Good rule of thumb if you’re installing software is to use the checksums to verify the software so you know it’s not malicious
For example, if you’re downloading VirtualBox
On the VirtualBox website there is a spot on the downloads tab that says “SHA256 checksums”
Click that and you’ll see a list of verified hashes for different software downloads
Find the one your downloading, for example
Virtualbox-7.2.4-170995-Win.exe
(Hash is the long string of numbers, in this case starts with 2298… ends with 675)
Copy the hash to a word doc so you have it to compare and then download your software
Once the software is downloaded you can type into your windows search bar “powershell” and this will open your terminal
You’ll need to point your terminal to the correct file path by running the command
“cd” and then the right file path
To find this file path open your file manager (you can put file explorer in your search bar just like you did Powershell)
Click on downloads and you’ll see your software in the downloads, now RIGHT CLICK on the downloads tab you just clicked and it’ll open a drop down
Click “copy as path”
Go back to your Powershell and type in
cd and then hit ctrl + v on your keyboard
It’ll look something like this
“cd C:\Users\yourcomputername\downloads”
hit enter, you’re in the right directory now
Then type in Powershell the command (if using my virtual box example)
Get-FileHash Virtualbox-7.2.4-170995-Win.exe -Algorithm SHA256
(Use spaces between Get-FileHash, the file name, -Algorithm, SHA256 … the spaces are where my commas are)
(The file name has to match exactly or your computer won’t be able to pull it)
Hit enter
This will spit out a SHA256 Hash
Make sure the hash on your system that you just got in your terminal matches the one on the certified Virtualbox website that you copied to your word doc to compare
As long as it does match, this file should not be malicious as it’s certified by the Virtualbox website