcd73827f978f32137b7433

SHA512
70b4c6ac542bfa983c1058019e29159712bda72f547e8419021fe0a77a5c4ac6581ee8955f86769f327a248c9b3d0cae078a453c3994bc59c127e7b8a6cc39f3

Download Submit
\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll
MD5
653ddcbc04c3ad013ff97b4a5297537f

SHA1
36161f109ff080f47c350c9959c01c5bded933a4

SHA256
8da562abdf903da3445524100e21069eb72af5977fcd73827f978f32137b7433

SHA512
70b4c6ac542bfa983c1058019e29159712bda72f547e8419021fe0a77a5c4ac6581ee8955f86769f327a248c9b3d0cae078a453c3994bc59c127e7b8a6cc39f3

Download Submit
\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll
MD5
653ddcbc04c3ad013ff97b4a5297537f

SHA1
36161f109ff080f47c350c9959c01c5bded933a4

SHA256
8da562abdf903da3445524100e21069eb72af5977fcd73827f978f32137b7433

SHA512
70b4c6ac542bfa983c1058019e29159712bda72f547e8419021fe0a77a5c4ac6581ee8955f86769f327a248c9b3d0cae078a453c3994bc59c127e7b8a6cc39f3

Download Submit
\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll
MD5
653ddcbc04c3ad013ff97b4a5297537f

SHA1
36161f109ff080f47c350c9959c01c5bded933a4

SHA256
8da562abdf903da3445524100e21069eb72af5977fcd73827f978f32137b7433

SHA512
70b4c6ac542bfa983c1058019e29159712bda72f547e8419021fe0a77a5c4ac6581ee8955f86769f327a248c9b3d0cae078a453c3994bc59c127e7b8a6cc39f3

Download Submit
\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll
MD5
8956f07770ad9b60c40b7a3512f3afbf

SHA1
d3bdfdb66a48b5a4179320e15cf0a4ddf895d5c2

SHA256
c7bff286339fb200d4d83f19393112e8431befed591ec361b59d9755a5f8d81a

SHA512
e088006726ad786704bcdee2d7275ee8bf5a821c607de28dbf16776eab9aa570acaf8cb66eb233eab3af51b363c12be7701b161036ee118b5e7a5f96b910e2af

Download Submit
\Program Files (x86)\Notepad++\plugins\NppConverter\NppConverter.dll
MD5
8956f07770ad9b60c40b7a3512f3afbf

SHA1
d3bdfdb66a48b5a4179320e15cf0a4ddf895d5c2

SHA256
c7bff286339fb200d4d83f19393112e8431befed591ec361b59d9755a5f8d81a

SHA512
e088006726ad786704bcdee2d7275ee8bf5a821c607de28dbf16776eab9aa570acaf8cb66eb233eab3af51b363c12be7701b161036ee118b5e7a5f96b910e2af

Download Submit
\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll
MD5
c0a24b6ed33abed25d2cb48ad7a4c4ee

SHA1
968165824d2cbbfb646e0890263854c3e165ee0b

SHA256
523ad9f941145187617bc87a740a3c6ac78eceea0f5d6782934d31e59bc8dfc0

SHA512
ad55e4d218b4288d1af20bcc2d8f99cd7e09acb74ae5e489f0e261dd7cc45283ee2a31cdf8d3cddf31738cfdd9f26a37fe6de14c7114ffd9b2b5a5d42a5774cc

Download Submit
\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll
MD5
c0a24b6ed33abed25d2cb48ad7a4c4ee

SHA1
968165824d2cbbfb646e0890263854c3e165ee0b

SHA256
523ad9f941145187617bc87a740a3c6ac78eceea0f5d6782934d31e59bc8dfc0

SHA512
ad55e4d218b4288d1af20bcc2d8f99cd7e09acb74ae5e489f0e261dd7cc45283ee2a31cdf8d3cddf31738cfdd9f26a37fe6de14c7114ffd9b2b5a5d42a5774cc

Download Submit
\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll
MD5
c0a24b6ed33abed25d2cb48ad7a4c4ee

SHA1
968165824d2cbbfb646e0890263854c3e165ee0b

SHA256
523ad9f941145187617bc87a740a3c6ac78eceea0f5d6782934d31e59bc8dfc0

SHA512
ad55e4d218b4288d1af20bcc2d8f99cd7e09acb74ae5e489f0e261dd7cc45283ee2a31cdf8d3cddf31738cfdd9f26a37fe6de14c7114ffd9b2b5a5d42a5774cc

Download Submit
\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll
MD5
c0a24b6ed33abed25d2cb48ad7a4c4ee

SHA1
968165824d2cbbfb646e0890263854c3e165ee0b

SHA256
523ad9f941145187617bc87a740a3c6ac78eceea0f5d6782934d31e59bc8dfc0

SHA512
ad55e4d218b4288d1af20bcc2d8f99cd7e09acb74ae5e489f0e261dd7cc45283ee2a31cdf8d3cddf31738cfdd9f26a37fe6de14c7114ffd9b2b5a5d42a5774cc

Download Submit
\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll
MD5
5cff618486805c64838f63e66d0d4bea

SHA1
e28d5b386e11085a5daa2a5df575bb5d773f9218

SHA256
62106b55c57e67b724003bd62f10604b1eaf2f9a76500609a802694bacb76d92

SHA512
91bff9520654cf4c0bb42de7d7c037ed16e9581e0bab99117a02b6875c7783fc26c243519d6022ebf37e06c2898e959dc53fc7ccfe31c9bd0ea31faecb4d113b

Download Submit
\Program Files (x86)\Notepad++\plugins\NppExport\NppExport.dll
MD5
5cff618486805c64838f63e66d0d4bea

SHA1
e28d5b386e11085a5daa2a5df575bb5d773f9218

SHA256
62106b55c57e67b724003bd62f10604b1eaf2f9a76500609a802694bacb76d92

SHA512
91bff9520654cf4c0bb42de7d7c037ed16e9581e0bab99117a02b6875c7783fc26c243519d6022ebf37e06c2898e959dc53fc7ccfe31c9bd0ea31faecb4d113b

Download Submit
\Program Files (x86)\Notepad++\plugins\mimeTools\mimeTools.dll
MD5
0e4f2c1416c7b0c0d7dc1691475c67ef

SHA1
485481f586176582be44cc7f1fdf8ac5c1973b5c

SHA256
6b05342e165b70d085379131adea253087353ad9fc3def82a03479fda76dd624

SHA512
4ca094fd7cee4d2d138c8239cff46d0c6b57c13dfb81c849f8ba38604d19ee2d700a3b6298b800104dea80310fc45874c90bf4c8e443cf3f7281d6518513ac26

Download Submit
\Program Files (x86)\Notepad++\plugins\mimeTools\mimeTools.dll
MD5
0e4f2c1416c7b0c0d7dc1691475c67ef

SHA1
485481f586176582be44cc7f1fdf8ac5c1973b5c

SHA256
6b05342e165b70d085379131adea253087353ad9fc3def82a03479fda76dd624

SHA512
4ca094fd7cee4d2d138c8239cff46d0c6b57c13dfb81c849f8ba38604d19ee2d700a3b6298b800104dea80310fc45874c90bf4c8e443cf3f7281d6518513ac26

Download Submit
\Program Files (x86)\Notepad++\plugins\mimeTools\mimeTools.dll
MD5
0e4f2c1416c7b0c0d7dc1691475c67ef

SHA1
485481f586176582be44cc7f1fdf8ac5c1973b5c

SHA256
6b05342e165b70d085379131adea253087353ad9fc3def82a03479fda76dd624

SHA512
4ca094fd7cee4d2d138c8239cff46d0c6b57c13dfb81c849f8ba38604d19ee2d700a3b6298b800104dea80310fc45874c90bf4c8e443cf3f7281d6518513ac26

Download Submit
\Program Files (x86)\Notepad++\plugins\mimeTools\mimeTools.dll
MD5
0e4f2c1416c7b0c0d7dc1691475c67ef

SHA1
485481f586176582be44cc7f1fdf8ac5c1973b5c

SHA256
6b05342e165b70d085379131adea253087353ad9fc3def82a03479fda76dd624

SHA512
4ca094fd7cee4d2d138c8239cff46d0c6b57c13dfb81c849f8ba38604d19ee2d700a3b6298b800104dea80310fc45874c90bf4c8e443cf3f7281d6518513ac26

Download Submit
\Program Files (x86)\Notepad++\plugins\mimeTools\mimeTools.dll
MD5
6f35a1492c6c9f5b602cba15b4627d81

SHA1
341e05ec89a45ece29080196aa9b6c054d53e485

SHA256
83a4696bc8cf5efedd8f813790323d55be52241d3fec821b3ab9d2feb4b75629

SHA512
966650ef4087d43614b25548fd4d6a28933c9bc63961be5cbf6709fe20ed99801b11af5a86be300b1e54dc10f16c2c0d10ce5f99ba8541d568d15e3bd985a506

Download Submit
\Program Files (x86)\Notepad++\plugins\mimeTools\mimeTools.dll
MD5
6f35a1492c6c9f5b602cba15b4627d81

SHA1
341e05ec89a45ece29080196aa9b6c054d53e485

SHA256
83a4696bc8cf5efedd8f813790323d55be52241d3fec821b3ab9d2feb4b75629

SHA512
966650ef4087d43614b25548fd4d6a28933c9bc63961be5cbf6709fe20ed99801b11af5a86be300b1e54dc10f16c2c0d10ce5f99ba8541d568d15e3bd985a506

Download Submit
\Program Files (x86)\Notepad++\updater\libcurl.dll
MD5
9715635a75a3525bd94d0450f39b81b8

SHA1
5441e39e17e6b0b56d9fd09e9571df236132535f

SHA256
957093a9649465e0a654dde10465b30f75b2d951194668f9be5a0c96e051c832

SHA512
95a5b8fd628bbb1990c9af41a54136a7e8ed9522e12a4f5b8d7be8443d15d951fe24c38af7037ab6f556918671f002c538b8b6a83734b217097d12f9f4a729dd

Download Submit
\Program Files (x86)\Notepad++\updater\libcurl.dll
MD5
f8ddb49c200304854311893defb0082c

SHA1
f28ebd80753c42f6eeb5709550809b189c89f487

SHA256
81f783918b8887220bf2088337ff8f8a7df3c170ae1fd30f868967e2effa622b

SHA512
a26dbf82896e1a0d48d30f7fadd0f06889c20a98ad1dfb5d2e34e70b055e2c718abe0bf37032d2cc7d4a0603dfd654efe80c71682c8e8cd29158db9bc170a22c

Download Submit
\Users\Admin\AppData\Local\Temp\nsi6516.tmp\InstallOptions.dll
MD5
05bf02da51e717f79f6b5cbea7bc0710

SHA1
07471a64ef4dba9dc19ce68ae6cce683af7df86d

SHA256
ca092ba7f275b0c9000098cdd1a9876fe8dc050fcb40a0e8a1ab8335236e9dc5

SHA512
c09e475babd5eb675cdf903b2b754b8b68450a731cb520f3dcbf9abe0ed03d19256f009429977d3a51decb3a2a938be0b28dbafeb407409fa85e54da6dbaaad6

Download Submit
\Users\Admin\AppData\Local\Temp\nsi6516.tmp\InstallOptions.dll
MD5
05bf02da51e717f79f6b5cbea7bc0710

SHA1
07471a64ef4dba9dc19ce68ae6cce683af7df86d

SHA256
ca092ba7f275b0c9000098cdd1a9876fe8dc050fcb40a0e8a1ab8335236e9dc5

SHA512
c09e475babd5eb675cdf903b2b754b8b68450a731cb520f3dcbf9abe0ed03d19256f009429977d3a51decb3a2a938be0b28dbafeb407409fa85e54da6dbaaad6

Download Submit
\Users\Admin\AppData\Local\Temp\nsi6516.tmp\LangDLL.dll
MD5
ab1db56369412fe8476fefffd11e4cc0

SHA1
daad036a83b2ee2fa86d840a34a341100552e723

SHA256
6f14c8f01f50a30743dac68c5ac813451463dfb427eb4e35fcdfe2410e1a913b

SHA512
8d886643b4fc24adf78f76b663227d6e61863f89e0cbd49548f40dd040666ca94ea46bec9e336850e4f300995d56e6dc85b689c8e09ff46758822d280f06b03d

Download Submit
\Users\Admin\AppData\Local\Temp\nsi6516.tmp\System.dll
MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsi6516.tmp\UserInfo.dll
MD5
9eb662f3b5fbda28bffe020e0ab40519

SHA1
0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41

SHA256
9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1

SHA512
6c36f7b45efe792c21d8a87d03e63a4b641169fad6d014db1e7d15badd0e283144d746d888232d6123b551612173b2bb42bf05f16e3129b625f5ddba4134b5b8

Download Submit
\Users\Admin\AppData\Local\Temp\nsi6516.tmp\nsDialogs.dll
MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
\Users\Admin\AppData\Local\Temp\nsmA4B4.tmp\InstallOptions.dll
MD5
05bf02da51e717f79f6b5cbea7bc0710

SHA1
07471a64ef4dba9dc19ce68ae6cce683af7df86d

SHA256
ca092ba7f275b0c9000098cdd1a9876fe8dc050fcb40a0e8a1ab8335236e9dc5

SHA512
c09e475babd5eb675cdf903b2b754b8b68450a731cb520f3dcbf9abe0ed03d19256f009429977d3a51decb3a2a938be0b28dbafeb407409fa85e54da6dbaaad6

Download Submit
\Users\Admin\AppData\Local\Temp\nsmA4B4.tmp\InstallOptions.dll
MD5
05bf02da51e717f79f6b5cbea7bc0710

SHA1
07471a64ef4dba9dc19ce68ae6cce683af7df86d

SHA256
ca092ba7f275b0c9000098cdd1a9876fe8dc050fcb40a0e8a1ab8335236e9dc5

SHA512
c09e475babd5eb675cdf903b2b754b8b68450a731cb520f3dcbf9abe0ed03d19256f009429977d3a51decb3a2a938be0b28dbafeb407409fa85e54da6dbaaad6

Download Submit
\Users\Admin\AppData\Local\Temp\nsmA4B4.tmp\LangDLL.dll
MD5
ab1db56369412fe8476fefffd11e4cc0

SHA1
daad036a83b2ee2fa86d840a34a341100552e723

SHA256
6f14c8f01f50a30743dac68c5ac813451463dfb427eb4e35fcdfe2410e1a913b

SHA512
8d886643b4fc24adf78f76b663227d6e61863f89e0cbd49548f40dd040666ca94ea46bec9e336850e4f300995d56e6dc85b689c8e09ff46758822d280f06b03d

Download Submit
\Users\Admin\AppData\Local\Temp\nsmA4B4.tmp\System.dll
MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsmA4B4.tmp\UserInfo.dll
MD5
9eb662f3b5fbda28bffe020e0ab40519

SHA1
0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41

SHA256
9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1

SHA512
6c36f7b45efe792c21d8a87d03e63a4b641169fad6d014db1e7d15badd0e283144d746d888232d6123b551612173b2bb42bf05f16e3129b625f5ddba4134b5b8

Download Submit
\Users\Admin\AppData\Local\Temp\nsmA4B4.tmp\nsDialogs.dll
MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
memory/484-26-0x0000000000000000-mapping.dmp

Download
memory/828-137-0x0000000000000000-mapping.dmp

Download
memory/980-120-0x0000000000000000-mapping.dmp

Download
memory/1020-5-0x0000000000000000-mapping.dmp

Download
memory/1988-16-0x0000000000000000-mapping.dmp

Download
memory/2108-11-0x0000000000000000-mapping.dmp

Download
memory/2152-8-0x0000000000000000-mapping.dmp

Download
memory/2212-73-0x0000000000000000-mapping.dmp

Download
memory/2236-124-0x0000000000000000-mapping.dmp

Download
memory/2280-28-0x0000000000000000-mapping.dmp

Download
memory/3196-122-0x0000000000000000-mapping.dmp

Download
memory/3292-46-0x0000000000000000-mapping.dmp

Download
memory/3304-7-0x000001DB40A90000-0x000001DB40A94000-memory.dmp

Filesize
16KB

Download
memory/3304-0-0x000001DB429E0000-0x000001DB429E4000-memory.dmp

Filesize
16KB

Download
memory/3456-30-0x0000000000000000-mapping.dmp

Download
memory/3476-23-0x0000000000000000-mapping.dmp

Download
memory/3728-10-0x0000000000000000-mapping.dmp

Download
memory/3760-14-0x0000000000000000-mapping.dmp

Download
memory/3848-91-0x0000000000000000-mapping.dmp

Download
memory/3972-132-0x0000000000000000-mapping.dmp

Download
memory/4036-40-0x0000000000000000-mapping.dmp

Download