babadeda | 93dc6becd9d4c16eecf188a19798f9cbbde3281270efe869f8f6c81a7815a74f

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2024 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Size

5.1MB
MD5

a6e9b1557039c81fc4d4afabc0399f6a
SHA1

0be9fb79d915d83e1f0566a428becd18660edcd9
SHA256

93dc6becd9d4c16eecf188a19798f9cbbde3281270efe869f8f6c81a7815a74f
SHA512

da8772164b38eacb523a551b6a36d96857e21154586f6d5e8aa0116bc50cb634039171988167c6631aa7a39d30d48d3f978010b307a2ed57918b51e56beadebb
SSDEEP

98304:oPdx/6o/EJ6N6ExIxrnumYqF2w/IXO1tL6l5fj4yRDepJ:oL6ocnTWXE+l5f3iJ

Score

10^/10

babadeda crypter discovery loader spyware stealer

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda
Babadeda Crypter 1 IoCs

Processes:

resource yara_rule

C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\sig family_babadeda
Executes dropped EXE 1 IoCs

Processes:

cecilcore.exe

pid process

3908 cecilcore.exe

resource	yara_rule
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\sig	family_babadeda

pid	process
3908	cecilcore.exe

Loads dropped DLL 12 IoCs

Processes:

a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exeMsiExec.exeMsiExec.exececilcore.exe

pid	process
1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
1164	MsiExec.exe
1164	MsiExec.exe
1428	MsiExec.exe
1428	MsiExec.exe
1428	MsiExec.exe
1428	MsiExec.exe
1428	MsiExec.exe
1428	MsiExec.exe
1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
3908	cecilcore.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exemsiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\R:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\K:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\L:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\M:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\E:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\J:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\Z:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\V:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\S:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\T:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\H:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\I:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\N:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\P:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\Y:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\U:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
File opened (read-only)	\??\W:	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe

Drops file in Windows directory 13 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\Installer\SourceHash{3F37F03B-187D-4A06-9F93-2396D40388DB}	msiexec.exe
File created	C:\Windows\Installer\e578702.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8A5E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8BC7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8CF2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8DAE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI938B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8B68.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8C26.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e578702.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

cecilcore.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	cecilcore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	cecilcore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid process

4940 msiexec.exe
4940 msiexec.exe

pid	process
4940	msiexec.exe
4940	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exea6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe

description	pid	process
Token: SeSecurityPrivilege	4940	msiexec.exe
Token: SeCreateTokenPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeTcbPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSecurityPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeBackupPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeRestorePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeShutdownPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeDebugPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeAuditPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeUndockPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeCreateTokenPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeTcbPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSecurityPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSystemtimePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeCreatePermanentPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeBackupPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeRestorePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeShutdownPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeDebugPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeAuditPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeUndockPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeSyncAgentPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeEnableDelegationPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeManageVolumePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeImpersonatePrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeCreateTokenPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeAssignPrimaryTokenPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeLockMemoryPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
Token: SeMachineAccountPrivilege	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msiexec.exe

pid process

936 msiexec.exe
936 msiexec.exe

pid	process
936	msiexec.exe
936	msiexec.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

msiexec.exea6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe

description	pid	process	target process
PID 4940 wrote to memory of 1164	4940	msiexec.exe	MsiExec.exe
PID 4940 wrote to memory of 1164	4940	msiexec.exe	MsiExec.exe
PID 4940 wrote to memory of 1164	4940	msiexec.exe	MsiExec.exe
PID 1744 wrote to memory of 936	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe	msiexec.exe
PID 1744 wrote to memory of 936	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe	msiexec.exe
PID 1744 wrote to memory of 936	1744	a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe	msiexec.exe
PID 4940 wrote to memory of 1428	4940	msiexec.exe	MsiExec.exe
PID 4940 wrote to memory of 1428	4940	msiexec.exe	MsiExec.exe
PID 4940 wrote to memory of 1428	4940	msiexec.exe	MsiExec.exe
PID 4940 wrote to memory of 3908	4940	msiexec.exe	cecilcore.exe
PID 4940 wrote to memory of 3908	4940	msiexec.exe	cecilcore.exe
PID 4940 wrote to memory of 3908	4940	msiexec.exe	cecilcore.exe

C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1744

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\adv2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\a6e9b1557039c81fc4d4afabc0399f6a_JaffaCakes118.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1711938567 " AI_EUIMSI=""
2⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:936

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4940

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7CD1B96D823EC47A4D4F3AE6ADB2F157 C
2⤵
- Loads dropped DLL
PID:1164

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8B4CBB5C08D113BC04A6E32768CAC87F
2⤵
- Loads dropped DLL
PID:1428

C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe
"C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\cecilcore.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:3908

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e578705.rbs
Filesize
16KB

MD5
7dace2127e6ced58c9104ba3335eed3d

SHA1
310d889829da7fc700674958558b9ac7a05d5374

SHA256
80e66680ef46024ff77106b84fc7ea1a2bab0298a78b8e83718fe34a62e58930

SHA512
fe2b53b57d75611d875b881b30f5a36647da75ccb0592d85599ddb8bc501bcdf55b37ac6300eea6007cf043fe1088f4cbc617726c0bd9b49fd2ff7760c1fc0e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8202.tmp
Filesize
393KB

MD5
3d24a2af1fb93f9960a17d6394484802

SHA1
ee74a6ceea0853c47e12802961a7a8869f7f0d69

SHA256
8d23754e6b8bb933d79861540b50deca42e33ac4c3a6669c99fb368913b66d88

SHA512
f6a19d00896a63debb9ee7cdd71a92c0a3089b6f4c44976b9c30d97fcbaacd74a8d56150be518314fac74dd3ebea2001dc3859b0f3e4e467a01721b29f6227ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI837A.tmp
Filesize
866KB

MD5
0be6e02d01013e6140e38571a4da2545

SHA1
9149608d60ca5941010e33e01d4fdc7b6c791bea

SHA256
3c5db91ef77b947a0924675fc1ec647d6512287aa891040b6ade3663aa1fd3a3

SHA512
f419a5a95f7440623edb6400f9adbfb9ba987a65f3b47996a8bb374d89ff53e8638357285485142f76758bffcb9520771e38e193d89c82c3a9733ed98ae24fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\XSovXAiv\PgShCOwvoFDD.zip
Filesize
51KB

MD5
33561754c85faff1d41635d62b417765

SHA1
099bb846042a48c0a0e335fe4000f5e960a55cc8

SHA256
664aebc62910ef21dc2020c54267e988ae3fb23874aa358b36b592dcf6688b10

SHA512
21e6d2275e22362144b461922b4781b11083a17f4a4ed177e9b12a7e0bc41077f52c0e68c95b7cd44772474cca0079b10af54c91e8bdedd9ae9d19e73f3213b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\XSovXAiv\_Files\_Information.txt
Filesize
1KB

MD5
38a3261fc5bc282ab3981b6183ec5320

SHA1
092f0ee157287458e3f816f4e29fd837ea2c1e8d

SHA256
e9d06787d23bc150cfe6c2b4176140207c47363919d87b770cb2b38edf432a83

SHA512
994250ee77c7142f9cfd2d32a9396043933f436a7353ab6dacc83b3fae41485255d0b6512bd2442391e8d2efa98693590ef18a4593f53d7736eda80b50df6c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\XSovXAiv\_Files\_Information.txt
Filesize
4KB

MD5
4f87c8cad40ec6b9a4bb468f523d695f

SHA1
1357c9020121daf7982d171dece03a368260b56c

SHA256
a3b75ab237458862c189025a920a7f2bc424749bce5606278d52bfedbfe4d81c

SHA512
7c5765e5f58feda03dbcd6d5c30ce678c53005a258e04e7b293182c66cccfaffffae86076f51965c0c1764db43212243c4aaabf87de2d91d0ff15d5fdc478d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\XSovXAiv\_Files\_Screen_Desktop.jpeg
Filesize
57KB

MD5
fbbde349b7ac8558d1bde6d2fa81ab23

SHA1
3b7f854b16ab49cd80894ee70838064b47050e00

SHA256
87b46f7df8fcf6fd18eae52d63460ce2e790a758dae7799b147350cab5b8846f

SHA512
9c57cb9ee9f853ad4b94c1ef7716c0efa260d286a67b2ce93a51702d000690005e17c46c6b41e001e4ce962bff6939e290f345aeb54359290721d245162a1910

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\AForge.Video.dll
Filesize
20KB

MD5
0bd34aa29c7ea4181900797395a6da78

SHA1
ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8

SHA256
bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d

SHA512
a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\AForge.dll
Filesize
17KB

MD5
02c63f568e598aad85dd401d7b26e82a

SHA1
2da9ec7612835e1f69d4a93aa2d49ec9bdff7f7c

SHA256
966a474060a8aca70c73ba09d0b6fe2353035961c7107b9003ef879c010ff8da

SHA512
da9bff86be8fa890dda80a35ee6c851aa655f087f81804a23c73f8c586b7e13ac5a643e0a516a35787cd97b392aec16bfb95210080e4e53e6144fec9316acdb1

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\CHANGES.txt
Filesize
7KB

MD5
109e9d23496dc406050f895409be2531

SHA1
5a8659d65025b121c2a16d80d3d55cd9c3a5a7ef

SHA256
b58477a045a7411ff95ca8b1e055801d5d10055e2de52e1a94397919a09d82c2

SHA512
548fa0ec3b1a4056440867e7b7fd7374ab9d08e0156121ef7e1f7c57ae97a58b5c357cdd69ebd18df80ca4078fb595cddebda245b317213b140cac5069ab7058

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Common.dll
Filesize
14KB

MD5
5026b281f29df1f4c2ab120a70f3550f

SHA1
7ae56eb0d2fa8b52f95d1f4ba692cd6caa95545f

SHA256
e3dc7ea9412525f29f4a13d412a8b64d7da0e18f5c506d26df5d958f7667280a

SHA512
0a1afe8f22d8362b55b86a40589116e94f4c1ce56ec1ee5ce633eb881314304f31a69d683b70011d3d9ac3b25b6af96315573d270dbcb28148919a435affa7d6

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\css\bootstrap.min.css
Filesize
156KB

MD5
930dcbc9f2338de708fc0a1b83bf4509

SHA1
d7d00b64854a54676c86095289e5def76b98ac96

SHA256
e57af0825712ee377ae2058e81fad4f4f0797ff8f8a25db7986a9e64d4c1696f

SHA512
ebccc26d94d200b015ed6ff9887c969aea1de694ec559724fd06f26a6e40fbeed15cc27be7b7fd051b08b8724a78993feddad5211e1d5b9e0d9ae07ffe22df15

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\js\codemirror-autorefresh.js
Filesize
1KB

MD5
acf40711fa45f55dc8151c5a5c9dbdc8

SHA1
22bdf3f1a0fce9e7a39acc91e4aae131f970e025

SHA256
e5c187fdd5c12381b40c0353151b4df5f2683974227bb49818979f7b46b7e58f

SHA512
5ce912d75c7dcd5c73894a481eefd5224e6e3d43d80f934240a9cd6611db19dee279f9585d09be1eb5d19097c6ac22154ed5139237a1b1f1d64e9a9496e563ca

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\HTML\settings.html
Filesize
190KB

MD5
d5bfe7e5091e21b227d2902936d58c4f

SHA1
326b6c6de0e045ab194904ff051839bee344487a

SHA256
1b50734d8509c1a0a56cee933e0fa59871f0d89f433f880fd22bcc6dbaf91667

SHA512
221c2b7da8a2727cf7022fb4403f6859a2193144f72a232a2f3da402507bcc75fd0618c3368b96d0f33581607323379e5584069cfe872996d94d2ca8631c3970

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Interop.IWshRuntimeLibrary.dll
Filesize
48KB

MD5
9569c5ddd9ab1e7bfd24e41250a67903

SHA1
304afddbbaac26843cf53b9713e09a85fe525cac

SHA256
6a80b9d1bd609a3cb6af8cf8c1534f7baca1d78ad353ce6ed5b578a0ba96eb83

SHA512
7bc2a98f9fb934212cbc7b8dac21ec38b89b39a3f60ef53490bb25d07c286d1db4da1757b766f323615185aa26f094e601337110da14224fcfe3ce016eaf0c54

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\LICENSE.electron.txt
Filesize
1KB

MD5
f8436f54558748146ec7ebd61ca6ac38

SHA1
ef226e5b023d458efcdc59dc653694d89802f81c

SHA256
34f6f27c26d1bb8682ebb42ae401f558228fd608455bd7c6561d5fd500b7d05b

SHA512
5b310b48bbee286f03e645e4bfad0ec870a7c68c445d54f46f3eaaa9c427f9de6cd0561d451838bd53c78a5289e9f0bda19cda4257a4657580afa6c357913050

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Mapsources\Tableau.tms
Filesize
2KB

MD5
5de9d985e518303c37266bce8181744b

SHA1
17c315c642d35a24a9f04e512d755dd634564299

SHA256
1e1e0ea80b4d1a9982375e20164cc78fbd5c8682ba826ee353018241a430971a

SHA512
537632f16bce11f3dc7ce0833d55a0d76e90ccc456a199cc068f70494a744985a242028176c5e39266fe99a085cebcba9172e4538ec0fd72acec1d3d3d0ed116

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Mono.Cecil.Mdb.dll
Filesize
42KB

MD5
a269c436d17634aecf2ac0e95c44728c

SHA1
3dae54046aa5edbcf58ff38acc1d12682e3442b5

SHA256
f02a2d8154ef002863702d6513c6773ebbb83e520834c2ac8e38c6a7f0174e27

SHA512
bbd1740bce3d1eecccaa560696cc5b0999a1e00c3d6747f3bb93ab44a5f9a2186f01048fa69e173b89c40b98bddf13c4de92564b13c0ec36eb96b69ec65dc157

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Patterns\de
Filesize
36KB

MD5
c2460e421fc43708ce0a7481c3883791

SHA1
77acfb887fbc54e53b813fff984315bbc7612cdf

SHA256
cba878ea988c7e9da8115aeec3ab29a797bbb77fd232d5af047601e3bcc50fb1

SHA512
8fbea784de3dfde1fa71b271579af0308a6d1b9d5b5ba14fc98c636fa72388ca35d3fa398457c8bcafb522bf58cfde0f7257a8b01cc08ca0b836c1159ee7ddb5

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Patterns\en
Filesize
35KB

MD5
cf18449c03c2751168b7e9355f466290

SHA1
a4ad3e074b392ea50509d40e833029aeb65f0616

SHA256
cec9e6e52d2b247ddc1f01978b918ef7fc1eedbf7c9a6c58e1480695b1b1b51e

SHA512
c8d2a6387521f227cf223300da3df9726e0722bd0046c8208b53bea3135eb859ff629e911c8c1a4c33d6880bc2f7ddbd87abec2a37a7393a20dccb60722bba26

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Patterns\es
Filesize
16KB

MD5
cd6834229053e2f4247514bb4a95f285

SHA1
0a5cd0021fc5f0a733e588fab5abc540319df67c

SHA256
a065ac42835c89a13924e1b1209edd20e35dd1b087d6511d5ca61c826207c263

SHA512
2f7353f8a5b74ed4d643e6882134be2caddd1b682d07f580b042f57df2e8ee5473a6fff95879212f6f2def8b1d9bc1e3a6e1a54588213688b6c632b1e13de562

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Patterns\fr
Filesize
8KB

MD5
4469ed2cadd8bd68c98b1edbe7048f0e

SHA1
0acea62b36f40ba1cee16f8fdf13611b9a842f2c

SHA256
96ae3706b28222f26842120851dd3a1cd6afda616a5b4a5ab5f847c9e3a19e41

SHA512
048c3612a48d98ebe765856255795334cefc1cdd1375d91ebe6e9b42041ccac8f434d75e7e2e0a0d00be90d3d08fa5f571faa10e1b79cfb8c55b75d5723c87a5

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\Qt5TextToSpeech.dll
Filesize
49KB

MD5
3cdb361b43a3ce45145df5bad519df63

SHA1
8f7cfe31068584151bf913171c82949fd7a945f2

SHA256
8f5a39d8e35d981a8200fb4a83b42b72ec71a9c5db16a09c5df69b001bfb2e13

SHA512
88722199a716dbe665204d9d192207594cd3819130d22c07133e8a229628f66e5eddab60dbb1759ba389cf42398c32eafca8b74e07b3dfce4c916fd8715d566c

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Buffers.dll
Filesize
20KB

MD5
ecdfe8ede869d2ccc6bf99981ea96400

SHA1
2f410a0396bc148ed533ad49b6415fb58dd4d641

SHA256
accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

SHA512
5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Memory.dll
Filesize
137KB

MD5
6fb95a357a3f7e88ade5c1629e2801f8

SHA1
19bf79600b716523b5317b9a7b68760ae5d55741

SHA256
8e76318e8b06692abf7dab1169d27d15557f7f0a34d36af6463eff0fe21213c7

SHA512
293d8c709bc68d2c980a0df423741ce06d05ff757077e63986d34cb6459f9623a024d12ef35a280f50d3d516d98abe193213b9ca71bfde2a9fe8753b1a6de2f0

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\System.Numerics.Vectors.dll
Filesize
113KB

MD5
aaa2cbf14e06e9d3586d8a4ed455db33

SHA1
3d216458740ad5cb05bc5f7c3491cde44a1e5df0

SHA256
1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

SHA512
0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\TurboJpegWrapper.dll
Filesize
19KB

MD5
f5639d78d8c860df0176b1499695e8b3

SHA1
a70f699d75903ca2ae31098f4687add23245804d

SHA256
9c8de413bf48e680ded9db3b3a4c7773642b9d6c76973ae95d40eb0cba31d4e2

SHA512
2098dd214db72b7f9b70c58cd1fcb53dd4982e441c19b3571941f9026e0dde0ae9005bb084ecb2f21ee2e24776fc95d60cb50b11fc536a68ad153efc1dc8ef0c

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\WindowsInput.dll
Filesize
22KB

MD5
eda6dcf70b3423d40078e5440fad3704

SHA1
0ddee7bf081fa20e71683d9ab2029ce93a7ee1b3

SHA256
f44326a1a2e2fecb4029c19b7a5c0777821cd6bae9b415989d3f8007c15861d5

SHA512
0b0f3b889ebc1a88b0fff477256fa5b234e520c64f0a695f125c0226133f35c2d6f57c83de648fce19e30fbecf9ce401475221d8f761c896479cca4d4a96c3f8

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\adv2.msi
Filesize
2.1MB

MD5
4194f484a9eddbf061602ca3518109fa

SHA1
d0ce65bca7177b505c77b86133c926a6d59238bf

SHA256
518f0ee6728f89bca8d394aadfd77a0cba35308c25225eaffd2ed04daa6cfb71

SHA512
a4c1badbc35bb79f14595c83a3dee09aeab18891fd343dfe597e680e891c6a7b333b947d939933f4c0e441cd8645e78dafb042992a0b6a4820a5fc5a5d4ab093

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\basswma10.dll
Filesize
381KB

MD5
a1b72973bb9af880f8d90f15c45764d4

SHA1
25491e8d1bfea8212b21c3acfb4f3232522e2a8a

SHA256
9230e808b848f07d23f814b2401f6a11d9753338912361e10d0962b1bf603bb1

SHA512
9749ca312902cfc5aff12e41119e9a6a98c2a67d8c80d1793bb8f75e930158734f29e965e6215aa19a0fec437697a0c00e2f440c0c9839aac4200b9ebd0dd09e

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\cecilcore.exe
Filesize
3.1MB

MD5
fa13d6d888e69b5b795fcfed11b2492c

SHA1
e96008828cb3bc7f98208bb7e76e694e4f4b85cf

SHA256
f9c1794ea531bc185b1c1449b516a198c74075629d75569b710fbececa864298

SHA512
35c0b99db5fcae02f7309919802b7b4ff4a17d3c87cb6edc21891c7eefcbf2ba344eb4b3c213bff43e6b5b892a9f9a2db6fe8269c2a76376bb8d57d7f62f76cd

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\clock_common.dll
Filesize
64KB

MD5
85d02f053f1151ac4d3fdda5ea10adc6

SHA1
a134e20a33387a3bfe256b36585d9ccb6113a29f

SHA256
989354441731eafd1cd63285ab681176a43f08ea999362c5d792c9b2bcbd6564

SHA512
146233b07a3d81f7aa7c2a5e055935fb61307e20dc15b168c248f6d83f934d916184b568e39f7ad8c6ce28d26eb5b1605d6b2200b5ddc2b6cf0bc0dd114981c2

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\fonts\fonts.conf
Filesize
5KB

MD5
4291285924e90d1a1fcf1ddfc51adad3

SHA1
74f2d9b2f9665a1ff083701456a0fbfe351f855a

SHA256
68011bc3741ebcea48f08ff2aed8519762a946f3e0fb9c224b1d3810ebf5bf4b

SHA512
80b570051324f0987f388b78f2b2b2a50df2ece82eb6c003ed4ab5fc1456789fdb4a616c3be760580d30f48aef656eb3604cbd0a7808c49f03b347f2d4388cee

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\libEGL.dll
Filesize
150KB

MD5
89a6ab09dac37a28f2267c8b65ff55c5

SHA1
9ce53e0e5b904b6a94b4d4988096609636bd14e4

SHA256
5efc0aeb984eb7691305b362088406ab82d5b2d9fc7ad6332f0d6e0919762cd0

SHA512
0806db4d43b5841f76b773df37b2548bc2dbf968df59d4538181be31f0434eb098b9e229f7cbe524a31eb75cbabc50972236bb9eaf30b4f15e4f2cfede7fce14

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\locale\de\LC_MESSAGES\default.mo
Filesize
63KB

MD5
c41f0999d7326fbd354bbb86b0c1a8af

SHA1
590e72b3fc64f09ab4e4ea2e42285c09ad933b64

SHA256
eff1bb0c9e6c16989b09346f526c90d80e1a748a779856953ea3e69f92b68fea

SHA512
e7aa424b77f27e526922c5658555b56cf42f2b20b7b14a9c86ad136b521ac0195dcad04ee7a302d034153bea94f3e36695f6100ebebffda216a2f3692646d8cb

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\locale\es\LC_MESSAGES\default.mo
Filesize
64KB

MD5
943e56b4a41280e72db9c212e7469e1c

SHA1
9a0d7a277a923c6f6b8b8909310965f03d2143d5

SHA256
eed96f63a25ea4ff4b91e801d9bfd94c3249d975320e0fac5ef8b5e45a58985e

SHA512
e3fe207cf0f05dccb893124cfce136e7ec7ff81e6d20ee8bb2326f81a8f1cbef8031087f4addeb5bda96e7176c5d3b997c5357d5071867a7c5cd2223f63f81b9

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\locale\fr\LC_MESSAGES\default.mo
Filesize
65KB

MD5
695cc9cb3de36c03c6b1cf813c9b647b

SHA1
9a0c7c9ae9ba841d33550dd793cfe01dada667bd

SHA256
a0b7ec6f0491756e53dfc23e7e17d37b87bcf3ec7288b4b40d8c5f4328bc9d10

SHA512
75dd9dd5f000c7acbc1d078604c7293af5cfc021a470861809dbc6b5e796c19732abcadf1eb6f74ac3e9e39c4e3c87927987f9db5029b3bea7f2b156b542ec15

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\pango\pango.modules
Filesize
178B

MD5
7a7327019610dfb25d5fafb2d2b0f3ab

SHA1
812af1f65174c63c4a90dd72d29d6e1180075a6e

SHA256
cab115828e04766fbf8e20b5ca6e5632e089f407b338832081d8b42f62fea38a

SHA512
9d7d7fd408d0e0cbe8df24cf1184aa9c24f41dc94d98e7262d04e617b7252381e6845b9e2724557246af8696a5e0cb99f1d15b3889aebd7887fac99e68b79849

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\pixmaps\black.png
Filesize
113B

MD5
a875753fd4e92edad63f5d8b9a79426b

SHA1
241b7f8bc325993b8044498ec4a6c03d576c6b48

SHA256
d09f2e254540dc26a948cf49ac09de2ffea210ad9d8fb77ab7a943ce938b5570

SHA512
b04ee55b20c42a36e6125ef883161eaae11a990a99042b7fefccf0433455e35c621b8f10587a6292adc0f71ccf9a896c0264c8607614196d311de86b28c338dc

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\plugin_core.dll
Filesize
133KB

MD5
b79d7159ba735958c18148dcdf543571

SHA1
d7d4d4aedf7897092665dfc573e9fe9c313c2fe4

SHA256
638aa5d39ae52d09317c001bb8163fbf1ffdea03e371ed61457d765ad35a5e52

SHA512
79b7ae9a722714c6d640f35b81e54fb9a0b8e6042b99705094d6e968736d1389ed0e2a90c5120955a458d158d9af8a485ff4b5dbc9227165c11dcf62fd180c71

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\res\public\de\html\startpage_banner.html
Filesize
490B

MD5
5d1f7da1c3d95020a0708118145364d0

SHA1
02f630e7ac8b8d400af219bd8811aa3a22f7186e

SHA256
d2d828c2c459b72ee378db6c5ac295315b8a783b7049032f92ed4fcb2a89684a

SHA512
6bbdaaef1478ffd9e9d3a95d300f35b9ac6f3ce6564e80734445a827ad8761233db36c679fac117f363bae27918983520f0e2f408205d3549b001fc4ae4c920c

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\res\public\en_GB\stylesheets\start_page.css
Filesize
2KB

MD5
f2ab3e5fb61293ae8656413dbb6e5dc3

SHA1
53b3c3c4b57c3d5e2d9a36272b27786cd60f0eb5

SHA256
06db4d53adf4a1ecbc03ed9962af7f46fd3a54668d45907dc1737125e38ec192

SHA512
2c31cad868e1e5149a4308a149104ac3d88907894699fb0413860c8f578de32f6814b08d518de7a7fe3782f0cea173cb1766da7c25f2bcdddaffae7bc0da927c

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\share\locale\locale.alias
Filesize
2KB

MD5
c26bd884605e7cb04a295fbf331e11a3

SHA1
7330ab3dc0410db503eba19976f027cf49eaeafe

SHA256
67cd91edbb01ea1eeb59f25c0a8cb6dfe90653fb5fc437d3d32cd0814804075a

SHA512
f88bbd4ce7ef42b710071efc5b3aa99f18b5da1e18b3e0d5b051acf125809a9eb94bcac9d91639660246a2406c30e93449d1ff81eace9caf18c6cd5e52ad85dd

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\share\themes\Emacs\gtk-2.0-key\gtkrc
Filesize
3KB

MD5
4b600a3c3c2ac37f7d0c13c4d86ac752

SHA1
d1da549c070d74aa9f9456c4c1e0ccbdde5256c8

SHA256
4214bee389645edcc7c9971ba35dc4d96e8c135ebc92c51c05b0c7dd36abd8e5

SHA512
d4ece8e39a80073bec016b375a75bb5ff5c697aff560e5d4aafc6031f26451f8d3ef32faf1a0b2be3470450eb2ea3ae8978cc444ee0e2d2ef374ef43340e64ba

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\share\themes\MS-Windows\gtk-2.0\gtkrc
Filesize
1KB

MD5
94d104680cec5f3d8bbec56258d0c926

SHA1
72ede372fcb34b29754f20ad44f49bc8605cf22c

SHA256
e9dd3015f76e05f185ebe7564d364aef8b8168b05e62421c99875e14e4597977

SHA512
cf7d04304fa58e2dd9a8492b31b065c03c1f7ea96ab71d7d3d212eb17436c7c181470c23296fa3f599f1ef56c6b243921ed7f0a92ad3e0a6cd40a5fe857955a9

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\share\themes\Raleigh\gtk-2.0\gtkrc
Filesize
69B

MD5
5fc9003ddc2c64b110b1161259f61923

SHA1
4ecddbcceddbd90a3a654d3788ec3aef8c197a8a

SHA256
6d9beaf039092aec5c1fbc23a62402bcd0704c45c430189a6ac69ae8aa797a67

SHA512
5c90f3f1037fff9f10aa2030bed2c670edd528482532e617549db2133e26cf801bdec56d4543feb024cdec1c0026909ca9a21b378ec3b89489c18c395660c9fc

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\sig
Filesize
591KB

MD5
a96984d1c71c6799cbbf44c19adc046b

SHA1
b2fb68f027dd71184d8872d7ff8aa6deefc8bfb1

SHA256
a453bc91e3a825078753c667c22f606412d2a4cc995e975eafb1ae178afb6117

SHA512
920aaf54812a962c42f188fe1ea4c1cec77036bd72b27351b36aedb530fb517d9a9332ef132d16ee2d468c6087f7a1a11dd1090f51d1374eadb22b81961ec1c1

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\40388DB\skin_draw.dll
Filesize
61KB

MD5
72ad6c45aaf461326f5a512afb4b33b0

SHA1
4b6791aa02c76e96256bf19ec9ff828303a308b8

SHA256
dcf318a760aeecca2496417d5111b059867471919d2721d766da7d29d29df305

SHA512
5c495d059aa51beb4be143a9beb496f380b84f28bc4090e2c21f942e5847dfb5c2cdfd759636eacf4b2820fb6f68cccd8b60ce336a721d03575f45f9496f6b99

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator 3.0.6.1\install\decoder.dll
Filesize
202KB

MD5
454418ebd68a4e905dc2b9b2e5e1b28c

SHA1
a54cb6a80d9b95451e2224b6d95de809c12c9957

SHA256
73d5f96a6a30bbd42752bffc7f20db61c8422579bf8a53741488be34b73e1409

SHA512
171f85d6f6c44acc90d80ba4e6220d747e1f4ff4c49a6e8121738e8260f4fceb01ff2c97172f8a3b20e40e6f6ed29a0397d0c6e5870a9ebff7b7fb6faf20c647

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_connect_to_data_no_mru.html
Filesize
1KB

MD5
20bbd307866f19a5af3ae9ebd5104018

SHA1
8e03c9b18b9d27e9292ee154b773553493df1157

SHA256
e4fe51c170e02a01f30a4db8b458fb9b8dee13a7740f17765ba4873fac62c5f7

SHA512
420a132ad4ba3a67f5b66a3e463c4fa495b7941d58d6d669a8c984380607a03f0afa1c92bcf1f8d1fc5d93838ea611f7f9cf439bb3ada0142431b119ddfad40d

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_connect_to_data_with_mru.html
Filesize
1KB

MD5
e6bc0d078616dd5d5f72d46ab2216e89

SHA1
f70534bb999bcb8f1db0cf25a7279757e794499f

SHA256
e8f50f17c994f394239350951a40c3454e9b52b0ca95cf342f2577828f390a54

SHA512
6ccd6e19ec63f20c86a28ccaffa609a2d0de7991a8eb2d6ea016bcc5d0e9f2fc28c33a15c4af891f28a9e1e4131f38f84f8e1a8859e020d6f267977075f7c66a

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_landing.html
Filesize
720B

MD5
0a5b47256c14570b80ef77ecfd2129b7

SHA1
69210a7429c991909c70b6b6b75fe4bc606048ae

SHA256
1934657d800997dedba9f4753150f7d8f96dd5903a9c47ed6885aabf563bf73d

SHA512
5ca22260d26ec5bb1d65c4af3e2f05356d7b144836790ac656bf8c1687dd5c7d67a8a46c7bde374ec9e59a1bedc0298a4609f229d997409a0cc5453ef102ecb2

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_topstrip_no_mru.html
Filesize
659B

MD5
eced86c9d5b8952ac5fb817c3ce2b8ba

SHA1
3ca24e69df7a4b81f799527a97282799fcd3f1e2

SHA256
3988afa43d3c716ecbe4e261ff13c32fe67baaaf1718eac790040cff2aa4e44d

SHA512
a21e88968c30f14363a73dfd7801cea34255acb968160fad59d813bb64352583c8c4f6cd9d45811676ca5ca90a4250601a53e80b6f41d6727465f3a57e7423a1

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\html\startpage_topstrip_with_mru.html
Filesize
798B

MD5
cc4d8a787ab1950c4e3aac5751c9fcde

SHA1
d026a156723a52c34927b5a951a2bb7d23aa2c45

SHA256
13683e06e737e83ca94505b1cd1cd70f4f8b2cc5e7560f121a6e02ed1a06e7ee

SHA512
e0b01f5ee4da60e35a4eb94490bed815aea00382f3b9822b7c29294cf86a2fe480dba704f086a38f9d7aaf39e8160f49cf806b6b6c44651de56e290249dd9ebe

Download Submit
C:\Users\Admin\AppData\Roaming\3delite\GFX Creator\res\public\en\stylesheets\start_page_landing.css
Filesize
282B

MD5
49617add7303a8fbd24e1ad16ba715d8

SHA1
31772218ccf51fe5955625346c12e00c0f2e539a

SHA256
b3a99eea19c469dab3b727d1324ed87d10999133d3268ed0fadd5a5c8d182907

SHA512
9d1198ca13a0c1f745b01aabc23b60b8e0df4f12d7fdf17e87e750f021fc3800ea808af6c875848b3850061070dfd54c2e34d92cea4e8a2bf4736fbcfd129d1e

Download Submit
C:\Windows\Installer\MSI8DAE.tmp
Filesize
573KB

MD5
2a6c81882b2db41f634b48416c8c8450

SHA1
f36f3a30a43d4b6ee4be4ea3760587056428cac6

SHA256
245d57afb74796e0a0b0a68d6a81be407c7617ec6789840a50f080542dace805

SHA512
e9ef1154e856d45c5c37f08cf466a4b10dee6cf71da47dd740f2247a7eb8216524d5b37ff06bb2372c31f6b15c38101c19a1cf7185af12a17083207208c6ccbd

Download Submit
memory/3908-339-0x00000000000F0000-0x0000000000412000-memory.dmp

Filesize
3.1MB

Download