56ff0f152f5f84314cd995c65b567becb1ddf0f5a248d76b5e968e85d62e62a0

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 21:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

npp.7.8.2.Installer.x64.exe
Size

3.8MB
MD5

0d3ae1ca013956eb87784602d70294de
SHA1

21433c6c09bd2183fa7af57dd8e93a51793cce91
SHA256

56ff0f152f5f84314cd995c65b567becb1ddf0f5a248d76b5e968e85d62e62a0
SHA512

e9821c6a11616ae743ccb15be4e224c8770c64b8f4e25bb18302eafb9b611834f870201ec8b7ac4916f69cbbc67ce9c2c517c78fa18cab539ea06df999b1dfd9
SSDEEP

98304:RvPG+RgnyDMGa+pzoeA5b0/q5HBs+RHPtx:Rnj8GXpzTQIS6SHPn

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 3 IoCs

pid	Process
2484	notepad++.exe
612	gup.exe
2784	notepad++.exe

Loads dropped DLL 23 IoCs

pid	Process
2188	npp.7.8.2.Installer.x64.exe
2188	npp.7.8.2.Installer.x64.exe
2188	npp.7.8.2.Installer.x64.exe
2188	npp.7.8.2.Installer.x64.exe
2188	npp.7.8.2.Installer.x64.exe
2188	npp.7.8.2.Installer.x64.exe
2188	npp.7.8.2.Installer.x64.exe
692	regsvr32.exe
2612	regsvr32.exe
2652	explorer.exe
2484	notepad++.exe
2484	notepad++.exe
2484	notepad++.exe
2484	notepad++.exe
2484	notepad++.exe
2484	notepad++.exe
612	gup.exe
2484	notepad++.exe
2484	notepad++.exe
1192	Process not Found
1192	Process not Found
1192	Process not Found
2784	notepad++.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 47 IoCs

description	ioc	Process
File created	C:\Program Files\Notepad++\autoCompletion\rc.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\vb.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\autoit.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\readme.txt	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\cs.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\css.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\actionscript.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\nsis.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\batch.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\notepad++.exe	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\stylers.model.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\html.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\sql.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\lisp.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\xml.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\GUP.exe	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\contextMenu.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\SciLexer.dll	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\localization\english.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\langs.model.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\change.log	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\uninstall.exe	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\LICENSE	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\cpp.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\javascript.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\python.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\BaanC.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\libcurl.dll	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\gup.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\LICENSE	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\java.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\php.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\perl.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\vhdl.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\lua.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\shortcuts.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\tex.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\NppShell_06.dll	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\c.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\cmake.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\coffee.xml	npp.7.8.2.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\README.md	npp.7.8.2.Installer.x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Custom	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\ = "ANotepad++64"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Path = "C:\\Program Files\\Notepad++\\notepad++.exe"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\ShowIcon = "1"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Maxtext = "25"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ANotepad++64\ = "{B298D29A-A6ED-11DE-BA8C-A68E55D89593}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Dynamic = "1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InprocServer32\ = "C:\\Program Files\\Notepad++\\NppShell_06.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\Settings\Title = "Edit with &Notepad++"	regsvr32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2484	notepad++.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 692	2188	npp.7.8.2.Installer.x64.exe	30
PID 2188 wrote to memory of 692	2188	npp.7.8.2.Installer.x64.exe	30
PID 2188 wrote to memory of 692	2188	npp.7.8.2.Installer.x64.exe	30
PID 2188 wrote to memory of 692	2188	npp.7.8.2.Installer.x64.exe	30
PID 2188 wrote to memory of 692	2188	npp.7.8.2.Installer.x64.exe	30
PID 2188 wrote to memory of 692	2188	npp.7.8.2.Installer.x64.exe	30
PID 2188 wrote to memory of 692	2188	npp.7.8.2.Installer.x64.exe	30
PID 692 wrote to memory of 2612	692	regsvr32.exe	31
PID 692 wrote to memory of 2612	692	regsvr32.exe	31
PID 692 wrote to memory of 2612	692	regsvr32.exe	31
PID 692 wrote to memory of 2612	692	regsvr32.exe	31
PID 692 wrote to memory of 2612	692	regsvr32.exe	31
PID 692 wrote to memory of 2612	692	regsvr32.exe	31
PID 692 wrote to memory of 2612	692	regsvr32.exe	31
PID 2188 wrote to memory of 2980	2188	npp.7.8.2.Installer.x64.exe	32
PID 2188 wrote to memory of 2980	2188	npp.7.8.2.Installer.x64.exe	32
PID 2188 wrote to memory of 2980	2188	npp.7.8.2.Installer.x64.exe	32
PID 2188 wrote to memory of 2980	2188	npp.7.8.2.Installer.x64.exe	32
PID 2652 wrote to memory of 2484	2652	explorer.exe	34
PID 2652 wrote to memory of 2484	2652	explorer.exe	34
PID 2652 wrote to memory of 2484	2652	explorer.exe	34
PID 2484 wrote to memory of 612	2484	notepad++.exe	35
PID 2484 wrote to memory of 612	2484	notepad++.exe	35
PID 2484 wrote to memory of 612	2484	notepad++.exe	35
PID 2188 wrote to memory of 2784	2188	npp.7.8.2.Installer.x64.exe	36
PID 2188 wrote to memory of 2784	2188	npp.7.8.2.Installer.x64.exe	36
PID 2188 wrote to memory of 2784	2188	npp.7.8.2.Installer.x64.exe	36
PID 2188 wrote to memory of 2784	2188	npp.7.8.2.Installer.x64.exe	36

C:\Users\Admin\AppData\Local\Temp\npp.7.8.2.Installer.x64.exe
"C:\Users\Admin\AppData\Local\Temp\npp.7.8.2.Installer.x64.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s "C:\Program Files\Notepad++\NppShell_06.dll"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:692
- - C:\Windows\system32\regsvr32.exe
    /s "C:\Program Files\Notepad++\NppShell_06.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:2612
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" "C:\Program Files\Notepad++\notepad++.exe"
  2⤵
  PID:2980
- C:\Program Files\Notepad++\notepad++.exe
  "C:\Program Files\Notepad++\notepad++.exe" "C:\Program Files\Notepad++\change.log"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2784

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files\Notepad++\notepad++.exe
  "C:\Program Files\Notepad++\notepad++.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Program Files\Notepad++\updater\gup.exe
    "C:\Program Files\Notepad++\updater\gup.exe" -v7.82 -px64
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Notepad++\SciLexer.dll

Filesize
1.7MB

MD5
4432d3a825450fdbfda4e311ff84e90c

SHA1
c27014e0159ea40b212dbc844c6050fe4d956fdd

SHA256
c7a619e251f4210b2c2182905c1e677672e6f2d754a5d7c9fd4bbb0fbff60ef8

SHA512
f73b826c738f4af64617fe492d48b8feb9b5d9715d7688a5a724e85c1f34b90c3eaca9ccbe4991f774c441d663e7b2fb957201b1f43c16ea6c12fdfa49d8f7ec

Download Submit
C:\Program Files\Notepad++\change.log

Filesize
851B

MD5
95c7ebb46615295841fef59f15eb823f

SHA1
061ddbf1d1752e57d4fbc9c0c40db62edf06dcb0

SHA256
bd110fbd928251e34705de62798b48c393837d25f747ad34039e4c78225d5895

SHA512
83ae25416a471fa62e7430a22b49da954a02220a2e23356f0775d872d399c532f80c1fb290f7be0ffe0f936d8722631a38c20a2f3b5cbdf98e4fada468c768e1

Download Submit
C:\Program Files\Notepad++\langs.model.xml

Filesize
331KB

MD5
9784efd3aa4bdc20d6f88b2ab33bf270

SHA1
10514bb468bff02ada06291b2488c7dffd4e09c2

SHA256
ecdd0e1540b007103875ae22668862a277c75ba8402c2d274cc1cc7a09bfad3d

SHA512
b8a3ea166359f5b2893680c78d8e34dabe89ac9f53a2fe7d298883e149cacfec850c4f5a06f2f59bb213b2f5b6864caf272f460f3e765241e6c860f89da5e6b1

Download Submit
C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll

Filesize
151KB

MD5
a4f0d0adbafea5ac7f346f47a5c3f609

SHA1
69910f9d73bb97d5eab7a0a563e0662e64a76f84

SHA256
a497a7e1e0ecb66d380e28fd7f70d3ef596f54a9abcaa58cfa5548d2aa25bac8

SHA512
490917dcca0f31a55f7b5c8428638793e09946c842bf212a9aafc921f2bc58eb7939a6a1c8e065dfeda454338e70e06801f7a55cae91d5a0128d186d5e1cc420

Download Submit
C:\Program Files\Notepad++\shortcuts.xml

Filesize
1KB

MD5
f11d96162bc521f5cf49ffe6b6841c9b

SHA1
37c96380179a17fadb2a6dc26d3f80fb7cd332d0

SHA256
be9aeaeab5a2e4899ba7e582274ba592c1b9baf688b340a754b8ef32b23cfa9c

SHA512
a3305486df0e8d200ef8ca17e5c64a0b88502d3984b17aacc75471da823799507b483520aa5b085c2c4e7d0145bece1a84bdc286bcf13e32c808a8e747a6ef95

Download Submit
C:\Program Files\Notepad++\stylers.model.xml

Filesize
164KB

MD5
9e2e4bbeea5ca2bab44ce3e1a0ad3e66

SHA1
080f835f47cac253f7fddddf1b50b0dd2be95989

SHA256
b820a3218c08d441b4b07731b256510d0f5a4e90e6c210a1645de1361e1dec49

SHA512
eac3d3a9039dfe783f1e3f4cdaa6d1f5097e84b156e17c03c291306c9c469a815ef3387820ca6e664752e09a4440582fc8dcc7bae487d2122388f525dd1673be

Download Submit
C:\Program Files\Notepad++\updater\gup.exe

Filesize
709KB

MD5
509af60e7a646a75238c5704985662ac

SHA1
3d6200355715397b105f392aa4710758e1158bd6

SHA256
c1ca88d810eb164541f753dd66758a296cce9b6a419f35380b334ebcfd882f49

SHA512
f26c3d1061b8e96328cad8e1a6cb6e258dffbdd2ac48b8563748687f317944daff7bdf642b920fe29a592258108db773a57faafccabf8b3b713337af93a717fe

Download Submit
C:\Program Files\Notepad++\updater\gup.xml

Filesize
4KB

MD5
b023cc4d768b34a5401f317479740a53

SHA1
4ca45db707b120bca9cb6cd8404b9e6ecabdb2d2

SHA256
d3e6404c7286961cbab82d4c49f82bcb166db9b5a13eacaa0eeb59a0709a0c14

SHA512
82829b0d22cdb857cf1d299a9898d1862b61cd3c22eb05cb638391d3a54b12d5dd7a824ef838a9453e2c2b85c516eacad18b6d19221ad24f0bcedc2fff942e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE34F.tmp\ioSpecial.ini

Filesize
1KB

MD5
ae4bda8bfaebfd746d7603dd057ac436

SHA1
348e59aaf8962b028b8b86853dcd669aa096bd1c

SHA256
32d409a5f1a8c886e83b07756bfb232e988e3654e61b902dc6c3f21ee4ba0549

SHA512
ddf272c0136d657c9612463d62c854d9321e6c61eba16b5c2f86f3dbb573be30b13369cce90ae71bccb6c33665fb61bf1fb61dd63207a0b0a21cb4d9a3b1a548

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstE34F.tmp\ioSpecial.ini

Filesize
1KB

MD5
4c0d8e3aa682f89b4d7b55ec703560e5

SHA1
cd0b5f8c13ac9d5b92a8b9dd9bf8696a71c5b038

SHA256
71ce0194e72f80b0d7a9148c5509e6e1b2eb4c2649d935779f2d5f2a8bd94542

SHA512
0d4d5cdf6050b88fcf4960fedc1559b9cad5e3e0e856a902cf68ddb6272f09ddda0b2c1d3b2d28b654172ad3d0325ea6eb96fa588675d3af82f8a75c7bb2b91d

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\contextMenu.xml

Filesize
3KB

MD5
a7998766b85ee71ff1d82a1198988529

SHA1
acaf62b48d9307b319105109121d82ccefe46c65

SHA256
aa48a7c2ec3ed377c42c293f732807572f2ea305c9771b6ea210e7b92ef2c199

SHA512
95780c7a497434f31d78103832ed9b03eb3c17c6d1002cad28c418dd72fb3383dc83988df239ce5db44e08c6e6e07d8ff0ab00c6c1c7b1bcb2c80cc47bb6d280

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\plugins\config\converter.ini

Filesize
644B

MD5
f70f579156c93b097e656caba577a5c9

SHA1
8abfdad2ac85b7433318952b7a7e385a8c18674c

SHA256
b926498a19ca95dc28964b7336e5847107dd3c0f52c85195c135d9dd6ca402d4

SHA512
1e79b8e6df1ac158317d4670a01d5fb811470ace0f1f0f547ae979b3eff9bfee65770ad8134a6bddf2e871dc8fa553e146c7d7d94d2c3e139ae4b4942562b5fe

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\userDefineLangs\userDefinedLang-markdown.default.modern.xml

Filesize
5KB

MD5
e6edb9c859b5b97800da9c664a0606c8

SHA1
a0529bfe949f37d87349f89e44ac03a0f39d90c6

SHA256
b7a3e70c69f661e76cc7b6279db21fb32f275a8a3c205a75ae22e40224136031

SHA512
a02e9af4be1e274a9af548f222c00434ae4e02437eede890b3a2f0313c0bd3c3f1596d20f9f859865f807b5e8679abb4f2e13fdd4f7b1e4e7f2a787428acb443

Download Submit
\Program Files\Notepad++\NppShell_06.dll

Filesize
224KB

MD5
6202c8c993c7b583810ccca4d9d50f1b

SHA1
c0ca72637ed7052017888b75f2c42d07b5c218f0

SHA256
043a97406885dda37224fd9a00f369a01e9917ce75bf3969174ce4d90f6b57ba

SHA512
e6bb4fc7ff64a142d02241fdf24a1a16a1efc2212dda065db9630bf0e537c2e03292059fd4a78d05e5fbab3576f3313b916c8696dc4799b052f4c4b163f91f4d

Download Submit
\Program Files\Notepad++\notepad++.exe

Filesize
3.3MB

MD5
05c702b40de0b0fc8a01106eb724e498

SHA1
152bb2642744be40d91cc3de5b91de96331a9014

SHA256
b3fab54e357ecc3af88120c65daa8be62fffb3b2f74c0eea3b02d4885839a5d0

SHA512
fa78b5fe2954c82f6923bed22b44f94a00f16130472d9a1785eb41c72abdd70a4099c60299ddd14b3df24ff0c7a2cfbd1556bb5b4c91b2312b154891572c7a8c

Download Submit
\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll

Filesize
153KB

MD5
eb31b40fe1b2a5df40cad352a0a0a388

SHA1
d7939353fbbacb591a7a5b70d81031423ce392af

SHA256
20e7e814a45f1e52763106e66082147470de576834ae31c7766ffebda5041239

SHA512
7b0c5f1ef22dab24f285db8baa75b345febf8c3598f2cfa2372d612a2cc5382cc57751f6056e58d4cb59d455076e75e9dc4ea86c90b2ca09f3f12bba19e50cfc

Download Submit
\Program Files\Notepad++\plugins\NppExport\NppExport.dll

Filesize
130KB

MD5
157651fc9e4ab631b398fd518cd0d74c

SHA1
1ca86394a6de6a62b2111ec06c066a8f55a8fbfe

SHA256
5dd105c48e1ad127b08ac05e3a0ebbb8994db56378d09990168ca015c27cc142

SHA512
9a033a4cb8dc07cf658fedbca69d616239eb6dde3424c89e0d137f08eda3db546bec032dc1e00782f24ec4cee4333f979d7b471121a12f40ea85a2a88c682a26

Download Submit
\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll

Filesize
117KB

MD5
7e3474120b270c6c8c37a231e3b2aa4e

SHA1
14d15d551e240f643022acea397ea4e36e29ca19

SHA256
bfd054f3e66c2437536a86a18a0048271b87fe571e0c13cc88d0df5b214b65c5

SHA512
e6b5158b5f54b678cbce5722ee64a62edbc1994c0e3f0fac59bfe40d0cc85d9d06dd6108112a01a08189ce388f2edd2a5a6f89cf650520176101a7e0578dae84

Download Submit
\Program Files\Notepad++\updater\libcurl.dll

Filesize
533KB

MD5
b340bdb550560f578fa66d833f0b97d7

SHA1
4732589eeec80af14e036e859f1d9edb55319dda

SHA256
96c6495873e33d3b372180f52eaf34d48552556076be865b04be2e004176610d

SHA512
9ec46dc64198742b10a0e0be08cf2553a1b144122f5809f8afd20ee8e1b17a88b7f288e2e4f09f9b9b15f0cf4325c2e5a816a158750cf0c5f7ee9c5ab513bd48

Download Submit
\Users\Admin\AppData\Local\Temp\nstE34F.tmp\InstallOptions.dll

Filesize
15KB

MD5
05bf02da51e717f79f6b5cbea7bc0710

SHA1
07471a64ef4dba9dc19ce68ae6cce683af7df86d

SHA256
ca092ba7f275b0c9000098cdd1a9876fe8dc050fcb40a0e8a1ab8335236e9dc5

SHA512
c09e475babd5eb675cdf903b2b754b8b68450a731cb520f3dcbf9abe0ed03d19256f009429977d3a51decb3a2a938be0b28dbafeb407409fa85e54da6dbaaad6

Download Submit
\Users\Admin\AppData\Local\Temp\nstE34F.tmp\LangDLL.dll

Filesize
5KB

MD5
ab1db56369412fe8476fefffd11e4cc0

SHA1
daad036a83b2ee2fa86d840a34a341100552e723

SHA256
6f14c8f01f50a30743dac68c5ac813451463dfb427eb4e35fcdfe2410e1a913b

SHA512
8d886643b4fc24adf78f76b663227d6e61863f89e0cbd49548f40dd040666ca94ea46bec9e336850e4f300995d56e6dc85b689c8e09ff46758822d280f06b03d

Download Submit
\Users\Admin\AppData\Local\Temp\nstE34F.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nstE34F.tmp\UserInfo.dll

Filesize
4KB

MD5
9eb662f3b5fbda28bffe020e0ab40519

SHA1
0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41

SHA256
9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1

SHA512
6c36f7b45efe792c21d8a87d03e63a4b641169fad6d014db1e7d15badd0e283144d746d888232d6123b551612173b2bb42bf05f16e3129b625f5ddba4134b5b8

Download Submit
\Users\Admin\AppData\Local\Temp\nstE34F.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit