a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f

Analysis

max time kernel
27s
max time network
33s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
30-01-2024 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
Size

4.6MB
MD5

a3c87ce12367c83104cda662ef76afb0
SHA1

6538657286bb504cbb3cddb6b97e06c39fa904d0
SHA256

a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f
SHA512

af65593b1443bb384ed0ef0425502e642ae19bd8fd2ec4800862cbb777b55bbb9fec57faa214e3ce9c3938aa06d10a4889f073dade28a225b57a8cf6e9b1efd3
SSDEEP

98304:ktv3TCmi5ov0BDwZwaIRTdGRaHcqpfiWRwwqy2tjXcP3EFSjia:ktvTL/0BEFIRBDHbpsptjXcP3EFC

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

notepad++.exegup.exenotepad++.exe

pid	Process
1532	notepad++.exe
2264	gup.exe
1172	notepad++.exe

Loads dropped DLL 15 IoCs

Processes:

a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exeregsvr32.exeregsvr32.exegup.exenotepad++.exe

pid	Process
4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
4336	regsvr32.exe
4692	regsvr32.exe
2264	gup.exe
1532	notepad++.exe
1532	notepad++.exe
1532	notepad++.exe
1532	notepad++.exe
1532	notepad++.exe
1532	notepad++.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

regsvr32.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ = "C:\\Program Files\\Notepad++\\contextMenu\\NppShell.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe

description	ioc	Process
File created	C:\Program Files\Notepad++\functionList\rust.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\vim Dark Blue.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\python.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\updater\LICENSE	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Ruby Blue.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\updater\gup.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\LICENSE	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\contextMenu\NppShell.dll	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\vb.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\gdscript.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Black board.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\change.log	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Bespin.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\powershell.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\readme.txt	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\notepad++.exe	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Plastic Code Wrap.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Monokai.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Solarized.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\MossyLawn.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\autoit.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\gdscript.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\coffee.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Deep Black.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\python.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\ini.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\batch.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\contextMenu\NppShell.msix	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\tex.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\cs.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\asm.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\lua.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\javascript.js.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\autoit.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\java.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\perl.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\lisp.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\batch.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\nsis.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\uninstall.exe	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\c.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\sql.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\perl.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Solarized-light.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\nsis.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\xml.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Hello Kitty.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\actionscript.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\xml.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\functionList\krl.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\contextMenu.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\cs.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\updater\README.md	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Zenburn.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\Navajo.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\updater\GUP.exe	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\autoCompletion\rc.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\langs.model.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\DarkModeDefault.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
File created	C:\Program Files\Notepad++\themes\DansLeRuSH-Dark.xml	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 9 IoCs

Processes:

regsvr32.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ = "C:\\Program Files\\Notepad++\\contextMenu\\NppShell.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\*\shell\ANotepad++64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\ = "Notepad++ Context menu"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\ExplorerCommandHandler = "{B298D29A-A6ED-11DE-BA8C-A68E55D89593}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\NeverDefault	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\ = "notepad++"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

gup.exenotepad++.exe

pid	Process
2264	gup.exe
1532	notepad++.exe
1532	notepad++.exe
1532	notepad++.exe
1532	notepad++.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exeregsvr32.exeexplorer.exenotepad++.exe

description	pid	Process	procid_target
PID 4044 wrote to memory of 4336	4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe	79
PID 4044 wrote to memory of 4336	4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe	79
PID 4044 wrote to memory of 4336	4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe	79
PID 4336 wrote to memory of 4692	4336	regsvr32.exe	80
PID 4336 wrote to memory of 4692	4336	regsvr32.exe	80
PID 4044 wrote to memory of 2988	4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe	82
PID 4044 wrote to memory of 2988	4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe	82
PID 3424 wrote to memory of 1532	3424	explorer.exe	84
PID 3424 wrote to memory of 1532	3424	explorer.exe	84
PID 1532 wrote to memory of 2264	1532	notepad++.exe	87
PID 1532 wrote to memory of 2264	1532	notepad++.exe	87
PID 4044 wrote to memory of 1172	4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe	88
PID 4044 wrote to memory of 1172	4044	a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe	88

C:\Users\Admin\AppData\Local\Temp\a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe
"C:\Users\Admin\AppData\Local\Temp\a24362e4ac45ec3e35f16b91d593b35976b1cb795a81d19e88ac5969d0cfb68f.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4336
- - C:\Windows\system32\regsvr32.exe
    /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
    3⤵
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    PID:4692
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
  2⤵
  PID:2988
- C:\Program Files\Notepad++\notepad++.exe
  "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
  2⤵
  - Executes dropped EXE
  PID:1172

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files\Notepad++\notepad++.exe
  "C:\Program Files\Notepad++\notepad++.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1532
- - C:\Program Files\Notepad++\updater\gup.exe
    "C:\Program Files\Notepad++\updater\gup.exe" -v8.62 -px64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Notepad++\change.log

Filesize
2KB

MD5
49289d54ac50144085f380ce7d6002a8

SHA1
6b18c63177c482ffe34f542e13b62632712dccdd

SHA256
c6462ec921d8aa721999a75022891c0bf8e12e75941a59808cd7cb6a7b30a0ef

SHA512
199d817633cf056c43dd23ab9450dc336486635e9beba584c01e8a4481300da036be6cb0caa079d1679528100ea9a891601e0aaa9b7ca8c364fc622cc84c2cb3

Download Submit
C:\Program Files\Notepad++\contextMenu\NppShell.dll

Filesize
388KB

MD5
a3f7ba2ee563b50dcd411376f66c8d02

SHA1
b865b1e878b3a68538c5ebe0aeffc98ff617736d

SHA256
42272408ffb295313636f3f3b19947079339e32b43368d6c379fd8c911ec5122

SHA512
40b69e2dca62984d4e28d9db822961ffd41df5911ed83b5e826668d5aafeb0ff101139dcfb7c51f96b7f9ee417155cf421ad7a743159b722bb2841729f4a7193

Download Submit
C:\Program Files\Notepad++\langs.model.xml

Filesize
150KB

MD5
721e8deaa48f32d5e26ff02c84014fa1

SHA1
37b326fdbf24c0de903bb81e6d4406637b04d9fe

SHA256
1a851d47c604bd1772e225fc05e63059f7a5e1b6f72bf6fa78d19b6209b382d6

SHA512
0fe20243a86ca7b87f4b3714f79ef1bf312847410289e76aac74bb86605e1ba25f244200f5e34dfd2b5d4b342b11d1f9d738bc76754dffab37a424fdebd4febf

Download Submit
C:\Program Files\Notepad++\notepad++.exe

Filesize
4.7MB

MD5
8ef644a2a35681a7a5c3d6976f7a796f

SHA1
08bd6db3ed39eced2bf01b45392480adf85b2838

SHA256
06ef7ab0683aa32b138487487cba631b1de19d71a82c2e0c8db5b794f7ed53ab

SHA512
f1d02520dc62cfd50f773228e3d4a2aaef442a27458fdde562f5b7f2a4b002035924bc49a51d29c89198fd0eede2198173299ce9c23550fdf7dbb00c8ac2af3e

Download Submit
C:\Program Files\Notepad++\notepad++.exe

Filesize
616KB

MD5
cfb1fb512fb4cc2e0807de5f2155d1db

SHA1
959ba287e4a0e2fa83bdd60c91459f3ddfc77c37

SHA256
3594d773f7b11e9bb51638b8cfc2737cc671327b2083b94b3e66a0b79cc6b428

SHA512
6b12bb39de2c08c75070bb7f632bd5fcd1d893792c37e1bb7d9e44efd51b60635aabfbf6e6bb93473439eced08127f4ee29139da36a91d3d919dff6a1e9af0c2

Download Submit
C:\Program Files\Notepad++\notepad++.exe

Filesize
132KB

MD5
eeca1ed8e41f8681b2167af0bfd208eb

SHA1
1b45518262b7d59f8e0bdf4c0e13f528298947a5

SHA256
ec672263bdfe0030b3f9fcbdd433c6f7dc619139cc1b21e016c8ff7252177d9c

SHA512
a27ca6abb803d4e2731e47b8ee1149b624d1d3672b2b73399185e4c6d657b16503568ccf1d6c0b614f500e1b835d587dcf52892d088c64a4602e577bc1c65cd5

Download Submit
C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll

Filesize
203KB

MD5
b65fdddd07b2cac6fbe48b965a7f3f10

SHA1
57873c8ae4ef062340299db8e92e616121011a51

SHA256
9ff8dbeb2d3ca17cd543621464f37b3d9b78b7d9194e83294e9d06624fabb7bf

SHA512
5afaf8409a8572f353c51e0e44201d0ab12a9c94aa97fee8097334cf5e37f409e123b852c3b139cd506ea8e8a802e0a771a0ce4ebea04c3905edd47e9b64f64f

Download Submit
C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll

Filesize
199KB

MD5
13c6c862f6efcab7f9190ae77091f8c3

SHA1
c80d1e8be75b658b2d226febc9365e1b7eed2f31

SHA256
88ded8ea380aa1b2deb5a6ba0c600e74a445c862919bf15cd0deed3987f1951e

SHA512
1518993690daf78d7883c19a6b9d78be205542888ce06f4e4a484b02b9108b13180657c45e93ddad0dfbea33554ca707ac5a170190ed27d35f3023647b3dc14a

Download Submit
C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll

Filesize
116KB

MD5
d1e06e2035905ae4d40a853a86527d9d

SHA1
3ecbfee301659beae5386839ca2ef9138c894f3b

SHA256
af7481f13e984f86b7643c43f6d37274366e4d693b674b71451c82181fa12d10

SHA512
e9ac97c1cdfb4f8a8babeb060048fbd68d2e37b7d6922faa77e4bb5846312b14f7daa77c1ca04c2704b36b2367adbfa805fd2e70e01827daf93ae875eff640ee

Download Submit
C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll

Filesize
153KB

MD5
2e9427296085643dd15eed57360c4490

SHA1
ea9cf44eac4d19e7dbc723b5ce2541dd9d6de31c

SHA256
089780324ce5e5482876a9da6271dd7d7c0acc41dfff03deb6c5c1925828dd8b

SHA512
b5089dd044b670da06fc95449a05fdc73cfe428e49eff55de2d73c4e9905cd82d32eb3567bf7709105fcb253c05d66552988599628f55afdec07543a546453cd

Download Submit
C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll

Filesize
145KB

MD5
27aa04bd27cd40bebb2fe0f2923b3670

SHA1
c0c5e034dacf5fb86f1fb83bd7870f4465ec6618

SHA256
cdbdd182cac307ea29fcffde1243f73c07ea746d72fb94a38a3363e928de4039

SHA512
8b5d5dfc8168698ddb4e395dab4c1458ae63254e4d823dfae761a39c2aaeb335e3fce4cc37e7230bdf16a15e7c1ba865e9bbd88770320379edf932fee29ad13c

Download Submit
C:\Program Files\Notepad++\shortcuts.xml

Filesize
1KB

MD5
a15d2189af3e788400d76380414a9e7f

SHA1
2471b360d5ed690f5e75f7d25633e0134fc598e2

SHA256
4c4707105025a4196595cdb2cd49e141725df3c55aca6750092469a88edad6e3

SHA512
f429ed05e2c7f1e4faaebd3eaa7c3b548f03488f81364757b9beef100a6b6892c55d65f9c55900ac72221e2673bfdce31e36d0142c38c9a835e280eec29a29de

Download Submit
C:\Program Files\Notepad++\stylers.model.xml

Filesize
182KB

MD5
343b8f55f376e88674733286d027f834

SHA1
466886054d5c2641ba6058f58a7a84053aa4696e

SHA256
f002b36e70f0fb159885c21fa6e6395176cd50a254201a94cbed756d9843fa9a

SHA512
ef6643badbb87739f0ae847d201651f8d3e677c54ca2aa3f81277b053355772f71d9b0f490617c104ce861a29e2b283fe6d82faf4cfe8f10bfc571d683cfea8e

Download Submit
C:\Program Files\Notepad++\updater\GUP.exe

Filesize
781KB

MD5
d6847c3d5f61fbe3828c3957dd10e55f

SHA1
e5ec5656e3ec625bbca4bf18226b91bafe13f08d

SHA256
97fa482c0c0e99244c6bc3760c4fd23e00eff54cb44d8068fd07dbf8ba85d97d

SHA512
15fe13f7c45bde1b7992d228cdc6e1eaf1e629cae162c74cb81e7a92ee947a611681b0917e7f05ee301658342347e28610fb52118de32473bc768f97b053f660

Download Submit
C:\Program Files\Notepad++\updater\gup.exe

Filesize
749KB

MD5
bccaf7ec1d39c5ea3853a61abc7ccd8e

SHA1
1278b42b57a1c4640f7d5aca7af6a2a8926b16ce

SHA256
1478ef9da19fa1d6192003dd03e1630542fb490686e491b41fb9f43e957b98cd

SHA512
65326911d5dc0d2b02987d3dd15ddc325b55552ef2de5d1850dfe1f509e147370510c0237565f20a2b3f3fc0e70ba5cd13d3f1cda4296db670182a036b315469

Download Submit
C:\Program Files\Notepad++\updater\gup.xml

Filesize
4KB

MD5
abde55a0b1cb4a904e622c02f559dcd1

SHA1
1662f8445a000bbf7c61c40e39266658f169bf13

SHA256
92717951aae89e960b142cef3d273f104051896a3d527a78ca4a88c22b5216a5

SHA512
8fe75fb468f87be1153a6a0d70c0583a355f355bfe988027c88d154b500e97f2c5241d9557ebb981067205e2f23ad07b6a49c669cd3e94eaa728201173b235a0

Download Submit
C:\Program Files\Notepad++\updater\libcurl.dll

Filesize
615KB

MD5
42a2c7cf4c5d8818ac9522ba2a816728

SHA1
72d4ca27bbfcc93dd5534d64d9c07885fe147a29

SHA256
613319bd1d0f29ddbc7a40ee4aadd666135c9022099531149250a8891720bf15

SHA512
f1b31d4b06af61ee951577d8fd9b22fb0268c445918ebdc95cd16278fef27775d03b8b27506359dad20e14b86f5cbed16ba03c3f54c3adf426417392056f4e44

Download Submit
C:\Program Files\Notepad++\updater\libcurl.dll

Filesize
717KB

MD5
7cea2bc33d73ee4ad28a3b90c9d608f2

SHA1
2a1b0048e7900d05fe0b9b416ba94dfa91c55047

SHA256
78e4bdabc35faee149aea45ecc746181056929468ff39f7366a6293f53bbf674

SHA512
399a92e106640e4d88335aaf620f3778b1d838553d2b398779ef227f5a937064466b53eaa09a773ef62cff3cab895bf7f6c3d45eb35dfc4d421815ee64c77529

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu91D2.tmp\InstallOptions.dll

Filesize
15KB

MD5
ece25721125d55aa26cdfe019c871476

SHA1
b87685ae482553823bf95e73e790de48dc0c11ba

SHA256
c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf

SHA512
4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu91D2.tmp\LangDLL.dll

Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu91D2.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu91D2.tmp\UserInfo.dll

Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu91D2.tmp\ioSpecial.ini

Filesize
1KB

MD5
40b2408243a2c447313cd42cdd78b7f0

SHA1
cda5458b6a7981aafef643616dfc3ceb8092392d

SHA256
164e655f3a9aa903067650f2f8e48724e43f8bd5716666fead9b833104fbf3c7

SHA512
1f71d00f96f3186ff99bdbef6e34b67f22a4177c4e7056f98b8478e569bfbc730f040a9db665a56dcab141969a554832fc0c11247b037a85be9ab86c304627c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu91D2.tmp\ioSpecial.ini

Filesize
1KB

MD5
3e44f31c69ea01a60d42df49a49cd9de

SHA1
b24224542ff15540d4da20547603eef0cc8d89ce

SHA256
d2601ee4abbab007575b8b643a3bef04037250eba5f5f621d14b64c98f5918bd

SHA512
1ef71d42ee2663ab17292a80169c9a8dfb4eec7014aeafad293e2257428bfbfcf1fd3579a1b14298f3928035b7938c01ea6c837690ebf3e3e86d40e57afa23a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu91D2.tmp\ioSpecial.ini

Filesize
1KB

MD5
9acbb9ad0a3604b226672d3c8fe586e0

SHA1
0dc6a213a95b0d3807363f616a80761f7302bbf3

SHA256
167e5307abc7c7d6f3d6303028e64aebb2fd10286544ee3fb88f7ba236ffecb1

SHA512
2fe88ae113b20919cce79fd4894ad5bcc70851d5120cec685c6d87a9418a8f8f899828c5f63bbbc25858c692157292af98de0ffad286a775ea1ae15e6a0d9dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu91D2.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\contextMenu.xml

Filesize
4KB

MD5
fde4cc09d1c18c6cd7c1a4878e89d27e

SHA1
22fba21b254fed1a60da5de2b8af3cf6e132b647

SHA256
43ac0b7ba9b1f91fd8d4841b8119344e6212b307a1decccf61658f31d38bb425

SHA512
fcc87b93cb4dd0949e82edb7d2788d7abd317f9f4c5f046ceba1cd85a64b12b29c6baba3e8646265db02a48a2dc20c3b5e893a1334d9b1e91d26692b4e9c2d29

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\langs.xml

Filesize
133KB

MD5
1da10c1c6f8e06d725bbd149abafe6e5

SHA1
251ffa8d4e1d5057f241b2d3585f89503ea0d1b4

SHA256
47ff35abfe256b5afe3210437387b4b032f3f613a46dacf0db1acdbf839d9bb4

SHA512
931f864aa6bd74b244503e889edb5b155f7a70d3b8fbb6cda3751d44e8d319aa5f650566a6017400b561a39783065c9823610a0118345f22322a5adaa15a847a

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\plugins\config\converter.ini

Filesize
646B

MD5
f07150054a6afff4d8e9d58899167722

SHA1
e092cd960ab728667d91b37d64a02d7f6821518b

SHA256
5b0a08439e8e93817772f84e1098f14152d9da36c2601a0600ddaae6f61359d0

SHA512
8c86aa4c058a8ab5fd26f21cacc8ddaffa8ce6012bb329d3c5b817da00b4b43018a575c768d1921c6eeab7537f172c7cb3de658b014365ea52fb3c87547182b9

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\shortcuts.xml

Filesize
3KB

MD5
fb573784b83033dd4361f52006d02cb8

SHA1
0a2923a44ec1bd5e7e8bc7cace15857ae03bf63c

SHA256
37a24662cd55b627807bc2bb7cbba5bbf2abaf6da4dd7bbb949bfaa7903eae9c

SHA512
753b44b5e8bea858cf5cc5ddfdc38098a2f3f921949cf98706ead95bdfa1de7ab0c115e9d69237623a03c422969480204c69d3ba277141527458c68230d0c67c

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\toolbarIcons.xml

Filesize
2KB

MD5
bc4b775a277672fc7edf956120576ecb

SHA1
fe7c2db5b4d4c5a3f5603cf56c4d71cc9ee2d71d

SHA256
4ec98de37193f41242c1a47507bcc4c1af555e71154f7354272bc3e664e19877

SHA512
f87dc3ce52831ee308fbfa2b1b94c07e2811e7028360f046e012f8ea5a8f0ebcd362de7a663dee810c3da0791474c1485b1a2626c7867e76236156b125ff39b2

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\markdown._preinstalled.udl.xml

Filesize
6KB

MD5
672e6d5f89887666ec94711e442644e0

SHA1
8d069ae93347316eff0dcf7aff4d22da18a62af2

SHA256
b34fe6811dacfe49d77d434123867e866daf6e0e27387a0446887dabe8943f04

SHA512
8fc5e9bbe027826304fa6f329fb16e4c9e4e7a597d87e9c691ed6a9f505b7bc1967339b43c6426105432a030260b0654468ab8fcbb4312b2fb6ed6c6aa537edc

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\markdown._preinstalled_DM.udl.xml

Filesize
6KB

MD5
3690cef1865e32fe6be1b2ec7656539a

SHA1
bc043bec63c310a60d9e242810036460c467945d

SHA256
e45e49f0895249d951df2c07e0f06ca1242e05c961dd921e5aa2781ae2e7ff25

SHA512
c2be869d96baec2018e13dcf5934dd9cf74146541e852cc2eedb4d83a8af23e2577cde7a0158fefaa11056416ff039df3a7725e320620193e9bfe72c8067c051

Download Submit