Skip to end of metadata
Go to start of metadata

We are often asked from concerned customers if our installers have been infected with malware, or if third parties have included toolbars and additional download items to our installer.

We take the provenance of our downloads seriously. If you believe that a download has been compromised, please contact us immediately, after finding that any of the following checks fail.

The following steps will enable to you confirm that the file you downloaded is byte for byte, the one created by our build process.

If any of the checks below fail, then the file is not to be trusted; please re-download using only links on

You can read more about code signing and the assurance it confers here.

  1. Right click on the downloaded file, and chose properties and select the digital signatures tab.

    If there is no 'Digital Signatures' tab then the file is not signed and is therefore not a genuine download.

  2. Click Details and check that 'The digital signature is OK' is displayed.

  3.  Click 'View certificate' followed by the 'Details' tab.

    To verify the downloaded file is genuine confirm that the thumbprint matches the corresponding thumbprint in the table below


Note: installers and all signed executables prior to 2021 will show two signatures. sha256 and sha1. Please check that both certificates are valid.
sha1 code signing has been deprecated. See Deprecation of SHA-1 code signing for more info

Use the table below to confirm the signature thumbprint(s)

StartEndHash TypeThumbprint
15 Jan 2022
10 Feb 2025
c4 4f 37 35 01 16 4e d9 a2 b4 7d a6 71 d8 7c 3c 7e 06 e1 2e
Feb 2017
15 Jan 2022
28 2c 3f 64 b5 f3 3f a7 89 cd 23 66 09 53 eb 53 01 e5 e0 01
Feb 2017
31 Dec 2020
‎bc a4 ff a1 19 ef 2e 96 a5 73 e9 d7 b4 aa 35 b8 32 ff 71 61