Analysis Overview
SHA256
93dc6becd9d4c16eecf188a19798f9cbbde3281270efe869f8f6c81a7815a74f
Threat Level: Known bad
The file a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Babadeda
CryptBot
Babadeda Crypter
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates connected drives
Drops file in Windows directory
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-03 21:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 21:19
Reported
2024-04-03 21:22
Platform
win7-20240221-en
Max time kernel
120s
Max time network
125s
Command Line
Signatures
Babadeda
Babadeda Crypter
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
CryptBot
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIE5B3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE67E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE73B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE826.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF080.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76e032.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76e032.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE43B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f76e035.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f76e035.ipi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 91FC1B46A781A3C163818CF8D04943DB C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1711919732 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B63CB0E1F4D0D0F3E171DF032286965E
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe
"C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c rd /s /q C:\Users\Admin\AppData\Local\Temp\mYIWJGIsgXQmW & timeout 4 & del /f /q "C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe"
C:\Windows\SysWOW64\timeout.exe
timeout 4
Network
Files
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\decoder.dll
| MD5 | 454418ebd68a4e905dc2b9b2e5e1b28c |
| SHA1 | a54cb6a80d9b95451e2224b6d95de809c12c9957 |
| SHA256 | 73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409 |
| SHA512 | 171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\adv2.msi
| MD5 | 4194f484a9eddbf061602ca3518109fa |
| SHA1 | d0ce65bca7177b505c77b86133c926a6d59238bf |
| SHA256 | 518f0ee6728f89bca8d394aadfd77a0cba35308c25225eaffd2ed04daa6cfb71 |
| SHA512 | a4c1badbc35bb79f14595c83a3dee09aeab18891fd343dfe597e680e891c6a7b333b947d939933f4c0e441cd8645e78dafb042992a0b6a4820a5fc5a5d4ab093 |
C:\Users\Admin\AppData\Local\Temp\CabCFFE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarD06E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarD525.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\MSID777.tmp
| MD5 | 3d24a2af1fb93f9960a17d6394484802 |
| SHA1 | ee74a6ceea0853c47e12802961a7a8869f7f0d69 |
| SHA256 | 8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88 |
| SHA512 | f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba |
C:\Users\Admin\AppData\Local\Temp\MSID95C.tmp
| MD5 | 0be6e02d01013e6140e38571a4da2545 |
| SHA1 | 9149608d60ca5941010e33e01d4fdc7b6c791bea |
| SHA256 | 3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3 |
| SHA512 | f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d745d13cc84429559eba5fc7e109d02 |
| SHA1 | 15d4a9cb4109c448a6a853565afc497853b405a4 |
| SHA256 | d68d5ee86db0620c2d7a6393eb5374fa7fddee5e4c9c1275cffe60d495cc64b1 |
| SHA512 | de4fcc7d1259b866aa01dda00ed81806f0a198f8fd45d0194cd031e3e84df342c8c9ff71ee5dffa898a3a7993dba8cb9c0df3b43ed590d340ac1ae6efa09420a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb7a6d27c9a126a77af2746c4c4f312a |
| SHA1 | 56a60a353240812e1e7009869694e0ff37035a15 |
| SHA256 | 4cd750ca332aa25ce5f7267776119014853dd847c311061449197e3b41f0b040 |
| SHA512 | 8dac4f9c935cb80a428c8c79250dae7cdc04745f4c89a774e5a207c81954d3d1462597600fee65fa79098e6e60f9cf563be643de80161d5e7b43baf4629adb58 |
C:\Windows\Installer\MSIE826.tmp
| MD5 | 2a6c81882b2db41f634b48416c8c8450 |
| SHA1 | f36f3a30a43d4b6ee4be4ea3760587056428cac6 |
| SHA256 | 245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805 |
| SHA512 | e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\basswma10.dll
| MD5 | a1b72973bb9af880f8d90f15c45764d4 |
| SHA1 | 25491e8d1bfea8212b21c3acfb4f3232522e2a8a |
| SHA256 | 9230e808b848f07d23f814b2401f6a11d9753338912361e10d0962b1bf603bb1 |
| SHA512 | 9749ca312902cfc5aff12e41119e9a6a98c2a67d8c80d1793bb8f75e930158734f29e965e6215aa19a0fec437697a0c00e2f440c0c9839aac4200b9ebd0dd09e |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\cecilcore.exe
| MD5 | fa13d6d888e69b5b795fcfed11b2492c |
| SHA1 | e96008828cb3bc7f98208bb7e76e694e4f4b85cf |
| SHA256 | f9c1794ea531bc185b1c1449b516a198c74075629d75569b710fbececa864298 |
| SHA512 | 35c0b99db5fcae02f7309919802b7b4ff4a17d3c87cb6edc21891c7eefcbf2ba344eb4b3c213bff43e6b5b892a9f9a2db6fe8269c2a76376bb8d57d7f62f76cd |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\sig
| MD5 | a96984d1c71c6799cbbf44c19adc046b |
| SHA1 | b2fb68f027dd71184d8872d7ff8aa6deefc8bfb1 |
| SHA256 | a453bc91e3a825078753c667c22f606412d2a4cc995e975eafb1ae178afb6117 |
| SHA512 | 920aaf54812a962c42f188fe1ea4c1cec77036bd72b27351b36aedb530fb517d9a9332ef132d16ee2d468c6087f7a1a11dd1090f51d1374eadb22b81961ec1c1 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Common.dll
| MD5 | 5026b281f29df1f4c2ab120a70f3550f |
| SHA1 | 7ae56eb0d2fa8b52f95d1f4ba692cd6caa95545f |
| SHA256 | e3dc7ea9412525f29f4a13d412a8b64d7da0e18f5c506d26df5d958f7667280a |
| SHA512 | 0a1afe8f22d8362b55b86a40589116e94f4c1ce56ec1ee5ce633eb881314304f31a69d683b70011d3d9ac3b25b6af96315573d270dbcb28148919a435affa7d6 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\libEGL.dll
| MD5 | 89a6ab09dac37a28f2267c8b65ff55c5 |
| SHA1 | 9ce53e0e5b904b6a94b4d4988096609636bd14e4 |
| SHA256 | 5efc0aeb984eb7691305b362088406ab82d5b2d9fc7ad6332f0d6e0919762cd0 |
| SHA512 | 0806db4d43b5841f76b773df37b2548bc2dbf968df59d4538181be31f0434eb098b9e229f7cbe524a31eb75cbabc50972236bb9eaf30b4f15e4f2cfede7fce14 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\LICENSE.electron.txt
| MD5 | f8436f54558748146ec7ebd61ca6ac38 |
| SHA1 | ef226e5b023d458efcdc59dc653694d89802f81c |
| SHA256 | 34f6f27c26d1bb8682ebb42ae401f558228fd608455bd7c6561d5fd500b7d05b |
| SHA512 | 5b310b48bbee286f03e645e4bfad0ec870a7c68c445d54f46f3eaaa9c427f9de6cd0561d451838bd53c78a5289e9f0bda19cda4257a4657580afa6c357913050 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\plugin_core.dll
| MD5 | b79d7159ba735958c18148dcdf543571 |
| SHA1 | d7d4d4aedf7897092665dfc573e9fe9c313c2fe4 |
| SHA256 | 638aa5d39ae52d09317c001bb8163fbf1ffdea03e371ed61457d765ad35a5e52 |
| SHA512 | 79b7ae9a722714c6d640f35b81e54fb9a0b8e6042b99705094d6e968736d1389ed0e2a90c5120955a458d158d9af8a485ff4b5dbc9227165c11dcf62fd180c71 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\skin_draw.dll
| MD5 | 72ad6c45aaf461326f5a512afb4b33b0 |
| SHA1 | 4b6791aa02c76e96256bf19ec9ff828303a308b8 |
| SHA256 | dcf318a760aeecca2496417d5111b059867471919d2721d766da7d29d29df305 |
| SHA512 | 5c495d059aa51beb4be143a9beb496f380b84f28bc4090e2c21f942e5847dfb5c2cdfd759636eacf4b2820fb6f68cccd8b60ce336a721d03575f45f9496f6b99 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\clock_common.dll
| MD5 | 85d02f053f1151ac4d3fdda5ea10adc6 |
| SHA1 | a134e20a33387a3bfe256b36585d9ccb6113a29f |
| SHA256 | 989354441731eafd1cd63285ab681176a43f08ea999362c5d792c9b2bcbd6564 |
| SHA512 | 146233b07a3d81f7aa7c2a5e055935fb61307e20dc15b168c248f6d83f934d916184b568e39f7ad8c6ce28d26eb5b1605d6b2200b5ddc2b6cf0bc0dd114981c2 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Memory.dll
| MD5 | 6fb95a357a3f7e88ade5c1629e2801f8 |
| SHA1 | 19bf79600b716523b5317b9a7b68760ae5d55741 |
| SHA256 | 8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7 |
| SHA512 | 293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Qt5TextToSpeech.dll
| MD5 | 3cdb361b43a3ce45145df5bad519df63 |
| SHA1 | 8f7cfe31068584151bf913171c82949fd7a945f2 |
| SHA256 | 8f5a39d8e35d981a8200fb4a83b42b72ec71a9c5db16a09c5df69b001bfb2e13 |
| SHA512 | 88722199a716dbe665204d9d192207594cd3819130d22c07133e8a229628f66e5eddab60dbb1759ba389cf42398c32eafca8b74e07b3dfce4c916fd8715d566c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\WindowsInput.dll
| MD5 | eda6dcf70b3423d40078e5440fad3704 |
| SHA1 | 0ddee7bf081fa20e71683d9ab2029ce93a7ee1b3 |
| SHA256 | f44326a1a2e2fecb4029c19b7a5c0777821cd6bae9b415989d3f8007c15861d5 |
| SHA512 | 0b0f3b889ebc1a88b0fff477256fa5b234e520c64f0a695f125c0226133f35c2d6f57c83de648fce19e30fbecf9ce401475221d8f761c896479cca4d4a96c3f8 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Interop.IWshRuntimeLibrary.dll
| MD5 | 9569c5ddd9ab1e7bfd24e41250a67903 |
| SHA1 | 304afddbbaac26843cf53b9713e09a85fe525cac |
| SHA256 | 6a80b9d1bd609a3cb6af8cf8c1534f7baca1d78ad353ce6ed5b578a0ba96eb83 |
| SHA512 | 7bc2a98f9fb934212cbc7b8dac21ec38b89b39a3f60ef53490bb25d07c286d1db4da1757b766f323615185aa26f094e601337110da14224fcfe3ce016eaf0c54 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\LICENSE.txt
| MD5 | fc292eaec94367e0775fa0638880ebce |
| SHA1 | fa5ff95ef7e8f5ad9cfc77738f5e6c0ca96572dd |
| SHA256 | 971f1733cb237ddd626e579954938c6fc0e925ccbf885074ad5fcf19b4efbe2e |
| SHA512 | 4f3ceb0d390f47fae7294db5399177a1128dd196cf58a45768984c1783ae4e0c0d0746aae716b2a08f7058df214494a7fb20c8bc982d0e3b8cb3d70ccef7917f |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\postinstall_readme.txt
| MD5 | 24ac8ba156f8fbfd86a4292e4f44631b |
| SHA1 | 081d1ec03058bba9ff43b40f39891b82a3cb3b6e |
| SHA256 | 37c45cea617294e1aff68e83fdf0ff14ca454049f9896b5ccd2bdeb22140fa1e |
| SHA512 | 9874047be537596921ee8375e274499dce122f45257c714c0bcab5ba5e9a91540c37578b9f96e4a9a3376c3a311ef934b85758db1aa8d71329dce74ed17f6581 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\README.txt
| MD5 | 7539e219a0d2331524b97605c4fe641d |
| SHA1 | 718d7c209915ff4944a81ef38701542d63ea30e2 |
| SHA256 | 3f169438204953468391d382ca1813c54a0301b733c59bef9178c2d55e9e7e0b |
| SHA512 | c8886ba4445e612bedb7c9f8b8b7044c016ea45ad5f80b1a9082707a2b7c5334bfe6b7ac8df4c2f603d0bfd1dbb727691d65e3a6c14acc78104b869c9bb97dca |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\CHANGES.txt
| MD5 | 109e9d23496dc406050f895409be2531 |
| SHA1 | 5a8659d65025b121c2a16d80d3d55cd9c3a5a7ef |
| SHA256 | b58477a045a7411ff95ca8b1e055801d5d10055e2de52e1a94397919a09d82c2 |
| SHA512 | 548fa0ec3b1a4056440867e7b7fd7374ab9d08e0156121ef7e1f7c57ae97a58b5c357cdd69ebd18df80ca4078fb595cddebda245b317213b140cac5069ab7058 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Mono.Cecil.Mdb.dll
| MD5 | a269c436d17634aecf2ac0e95c44728c |
| SHA1 | 3dae54046aa5edbcf58ff38acc1d12682e3442b5 |
| SHA256 | f02a2d8154ef002863702d6513c6773ebbb83e520834c2ac8e38c6a7f0174e27 |
| SHA512 | bbd1740bce3d1eecccaa560696cc5b0999a1e00c3d6747f3bb93ab44a5f9a2186f01048fa69e173b89c40b98bddf13c4de92564b13c0ec36eb96b69ec65dc157 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\TurboJpegWrapper.dll
| MD5 | f5639d78d8c860df0176b1499695e8b3 |
| SHA1 | a70f699d75903ca2ae31098f4687add23245804d |
| SHA256 | 9c8de413bf48e680ded9db3b3a4c7773642b9d6c76973ae95d40eb0cba31d4e2 |
| SHA512 | 2098dd214db72b7f9b70c58cd1fcb53dd4982e441c19b3571941f9026e0dde0ae9005bb084ecb2f21ee2e24776fc95d60cb50b11fc536a68ad153efc1dc8ef0c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\COPYING.txt
| MD5 | 3c34afdc3adf82d2448f12715a255122 |
| SHA1 | 7713a1753ce88f2c7e6b054ecc8e4c786df76300 |
| SHA256 | 0b383d5a63da644f628d99c33976ea6487ed89aaa59f0b3257992deac1171e6b |
| SHA512 | 4937848b94f5b50ea16c51f9e98fdcd3953aca63d63ca3bb05d8a62c107e382b71c496838d130ae504a52032398630b957acaea6c48032081a6366d27cba5ea9 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\AForge.Video.dll
| MD5 | 0bd34aa29c7ea4181900797395a6da78 |
| SHA1 | ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8 |
| SHA256 | bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d |
| SHA512 | a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\AForge.dll
| MD5 | 02c63f568e598aad85dd401d7b26e82a |
| SHA1 | 2da9ec7612835e1f69d4a93aa2d49ec9bdff7f7c |
| SHA256 | 966a474060a8aca70c73ba09d0b6fe2353035961c7107b9003ef879c010ff8da |
| SHA512 | da9bff86be8fa890dda80a35ee6c851aa655f087f81804a23c73f8c586b7e13ac5a643e0a516a35787cd97b392aec16bfb95210080e4e53e6144fec9316acdb1 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\css\bootstrap.min.css
| MD5 | 930dcbc9f2338de708fc0a1b83bf4509 |
| SHA1 | d7d00b64854a54676c86095289e5def76b98ac96 |
| SHA256 | e57af0825712ee377ae2058e81fad4f4f0797ff8f8a25db7986a9e64d4c1696f |
| SHA512 | ebccc26d94d200b015ed6ff9887c969aea1de694ec559724fd06f26a6e40fbeed15cc27be7b7fd051b08b8724a78993feddad5211e1d5b9e0d9ae07ffe22df15 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\css\codemirror-show-hint.css
| MD5 | d10a1f4608d7efee6e1324f695a97d53 |
| SHA1 | 4694e77be609ddf88b05776e6a48e1be5ef878d6 |
| SHA256 | ca2f7e4e1f3ae6f24dea4530d1689d6047486a2f3fe3e7263cea588ba50308ba |
| SHA512 | 44ee29c9521b5ee5d1dcdb19eaf17e494d317c1ed587ee9422b3ff4b5308f4fee532b7fe17cf532327a138b4df6d03b1cd0ac49868d78475d16f9abf5203719b |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\css\codemirror.css
| MD5 | e055267740a559a23894deaa50d05ac4 |
| SHA1 | 2d8958657e19ac0b6d4c67c712d51c515d9c2310 |
| SHA256 | 959c7856fea239bed270e36a5dddbe88e9df41282f7825980ff4f138eb13ea0d |
| SHA512 | 64deec31251c458da8e70c33ee9da0af47a11eecfa6ff832bbd5c8e1ad605af42f2b86effc8a35037c69c64ac8880a38721da814cadf8b1593f6a911a01deccc |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\css\strokesplus-net-custom.css
| MD5 | cfe32358318a1928a7bc0bce112e2327 |
| SHA1 | c619fd30dfdf41a2000b9b672df021853ec10ffe |
| SHA256 | c255bbd1adfca403430b817de645bd182a2a3073c5a21c0d453135b54be18b8b |
| SHA512 | 0bfc64084cc1d5dfc2218939809e5be92cad7595d7edbb0870bac709a7c3429b1170cb53dd5323c3af29f8674c2bdee8d8d1fcd6200b2c14e986631b9b50b68c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\codemirror-autorefresh.js
| MD5 | acf40711fa45f55dc8151c5a5c9dbdc8 |
| SHA1 | 22bdf3f1a0fce9e7a39acc91e4aae131f970e025 |
| SHA256 | e5c187fdd5c12381b40c0353151b4df5f2683974227bb49818979f7b46b7e58f |
| SHA512 | 5ce912d75c7dcd5c73894a481eefd5224e6e3d43d80f934240a9cd6611db19dee279f9585d09be1eb5d19097c6ac22154ed5139237a1b1f1d64e9a9496e563ca |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\codemirror-javascript-hint.js
| MD5 | e02e3288291152006a345a01157f52b1 |
| SHA1 | c5e89f23a97da8413d628fe28cacb0cfae9a695a |
| SHA256 | b0ad564bab726f3d22bf6ccdf411c3b3f114137801cafb895b495c142692fa96 |
| SHA512 | 91af819cd8805ba4fa0eec032539c501fed91072f6747d25100b062b90233900f9d530c68c6711376c4594ff86195d39436e2d9ffe07df389b9295f25b4fb2c2 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\codemirror-matchbrackets.js
| MD5 | d2142081656b946bc138ceedef12f110 |
| SHA1 | 30da17d695fd90ef7f6ad1ee0ad687ea003173ea |
| SHA256 | acb4d9f072d524666b6999def93b56f2eb9734efd6e88d01d876449d913dc9b5 |
| SHA512 | 2835a19c2cffb6aae8316478a8f0ac6bbee5bb8365460008085a016078d661b5a7ff37e88109d387a48a7eeeab099db95899c6909c5124d43a2619120cdcede5 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-applicationeditor.js
| MD5 | 84a8abb51fe73fadd307a23e19fc1b4a |
| SHA1 | 359cee1fff2096efd100b96118beea7eb476813e |
| SHA256 | a543b62da0d5c46580cd4a458c43fa1470b790ca72723640a16bc5176a8a535b |
| SHA512 | a3c81afd5c587c03f2d69125c439ae847e9f3c791c60d4b1d3f9ad988c27485479bad3f7096def435eeef1be2feefe1c2f918781ac9f6bb73970f1cfae3287bd |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-applicationlist.js
| MD5 | d0e079183bee5523e5738e0f57353345 |
| SHA1 | ca9b3f53c01f29740e4a7960273391acc884a05d |
| SHA256 | 6aaad853f929abe47b191d36f34bc37a2c4255f4775bf80853e55a6475fb4ff0 |
| SHA512 | a0cf946c1aa32c7885230cdf2d9a19b643f517ec28155cced2c5e6801785d96e7e5c4e8f09b2107cba681e7c438308b15b3c786effbea6fcea9b18fc04343d07 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-load.js
| MD5 | 90647a282f5507897418f1b93b1fd429 |
| SHA1 | b9562248342eb5ff8d40f7144858123cf022eba7 |
| SHA256 | e638cd7ffd900370eeaefce5f76e67502e4e6c533314fa3884491dda5b34bdc5 |
| SHA512 | 86fcc0a413a3946141d8fba702902585dfa725dfce26439b3abbd7ba531580f28055a18e497dee84b42633afa14591460e72720e8d3b526d3f9ca18ef6376cc1 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-menu.js
| MD5 | ef5f68814a70144c054802048ee0db80 |
| SHA1 | 22af70331159703b4a2c6cac3bcb7e92ac316271 |
| SHA256 | 786661250d3a23c9edb9a812d8c18151ed38cb47a8dc7dd26194ff735eccb11d |
| SHA512 | 74065bc3727b1ecc1c575d5a694f6052835ad87bc83e97841a2802aacfef414c6a60be20dbebe9e0879be3fd89154619842a406f99acf03ba7d63a35be0b145f |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-modals.js
| MD5 | 1ef87a281123c5cf05a27abb05cce9bf |
| SHA1 | 4e45ad0f4ac6572cf9f6c3d30b5b2bf417f60aaf |
| SHA256 | 2e934f10ea7d49b0a45a80312944ba8c8ade999995a6a54f13ee4ac1a88a94ea |
| SHA512 | 2ca5dab215b025d5c5b49a48faad291b580889fef8662ad40dec05166ed9daa0a005e873dff37ed91ff6957ace763525f930963c5563315a11b608445cccb3df |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-scripteditor.js
| MD5 | c76f02e12e1bd7e8a484ce78913a5881 |
| SHA1 | 6af07c90c7fa0e8d5b43264d4b3fa4a74c3a25ce |
| SHA256 | 8a1dd204ceb91d148dd460b5ba13eed0e60cfabdd17dd8425aca50bb513922c2 |
| SHA512 | 828e33312deeb0c138e14a6318055e15036bd367f5936a353a3da2c925a039dff98024f2aa861165a9c8ca0107fad21dcb43be009c5f5916c787c455eba52ac9 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-stepsscript.js
| MD5 | 86a6f8437cbfdaa196d7ae2ea3eff024 |
| SHA1 | 05ef040e39ccbd8eeafeeb3e68c1d581c72aecaf |
| SHA256 | e55a40b29c4d0c6486a5de06339df942df684eefa5cd2467d25912eeb58eaf7d |
| SHA512 | 624eb001ca62838f545e68fba6a68601bbd98008c5ea084ae5889b4e6200194c4d441c4cbe1fbae00bd37e91224511563aa927b5deaea4789ba30a084c32e565 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-toolbar.js
| MD5 | 3565523f8a48212afba16dda4edb5a79 |
| SHA1 | c12de32579532c8a001cd441c2be3aeab89fb973 |
| SHA256 | 408f0bcec00b4bccaa3e5027fdb9b41f2132f64f6b45cef605d23c7e34cf3c0b |
| SHA512 | f354a906d11c1e1f564ed7dbcd5d3fed5db4485820eae9c435e01cb85d4f679bd791078dbba1b1a16425a53c244bda7e7f4c425078710bce1a406d58df4df2ff |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\strokesplus-net-utilities.js
| MD5 | fbbc2c82a901706313fa662d87157b51 |
| SHA1 | 34a6907255f00544d88cf76c9a9bb9edc36cecae |
| SHA256 | 00de4f095edd15c610df1455794befd35f69ddf8cb90d50d5769c32b7af63b97 |
| SHA512 | 9acbe4fc210882d706a0779627a01ace939bbf6bd0cde89d970249a14e17c9bca8f5aab12e2f56bc8e80f0f282b8aea6fab29314a8b50e726c47fed5a61df041 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\settings.html
| MD5 | d5bfe7e5091e21b227d2902936d58c4f |
| SHA1 | 326b6c6de0e045ab194904ff051839bee344487a |
| SHA256 | 1b50734d8509c1a0a56cee933e0fa59871f0d89f433f880fd22bcc6dbaf91667 |
| SHA512 | 221c2b7da8a2727cf7022fb4403f6859a2193144f72a232a2f3da402507bcc75fd0618c3368b96d0f33581607323379e5584069cfe872996d94d2ca8631c3970 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\locale\de\LC_MESSAGES\default.mo
| MD5 | c41f0999d7326fbd354bbb86b0c1a8af |
| SHA1 | 590e72b3fc64f09ab4e4ea2e42285c09ad933b64 |
| SHA256 | eff1bb0c9e6c16989b09346f526c90d80e1a748a779856953ea3e69f92b68fea |
| SHA512 | e7aa424b77f27e526922c5658555b56cf42f2b20b7b14a9c86ad136b521ac0195dcad04ee7a302d034153bea94f3e36695f6100ebebffda216a2f3692646d8cb |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\locale\es\LC_MESSAGES\default.mo
| MD5 | 943e56b4a41280e72db9c212e7469e1c |
| SHA1 | 9a0d7a277a923c6f6b8b8909310965f03d2143d5 |
| SHA256 | eed96f63a25ea4ff4b91e801d9bfd94c3249d975320e0fac5ef8b5e45a58985e |
| SHA512 | e3fe207cf0f05dccb893124cfce136e7ec7ff81e6d20ee8bb2326f81a8f1cbef8031087f4addeb5bda96e7176c5d3b997c5357d5071867a7c5cd2223f63f81b9 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_banner.html
| MD5 | 5d1f7da1c3d95020a0708118145364d0 |
| SHA1 | 02f630e7ac8b8d400af219bd8811aa3a22f7186e |
| SHA256 | d2d828c2c459b72ee378db6c5ac295315b8a783b7049032f92ed4fcb2a89684a |
| SHA512 | 6bbdaaef1478ffd9e9d3a95d300f35b9ac6f3ce6564e80734445a827ad8761233db36c679fac117f363bae27918983520f0e2f408205d3549b001fc4ae4c920c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_connect_to_data_no_mru.html
| MD5 | 20bbd307866f19a5af3ae9ebd5104018 |
| SHA1 | 8e03c9b18b9d27e9292ee154b773553493df1157 |
| SHA256 | e4fe51c170e02a01f30a4db8b458fb9b8dee13a7740f17765ba4873fac62c5f7 |
| SHA512 | 420a132ad4ba3a67f5b66a3e463c4fa495b7941d58d6d669a8c984380607a03f0afa1c92bcf1f8d1fc5d93838ea611f7f9cf439bb3ada0142431b119ddfad40d |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_connect_to_data_with_mru.html
| MD5 | e6bc0d078616dd5d5f72d46ab2216e89 |
| SHA1 | f70534bb999bcb8f1db0cf25a7279757e794499f |
| SHA256 | e8f50f17c994f394239350951a40c3454e9b52b0ca95cf342f2577828f390a54 |
| SHA512 | 6ccd6e19ec63f20c86a28ccaffa609a2d0de7991a8eb2d6ea016bcc5d0e9f2fc28c33a15c4af891f28a9e1e4131f38f84f8e1a8859e020d6f267977075f7c66a |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_landing.html
| MD5 | 0a5b47256c14570b80ef77ecfd2129b7 |
| SHA1 | 69210a7429c991909c70b6b6b75fe4bc606048ae |
| SHA256 | 1934657d800997dedba9f4753150f7d8f96dd5903a9c47ed6885aabf563bf73d |
| SHA512 | 5ca22260d26ec5bb1d65c4af3e2f05356d7b144836790ac656bf8c1687dd5c7d67a8a46c7bde374ec9e59a1bedc0298a4609f229d997409a0cc5453ef102ecb2 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_topstrip_no_mru.html
| MD5 | eced86c9d5b8952ac5fb817c3ce2b8ba |
| SHA1 | 3ca24e69df7a4b81f799527a97282799fcd3f1e2 |
| SHA256 | 3988afa43d3c716ecbe4e261ff13c32fe67baaaf1718eac790040cff2aa4e44d |
| SHA512 | a21e88968c30f14363a73dfd7801cea34255acb968160fad59d813bb64352583c8c4f6cd9d45811676ca5ca90a4250601a53e80b6f41d6727465f3a57e7423a1 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_topstrip_with_mru.html
| MD5 | cc4d8a787ab1950c4e3aac5751c9fcde |
| SHA1 | d026a156723a52c34927b5a951a2bb7d23aa2c45 |
| SHA256 | 13683e06e737e83ca94505b1cd1cd70f4f8b2cc5e7560f121a6e02ed1a06e7ee |
| SHA512 | e0b01f5ee4da60e35a4eb94490bed815aea00382f3b9822b7c29294cf86a2fe480dba704f086a38f9d7aaf39e8160f49cf806b6b6c44651de56e290249dd9ebe |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\stylesheets\start_page.css
| MD5 | f2ab3e5fb61293ae8656413dbb6e5dc3 |
| SHA1 | 53b3c3c4b57c3d5e2d9a36272b27786cd60f0eb5 |
| SHA256 | 06db4d53adf4a1ecbc03ed9962af7f46fd3a54668d45907dc1737125e38ec192 |
| SHA512 | 2c31cad868e1e5149a4308a149104ac3d88907894699fb0413860c8f578de32f6814b08d518de7a7fe3782f0cea173cb1766da7c25f2bcdddaffae7bc0da927c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\stylesheets\start_page_landing.css
| MD5 | 49617add7303a8fbd24e1ad16ba715d8 |
| SHA1 | 31772218ccf51fe5955625346c12e00c0f2e539a |
| SHA256 | b3a99eea19c469dab3b727d1324ed87d10999133d3268ed0fadd5a5c8d182907 |
| SHA512 | 9d1198ca13a0c1f745b01aabc23b60b8e0df4f12d7fdf17e87e750f021fc3800ea808af6c875848b3850061070dfd54c2e34d92cea4e8a2bf4736fbcfd129d1e |
C:\Config.Msi\f76e036.rbs
| MD5 | a5c040adf5cfe01cf03235559110bff2 |
| SHA1 | cb20a699bd5350dc4a5f390277a445849d0b616f |
| SHA256 | 9079bfe26b707079d36dd01508605364abc3901c5e5cf3e0c3b2969b42aa0c21 |
| SHA512 | b6d9412596e462203ec38460520ef2053f348c89ecda2e67ea252a8ccd425b31a5c88178df436201a856792f2202a782924bc48775ad2a5c352f7e3aa283be49 |
memory/1204-414-0x0000000000190000-0x00000000004B2000-memory.dmp
memory/1204-419-0x0000000000190000-0x00000000004B2000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 21:19
Reported
2024-04-03 21:22
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
157s
Command Line
Signatures
Babadeda
Babadeda Crypter
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates connected drives
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{3F37F03B-187D-4A06-9F93-2396D40388DB} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e578702.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8A5E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8BC7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8CF2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8DAE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI938B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8B68.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI8C26.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e578702.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7CD1B96D823EC47A4D4F3AE6ADB2F157 C
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1711938567 " AI_EUIMSI=""
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8B4CBB5C08D113BC04A6E32768CAC87F
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe
"C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
| US | 8.8.8.8:53 | 224.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cemujq44.top | udp |
Files
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\decoder.dll
| MD5 | 454418ebd68a4e905dc2b9b2e5e1b28c |
| SHA1 | a54cb6a80d9b95451e2224b6d95de809c12c9957 |
| SHA256 | 73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409 |
| SHA512 | 171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\adv2.msi
| MD5 | 4194f484a9eddbf061602ca3518109fa |
| SHA1 | d0ce65bca7177b505c77b86133c926a6d59238bf |
| SHA256 | 518f0ee6728f89bca8d394aadfd77a0cba35308c25225eaffd2ed04daa6cfb71 |
| SHA512 | a4c1badbc35bb79f14595c83a3dee09aeab18891fd343dfe597e680e891c6a7b333b947d939933f4c0e441cd8645e78dafb042992a0b6a4820a5fc5a5d4ab093 |
C:\Users\Admin\AppData\Local\Temp\MSI8202.tmp
| MD5 | 3d24a2af1fb93f9960a17d6394484802 |
| SHA1 | ee74a6ceea0853c47e12802961a7a8869f7f0d69 |
| SHA256 | 8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88 |
| SHA512 | f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba |
C:\Users\Admin\AppData\Local\Temp\MSI837A.tmp
| MD5 | 0be6e02d01013e6140e38571a4da2545 |
| SHA1 | 9149608d60ca5941010e33e01d4fdc7b6c791bea |
| SHA256 | 3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3 |
| SHA512 | f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb |
C:\Windows\Installer\MSI8DAE.tmp
| MD5 | 2a6c81882b2db41f634b48416c8c8450 |
| SHA1 | f36f3a30a43d4b6ee4be4ea3760587056428cac6 |
| SHA256 | 245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805 |
| SHA512 | e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\basswma10.dll
| MD5 | a1b72973bb9af880f8d90f15c45764d4 |
| SHA1 | 25491e8d1bfea8212b21c3acfb4f3232522e2a8a |
| SHA256 | 9230e808b848f07d23f814b2401f6a11d9753338912361e10d0962b1bf603bb1 |
| SHA512 | 9749ca312902cfc5aff12e41119e9a6a98c2a67d8c80d1793bb8f75e930158734f29e965e6215aa19a0fec437697a0c00e2f440c0c9839aac4200b9ebd0dd09e |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\cecilcore.exe
| MD5 | fa13d6d888e69b5b795fcfed11b2492c |
| SHA1 | e96008828cb3bc7f98208bb7e76e694e4f4b85cf |
| SHA256 | f9c1794ea531bc185b1c1449b516a198c74075629d75569b710fbececa864298 |
| SHA512 | 35c0b99db5fcae02f7309919802b7b4ff4a17d3c87cb6edc21891c7eefcbf2ba344eb4b3c213bff43e6b5b892a9f9a2db6fe8269c2a76376bb8d57d7f62f76cd |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\sig
| MD5 | a96984d1c71c6799cbbf44c19adc046b |
| SHA1 | b2fb68f027dd71184d8872d7ff8aa6deefc8bfb1 |
| SHA256 | a453bc91e3a825078753c667c22f606412d2a4cc995e975eafb1ae178afb6117 |
| SHA512 | 920aaf54812a962c42f188fe1ea4c1cec77036bd72b27351b36aedb530fb517d9a9332ef132d16ee2d468c6087f7a1a11dd1090f51d1374eadb22b81961ec1c1 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\settings.html
| MD5 | d5bfe7e5091e21b227d2902936d58c4f |
| SHA1 | 326b6c6de0e045ab194904ff051839bee344487a |
| SHA256 | 1b50734d8509c1a0a56cee933e0fa59871f0d89f433f880fd22bcc6dbaf91667 |
| SHA512 | 221c2b7da8a2727cf7022fb4403f6859a2193144f72a232a2f3da402507bcc75fd0618c3368b96d0f33581607323379e5584069cfe872996d94d2ca8631c3970 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\codemirror-autorefresh.js
| MD5 | acf40711fa45f55dc8151c5a5c9dbdc8 |
| SHA1 | 22bdf3f1a0fce9e7a39acc91e4aae131f970e025 |
| SHA256 | e5c187fdd5c12381b40c0353151b4df5f2683974227bb49818979f7b46b7e58f |
| SHA512 | 5ce912d75c7dcd5c73894a481eefd5224e6e3d43d80f934240a9cd6611db19dee279f9585d09be1eb5d19097c6ac22154ed5139237a1b1f1d64e9a9496e563ca |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\css\bootstrap.min.css
| MD5 | 930dcbc9f2338de708fc0a1b83bf4509 |
| SHA1 | d7d00b64854a54676c86095289e5def76b98ac96 |
| SHA256 | e57af0825712ee377ae2058e81fad4f4f0797ff8f8a25db7986a9e64d4c1696f |
| SHA512 | ebccc26d94d200b015ed6ff9887c969aea1de694ec559724fd06f26a6e40fbeed15cc27be7b7fd051b08b8724a78993feddad5211e1d5b9e0d9ae07ffe22df15 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\AForge.dll
| MD5 | 02c63f568e598aad85dd401d7b26e82a |
| SHA1 | 2da9ec7612835e1f69d4a93aa2d49ec9bdff7f7c |
| SHA256 | 966a474060a8aca70c73ba09d0b6fe2353035961c7107b9003ef879c010ff8da |
| SHA512 | da9bff86be8fa890dda80a35ee6c851aa655f087f81804a23c73f8c586b7e13ac5a643e0a516a35787cd97b392aec16bfb95210080e4e53e6144fec9316acdb1 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\AForge.Video.dll
| MD5 | 0bd34aa29c7ea4181900797395a6da78 |
| SHA1 | ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8 |
| SHA256 | bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d |
| SHA512 | a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\TurboJpegWrapper.dll
| MD5 | f5639d78d8c860df0176b1499695e8b3 |
| SHA1 | a70f699d75903ca2ae31098f4687add23245804d |
| SHA256 | 9c8de413bf48e680ded9db3b3a4c7773642b9d6c76973ae95d40eb0cba31d4e2 |
| SHA512 | 2098dd214db72b7f9b70c58cd1fcb53dd4982e441c19b3571941f9026e0dde0ae9005bb084ecb2f21ee2e24776fc95d60cb50b11fc536a68ad153efc1dc8ef0c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Mono.Cecil.Mdb.dll
| MD5 | a269c436d17634aecf2ac0e95c44728c |
| SHA1 | 3dae54046aa5edbcf58ff38acc1d12682e3442b5 |
| SHA256 | f02a2d8154ef002863702d6513c6773ebbb83e520834c2ac8e38c6a7f0174e27 |
| SHA512 | bbd1740bce3d1eecccaa560696cc5b0999a1e00c3d6747f3bb93ab44a5f9a2186f01048fa69e173b89c40b98bddf13c4de92564b13c0ec36eb96b69ec65dc157 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Interop.IWshRuntimeLibrary.dll
| MD5 | 9569c5ddd9ab1e7bfd24e41250a67903 |
| SHA1 | 304afddbbaac26843cf53b9713e09a85fe525cac |
| SHA256 | 6a80b9d1bd609a3cb6af8cf8c1534f7baca1d78ad353ce6ed5b578a0ba96eb83 |
| SHA512 | 7bc2a98f9fb934212cbc7b8dac21ec38b89b39a3f60ef53490bb25d07c286d1db4da1757b766f323615185aa26f094e601337110da14224fcfe3ce016eaf0c54 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\WindowsInput.dll
| MD5 | eda6dcf70b3423d40078e5440fad3704 |
| SHA1 | 0ddee7bf081fa20e71683d9ab2029ce93a7ee1b3 |
| SHA256 | f44326a1a2e2fecb4029c19b7a5c0777821cd6bae9b415989d3f8007c15861d5 |
| SHA512 | 0b0f3b889ebc1a88b0fff477256fa5b234e520c64f0a695f125c0226133f35c2d6f57c83de648fce19e30fbecf9ce401475221d8f761c896479cca4d4a96c3f8 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Qt5TextToSpeech.dll
| MD5 | 3cdb361b43a3ce45145df5bad519df63 |
| SHA1 | 8f7cfe31068584151bf913171c82949fd7a945f2 |
| SHA256 | 8f5a39d8e35d981a8200fb4a83b42b72ec71a9c5db16a09c5df69b001bfb2e13 |
| SHA512 | 88722199a716dbe665204d9d192207594cd3819130d22c07133e8a229628f66e5eddab60dbb1759ba389cf42398c32eafca8b74e07b3dfce4c916fd8715d566c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Numerics.Vectors.dll
| MD5 | aaa2cbf14e06e9d3586d8a4ed455db33 |
| SHA1 | 3d216458740ad5cb05bc5f7c3491cde44a1e5df0 |
| SHA256 | 1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183 |
| SHA512 | 0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Memory.dll
| MD5 | 6fb95a357a3f7e88ade5c1629e2801f8 |
| SHA1 | 19bf79600b716523b5317b9a7b68760ae5d55741 |
| SHA256 | 8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7 |
| SHA512 | 293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Buffers.dll
| MD5 | ecdfe8ede869d2ccc6bf99981ea96400 |
| SHA1 | 2f410a0396bc148ed533ad49b6415fb58dd4d641 |
| SHA256 | accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb |
| SHA512 | 5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\clock_common.dll
| MD5 | 85d02f053f1151ac4d3fdda5ea10adc6 |
| SHA1 | a134e20a33387a3bfe256b36585d9ccb6113a29f |
| SHA256 | 989354441731eafd1cd63285ab681176a43f08ea999362c5d792c9b2bcbd6564 |
| SHA512 | 146233b07a3d81f7aa7c2a5e055935fb61307e20dc15b168c248f6d83f934d916184b568e39f7ad8c6ce28d26eb5b1605d6b2200b5ddc2b6cf0bc0dd114981c2 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\skin_draw.dll
| MD5 | 72ad6c45aaf461326f5a512afb4b33b0 |
| SHA1 | 4b6791aa02c76e96256bf19ec9ff828303a308b8 |
| SHA256 | dcf318a760aeecca2496417d5111b059867471919d2721d766da7d29d29df305 |
| SHA512 | 5c495d059aa51beb4be143a9beb496f380b84f28bc4090e2c21f942e5847dfb5c2cdfd759636eacf4b2820fb6f68cccd8b60ce336a721d03575f45f9496f6b99 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\plugin_core.dll
| MD5 | b79d7159ba735958c18148dcdf543571 |
| SHA1 | d7d4d4aedf7897092665dfc573e9fe9c313c2fe4 |
| SHA256 | 638aa5d39ae52d09317c001bb8163fbf1ffdea03e371ed61457d765ad35a5e52 |
| SHA512 | 79b7ae9a722714c6d640f35b81e54fb9a0b8e6042b99705094d6e968736d1389ed0e2a90c5120955a458d158d9af8a485ff4b5dbc9227165c11dcf62fd180c71 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\libEGL.dll
| MD5 | 89a6ab09dac37a28f2267c8b65ff55c5 |
| SHA1 | 9ce53e0e5b904b6a94b4d4988096609636bd14e4 |
| SHA256 | 5efc0aeb984eb7691305b362088406ab82d5b2d9fc7ad6332f0d6e0919762cd0 |
| SHA512 | 0806db4d43b5841f76b773df37b2548bc2dbf968df59d4538181be31f0434eb098b9e229f7cbe524a31eb75cbabc50972236bb9eaf30b4f15e4f2cfede7fce14 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Common.dll
| MD5 | 5026b281f29df1f4c2ab120a70f3550f |
| SHA1 | 7ae56eb0d2fa8b52f95d1f4ba692cd6caa95545f |
| SHA256 | e3dc7ea9412525f29f4a13d412a8b64d7da0e18f5c506d26df5d958f7667280a |
| SHA512 | 0a1afe8f22d8362b55b86a40589116e94f4c1ce56ec1ee5ce633eb881314304f31a69d683b70011d3d9ac3b25b6af96315573d270dbcb28148919a435affa7d6 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\res\public\de\html\startpage_banner.html
| MD5 | 5d1f7da1c3d95020a0708118145364d0 |
| SHA1 | 02f630e7ac8b8d400af219bd8811aa3a22f7186e |
| SHA256 | d2d828c2c459b72ee378db6c5ac295315b8a783b7049032f92ed4fcb2a89684a |
| SHA512 | 6bbdaaef1478ffd9e9d3a95d300f35b9ac6f3ce6564e80734445a827ad8761233db36c679fac117f363bae27918983520f0e2f408205d3549b001fc4ae4c920c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\LICENSE.electron.txt
| MD5 | f8436f54558748146ec7ebd61ca6ac38 |
| SHA1 | ef226e5b023d458efcdc59dc653694d89802f81c |
| SHA256 | 34f6f27c26d1bb8682ebb42ae401f558228fd608455bd7c6561d5fd500b7d05b |
| SHA512 | 5b310b48bbee286f03e645e4bfad0ec870a7c68c445d54f46f3eaaa9c427f9de6cd0561d451838bd53c78a5289e9f0bda19cda4257a4657580afa6c357913050 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\CHANGES.txt
| MD5 | 109e9d23496dc406050f895409be2531 |
| SHA1 | 5a8659d65025b121c2a16d80d3d55cd9c3a5a7ef |
| SHA256 | b58477a045a7411ff95ca8b1e055801d5d10055e2de52e1a94397919a09d82c2 |
| SHA512 | 548fa0ec3b1a4056440867e7b7fd7374ab9d08e0156121ef7e1f7c57ae97a58b5c357cdd69ebd18df80ca4078fb595cddebda245b317213b140cac5069ab7058 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Patterns\fr
| MD5 | 4469ed2cadd8bd68c98b1edbe7048f0e |
| SHA1 | 0acea62b36f40ba1cee16f8fdf13611b9a842f2c |
| SHA256 | 96ae3706b28222f26842120851dd3a1cd6afda616a5b4a5ab5f847c9e3a19e41 |
| SHA512 | 048c3612a48d98ebe765856255795334cefc1cdd1375d91ebe6e9b42041ccac8f434d75e7e2e0a0d00be90d3d08fa5f571faa10e1b79cfb8c55b75d5723c87a5 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Patterns\en
| MD5 | cf18449c03c2751168b7e9355f466290 |
| SHA1 | a4ad3e074b392ea50509d40e833029aeb65f0616 |
| SHA256 | cec9e6e52d2b247ddc1f01978b918ef7fc1eedbf7c9a6c58e1480695b1b1b51e |
| SHA512 | c8d2a6387521f227cf223300da3df9726e0722bd0046c8208b53bea3135eb859ff629e911c8c1a4c33d6880bc2f7ddbd87abec2a37a7393a20dccb60722bba26 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Patterns\es
| MD5 | cd6834229053e2f4247514bb4a95f285 |
| SHA1 | 0a5cd0021fc5f0a733e588fab5abc540319df67c |
| SHA256 | a065ac42835c89a13924e1b1209edd20e35dd1b087d6511d5ca61c826207c263 |
| SHA512 | 2f7353f8a5b74ed4d643e6882134be2caddd1b682d07f580b042f57df2e8ee5473a6fff95879212f6f2def8b1d9bc1e3a6e1a54588213688b6c632b1e13de562 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\fonts\fonts.conf
| MD5 | 4291285924e90d1a1fcf1ddfc51adad3 |
| SHA1 | 74f2d9b2f9665a1ff083701456a0fbfe351f855a |
| SHA256 | 68011bc3741ebcea48f08ff2aed8519762a946f3e0fb9c224b1d3810ebf5bf4b |
| SHA512 | 80b570051324f0987f388b78f2b2b2a50df2ece82eb6c003ed4ab5fc1456789fdb4a616c3be760580d30f48aef656eb3604cbd0a7808c49f03b347f2d4388cee |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Mapsources\Tableau.tms
| MD5 | 5de9d985e518303c37266bce8181744b |
| SHA1 | 17c315c642d35a24a9f04e512d755dd634564299 |
| SHA256 | 1e1e0ea80b4d1a9982375e20164cc78fbd5c8682ba826ee353018241a430971a |
| SHA512 | 537632f16bce11f3dc7ce0833d55a0d76e90ccc456a199cc068f70494a744985a242028176c5e39266fe99a085cebcba9172e4538ec0fd72acec1d3d3d0ed116 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\share\themes\Raleigh\gtk-2.0\gtkrc
| MD5 | 5fc9003ddc2c64b110b1161259f61923 |
| SHA1 | 4ecddbcceddbd90a3a654d3788ec3aef8c197a8a |
| SHA256 | 6d9beaf039092aec5c1fbc23a62402bcd0704c45c430189a6ac69ae8aa797a67 |
| SHA512 | 5c90f3f1037fff9f10aa2030bed2c670edd528482532e617549db2133e26cf801bdec56d4543feb024cdec1c0026909ca9a21b378ec3b89489c18c395660c9fc |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\share\themes\MS-Windows\gtk-2.0\gtkrc
| MD5 | 94d104680cec5f3d8bbec56258d0c926 |
| SHA1 | 72ede372fcb34b29754f20ad44f49bc8605cf22c |
| SHA256 | e9dd3015f76e05f185ebe7564d364aef8b8168b05e62421c99875e14e4597977 |
| SHA512 | cf7d04304fa58e2dd9a8492b31b065c03c1f7ea96ab71d7d3d212eb17436c7c181470c23296fa3f599f1ef56c6b243921ed7f0a92ad3e0a6cd40a5fe857955a9 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\share\themes\Emacs\gtk-2.0-key\gtkrc
| MD5 | 4b600a3c3c2ac37f7d0c13c4d86ac752 |
| SHA1 | d1da549c070d74aa9f9456c4c1e0ccbdde5256c8 |
| SHA256 | 4214bee389645edcc7c9971ba35dc4d96e8c135ebc92c51c05b0c7dd36abd8e5 |
| SHA512 | d4ece8e39a80073bec016b375a75bb5ff5c697aff560e5d4aafc6031f26451f8d3ef32faf1a0b2be3470450eb2ea3ae8978cc444ee0e2d2ef374ef43340e64ba |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\share\locale\locale.alias
| MD5 | c26bd884605e7cb04a295fbf331e11a3 |
| SHA1 | 7330ab3dc0410db503eba19976f027cf49eaeafe |
| SHA256 | 67cd91edbb01ea1eeb59f25c0a8cb6dfe90653fb5fc437d3d32cd0814804075a |
| SHA512 | f88bbd4ce7ef42b710071efc5b3aa99f18b5da1e18b3e0d5b051acf125809a9eb94bcac9d91639660246a2406c30e93449d1ff81eace9caf18c6cd5e52ad85dd |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\res\public\en_GB\stylesheets\start_page.css
| MD5 | f2ab3e5fb61293ae8656413dbb6e5dc3 |
| SHA1 | 53b3c3c4b57c3d5e2d9a36272b27786cd60f0eb5 |
| SHA256 | 06db4d53adf4a1ecbc03ed9962af7f46fd3a54668d45907dc1737125e38ec192 |
| SHA512 | 2c31cad868e1e5149a4308a149104ac3d88907894699fb0413860c8f578de32f6814b08d518de7a7fe3782f0cea173cb1766da7c25f2bcdddaffae7bc0da927c |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\pixmaps\black.png
| MD5 | a875753fd4e92edad63f5d8b9a79426b |
| SHA1 | 241b7f8bc325993b8044498ec4a6c03d576c6b48 |
| SHA256 | d09f2e254540dc26a948cf49ac09de2ffea210ad9d8fb77ab7a943ce938b5570 |
| SHA512 | b04ee55b20c42a36e6125ef883161eaae11a990a99042b7fefccf0433455e35c621b8f10587a6292adc0f71ccf9a896c0264c8607614196d311de86b28c338dc |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Patterns\de
| MD5 | c2460e421fc43708ce0a7481c3883791 |
| SHA1 | 77acfb887fbc54e53b813fff984315bbc7612cdf |
| SHA256 | cba878ea988c7e9da8115aeec3ab29a797bbb77fd232d5af047601e3bcc50fb1 |
| SHA512 | 8fbea784de3dfde1fa71b271579af0308a6d1b9d5b5ba14fc98c636fa72388ca35d3fa398457c8bcafb522bf58cfde0f7257a8b01cc08ca0b836c1159ee7ddb5 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\pango\pango.modules
| MD5 | 7a7327019610dfb25d5fafb2d2b0f3ab |
| SHA1 | 812af1f65174c63c4a90dd72d29d6e1180075a6e |
| SHA256 | cab115828e04766fbf8e20b5ca6e5632e089f407b338832081d8b42f62fea38a |
| SHA512 | 9d7d7fd408d0e0cbe8df24cf1184aa9c24f41dc94d98e7262d04e617b7252381e6845b9e2724557246af8696a5e0cb99f1d15b3889aebd7887fac99e68b79849 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\locale\fr\LC_MESSAGES\default.mo
| MD5 | 695cc9cb3de36c03c6b1cf813c9b647b |
| SHA1 | 9a0c7c9ae9ba841d33550dd793cfe01dada667bd |
| SHA256 | a0b7ec6f0491756e53dfc23e7e17d37b87bcf3ec7288b4b40d8c5f4328bc9d10 |
| SHA512 | 75dd9dd5f000c7acbc1d078604c7293af5cfc021a470861809dbc6b5e796c19732abcadf1eb6f74ac3e9e39c4e3c87927987f9db5029b3bea7f2b156b542ec15 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\locale\es\LC_MESSAGES\default.mo
| MD5 | 943e56b4a41280e72db9c212e7469e1c |
| SHA1 | 9a0d7a277a923c6f6b8b8909310965f03d2143d5 |
| SHA256 | eed96f63a25ea4ff4b91e801d9bfd94c3249d975320e0fac5ef8b5e45a58985e |
| SHA512 | e3fe207cf0f05dccb893124cfce136e7ec7ff81e6d20ee8bb2326f81a8f1cbef8031087f4addeb5bda96e7176c5d3b997c5357d5071867a7c5cd2223f63f81b9 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\locale\de\LC_MESSAGES\default.mo
| MD5 | c41f0999d7326fbd354bbb86b0c1a8af |
| SHA1 | 590e72b3fc64f09ab4e4ea2e42285c09ad933b64 |
| SHA256 | eff1bb0c9e6c16989b09346f526c90d80e1a748a779856953ea3e69f92b68fea |
| SHA512 | e7aa424b77f27e526922c5658555b56cf42f2b20b7b14a9c86ad136b521ac0195dcad04ee7a302d034153bea94f3e36695f6100ebebffda216a2f3692646d8cb |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_connect_to_data_no_mru.html
| MD5 | 20bbd307866f19a5af3ae9ebd5104018 |
| SHA1 | 8e03c9b18b9d27e9292ee154b773553493df1157 |
| SHA256 | e4fe51c170e02a01f30a4db8b458fb9b8dee13a7740f17765ba4873fac62c5f7 |
| SHA512 | 420a132ad4ba3a67f5b66a3e463c4fa495b7941d58d6d669a8c984380607a03f0afa1c92bcf1f8d1fc5d93838ea611f7f9cf439bb3ada0142431b119ddfad40d |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_topstrip_no_mru.html
| MD5 | eced86c9d5b8952ac5fb817c3ce2b8ba |
| SHA1 | 3ca24e69df7a4b81f799527a97282799fcd3f1e2 |
| SHA256 | 3988afa43d3c716ecbe4e261ff13c32fe67baaaf1718eac790040cff2aa4e44d |
| SHA512 | a21e88968c30f14363a73dfd7801cea34255acb968160fad59d813bb64352583c8c4f6cd9d45811676ca5ca90a4250601a53e80b6f41d6727465f3a57e7423a1 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_topstrip_with_mru.html
| MD5 | cc4d8a787ab1950c4e3aac5751c9fcde |
| SHA1 | d026a156723a52c34927b5a951a2bb7d23aa2c45 |
| SHA256 | 13683e06e737e83ca94505b1cd1cd70f4f8b2cc5e7560f121a6e02ed1a06e7ee |
| SHA512 | e0b01f5ee4da60e35a4eb94490bed815aea00382f3b9822b7c29294cf86a2fe480dba704f086a38f9d7aaf39e8160f49cf806b6b6c44651de56e290249dd9ebe |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_landing.html
| MD5 | 0a5b47256c14570b80ef77ecfd2129b7 |
| SHA1 | 69210a7429c991909c70b6b6b75fe4bc606048ae |
| SHA256 | 1934657d800997dedba9f4753150f7d8f96dd5903a9c47ed6885aabf563bf73d |
| SHA512 | 5ca22260d26ec5bb1d65c4af3e2f05356d7b144836790ac656bf8c1687dd5c7d67a8a46c7bde374ec9e59a1bedc0298a4609f229d997409a0cc5453ef102ecb2 |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_connect_to_data_with_mru.html
| MD5 | e6bc0d078616dd5d5f72d46ab2216e89 |
| SHA1 | f70534bb999bcb8f1db0cf25a7279757e794499f |
| SHA256 | e8f50f17c994f394239350951a40c3454e9b52b0ca95cf342f2577828f390a54 |
| SHA512 | 6ccd6e19ec63f20c86a28ccaffa609a2d0de7991a8eb2d6ea016bcc5d0e9f2fc28c33a15c4af891f28a9e1e4131f38f84f8e1a8859e020d6f267977075f7c66a |
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\stylesheets\start_page_landing.css
| MD5 | 49617add7303a8fbd24e1ad16ba715d8 |
| SHA1 | 31772218ccf51fe5955625346c12e00c0f2e539a |
| SHA256 | b3a99eea19c469dab3b727d1324ed87d10999133d3268ed0fadd5a5c8d182907 |
| SHA512 | 9d1198ca13a0c1f745b01aabc23b60b8e0df4f12d7fdf17e87e750f021fc3800ea808af6c875848b3850061070dfd54c2e34d92cea4e8a2bf4736fbcfd129d1e |
C:\Config.Msi\e578705.rbs
| MD5 | 7dace2127e6ced58c9104ba3335eed3d |
| SHA1 | 310d889829da7fc700674958558b9ac7a05d5374 |
| SHA256 | 80e66680ef46024ff77106b84fc7ea1a2bab0298a78b8e83718fe34a62e58930 |
| SHA512 | fe2b53b57d75611d875b881b30f5a36647da75ccb0592d85599ddb8bc501bcdf55b37ac6300eea6007cf043fe1088f4cbc617726c0bd9b49fd2ff7760c1fc0e7 |
memory/3908-339-0x00000000000F0000-0x0000000000412000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\XSovXAiv\_Files\_Screen_Desktop.jpeg
| MD5 | fbbde349b7ac8558d1bde6d2fa81ab23 |
| SHA1 | 3b7f854b16ab49cd80894ee70838064b47050e00 |
| SHA256 | 87b46f7df8fcf6fd18eae52d63460ce2e790a758dae7799b147350cab5b8846f |
| SHA512 | 9c57cb9ee9f853ad4b94c1ef7716c0efa260d286a67b2ce93a51702d000690005e17c46c6b41e001e4ce962bff6939e290f345aeb54359290721d245162a1910 |
C:\Users\Admin\AppData\Local\Temp\XSovXAiv\_Files\_Information.txt
| MD5 | 38a3261fc5bc282ab3981b6183ec5320 |
| SHA1 | 092f0ee157287458e3f816f4e29fd837ea2c1e8d |
| SHA256 | e9d06787d23bc150cfe6c2b4176140207c47363919d87b770cb2b38edf432a83 |
| SHA512 | 994250ee77c7142f9cfd2d32a9396043933f436a7353ab6dacc83b3fae41485255d0b6512bd2442391e8d2efa98693590ef18a4593f53d7736eda80b50df6c99 |
C:\Users\Admin\AppData\Local\Temp\XSovXAiv\_Files\_Information.txt
| MD5 | 4f87c8cad40ec6b9a4bb468f523d695f |
| SHA1 | 1357c9020121daf7982d171dece03a368260b56c |
| SHA256 | a3b75ab237458862c189025a920a7f2bc424749bce5606278d52bfedbfe4d81c |
| SHA512 | 7c5765e5f58feda03dbcd6d5c30ce678c53005a258e04e7b293182c66cccfaffffae86076f51965c0c1764db43212243c4aaabf87de2d91d0ff15d5fdc478d96 |
C:\Users\Admin\AppData\Local\Temp\XSovXAiv\PgShCOwvoFDD.zip
| MD5 | 33561754c85faff1d41635d62b417765 |
| SHA1 | 099bb846042a48c0a0e335fe4000f5e960a55cc8 |
| SHA256 | 664aebc62910ef21dc2020c54267e988ae3fb23874aa358b36b592dcf6688b10 |
| SHA512 | 21e6d2275e22362144b461922b4781b11083a17f4a4ed177e9b12a7e0bc41077f52c0e68c95b7cd44772474cca0079b10af54c91e8bdedd9ae9d19e73f3213b7 |