Analysis Overview
SHA256
2ea6afd8cd172d7a43de0e037d7250b9036de4b87e1f0c10ba04c286c8c58704
Threat Level: Known bad
The file 22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Babadeda
Babadeda Crypter
Arkei
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Blocklisted process makes network request
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-03-29 13:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-29 13:17
Reported
2024-03-29 13:19
Platform
win7-20240220-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Arkei
Babadeda
Babadeda Crypter
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer\plotbinding.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer\plotbinding.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f7613e1.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7613e1.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f7613de.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f7613de.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1636.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI16C4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI152A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI155A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1599.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI18F6.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 57D09F54D9B6178515001849B1C15F03 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1711458851 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1CA0CE7656D0DBE959D9E19E242C291C
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer\plotbinding.exe
"C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer\plotbinding.exe"
Network
Files
\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\adv.msi
| MD5 | 38e86aa5edd43ebb9fde9e7f91d401ab |
| SHA1 | 8692b4df65292468ff980a1db65e7430a8e28338 |
| SHA256 | 4728fecc96ddafbb605e1495520cc6f0481c01c347c18be5a9f1c2438b645ce1 |
| SHA512 | 7c27a44e4c7beaca814eea950c2e456c937e20bfd66b78de1e859bbe197a76b238c6eaaf7b4caf3f107cd54d27b3b436e039bd9f340f2436db74258af98ea07a |
C:\Users\Admin\AppData\Local\Temp\Cab1019.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar102C.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\MSI11D6.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Users\Admin\AppData\Local\Temp\MSI1235.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Users\Admin\AppData\Local\Temp\Cab1333.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb45640375b81c0eda9cd20b6a1eb5e4 |
| SHA1 | 9afc7ac5c82da2a771c97dbccf3cf98eb1aa91e6 |
| SHA256 | 5b0fdbd13b75f22c819bb61b74aa1e914c7d7f8f5705f44a9aa811984a56a5d0 |
| SHA512 | bfb0ab761b0c0f56939fab59c9ad91e43cb59b91e45e13ccbc6111920baed2afe4d58a4ab3399edda3afee49edb03593429d91965fae9eec7a75600942a53ca7 |
C:\Users\Admin\AppData\Local\Temp\Tar13A3.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 449cdb4bbcba0496859c0325e79aa7a0 |
| SHA1 | a0762ff0c35ec60750e3850de8dbfccfa1795cc2 |
| SHA256 | 225e0f7451df88179628555f003c709681daad3d88da62d28071a3fcd9d8295c |
| SHA512 | 468da824caf490a19c81fdf6ea860292c047325dcdc3295e1dd3393ea7580c4c4be78b75bb38fa01f224ab2d201d6ceb49af00b6b19aa83d9168aea0bbaadf4f |
C:\Windows\Installer\MSI16C4.tmp
| MD5 | 0be7cdee6c5103c740539d18a94acbd0 |
| SHA1 | a364c342ff150f69b471b922c0d065630a0989bb |
| SHA256 | 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14 |
| SHA512 | f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\VolePaint30.dll
| MD5 | 795c8341c32fefc35f2ffd2d551d7ef6 |
| SHA1 | 24d8a74be9f65b3efed95b07a41f9881bb10e59a |
| SHA256 | 52690baae3a6bd6c645d3434fc5016382e416cb86c21dab5635e846f6cf8c253 |
| SHA512 | 0ce68673541d806604cf618a7b2b8f68a7662ed06f2a0af892dbfe4da5e8a92f8fe340342d7759869dc9de9e13850015ab65dbc601ea4381424092cba6af34a8 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\plotbinding.exe
| MD5 | dd4f414eaa72de78b0e96a65bb50a4b9 |
| SHA1 | b62de26bef42ed77d5dcae0580e555e436006456 |
| SHA256 | 9edbeedf3d8376f5922784c8c9c33af0d0836a9b98aaac60e1e32108270726d7 |
| SHA512 | 63ef9372375587b4a61cc655e5b722259e1c6b2314df57c27f44cb811a1a7237ca58e5a068c84f70c8d1bc1b689aa6fa7b997b57dd1f35fe9ee52db93c20eb5e |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\nqf
| MD5 | 409a406d256db9eb024aaeeb346f7a65 |
| SHA1 | 3a18ea9e1e80c2b1dea030a2f3cf689b52e1543f |
| SHA256 | 5686b211ee592583291cf562d369390b376f5d67a1ed7b5ad9adb86b4bc0f603 |
| SHA512 | b326172fa7cef082fe99204b14fd02bb53260a11abebdea24a52c0b5abfce63baf5150880b047a45707a81dfdd06930e2ed3d4b1a5e336c768f39643e6c83d70 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\ssleay32.dll
| MD5 | cb48c0854cf3264c3baa3c2da76ec014 |
| SHA1 | 01152fecaf127f9874ce8c9978bf570aa6309beb |
| SHA256 | dc1684abc539f789791ad1518557d5ad654816dee904eaa5021556419ae5325b |
| SHA512 | dd67a556a7c20e51129640eb1ab590c4da5fbbff9ae965adb56bdbc5079f9f468473728c60d229c1a1bc70a872da2ac250b080df1ad55534b88a1d61bd3b5e10 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\plugin_core.dll
| MD5 | b79d7159ba735958c18148dcdf543571 |
| SHA1 | d7d4d4aedf7897092665dfc573e9fe9c313c2fe4 |
| SHA256 | 638aa5d39ae52d09317c001bb8163fbf1ffdea03e371ed61457d765ad35a5e52 |
| SHA512 | 79b7ae9a722714c6d640f35b81e54fb9a0b8e6042b99705094d6e968736d1389ed0e2a90c5120955a458d158d9af8a485ff4b5dbc9227165c11dcf62fd180c71 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\skin_draw.dll
| MD5 | 72ad6c45aaf461326f5a512afb4b33b0 |
| SHA1 | 4b6791aa02c76e96256bf19ec9ff828303a308b8 |
| SHA256 | dcf318a760aeecca2496417d5111b059867471919d2721d766da7d29d29df305 |
| SHA512 | 5c495d059aa51beb4be143a9beb496f380b84f28bc4090e2c21f942e5847dfb5c2cdfd759636eacf4b2820fb6f68cccd8b60ce336a721d03575f45f9496f6b99 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\clock_common.dll
| MD5 | 85d02f053f1151ac4d3fdda5ea10adc6 |
| SHA1 | a134e20a33387a3bfe256b36585d9ccb6113a29f |
| SHA256 | 989354441731eafd1cd63285ab681176a43f08ea999362c5d792c9b2bcbd6564 |
| SHA512 | 146233b07a3d81f7aa7c2a5e055935fb61307e20dc15b168c248f6d83f934d916184b568e39f7ad8c6ce28d26eb5b1605d6b2200b5ddc2b6cf0bc0dd114981c2 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\Qt5TextToSpeech.dll
| MD5 | 3cdb361b43a3ce45145df5bad519df63 |
| SHA1 | 8f7cfe31068584151bf913171c82949fd7a945f2 |
| SHA256 | 8f5a39d8e35d981a8200fb4a83b42b72ec71a9c5db16a09c5df69b001bfb2e13 |
| SHA512 | 88722199a716dbe665204d9d192207594cd3819130d22c07133e8a229628f66e5eddab60dbb1759ba389cf42398c32eafca8b74e07b3dfce4c916fd8715d566c |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libEGL.dll
| MD5 | b84df33197a94abb399c7e08fcd1fcae |
| SHA1 | 5b6d24397dafcfab12dda13921d12e1f20439a19 |
| SHA256 | 900ebaee275fcddc81cce3b04c6a1e13dba18670c0aba82d54eeefa76355edfa |
| SHA512 | 83ffb35a026b4e72de3f024243d630fd17ce498f9d552db0a3292199899c7520c01f9a5e1d4709ab7f7e8b2cb9c5168a93e8b3d9f3b98b32a28329f99714321e |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\Interop.IWshRuntimeLibrary.dll
| MD5 | 9569c5ddd9ab1e7bfd24e41250a67903 |
| SHA1 | 304afddbbaac26843cf53b9713e09a85fe525cac |
| SHA256 | 6a80b9d1bd609a3cb6af8cf8c1534f7baca1d78ad353ce6ed5b578a0ba96eb83 |
| SHA512 | 7bc2a98f9fb934212cbc7b8dac21ec38b89b39a3f60ef53490bb25d07c286d1db4da1757b766f323615185aa26f094e601337110da14224fcfe3ce016eaf0c54 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\LICENSE.TXT
| MD5 | fc292eaec94367e0775fa0638880ebce |
| SHA1 | fa5ff95ef7e8f5ad9cfc77738f5e6c0ca96572dd |
| SHA256 | 971f1733cb237ddd626e579954938c6fc0e925ccbf885074ad5fcf19b4efbe2e |
| SHA512 | 4f3ceb0d390f47fae7294db5399177a1128dd196cf58a45768984c1783ae4e0c0d0746aae716b2a08f7058df214494a7fb20c8bc982d0e3b8cb3d70ccef7917f |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\postinstall_readme.txt
| MD5 | 24ac8ba156f8fbfd86a4292e4f44631b |
| SHA1 | 081d1ec03058bba9ff43b40f39891b82a3cb3b6e |
| SHA256 | 37c45cea617294e1aff68e83fdf0ff14ca454049f9896b5ccd2bdeb22140fa1e |
| SHA512 | 9874047be537596921ee8375e274499dce122f45257c714c0bcab5ba5e9a91540c37578b9f96e4a9a3376c3a311ef934b85758db1aa8d71329dce74ed17f6581 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\README.txt
| MD5 | 7539e219a0d2331524b97605c4fe641d |
| SHA1 | 718d7c209915ff4944a81ef38701542d63ea30e2 |
| SHA256 | 3f169438204953468391d382ca1813c54a0301b733c59bef9178c2d55e9e7e0b |
| SHA512 | c8886ba4445e612bedb7c9f8b8b7044c016ea45ad5f80b1a9082707a2b7c5334bfe6b7ac8df4c2f603d0bfd1dbb727691d65e3a6c14acc78104b869c9bb97dca |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\CHANGES.txt
| MD5 | 109e9d23496dc406050f895409be2531 |
| SHA1 | 5a8659d65025b121c2a16d80d3d55cd9c3a5a7ef |
| SHA256 | b58477a045a7411ff95ca8b1e055801d5d10055e2de52e1a94397919a09d82c2 |
| SHA512 | 548fa0ec3b1a4056440867e7b7fd7374ab9d08e0156121ef7e1f7c57ae97a58b5c357cdd69ebd18df80ca4078fb595cddebda245b317213b140cac5069ab7058 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libogg-0.dll
| MD5 | 84e8e72572d53558d52403011fa0d388 |
| SHA1 | 865160da7dbfaaea224541eb44e9430e1a7b7b20 |
| SHA256 | ca717b5cf2a7b0e047aabad985c631278941c58f16e2e9650ca12c3a331fcd4f |
| SHA512 | 47ee932bfa4ee3c51c3828ef8c6923e5b946966ad8e255bc2c53a60443aa2d4ab17521f21912a6f0469c7898d6543dc4b1783a86ddb5a84568818a7b37ec3992 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\Mono.Cecil.Mdb.dll
| MD5 | a269c436d17634aecf2ac0e95c44728c |
| SHA1 | 3dae54046aa5edbcf58ff38acc1d12682e3442b5 |
| SHA256 | f02a2d8154ef002863702d6513c6773ebbb83e520834c2ac8e38c6a7f0174e27 |
| SHA512 | bbd1740bce3d1eecccaa560696cc5b0999a1e00c3d6747f3bb93ab44a5f9a2186f01048fa69e173b89c40b98bddf13c4de92564b13c0ec36eb96b69ec65dc157 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\liborc-test-0.4-0.dll
| MD5 | 00d68e20169f763376095705c1520c4f |
| SHA1 | 75ec5e1974654613c9eeeff047f1eb58694fd656 |
| SHA256 | 3c12f0a9f43cf88d82f5cc482627237f51a63a293ef95f2342222ebde1fb909f |
| SHA512 | 4e180a8ce0e30cfc82883d05d8708fe82442541a4c522055d00f381bf47a0a4f269bc1f5e1ebbfec888edbe455ce145e24cb4c734e682e830322e13479a62c34 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libffi-6.dll
| MD5 | c4059a8eec8ad3abc6432238f7491a2b |
| SHA1 | f1c6cf3fa216f73ba44bd481c685ef30cfd3d284 |
| SHA256 | a9d3f2056f8e888edc5abfa18178fc0b3ef99880c9c410e2c7d6a64386fb57da |
| SHA512 | 0bb582a9a02cbd29c007e9cfed9dabe53ef087814c7aa8195c82d4b15302f95408a15710a3f83a970c35db26f77a9a34549d6906a7440fa7d0127aeca9bc8efc |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libgmodule-2.0-0.dll
| MD5 | 4d233a220f91de3b1510d017b5481942 |
| SHA1 | c59f449b0d09127d18268e7b07da3f7d749b2720 |
| SHA256 | 08336089e280805c8ac89f7476526f944b5868c014748b6dc29f65167e9e3ab0 |
| SHA512 | a86a1f9b5d160813c6e2f771962f303428604057b9613021bf7844c1204cfca0a18571a28d950d7999acc4ecde0605095f9a460a9b79fe2bbe02f080c2683923 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libgthread-2.0-0.dll
| MD5 | cf2571c125fa1d2ec55b9977054f380a |
| SHA1 | 91014dd50f0eeb0d3d1faed77541c76a05b712b8 |
| SHA256 | 02b817b6db18db2dfccefdd08eed64a696e2bf326f4120ee7e93ae6aa73bccb3 |
| SHA512 | a95bf3436ea2fac443924c5fc31fcd4337a44702ef38ca82d744474301e53f14721eaeb0f21e515ccff8569e7b7d81107fb5a4cf2ae485cd4a5d2dc95dae8f9b |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\mingwm10.dll
| MD5 | a5a239c980d6791086b7fe0e2ca38974 |
| SHA1 | dbd8e70db07ac78e007b13cc8ae80c9a3885a592 |
| SHA256 | fb33c708c2f83c188dc024b65cb620d7e2c3939c155bc1c15dc73dccebe256b7 |
| SHA512 | 8667904dda77c994f646083ef39b1f69c2961758c3da60cecadfe6d349dd99934c4d8784f8e38ae8b8c9eb9762edd546f2a7b579f02612578f8049e9d10e8da7 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pthreadGC2.dll
| MD5 | 928c9eea653311af8efc155da5a1d6a5 |
| SHA1 | 27300fcd5c22245573f5595ecbd64fce89c53750 |
| SHA256 | 6dc4bee625a2c5e3499e36fe7c6ff8ead92adf6aae40c4099fdc8ef82e85b387 |
| SHA512 | 0541d706bb53f8a04c78fcf327c4557553fa901d645ad2fd446e79753b4729f1e36793f42fbdd9b5e92073a30ed9a3dd853773a06ebea8e9302ece91a6c5362c |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\TurboJpegWrapper.dll
| MD5 | f5639d78d8c860df0176b1499695e8b3 |
| SHA1 | a70f699d75903ca2ae31098f4687add23245804d |
| SHA256 | 9c8de413bf48e680ded9db3b3a4c7773642b9d6c76973ae95d40eb0cba31d4e2 |
| SHA512 | 2098dd214db72b7f9b70c58cd1fcb53dd4982e441c19b3571941f9026e0dde0ae9005bb084ecb2f21ee2e24776fc95d60cb50b11fc536a68ad153efc1dc8ef0c |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\COPYING.txt
| MD5 | 3c34afdc3adf82d2448f12715a255122 |
| SHA1 | 7713a1753ce88f2c7e6b054ecc8e4c786df76300 |
| SHA256 | 0b383d5a63da644f628d99c33976ea6487ed89aaa59f0b3257992deac1171e6b |
| SHA512 | 4937848b94f5b50ea16c51f9e98fdcd3953aca63d63ca3bb05d8a62c107e382b71c496838d130ae504a52032398630b957acaea6c48032081a6366d27cba5ea9 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\AForge.Video.dll
| MD5 | 0bd34aa29c7ea4181900797395a6da78 |
| SHA1 | ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8 |
| SHA256 | bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d |
| SHA512 | a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\AForge.dll
| MD5 | 02c63f568e598aad85dd401d7b26e82a |
| SHA1 | 2da9ec7612835e1f69d4a93aa2d49ec9bdff7f7c |
| SHA256 | 966a474060a8aca70c73ba09d0b6fe2353035961c7107b9003ef879c010ff8da |
| SHA512 | da9bff86be8fa890dda80a35ee6c851aa655f087f81804a23c73f8c586b7e13ac5a643e0a516a35787cd97b392aec16bfb95210080e4e53e6144fec9316acdb1 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\fonts\fonts.conf
| MD5 | 4291285924e90d1a1fcf1ddfc51adad3 |
| SHA1 | 74f2d9b2f9665a1ff083701456a0fbfe351f855a |
| SHA256 | 68011bc3741ebcea48f08ff2aed8519762a946f3e0fb9c224b1d3810ebf5bf4b |
| SHA512 | 80b570051324f0987f388b78f2b2b2a50df2ece82eb6c003ed4ab5fc1456789fdb4a616c3be760580d30f48aef656eb3604cbd0a7808c49f03b347f2d4388cee |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pango\pango.modules
| MD5 | 7a7327019610dfb25d5fafb2d2b0f3ab |
| SHA1 | 812af1f65174c63c4a90dd72d29d6e1180075a6e |
| SHA256 | cab115828e04766fbf8e20b5ca6e5632e089f407b338832081d8b42f62fea38a |
| SHA512 | 9d7d7fd408d0e0cbe8df24cf1184aa9c24f41dc94d98e7262d04e617b7252381e6845b9e2724557246af8696a5e0cb99f1d15b3889aebd7887fac99e68b79849 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\black.png
| MD5 | a875753fd4e92edad63f5d8b9a79426b |
| SHA1 | 241b7f8bc325993b8044498ec4a6c03d576c6b48 |
| SHA256 | d09f2e254540dc26a948cf49ac09de2ffea210ad9d8fb77ab7a943ce938b5570 |
| SHA512 | b04ee55b20c42a36e6125ef883161eaae11a990a99042b7fefccf0433455e35c621b8f10587a6292adc0f71ccf9a896c0264c8607614196d311de86b28c338dc |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\blue.png
| MD5 | b8ea81eb3944bd027399ca0fcb30352c |
| SHA1 | 7cc576da81018985c254d717f5b5d1df92501676 |
| SHA256 | bc0824b76bf4a3340f9314795d6d7bb91d768ccde49ce559a409db35d79c7a31 |
| SHA512 | 7ac010c47be59bda5c805101f482e5c5ec2a4246685985a2452a0fcb368bcedfabf0e1a45d195049c8c45088242bd5d63aa62d2187d839be92e3f7b028f4069b |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\default-pen.png
| MD5 | c4955d57acd2624a50c575f6caa260b5 |
| SHA1 | 4628d5e10edbe3756f663dde3fdfaf9e3293d9c3 |
| SHA256 | e743ec338f096a7169823d00a2d84ff60f8f88e85fc4ceb4f056335256e29636 |
| SHA512 | 296bbdcc4dce24281240c798719cd819b8a2d0e0f2a3dc862adfba7dc9c8e1d1055cb01fc422ae8cd683d88b4ba5256b90b84248d290adb04f57172f5c04dcd1 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\eraser.png
| MD5 | 965f4596779c9396a0d16ab2d81a81dc |
| SHA1 | 1eb33e421405af7a7fdbb8f5866b75ccd0faaf5b |
| SHA256 | 8b38c37c750492f3984c64e9f0ac8ba5832b2b29800b945f43f1ade9ddcd2f1b |
| SHA512 | beb7ade2bff13258f337bc42c7dcd55629330270e28e01449f30b2f9eb5a184f5c6b3547d4ab22748c8790ce162b22692b23c5b9430fa1b103172fe9ecc8eec4 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\fullscreen.png
| MD5 | 04caf9e7479493621e6962147e092540 |
| SHA1 | 5de82e54ea9b1fc4998103931646f254d507b472 |
| SHA256 | f44df404099bd1c100bc9dcb678b717374ea854ea031a1c128391a087c6eb7ab |
| SHA512 | 30b9bf1d7178555a1edea44a1bf93e87863f83bac8d545860477207c8463b01323306288eb4cadd086d1bd1f0990596d1c78eee34a834e63f3a9a3c6d799b404 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\green.png
| MD5 | 307c26bd60cd59634672c8b139921428 |
| SHA1 | 7ce1006156580c340f75c2514e60734b55b18cd0 |
| SHA256 | 5507b254b0eb434dc49c85f5d1bff54bf427f7419636dace91ed2c583db84b8c |
| SHA512 | 96fea9bf2b9c2ea3a6a1be7556f28f12ddea77a5490af57d3d2ca7334861f92a7ed43ee53093e5fee9c65c66cd16caf51437a01e5b76b0176565b1bb581251b5 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\hand.png
| MD5 | 5477c6f1b114884d907cd215adde9e84 |
| SHA1 | 5fc527a9e978c506a6971ba628bdb5f4f147b459 |
| SHA256 | 06d42e7dd5e554cfc3075d3222234633b15811786ca69a732f0b369632b02292 |
| SHA512 | 5abf754e51ce74280000bd6a567b64ba339b396fb9315ed79acfa98331f754c45587325a17a0f9b36a532880502dba2b28cdf2eaf53658732c84a7ecd07bb0cd |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\gray.png
| MD5 | c89a78efc324ac45ab7f3e4d945ef35b |
| SHA1 | fdfdf1971f8094b6b4ee86754ad72566766614ea |
| SHA256 | 42645af572363377e59ba2628987d439b6ec124d86026e7e8991ed9ba269d402 |
| SHA512 | 1378aa65ea69ee55acf5b90952323aa50c6f5353c00df0a81c6fc26e98f376b2b8badc6993bccb81cf463570781a9ea53366f2de5ac05bf3a18c576a22f42a5d |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\highlighter.png
| MD5 | 9145636a155628aa5b08f50d241b5162 |
| SHA1 | 9c58534e13496d4979e9c7baa1d8d2eeb85e450e |
| SHA256 | e4dba621d326a8faf3639c102b82909737d26e176bf4a95fd7dcc901bce715bd |
| SHA512 | 7b2949a005a063abc68fd6aed7be8f69f369d73075bd75dd89bc2f2fa66c20b2976dc7f079bbb9ba165a6582b795f2d99e705f867d53de99084e59028ee4fb84 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\lasso.png
| MD5 | 9b8bd91306bf3a0f15b9a1ad41d81eb1 |
| SHA1 | 59c0690f6740edde06b7263f4da7ec64a7fc38b3 |
| SHA256 | 1eb68b3a86580821bb6500df0d5b5d2ba4df33dbe50b4e6b3f5de5b452b8cf80 |
| SHA512 | f751c47abbe210877dfc5101c0a4a4c7d392c5a5885c344904ba72b3b55c000508999442d1dfc670f5ba5d491df87a420b87eb88e63194ad8b12107916be6fc5 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\orange.png
| MD5 | 508e1009dc053e2033a9018023b48868 |
| SHA1 | 02e1e20fa7472df9f21c8d18566ada54ff8c5560 |
| SHA256 | e9a1c3ebd4822747a4c83607746d6cc68ac5ed80d7f08ade928dc178f798dd32 |
| SHA512 | f43cc7e62dda86b89d9b690465f2307a9f89bdd30231ac5cf0fc21c7ac2daf89e42d0178f08a0951c4c5a957ee37fd20d60ce36d58726d53e2729f530ffbcb54 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\medium.png
| MD5 | 4e6ca2356866781fac9205631a107697 |
| SHA1 | 55a0846403d3dcadefef218772383072e59f2adb |
| SHA256 | 13b92c015aee903af3bdeaa3964fdc5891006756da507bcdc491369703fb2d30 |
| SHA512 | 3c3dc97ca9cd38bd71b977d3401a4a8bdfdf6257c50ef59382ff468881b9ff38f02b0cc97a0eb3f55882cb471e99425b811d3d404d83fad9788ebc79a20b13c1 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\magenta.png
| MD5 | c83c2fcc196e434b12c26e6b9c21ab3b |
| SHA1 | 8078e6fb3302cb2d54b48d1709429c14926a8f14 |
| SHA256 | b3d5848f1b4fea9070ab8ffc0b6e30c81eda6691bc5f16ddd375506e9191101e |
| SHA512 | e49893f19254ba6e451cdfe2e0915615272c18f3fce1d122ed52453051f4231cc8fe9e11bc2a1242e437ff5681065cea960fe06635dfb6b46cc3a9a08084808a |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\lightgreen.png
| MD5 | 90a9382db46c60f9a3093c33b52dc260 |
| SHA1 | 7fe3d05123b4547c8dfca90230b908f5a4ebb9e8 |
| SHA256 | e9a7a05f3bc1e15cad99814666d53169047294efb41c20a1f28cff6a6a65a15e |
| SHA512 | 76ef977dd27aec97722e73b3fcad6633feb16a0317d26b6be72a4406c265b58e6e89e39a87592fa0f2effe6101f435097d210fae4ee2cbfacacb0be49f4ea5e5 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\lightblue.png
| MD5 | 9b810e6318fe4d7ccea2370934167157 |
| SHA1 | 2db4d6f6c38bc26aa27ea2af8901e491f27a2774 |
| SHA256 | 4fbe3e58c531bb3b7286c28882a0051a39c6381b5a68d2303b9d3f114964e790 |
| SHA512 | d8665bd27eb797b017f9b63cc1a558fc612e9beecbc9ba4d69551fe18da335554ab8f0da1d4289c1a9ef5866892f68f7a4dabe7bb88cce18b054053038702945 |
C:\Config.Msi\f7613e2.rbs
| MD5 | 29157b5120eb284b477f4a08acdd25f2 |
| SHA1 | 2719900fd07507a0a8315818bb75284fa2eefbff |
| SHA256 | 069d6fb04a7eff613de61b3f2017a3aa131e965b4b5639fd4e9ec5b89e1aba2d |
| SHA512 | f7e49e2c88b431d9d40093898f851f0a8a9cbc7ab4512f716d82c0344409bc5c761ac60493e07a0e7f0860c1bddfd36cfbf3327790ca5bd0b4928c9d54c57046 |
memory/1952-451-0x0000000000400000-0x0000000000902000-memory.dmp
memory/1952-454-0x0000000000400000-0x0000000000902000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-29 13:17
Reported
2024-03-29 13:19
Platform
win10v2004-20240226-en
Max time kernel
92s
Max time network
94s
Command Line
Signatures
Arkei
Babadeda
Babadeda Crypter
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer\plotbinding.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer\plotbinding.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e5759f7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5759f7.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5B51.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5A84.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5C0E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5C5D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{7DF96840-4DBA-4728-9728-2C78FF4F67A4} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5AE2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5BA0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6066.tmp | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E2AF78E0BE3DC0FAB42778AB612FB2D7 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\adv.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\22fbdbddd05ab5346e7a7f5adb79cc2e_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1711477644 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A154353E4FEC43FD9DE2CF1C7CB06C4F
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer\plotbinding.exe
"C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer\plotbinding.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\decoder.dll
| MD5 | 831e0b597db11a6eb6f3f797105f7be8 |
| SHA1 | d89154670218f9fba4515b0c1c634ae0900ca6d4 |
| SHA256 | e3404d4af16702a67dcaa4da4c5a8776ef350343b179ae6e7f2d347e7e1d1fb7 |
| SHA512 | e5e71a62c937e7d1c2cf7698bc80fa42732ddd82735ba0ccaee28aee7a7ea7b2132650dfd2c483eb6fb93f447b59643e1a3d6d077a50f0cd42b6f3fc78c1ad8f |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\adv.msi
| MD5 | 38e86aa5edd43ebb9fde9e7f91d401ab |
| SHA1 | 8692b4df65292468ff980a1db65e7430a8e28338 |
| SHA256 | 4728fecc96ddafbb605e1495520cc6f0481c01c347c18be5a9f1c2438b645ce1 |
| SHA512 | 7c27a44e4c7beaca814eea950c2e456c937e20bfd66b78de1e859bbe197a76b238c6eaaf7b4caf3f107cd54d27b3b436e039bd9f340f2436db74258af98ea07a |
C:\Users\Admin\AppData\Local\Temp\MSI56EB.tmp
| MD5 | a32decee57c661563b038d4f324e2b42 |
| SHA1 | 3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2 |
| SHA256 | fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04 |
| SHA512 | e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9 |
C:\Users\Admin\AppData\Local\Temp\MSI57C7.tmp
| MD5 | 4e2e67fc241ab6e440ad2789f705fc69 |
| SHA1 | bda5f46c1f51656d3cbad481fa2c76a553f03aba |
| SHA256 | 98f4ebaa6ea1083e98ea0dd5c74c2cb22b1375c55b6a12cfdc5d877f716de392 |
| SHA512 | 452df66dd2b09485bf92d92b72b3ad2638cbf0a570741b80309056d1e67e68a18cbd0ad3616a2943bb29de62a057848a7382b6c64c3821335a51b0a03131564c |
C:\Windows\Installer\MSI5C5D.tmp
| MD5 | 0be7cdee6c5103c740539d18a94acbd0 |
| SHA1 | a364c342ff150f69b471b922c0d065630a0989bb |
| SHA256 | 41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14 |
| SHA512 | f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\VolePaint30.dll
| MD5 | 795c8341c32fefc35f2ffd2d551d7ef6 |
| SHA1 | 24d8a74be9f65b3efed95b07a41f9881bb10e59a |
| SHA256 | 52690baae3a6bd6c645d3434fc5016382e416cb86c21dab5635e846f6cf8c253 |
| SHA512 | 0ce68673541d806604cf618a7b2b8f68a7662ed06f2a0af892dbfe4da5e8a92f8fe340342d7759869dc9de9e13850015ab65dbc601ea4381424092cba6af34a8 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\plotbinding.exe
| MD5 | dd4f414eaa72de78b0e96a65bb50a4b9 |
| SHA1 | b62de26bef42ed77d5dcae0580e555e436006456 |
| SHA256 | 9edbeedf3d8376f5922784c8c9c33af0d0836a9b98aaac60e1e32108270726d7 |
| SHA512 | 63ef9372375587b4a61cc655e5b722259e1c6b2314df57c27f44cb811a1a7237ca58e5a068c84f70c8d1bc1b689aa6fa7b997b57dd1f35fe9ee52db93c20eb5e |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\ssleay32.dll
| MD5 | cb48c0854cf3264c3baa3c2da76ec014 |
| SHA1 | 01152fecaf127f9874ce8c9978bf570aa6309beb |
| SHA256 | dc1684abc539f789791ad1518557d5ad654816dee904eaa5021556419ae5325b |
| SHA512 | dd67a556a7c20e51129640eb1ab590c4da5fbbff9ae965adb56bdbc5079f9f468473728c60d229c1a1bc70a872da2ac250b080df1ad55534b88a1d61bd3b5e10 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libgthread-2.0-0.dll
| MD5 | cf2571c125fa1d2ec55b9977054f380a |
| SHA1 | 91014dd50f0eeb0d3d1faed77541c76a05b712b8 |
| SHA256 | 02b817b6db18db2dfccefdd08eed64a696e2bf326f4120ee7e93ae6aa73bccb3 |
| SHA512 | a95bf3436ea2fac443924c5fc31fcd4337a44702ef38ca82d744474301e53f14721eaeb0f21e515ccff8569e7b7d81107fb5a4cf2ae485cd4a5d2dc95dae8f9b |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libgmodule-2.0-0.dll
| MD5 | 4d233a220f91de3b1510d017b5481942 |
| SHA1 | c59f449b0d09127d18268e7b07da3f7d749b2720 |
| SHA256 | 08336089e280805c8ac89f7476526f944b5868c014748b6dc29f65167e9e3ab0 |
| SHA512 | a86a1f9b5d160813c6e2f771962f303428604057b9613021bf7844c1204cfca0a18571a28d950d7999acc4ecde0605095f9a460a9b79fe2bbe02f080c2683923 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libffi-6.dll
| MD5 | c4059a8eec8ad3abc6432238f7491a2b |
| SHA1 | f1c6cf3fa216f73ba44bd481c685ef30cfd3d284 |
| SHA256 | a9d3f2056f8e888edc5abfa18178fc0b3ef99880c9c410e2c7d6a64386fb57da |
| SHA512 | 0bb582a9a02cbd29c007e9cfed9dabe53ef087814c7aa8195c82d4b15302f95408a15710a3f83a970c35db26f77a9a34549d6906a7440fa7d0127aeca9bc8efc |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\liborc-test-0.4-0.dll
| MD5 | 00d68e20169f763376095705c1520c4f |
| SHA1 | 75ec5e1974654613c9eeeff047f1eb58694fd656 |
| SHA256 | 3c12f0a9f43cf88d82f5cc482627237f51a63a293ef95f2342222ebde1fb909f |
| SHA512 | 4e180a8ce0e30cfc82883d05d8708fe82442541a4c522055d00f381bf47a0a4f269bc1f5e1ebbfec888edbe455ce145e24cb4c734e682e830322e13479a62c34 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libogg-0.dll
| MD5 | 84e8e72572d53558d52403011fa0d388 |
| SHA1 | 865160da7dbfaaea224541eb44e9430e1a7b7b20 |
| SHA256 | ca717b5cf2a7b0e047aabad985c631278941c58f16e2e9650ca12c3a331fcd4f |
| SHA512 | 47ee932bfa4ee3c51c3828ef8c6923e5b946966ad8e255bc2c53a60443aa2d4ab17521f21912a6f0469c7898d6543dc4b1783a86ddb5a84568818a7b37ec3992 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\Mono.Cecil.Mdb.dll
| MD5 | a269c436d17634aecf2ac0e95c44728c |
| SHA1 | 3dae54046aa5edbcf58ff38acc1d12682e3442b5 |
| SHA256 | f02a2d8154ef002863702d6513c6773ebbb83e520834c2ac8e38c6a7f0174e27 |
| SHA512 | bbd1740bce3d1eecccaa560696cc5b0999a1e00c3d6747f3bb93ab44a5f9a2186f01048fa69e173b89c40b98bddf13c4de92564b13c0ec36eb96b69ec65dc157 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\Interop.IWshRuntimeLibrary.dll
| MD5 | 9569c5ddd9ab1e7bfd24e41250a67903 |
| SHA1 | 304afddbbaac26843cf53b9713e09a85fe525cac |
| SHA256 | 6a80b9d1bd609a3cb6af8cf8c1534f7baca1d78ad353ce6ed5b578a0ba96eb83 |
| SHA512 | 7bc2a98f9fb934212cbc7b8dac21ec38b89b39a3f60ef53490bb25d07c286d1db4da1757b766f323615185aa26f094e601337110da14224fcfe3ce016eaf0c54 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\libEGL.dll
| MD5 | b84df33197a94abb399c7e08fcd1fcae |
| SHA1 | 5b6d24397dafcfab12dda13921d12e1f20439a19 |
| SHA256 | 900ebaee275fcddc81cce3b04c6a1e13dba18670c0aba82d54eeefa76355edfa |
| SHA512 | 83ffb35a026b4e72de3f024243d630fd17ce498f9d552db0a3292199899c7520c01f9a5e1d4709ab7f7e8b2cb9c5168a93e8b3d9f3b98b32a28329f99714321e |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\images\erase.png
| MD5 | 00786f0f3fb7705d81c018199412d814 |
| SHA1 | cb194c855dbc41063d5e1f488dc4c443e9329898 |
| SHA256 | 313f14e773f93d470bcff9e42887d8672838cc64dc4682dc3a36cd3e4ade574f |
| SHA512 | 1cbdd14be8457582411fd6e1a18346bdbdddb7da7efe835f86058634d8bdb4a0ee92269b9efe7d4da8ea9f9689bfb03f0950dfc35036d2bf649a0e79d5125940 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\CHANGES.txt
| MD5 | 109e9d23496dc406050f895409be2531 |
| SHA1 | 5a8659d65025b121c2a16d80d3d55cd9c3a5a7ef |
| SHA256 | b58477a045a7411ff95ca8b1e055801d5d10055e2de52e1a94397919a09d82c2 |
| SHA512 | 548fa0ec3b1a4056440867e7b7fd7374ab9d08e0156121ef7e1f7c57ae97a58b5c357cdd69ebd18df80ca4078fb595cddebda245b317213b140cac5069ab7058 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\shapes.png
| MD5 | 703e47707419d42fbc7a4988b7fc3718 |
| SHA1 | c6c0351539032039297981b6918dbe720b3515dd |
| SHA256 | 5314fddb320e575a345a2ba5a922372e086a31ad4baddbd6d4ab30681f2134dc |
| SHA512 | 32f751c7fc7cc69646e17b7cae36adff39ff86e60e838fb829208e3a9473dc0c5df18cd48b98464304481b98ab10e7e5dd9ea91b6864d48946c54f91cf8d2fd7 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\README.txt
| MD5 | 7539e219a0d2331524b97605c4fe641d |
| SHA1 | 718d7c209915ff4944a81ef38701542d63ea30e2 |
| SHA256 | 3f169438204953468391d382ca1813c54a0301b733c59bef9178c2d55e9e7e0b |
| SHA512 | c8886ba4445e612bedb7c9f8b8b7044c016ea45ad5f80b1a9082707a2b7c5334bfe6b7ac8df4c2f603d0bfd1dbb727691d65e3a6c14acc78104b869c9bb97dca |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\postinstall_readme.txt
| MD5 | 24ac8ba156f8fbfd86a4292e4f44631b |
| SHA1 | 081d1ec03058bba9ff43b40f39891b82a3cb3b6e |
| SHA256 | 37c45cea617294e1aff68e83fdf0ff14ca454049f9896b5ccd2bdeb22140fa1e |
| SHA512 | 9874047be537596921ee8375e274499dce122f45257c714c0bcab5ba5e9a91540c37578b9f96e4a9a3376c3a311ef934b85758db1aa8d71329dce74ed17f6581 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\magenta.png
| MD5 | c83c2fcc196e434b12c26e6b9c21ab3b |
| SHA1 | 8078e6fb3302cb2d54b48d1709429c14926a8f14 |
| SHA256 | b3d5848f1b4fea9070ab8ffc0b6e30c81eda6691bc5f16ddd375506e9191101e |
| SHA512 | e49893f19254ba6e451cdfe2e0915615272c18f3fce1d122ed52453051f4231cc8fe9e11bc2a1242e437ff5681065cea960fe06635dfb6b46cc3a9a08084808a |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\LICENSE.TXT
| MD5 | fc292eaec94367e0775fa0638880ebce |
| SHA1 | fa5ff95ef7e8f5ad9cfc77738f5e6c0ca96572dd |
| SHA256 | 971f1733cb237ddd626e579954938c6fc0e925ccbf885074ad5fcf19b4efbe2e |
| SHA512 | 4f3ceb0d390f47fae7294db5399177a1128dd196cf58a45768984c1783ae4e0c0d0746aae716b2a08f7058df214494a7fb20c8bc982d0e3b8cb3d70ccef7917f |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\lasso.png
| MD5 | 9b8bd91306bf3a0f15b9a1ad41d81eb1 |
| SHA1 | 59c0690f6740edde06b7263f4da7ec64a7fc38b3 |
| SHA256 | 1eb68b3a86580821bb6500df0d5b5d2ba4df33dbe50b4e6b3f5de5b452b8cf80 |
| SHA512 | f751c47abbe210877dfc5101c0a4a4c7d392c5a5885c344904ba72b3b55c000508999442d1dfc670f5ba5d491df87a420b87eb88e63194ad8b12107916be6fc5 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\images\go_up.png
| MD5 | 9c32ebe05150e4bd8075b0ca2dfcf5bc |
| SHA1 | c0faa6a7f3d290a8bfda29ceaa3713caa15c1778 |
| SHA256 | bf136ab8dc1d65fdd3c281bde4e4eb3b403ba431afaa5e00fbea01033857383f |
| SHA512 | 9a7e7a3a69ca19235669775f1b9c8ec4ad3a951275d074e1aedba5ee8993565034849aa0c654ba4e8bca9cf2e49260fe04672af5585b8f0174ea0c5dda97a760 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\images\expan.bmp
| MD5 | 695be8615004be742ddac43db43ac487 |
| SHA1 | 3747820a5f0b7b52207c2a5293b9449fd677dda3 |
| SHA256 | 85f372fc9abccc6ae0e9d69be11ba156b99a695785f80f0a4482d50dce86a3e5 |
| SHA512 | 5d185a73e3954006de9c0c6fe6d48dc918435e5b751789ec3aaf50fdd093bf8f88ba9b172db99d6c49bc8c99e508147f5e6606e2d82d02b76e1011f1f42f20f6 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\images\list_header_right.bmp
| MD5 | 94b5537faebdafaf42a04c1c4fdd7acf |
| SHA1 | bd135a5d37623e0e9bb7e4ac6d89f8c9feba1fa1 |
| SHA256 | 790e2a2e5fc950fe1053406fcadf8075a8a3ca8cb7712bb5ff81fa903d93e31d |
| SHA512 | 394fce01b6f0b4dd583df13fe94cac40a17c39e630d1a53f6e3f271553aa8b1f6c9e6842be29ae526fe0a2112bf48f4dd8d46dd176e76c3304faf61fb662fce1 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\yellow.png
| MD5 | cb719b65e847812d8b6db2e77d458b4c |
| SHA1 | d15fbfee0cd586b79e32941041e06dc895f3e42a |
| SHA256 | 33926479fdfb7a008491979e2dcd10b9d412a12297056400930c6a5ac452233b |
| SHA512 | 9cc681db2601f35869af71fa3b1724cef5b33cedab1710a6cb47a0e0591852404963dd4ba418a77ca1dd3b0c4e545cb4c0498d2d57f568b86cf14c7801f64bf8 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\Templates\CommandHandler.dat
| MD5 | bf2b6fd3796a5a485185b15ba39241e0 |
| SHA1 | 438ed478342d22622a1ecfc519113e99afb57518 |
| SHA256 | 585b0ac725ef370124243c99b766dd5d25e63e9c6bc09a6f05cdf0e573a3bf41 |
| SHA512 | 07485b0a64ad6f039105a9acc9df82f8b6964f3f3978600a1a581121b7ec34b53b45317311d58cf48d4f4eeffeba0d35b5d0cd79a6826eafeace43f5f034b8da |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\images\add.png
| MD5 | 0128ad7e04e9a25c9ab4316c13d8deff |
| SHA1 | 55068a4cc67a2fe94ec15ee46be67ad367d31117 |
| SHA256 | 3386cab5cf90d40db4f15e34c6bd15cb832848c6b61fa1ca5fa3ad60ae7d9b04 |
| SHA512 | 93baa7a401192059fbd95bd82449e9461ef5124bf748d8a9226e3df9a7194fc5eebb105146258e2629f0b139d00e6d2a30eec09510215fd69b9f788f18784fcd |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\imageformats\qgif4.dll
| MD5 | b690fdd8fcd1c2700f35388e9b1e5974 |
| SHA1 | 51669dd917b3f81b7d4526af36938dcf8c0aa7d9 |
| SHA256 | 3d5a5623cdea823a14102a43cac78902a73840434ba0fe9447aa8f37f887af4a |
| SHA512 | d8f63a1893211d958a47eddc9cfc5de7f8fdf7f530662722d2176c8caf4b8d0791f43bb59048fb075c7f820fb86bd8c79fe96696392a7e336860638a3cee6b9e |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\gio-modules\libgiognutls.dll
| MD5 | 23b5f97cbe4d3689ee08d0ae6abaf679 |
| SHA1 | 80d7cd7ab23dcc3388531b42b0ee31fcaac16f88 |
| SHA256 | 3b8faeaac389abd97198569f5e0ffa567e495be01e9a24311d128bd76f1dcc6e |
| SHA512 | a7e4b8e75768e9d3b44b8b48beb5e57dd33a8ad83a8f49bd3adef5bd9a2c25c9832f4f95c13a604a20311a7ed7a74ede4bd6b34662a30e246fbbc2c93fceec98 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\share\themes\Raleigh\gtk-2.0\gtkrc
| MD5 | 5fc9003ddc2c64b110b1161259f61923 |
| SHA1 | 4ecddbcceddbd90a3a654d3788ec3aef8c197a8a |
| SHA256 | 6d9beaf039092aec5c1fbc23a62402bcd0704c45c430189a6ac69ae8aa797a67 |
| SHA512 | 5c90f3f1037fff9f10aa2030bed2c670edd528482532e617549db2133e26cf801bdec56d4543feb024cdec1c0026909ca9a21b378ec3b89489c18c395660c9fc |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\share\themes\MS-Windows\gtk-2.0\gtkrc
| MD5 | 94d104680cec5f3d8bbec56258d0c926 |
| SHA1 | 72ede372fcb34b29754f20ad44f49bc8605cf22c |
| SHA256 | e9dd3015f76e05f185ebe7564d364aef8b8168b05e62421c99875e14e4597977 |
| SHA512 | cf7d04304fa58e2dd9a8492b31b065c03c1f7ea96ab71d7d3d212eb17436c7c181470c23296fa3f599f1ef56c6b243921ed7f0a92ad3e0a6cd40a5fe857955a9 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\share\themes\Emacs\gtk-2.0-key\gtkrc
| MD5 | 4b600a3c3c2ac37f7d0c13c4d86ac752 |
| SHA1 | d1da549c070d74aa9f9456c4c1e0ccbdde5256c8 |
| SHA256 | 4214bee389645edcc7c9971ba35dc4d96e8c135ebc92c51c05b0c7dd36abd8e5 |
| SHA512 | d4ece8e39a80073bec016b375a75bb5ff5c697aff560e5d4aafc6031f26451f8d3ef32faf1a0b2be3470450eb2ea3ae8978cc444ee0e2d2ef374ef43340e64ba |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\share\locale\locale.alias
| MD5 | c26bd884605e7cb04a295fbf331e11a3 |
| SHA1 | 7330ab3dc0410db503eba19976f027cf49eaeafe |
| SHA256 | 67cd91edbb01ea1eeb59f25c0a8cb6dfe90653fb5fc437d3d32cd0814804075a |
| SHA512 | f88bbd4ce7ef42b710071efc5b3aa99f18b5da1e18b3e0d5b051acf125809a9eb94bcac9d91639660246a2406c30e93449d1ff81eace9caf18c6cd5e52ad85dd |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pixmaps\black.png
| MD5 | a875753fd4e92edad63f5d8b9a79426b |
| SHA1 | 241b7f8bc325993b8044498ec4a6c03d576c6b48 |
| SHA256 | d09f2e254540dc26a948cf49ac09de2ffea210ad9d8fb77ab7a943ce938b5570 |
| SHA512 | b04ee55b20c42a36e6125ef883161eaae11a990a99042b7fefccf0433455e35c621b8f10587a6292adc0f71ccf9a896c0264c8607614196d311de86b28c338dc |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pango\pango.modules
| MD5 | 7a7327019610dfb25d5fafb2d2b0f3ab |
| SHA1 | 812af1f65174c63c4a90dd72d29d6e1180075a6e |
| SHA256 | cab115828e04766fbf8e20b5ca6e5632e089f407b338832081d8b42f62fea38a |
| SHA512 | 9d7d7fd408d0e0cbe8df24cf1184aa9c24f41dc94d98e7262d04e617b7252381e6845b9e2724557246af8696a5e0cb99f1d15b3889aebd7887fac99e68b79849 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\fonts\fonts.conf
| MD5 | 4291285924e90d1a1fcf1ddfc51adad3 |
| SHA1 | 74f2d9b2f9665a1ff083701456a0fbfe351f855a |
| SHA256 | 68011bc3741ebcea48f08ff2aed8519762a946f3e0fb9c224b1d3810ebf5bf4b |
| SHA512 | 80b570051324f0987f388b78f2b2b2a50df2ece82eb6c003ed4ab5fc1456789fdb4a616c3be760580d30f48aef656eb3604cbd0a7808c49f03b347f2d4388cee |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\AForge.dll
| MD5 | 02c63f568e598aad85dd401d7b26e82a |
| SHA1 | 2da9ec7612835e1f69d4a93aa2d49ec9bdff7f7c |
| SHA256 | 966a474060a8aca70c73ba09d0b6fe2353035961c7107b9003ef879c010ff8da |
| SHA512 | da9bff86be8fa890dda80a35ee6c851aa655f087f81804a23c73f8c586b7e13ac5a643e0a516a35787cd97b392aec16bfb95210080e4e53e6144fec9316acdb1 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\AForge.Video.dll
| MD5 | 0bd34aa29c7ea4181900797395a6da78 |
| SHA1 | ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8 |
| SHA256 | bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d |
| SHA512 | a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\TurboJpegWrapper.dll
| MD5 | f5639d78d8c860df0176b1499695e8b3 |
| SHA1 | a70f699d75903ca2ae31098f4687add23245804d |
| SHA256 | 9c8de413bf48e680ded9db3b3a4c7773642b9d6c76973ae95d40eb0cba31d4e2 |
| SHA512 | 2098dd214db72b7f9b70c58cd1fcb53dd4982e441c19b3571941f9026e0dde0ae9005bb084ecb2f21ee2e24776fc95d60cb50b11fc536a68ad153efc1dc8ef0c |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\pthreadGC2.dll
| MD5 | 928c9eea653311af8efc155da5a1d6a5 |
| SHA1 | 27300fcd5c22245573f5595ecbd64fce89c53750 |
| SHA256 | 6dc4bee625a2c5e3499e36fe7c6ff8ead92adf6aae40c4099fdc8ef82e85b387 |
| SHA512 | 0541d706bb53f8a04c78fcf327c4557553fa901d645ad2fd446e79753b4729f1e36793f42fbdd9b5e92073a30ed9a3dd853773a06ebea8e9302ece91a6c5362c |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\mingwm10.dll
| MD5 | a5a239c980d6791086b7fe0e2ca38974 |
| SHA1 | dbd8e70db07ac78e007b13cc8ae80c9a3885a592 |
| SHA256 | fb33c708c2f83c188dc024b65cb620d7e2c3939c155bc1c15dc73dccebe256b7 |
| SHA512 | 8667904dda77c994f646083ef39b1f69c2961758c3da60cecadfe6d349dd99934c4d8784f8e38ae8b8c9eb9762edd546f2a7b579f02612578f8049e9d10e8da7 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\Qt5TextToSpeech.dll
| MD5 | 3cdb361b43a3ce45145df5bad519df63 |
| SHA1 | 8f7cfe31068584151bf913171c82949fd7a945f2 |
| SHA256 | 8f5a39d8e35d981a8200fb4a83b42b72ec71a9c5db16a09c5df69b001bfb2e13 |
| SHA512 | 88722199a716dbe665204d9d192207594cd3819130d22c07133e8a229628f66e5eddab60dbb1759ba389cf42398c32eafca8b74e07b3dfce4c916fd8715d566c |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\clock_common.dll
| MD5 | 85d02f053f1151ac4d3fdda5ea10adc6 |
| SHA1 | a134e20a33387a3bfe256b36585d9ccb6113a29f |
| SHA256 | 989354441731eafd1cd63285ab681176a43f08ea999362c5d792c9b2bcbd6564 |
| SHA512 | 146233b07a3d81f7aa7c2a5e055935fb61307e20dc15b168c248f6d83f934d916184b568e39f7ad8c6ce28d26eb5b1605d6b2200b5ddc2b6cf0bc0dd114981c2 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\skin_draw.dll
| MD5 | 72ad6c45aaf461326f5a512afb4b33b0 |
| SHA1 | 4b6791aa02c76e96256bf19ec9ff828303a308b8 |
| SHA256 | dcf318a760aeecca2496417d5111b059867471919d2721d766da7d29d29df305 |
| SHA512 | 5c495d059aa51beb4be143a9beb496f380b84f28bc4090e2c21f942e5847dfb5c2cdfd759636eacf4b2820fb6f68cccd8b60ce336a721d03575f45f9496f6b99 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\plugin_core.dll
| MD5 | b79d7159ba735958c18148dcdf543571 |
| SHA1 | d7d4d4aedf7897092665dfc573e9fe9c313c2fe4 |
| SHA256 | 638aa5d39ae52d09317c001bb8163fbf1ffdea03e371ed61457d765ad35a5e52 |
| SHA512 | 79b7ae9a722714c6d640f35b81e54fb9a0b8e6042b99705094d6e968736d1389ed0e2a90c5120955a458d158d9af8a485ff4b5dbc9227165c11dcf62fd180c71 |
C:\Users\Admin\AppData\Roaming\Tua Rua Ltd\FreSharp Bindings Viewer 2.0.5.8\install\F4F67A4\nqf
| MD5 | 409a406d256db9eb024aaeeb346f7a65 |
| SHA1 | 3a18ea9e1e80c2b1dea030a2f3cf689b52e1543f |
| SHA256 | 5686b211ee592583291cf562d369390b376f5d67a1ed7b5ad9adb86b4bc0f603 |
| SHA512 | b326172fa7cef082fe99204b14fd02bb53260a11abebdea24a52c0b5abfce63baf5150880b047a45707a81dfdd06930e2ed3d4b1a5e336c768f39643e6c83d70 |
C:\Config.Msi\e5759fa.rbs
| MD5 | e10156242c9f8418eb835d1e0dc53fd8 |
| SHA1 | 8a94b6d4b391c74c2586aad37e16bda3f933cc9b |
| SHA256 | 92be7888f058625bdafdc9e0e6764f299362b585c72e934b27503179238d0e7a |
| SHA512 | 47331912aa0a49e9703bfd79adf35a4a978edf497bebab9ee44ccc5a9f9bdd4af8beb943a1fcf92804284074b122a961a1762e34c9be16090831b507c5ac76ac |
memory/1540-387-0x0000000000400000-0x0000000000902000-memory.dmp
memory/1540-390-0x0000000000400000-0x0000000000902000-memory.dmp