3771819f675a39e31dfb7d899be364eed3931b45548e0b6e2439ca7e57a2e677

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
Size

771KB
MD5

18c12b371ef12babfcdb778d7bdba3bd
SHA1

f5e0a32e12e1ad321fd4f87b3ea8a73c31ec65b9
SHA256

3771819f675a39e31dfb7d899be364eed3931b45548e0b6e2439ca7e57a2e677
SHA512

e75ff49798313236fcc6e009038664e89e1a1058e924d6430c4ff31686bdf110fc7c1eab7e4928041df02bfda710cb878856880f61588617b7b690f5e18fa5b3
SSDEEP

12288:QNp51L0Z775xs2qnf8PtVXJSLKlK4pKJe5d0nocsxa3k48118t/HY4EErtkTd2h9:WJL0Z/mnet60yocssl8gY4hkTd2hCM

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2552	TMLauncher.exe

Executes dropped EXE 4 IoCs

pid	Process
2552	TMLauncher.exe
2560	TurboMeeting.exe
4368	TurboMeeting.exe
752	TurboMeeting.exe

Loads dropped DLL 3 IoCs

pid	Process
2560	TurboMeeting.exe
4368	TurboMeeting.exe
752	TurboMeeting.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\GoSupportNow	TMLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\GoSupportNow\WarnOnOpen = "0"	TMLauncher.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\GoSupportNow	TMLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\GoSupportNow\ = "URL:GoSupportNow Starter"	TMLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\GoSupportNow\URL Protocol	TMLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\GoSupportNow\shell\open\command	TMLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\GoSupportNow\shell	TMLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\GoSupportNow\shell\open	TMLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\GoSupportNow\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\GoSupportNow\\PCStarter.exe\" %1"	TMLauncher.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2552	TMLauncher.exe
2552	TMLauncher.exe
2552	TMLauncher.exe
2552	TMLauncher.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe
4368	TurboMeeting.exe
4368	TurboMeeting.exe
4368	TurboMeeting.exe
4368	TurboMeeting.exe
752	TurboMeeting.exe
752	TurboMeeting.exe
752	TurboMeeting.exe
752	TurboMeeting.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
Token: SeDebugPrivilege	2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
Token: SeDebugPrivilege	2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
Token: SeDebugPrivilege	2552	TMLauncher.exe
Token: SeDebugPrivilege	2552	TMLauncher.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2560	TurboMeeting.exe
2560	TurboMeeting.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2560	TurboMeeting.exe
2560	TurboMeeting.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
2552	TMLauncher.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe
4368	TurboMeeting.exe
4368	TurboMeeting.exe
4368	TurboMeeting.exe
4368	TurboMeeting.exe
4368	TurboMeeting.exe
4368	TurboMeeting.exe
752	TurboMeeting.exe
752	TurboMeeting.exe
752	TurboMeeting.exe
752	TurboMeeting.exe
752	TurboMeeting.exe
752	TurboMeeting.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe
2560	TurboMeeting.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2552	2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe	91
PID 2964 wrote to memory of 2552	2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe	91
PID 2964 wrote to memory of 2552	2964	18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe	91
PID 2552 wrote to memory of 2560	2552	TMLauncher.exe	94
PID 2552 wrote to memory of 2560	2552	TMLauncher.exe	94
PID 2552 wrote to memory of 2560	2552	TMLauncher.exe	94
PID 2560 wrote to memory of 4368	2560	TurboMeeting.exe	98
PID 2560 wrote to memory of 4368	2560	TurboMeeting.exe	98
PID 2560 wrote to memory of 4368	2560	TurboMeeting.exe	98
PID 2560 wrote to memory of 752	2560	TurboMeeting.exe	99
PID 2560 wrote to memory of 752	2560	TurboMeeting.exe	99
PID 2560 wrote to memory of 752	2560	TurboMeeting.exe	99

C:\Users\Admin\AppData\Local\Temp\18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\18c12b371ef12babfcdb778d7bdba3bd_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMLauncher.exe
  "C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMLauncher.exe"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\TurboMeeting.exe
    "C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\TurboMeeting.exe" --program C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\rsp1024hcmd.txt
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\TurboMeeting.exe
      TurboMeeting.exe --MagDetect
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4368
  - - C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\TurboMeeting.exe
      TurboMeeting.exe --VSEDetect
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MagDetector.txt

Filesize
4KB

MD5
0f9674629ae91d427a11c3dd86fa79e1

SHA1
f66bb4840be5a16b14c45f2d03c92e65cad9dd70

SHA256
92f3b5527d1c12c29967fe3e61d13c18ba303522859dddea3e77135c84c1d367

SHA512
3f576063854dca8cb8132adb09b630482faaa34f34e5c4e6cdc4a2b8cc57e628d6a2ce0c39945d789b7b71264e39a49d695df6ae25e33090b9961b0997cf535a

Download Submit
C:\Users\Admin\AppData\Local\Temp\SVEDetector.txt

Filesize
3KB

MD5
a4685a4c59ea464af7369b77a417030c

SHA1
f15c2268da61f65ab7149d7bb060dabe48447444

SHA256
7d2af187eee99f8e1c59989757ccb48593efcae5fb75f62005e5acb42d47981c

SHA512
cf216e38b5f2ac9ea722f6654d5d951014a6414c7785a111420c2483a13c0bf1a79d186be3cf915e627fb833cf5e17e3e7d1b7951b0f219ae32d26c0b743dce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\SVEDetector.txt

Filesize
4KB

MD5
acfc9e706d4b80181d4daa75808a1c51

SHA1
321b5fb140614e50dd914f6e4da2596a6a43db42

SHA256
08fd5e130925e975e80d4aa914103325b2d3846a26f082f14d5206c49db897cf

SHA512
786edbbbf21a9a56271ec17e4d8f7eb06932a3888b9f8132ef6598dcb7010826faa94a0dcca5b726c5441b3ce3a5e1d52ccfe7bdd163bb9992f893b566ea1be1

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMInstaller.txt

Filesize
2KB

MD5
dd4dccf90a04a3dc7ae00bde70c951e8

SHA1
f24a47b40bec983b163d14bf7d8528d5062c79b6

SHA256
8a00fb776a630386c8a838fade889ad02e20e404dde203c368637e29de6ec68a

SHA512
b563acb530c81dbe189a4ac45dd9098ff2771a31104cea825f2224d7deb814191ce817f87097ec5151eda7a9e87df849df9ad4de4bb1b5c34ed31686ba4f354f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMInstaller.txt

Filesize
3KB

MD5
8a0b2d8911733bf452084ea9cbc08451

SHA1
09c5d39c4217c170be3fa7c094b7aa78d55c0db8

SHA256
0f35024bd1748e2cb5f9154d49ce41d21eeca969b28ac8f08b69c43b68768d56

SHA512
9a52228161aa136d9f4e1141449f2b2fa41f79a0cc175230959e3d2a8c6be27fd363f01884b4ceb11d083f8541963263aca68bc001cd2d294f4a66a809658bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMInstaller.txt

Filesize
5KB

MD5
5a8bec4e27472f1541938d84afec43ec

SHA1
5ab84095894591563725735dad3d7e0f7cb9f349

SHA256
60f79a858c9240a3c33462a68b48d925c08344d12ed8acd962b5c31d2def08da

SHA512
2507b3269c8402aa668d8581ff7d308582e9f63f6eba9e1a87b4c780fa637f49632cb74657ea2fcf1d3957e98e582397377fdb35bb66b075b53fb44339adac42

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

Filesize
3KB

MD5
7853b304c56a160a313dda887a2d6f2f

SHA1
73b78e51ba5bff2b5e341cc2ad8d7c643328cf59

SHA256
df76026e387dfafba4f8604bed319ea0e45bfdfb461e41480a73d513e853ac42

SHA512
3fd444106b174486c92345f9580e4837db650324a5a2e7838ae6dbad19f4fefade5c397e719eddd76891f9ed18a2b0e0c622337aac791884de0108e97ea13a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

Filesize
4KB

MD5
fb8ba3c9a54dcdf14867d5d8e619905b

SHA1
250b3fdf7ec881b44a865c1124c07924a1aecd92

SHA256
85358f64112816ca25a3bffed0872c339adb9c12cfb58b5eca126c0716b05136

SHA512
e735cb2a74b4b63cf15e2c63eddee23a27cf286e756f862a04a4401c2a57ae89bba6e1e511067af436bdd039f96f416fb7b4e25fc1298256f914ec0bb780db37

Download Submit
C:\Users\Admin\AppData\Local\Temp\rsp1024h.txt

Filesize
2KB

MD5
75e8ec536cd82a584eb47feab209b52d

SHA1
85cee7636cb4ecb7b2f214c2e204eb55b2a6b53b

SHA256
722cc44da15c5ae8c796362afa827972940cc936c4ba6e6b9f2ea307192d9f56

SHA512
103e7721c3e330932e3cccfa1296b14c356a14bcf3e5040d760a968961d3bba0a395e21a1bf6faec7db714f2c6f32f47cf92c7a43c660944b8c9f65e70b60a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\rsp1024h.txt

Filesize
4KB

MD5
ad6cb1e334f337253e3c65d85e625318

SHA1
37aec08e8ddea10b1fdda86557b360972720feca

SHA256
0aad0562c4d4edd06d8f115c9e5c94f503c490d6268dc7d145f52bff18697485

SHA512
00f52a3681ddd8213ed1eb59000c3b27370749fdc26def53bdcd3d782370eaaf7a9b18d9ec868bc2a0e07e0546e6b6325e7fcf3da731f417254f93f3c0587689

Download Submit
C:\Users\Admin\AppData\Local\Temp\rsp1024h.txt

Filesize
4KB

MD5
e8fa497066cce676bc559d94d19b09fa

SHA1
ffbccdbc30386312e60926e8420a4bfc38bce61b

SHA256
310c0a258250e64e4a895eacd9212956bef4117e5cd0227f25aa0b47baf78963

SHA512
697e123c6264920cd4319288ef993cf9b57f66a719d1540e8c06df869dbfe9f224c8e0a2f1f213a1555cb5311b5c024ad4d7c19e9846f3a4ec49ac1cb7a1c722

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\ClientDatabase

Filesize
9KB

MD5
180d45be65098da1e2d0f72795581c5d

SHA1
b4b90f594bf1b1a0603d28a6342cc2052bb010c8

SHA256
c8a22ee90c0e0db5877fd047ea957452d827a077c5a823c2ff6a0a3e6d421a52

SHA512
f65a2667a5dbaee134c7b744e60b9a442a72ae6ead97501180da0e1b058fe5f33864d9b91daf2057c205db46276ad4b15d8f8d4af131c0c9b1a2eb5a90e32b01

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\InstallService.exe

Filesize
228KB

MD5
ca2c90a15e0b8701a71b28e875865f35

SHA1
319c1961f05d1d6c31984d141b91b870dc0b1efa

SHA256
7aeecedc2d37bd3ad549851121ccfed9b9d62285db474735998c8ea741dca867

SHA512
ac3cb38535a0d48b5ea14ec89868fdf9b5eea0bbc51ed11d59ff83fc43a5286aa67e7f5896434200cb0c615270dc6a1ba4f901c0cff6a79fa6a8b9d913872f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\PCStarter.exe

Filesize
768KB

MD5
c28568a1eb37159185590bccf20f9866

SHA1
dfe01651da872470e686c2be78400c80c98fa450

SHA256
ed500e8a0b1260f47ef142b06cf08af8719d003f227c5ef48dd0166c6456d941

SHA512
476324f2e9ba91053145a77d36d26020318ee12f336d056861d9556e989771d134ff65bfa18f5090419da131b082a711635c0e37592551af25e0bd0575c14f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\PCStarterXP.exe

Filesize
767KB

MD5
8ce1dc1e87f955f2529ca7a796ad8820

SHA1
9a51c28787d5ad0363dc33fcbcedd3995f855482

SHA256
27773d79b0ae6a473909434bf72642c2098b649f4033139bc06c274ada88e3be

SHA512
d40a82436183802f31e492d2c14ca4b3559edc24975dd937bbf6a7588f6595c24dd67b417cd109aaeed49dfba6319aa575047386bc08a859d5dbe8fd7df75941

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\Sss.exe

Filesize
87KB

MD5
e0861d6f2836555e2c1e5f223234a9f1

SHA1
c2f9c1b8eb85722b5ef83e080c78d5e378cb5210

SHA256
84f0b260e146d07f0be5a0c61cabcaefe5288850a707f073b5ebc8faaec408c5

SHA512
04f7d3943e49a54d45abe55ee93de1772a5c1183a994db521a9234c0b21d0211caddb2968b2b3c4e922e50db328cc4402043ff30b3e9ce5a69a18f6b31347c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMDownloader.exe

Filesize
371KB

MD5
ba7323cfa2e6b7a11e61e5c8621141cf

SHA1
bb49041c3257ce0a159c3aa49d0fcff093a24921

SHA256
0c4f996d1aa194951d756de74514f7a1d03f68270e33f3c7e7b5dcf262885166

SHA512
19abbd2f944bdcfb1770b31537206ad3610bcfe566ca25e23e172c14f17575e04a13c10cd08b8fb202515d43237504a341046e9eb7d34410b07f370de282be9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMInstaller.exe

Filesize
672KB

MD5
8fca72c59d3a9aa6eda33c64daa0296d

SHA1
5229d88a9e650430719dc5317f8f7601117ef637

SHA256
11b64793473c88aa0ef2f9bde703e9494495029d416e76d954fd3f044ef8fc10

SHA512
7d898f74d292c23d8f38a29c2c3d8c2e8f6d610c2cca5b89b5273222a6e31db078c266a25c4072533db4f907ba4f3fc700e020a4e7ebd4fbb4d4ea13d0faa0a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMRemover.exe

Filesize
223KB

MD5
f7a57d58de9e992509f28477d85ea442

SHA1
48747fe9ca9d804110462fbebcc13f4519230443

SHA256
b660b3f98e2c45770af8421e75d7cf7af71bd7af8a30efd4091e75f4d664b2b3

SHA512
c12118b16e606cac969b30462eb0af501ac7e53a1dfc6bc0635ae3e6c62aa659085dcf19e499f874141ccebc15245246bcbfa7ba15ecdf5148884a6599b737c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMResource.dll

Filesize
96KB

MD5
dd12c30e38fd57d25cd75b07e679330b

SHA1
00c725161356a75121a393f8615641da10eda4c6

SHA256
0c168e4e9aea222bbcb4eec3e61fa72b528f7276492fa4bacae029241b3808eb

SHA512
8555d52dea80903b5333e94697a0a26dbc0a0faef5e833c030c1d45d4bd300219193d7124a4b7e8b8e9fefdc862b1b8433610ac703149add39bfbc0b49264160

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMService.exe

Filesize
356KB

MD5
26ac20e2f474ac15e0785770931001c3

SHA1
2bb6cc026b7766d2bacf71e257836771dd8ea462

SHA256
2a8a64ebbfbffda40db3eb7f6dd9efab0143818637914b6246fba81d938fa897

SHA512
c8669a17d1f4ce7c49325905fc3632faa420835c775196b6346252bd3f354b86e96eeeccfd1d654f278111f72f61e038d45944bbe8af75715c650039434644cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TurboMeeting.dll

Filesize
110KB

MD5
dfc9a458625b2095d18a17ff37eede74

SHA1
7b397e54eb28167dba481b0ae6a64d8b72a24dca

SHA256
ae13b7b55095775805a2a2d0ab8dd224678b1f08556252431107a9f3aa3a0ff3

SHA512
6b027ea5ae8bf21acec150d9b56c9fa8579e2f3bf357f17bf3ed08e9d2c37c3d194fdb4207a04d9b3e2fe700a6660ad28b9655e40764a78951ec312878660c92

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TurboMeeting.exe

Filesize
17.3MB

MD5
d973ee70262adf0a3d8ac412964517f9

SHA1
5eff4b9800b66d63213162e7bb009928f86ddbfd

SHA256
bd69cc4974617a01d2759aab58cdde4af9199b8102e325178c2ae043e6783e28

SHA512
931152e6fe92e58f22eab65cc693c69736238333078bfedd294e2d7a547ea6a0179281db37395c52558a09defe48e35ab927539d2a425d0b2587b15facb271c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dbghelp.dll

Filesize
1.2MB

MD5
cc17ae159e28d331b7ec39a4f34527f2

SHA1
68bacd3808895db9987f11b63c857e288e022c17

SHA256
4bbae6b52a99355e7c695d901151513235e5b0bf01ff8d5345580d6529763b78

SHA512
a5bc90dacd81c278ed4bb3bf862af1406b4c704845c3f5be7f0927d4350da790b7a9fd98e774deaf5a5004251c45c558eede1f797b842e305fbfb6ce8d4a9de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_CHI.tmd

Filesize
96KB

MD5
e19c646ddc1e5b7af92280538a863e04

SHA1
4c87c7fb61dbc211c80a44928e6d121e55bdc929

SHA256
4e51c94eed094dc6a0d895366750c80b71f5270a3fc96dd9b8047a85c87d40a7

SHA512
cb3d2cb4921eddc12c49248c54712e503d304f4830dd528f66f45fe986f2c08a49f7c1ff244e470875843dcd99ac0d8b2d1393bf1aa8636435e96171f61401f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_CHIT.tmd

Filesize
96KB

MD5
b34e838e74870b3094da1db18fec92ea

SHA1
4414dc5f71facced09700c12769e61674574acc7

SHA256
3c34b2b116b9017826eb48cf6a6f44ec134fc36f07ad9171b233ac2dc0bfdf34

SHA512
f2b81cb346ac3e5296b497ff2e86fc2a12b0875da8faba4f6488dae7ae8720fd86bc50b4da00e6b17adf05385a7546e420cae662a843870b68db8f7649ca1ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_DTH.tmd

Filesize
98KB

MD5
ffc94815bcc52593e591f1db945da142

SHA1
09fd651ad0316f616374809ee23548acaab8e0e6

SHA256
85a9060d5370a433a147483ea8cd5129d6b77d3fc6c85861be43e51c83fbb082

SHA512
1cc917de72f7900baa6e56cf7984edcc0a9122b77c7c9fc05507d86f87a82827eaed9b58385075cba9eb6c9e18e7cf44f5339f6f616bd0985f607ef80fb4e7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_ENG.tmd

Filesize
98KB

MD5
822e31dfdfcb95a50b6d28df87608cd6

SHA1
9c811ade35b8f0b7c4b6f69861755539499f10f4

SHA256
4a1f173b90493324698e29f089d829d0f6faaaa728405ebff602d86d72b77ba6

SHA512
a37824feec7c3ca968e2de2c36d213e662c1063d624534e1c420e8f3ad03c0285b6674858c8d6e5c0b7f6d74515f9e21fd01bbcc1e67bfd843f200c568fbca4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_FRE.tmd

Filesize
107KB

MD5
9f9effc7e14cfef695d97ba63d261341

SHA1
15b649b698acd53963e3442348ebc729a04b857c

SHA256
6f773a3b38d8ce1f077a53655f221559bf36f0a2e5611723167028de759fb45a

SHA512
96193d061c8c92aed1124cf4577a1242a5b0ed4a45176cdbb22486277fc1b9e88896a825c5135c05014ecdf0a1659ecab079e877f3c9b003cc8588793810fd41

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_GER.tmd

Filesize
103KB

MD5
9ad8edbe48a03ea9f026a63d1950f59c

SHA1
d4cfb9555dda08dc2582b18c54ced31282f7602e

SHA256
326816125fa54d4a09723807ef47884241b3513e8a52f42cad66ac177e040a6d

SHA512
e358c2b7a9827d14a8ded104f79a613c765042a016073fe166e40bbd0500ec0d129169180fa3f3745635378dbf4f9e7903f812b2ee9c8a713a9ebaf3f9211cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_ITA.tmd

Filesize
104KB

MD5
555ba58246b88d60247b6c9d6fa9106f

SHA1
b040e9a84618fbd0340755c500f92ce9e692a0a8

SHA256
fc60df878a62c597bf669f24178e1aeb73d619f15385cac798a654120141012c

SHA512
921aa1946e07ecbedd00a0ad2d58442820c17fe310fe1f6d0ca6f464a773f7ea6eff64e315d319e79f9644adac66b65d6f02a147a941a5f1f9c05580c7034c21

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_JPN.tmd

Filesize
112KB

MD5
f8fa38ebca233b3b805311979ec31646

SHA1
850778b2f3949d28c858534720e4cd1e154786f9

SHA256
e45d81061cf6ed74405d4ebf3bc530489f6a780b84df510894f8b0a8d4d8a89e

SHA512
c72c9a783e34db019fd4fbb251018b215d2157fddc70d273e76c3e5b59aa836097ed22cc341093becce8c367b89f03503f636d93070ac4c2988a738e6d5c5917

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_PRT.tmd

Filesize
109KB

MD5
6a3e7509311be81cc2ffcad1b697f3bd

SHA1
e24348698a2f8e316d017a47903683b08b7ec9cb

SHA256
5a92a07d17108ea6d852108731a2f7cb92f610ad485505d7f8f02baff5f5184f

SHA512
8acd6ddd22fc65e7745691e27ca811885c7f9c760191bebcc9108269745b5a284ff5d6b884e3e45c662fe2d9392ef2a6ad46de4a73e28c70409cc58fb45539e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_SPA.tmd

Filesize
104KB

MD5
59f4a43b89e599128da95f68c6c93c5e

SHA1
5de54065488d0417ec2c655f156fc6edc173ecb4

SHA256
b27c22ac64e6d231ae4c17cb93e0a889d376f24ea44864ac15349c7f70c94910

SHA512
a016029c5a9288755c96793fdbecfc2663ffc3b6c3e6db28b9a786d52458d8b9b4500fb923d1d58ca282ec92d1430dc550d368d664e8ee3f7bacabfbe4434d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_TUR.tmd

Filesize
66KB

MD5
01e157ed08e05ed80052ad8df404b530

SHA1
fd6229c6410350c30d5b7907db42c521fc3edb62

SHA256
295a963cce972904acf33153c7caf731027a36b5b8f5249eaafc5b5d03012d67

SHA512
1eee1112b12fb3feac86f9555af20ab1a16ebf0fdde09004d4a294603b4bc9a15105b6453bb31b2741998ba781527b339f5174d04b7fa3792172035c20582f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\ApplicationIcon.ico

Filesize
21KB

MD5
883746cda8ecf40ef07d2f26a687e550

SHA1
88d8d8d7676ae4890c06aced19212122be59f44e

SHA256
4435e5c62be3b529d5e2100b5f1f57edcc2be82281601313bc8594e52c445d66

SHA512
a8ca2e91aac490eaeeeeeeaf21f9de64fc1e24a5d690790bec09e694a3738f12fb4fcadea799fc54f9d4b766a5c951873f39bb4875e5d58b75243b4e2833f018

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\CTMeeting.ico

Filesize
14KB

MD5
f366c80b222e8e83d5ec6d90959c2c45

SHA1
cbefd8dc9c8e342c6165d0f9c1fcfb177d2e01be

SHA256
8cd38c8e1a62198bea0bcc85c0b339a835e460ed08a8d8c98be524b528f07531

SHA512
db1c073c9a7837d8d3d1e3f654c8c95060971130cdd527cdd1365cdfe48cc2bed963fb0d574a4705ba92e2e70102f73795adf97edf9edaab3eeefaa03d3e8517

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\DummyWebcam.png

Filesize
1KB

MD5
2cfeed234a8558fafa50655acb115fd8

SHA1
2ffb1a9fe6536723e96ae500554d3abeed2147fc

SHA256
615861e3be02b7ebcf9378bbfeefe969b503a11c738dfbd9a6514029205646f9

SHA512
da7e66a2da8eb2363583a9c055b590385412bb924fc0d0d28d8cbfde9567dd0ab98019f1ec752b16f590764c1d287aeb583b90458820a3d6a75c43e59c7b6583

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\IMDefault.png

Filesize
2KB

MD5
6e8f635f6528cc0433861a8dfb0c2d30

SHA1
e85ec2e9154d1b12835e0590ed00c22a49e3a6db

SHA256
a8cc2b4c182384537cad5e091dff777f6806e77eed0e5800b96c573e4fbc1a00

SHA512
12f54f49fddf6857a840608ed070822c7491d6c15b56f6f5a024c27a28264ed1525fab4d57f9716d49c284bbf24a677a46f8f084bfbbf485d0f62d11b5cbc725

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\MXmeeting.ico

Filesize
14KB

MD5
e7d9e81afa9cb104e0fe70ee9dabcb6b

SHA1
fa2d7df277cd730bad0786f5ba92d3e5d777403b

SHA256
a04e701256b583f226ce290d979b19d51a6ea4c5a94341e4e35db1ca94ddc6e8

SHA512
1fde7f4c1387fbe304acbd1ea2479a89306ac90bdf72c6c5ab88b92c44183dfbf7f01729b23c112d77ab7378d4fb007eb2343b50974436c84d69e51c11656a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\ProfileInfoDialogBackground.bmp

Filesize
448B

MD5
a8a6ef427c5c0ede5c70af58aa5680de

SHA1
127365eaf32cee2ba7a958e766fdccad0e3c50c6

SHA256
1d3f66e964cd9bff854a550d5acbb55b2c2027c05ceb7a9396a691b1c9d8c6c2

SHA512
c2ec78255ec33af2ae799972aa275c8fa3378d56092b480c4f39105cb5978983c16b97c33e94ccb5d76886340eea116b08c207a1d593945b7f600ed7c8751e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\Separator1.png

Filesize
715B

MD5
b7ccd0351eb77445e7323f2bb74788fd

SHA1
e0525da70a851e6dc72d57dd9064f16b949c2a26

SHA256
8baa0feaf55d59c0929419101bdab9ea326348f13de8b68edfb710076f0c3f78

SHA512
34015eca33a939e74481334a55db4731d2777b4975e4bcdd648a8df1cea80e2c65e93047a5d9c22c681d1ca417cced190c65e58e8099b740ca669dc9bf829579

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\SeperatorLine.png

Filesize
132B

MD5
4ce28b32c7836663ce74b29f11d176a7

SHA1
608ebf86c32394e609acb091e5fefcb0af4b9d39

SHA256
4199a78439525d778cf91fa5defe0c68320b3e51b3eb9c7672939dd4b2f33e50

SHA512
e5df9c12f74a92898a78702935c454ca0314997d7ba36b89126bbf177fd652b5dfecfe8c3687a117d60810fcdb0bcc91abcdef7f19b6c4ffb8725f793cc1bd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\TurboMeetingWatermark.png

Filesize
15KB

MD5
c939af5f23d396f55808e95668c73c18

SHA1
3e8767c4fcb16767e6e04a34a9b81b74c061e411

SHA256
b128c15ea8bb492570e441f2bd3f81d1a481c75997ae107a1d9e830c98067fd9

SHA512
be5d99bedeb70c53b127bced885c704c1e7e42634b64a5de9e4b9138cb91c14c5d774ce27742118e6549d7f562ad5dafd1395ab02bfb7e04b431f18fdce16b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\Ymeetee.ico

Filesize
14KB

MD5
e20adbd0c131a94e99fde12e0c60d247

SHA1
ee5eb66e8945ec49a178d739834d448350c1080d

SHA256
9473fe1fe2d941db548f70e716dd8ed841dbac60c02c71a5ce6ba760872dc69a

SHA512
e204339033903140ff0765f38f35daefd15c4d336d2c2595a04a481e9104cfc96892fcf9621ea4745e5ddb0f57d9a5641422eff6c03324842adac91a61beb5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\jsproxy.dll

Filesize
25KB

MD5
7bcd58df45a40f865e8dbbcb5b2ef6d1

SHA1
6b8c19c6521ce5e4c8c81f5a59552f3714b15e17

SHA256
f8cdac83b1512b6bcfabc616f3865bf11c049e59e4a2c8b5d5d4f031332d83d8

SHA512
deaa3f5ca55d53eb398328f6910e86ab4e95a5e8b37fd67ee6fbd21c1ca8e747d09544d7a54a01815864c2cebd376aa5ed34313c21b7235d31450f996c84ca39

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\rsp1024hcmd.txt

Filesize
1KB

MD5
211bab4330eaeb698f1085f764445560

SHA1
1444fda04b654f64807b166451b9c9b70217f2fc

SHA256
263176f996f3280ea39bff8c28afba5f4a40d7a4d501fa88a6cd4b9da44eb6d8

SHA512
3fefd2b04a0f5113af0d7a8a860246690d42f488b2c4cfbb4ac9b968b694fff30dbd2aeb9ca8ffcf26988e5bbdad143b33bb623672d841f35a23d0be67d2fc87

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\version.txt

Filesize
21B

MD5
8797773bbb9b3585f186fc2684a48f6c

SHA1
460a68b60688e4ac8a169b5a972e5a0120a977bc

SHA256
18805ad87bd499c00bc4b72ec6b52e9ec1b9087760e1741ea73cd53a92cc839c

SHA512
a4f8da05be6f56a1a8347c58a439638967c0129b21884b5c7c624059c690fed7cd131fb1988c524f8d209c407725e223b388e984506a27803dc0f2cc24fb1d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\vistafunc.dll

Filesize
89KB

MD5
d9f52809f0a87fa85638e08187040545

SHA1
7a4baf2dcba8193ae9209bff85af56b18df9344a

SHA256
867b919d932c496be91fdb3fc0ac489fdffae9371463bfc24c844fc7cf63a9e4

SHA512
8617f7b992f824294d1b840aa0d04b6c040e3c756907729740ccf56e709cf1509e7a8f79b06901fe944d5dbb5c9edcf1bfa4c1f166607cd2392ef8b6c81d14c7

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Cache.xml

Filesize
10KB

MD5
1ca3f1ffd3b8741b4eb4f06cfc68bde0

SHA1
08d6052d34e69c1c8ab0a7ac11503c0bc14422a9

SHA256
2befb913a7fa95499e09a19776fb45aa085afd3a360cd5d1fd4c37ac275a953e

SHA512
52bcea7f18ca3d31bd8a86dc071d67dfeac4d54590e841b48419659e88f108632e5b50cf9c7bf1b623581c4f2684957050d153ed81f0e678e33417e64f4d737d

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Cache.xml

Filesize
10KB

MD5
b7601db01ea1b8024107d4380878d4c9

SHA1
6eb803749ce93df817d7e3ac3004ab81624a7e38

SHA256
b2ad6b3c73a1503a77a139c5f356e82d8abe1713714953f5b2c6a338e95bab83

SHA512
811aef0b2b316b7c17ba885436d6c027fefd5f1470a617f6e9100159b5df4cfe8169eac0a49768476f35a7468d5abeb04508292c7025781da15da380ce53f0c4

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Cache.xml

Filesize
11KB

MD5
25de7a3ab139b29b93c00b8aeb2ecfb8

SHA1
e0df587e0f49c5808cb3cf1c27d37f9d65602791

SHA256
f9db4e3b4bdc9efb066a5063afc66e1406f6604255d89de7d1871682a7bb308a

SHA512
bf1d52cc0279c68f66d6ba18c36f0c92461824e310c7c2623571d0898dc928744cfa91719434fb013ae0560822628128508995bb31369a6adfe631e51442e043

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Cache.xml

Filesize
11KB

MD5
79018dfb4c554a32c6a305465a18b967

SHA1
472ba3a9b273c2cf66a8de1e35da793bf9341441

SHA256
8c971465f5016cb8f54a7fecbc3968541d9dce83d2491a33b96cf6c37f7e2573

SHA512
2d3b16568c2c6e3d1db68d2f47c2fa340ec9c22b2dd49a78533ccfffe857eefbdf48a3381ef9dc889912466553937da7088392ff6a47f77850994298c84be4c1

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Cache.xml

Filesize
10KB

MD5
2209fbed3ebc32a3aee4236ad866fa30

SHA1
7b145c25555db66b70e5901c840bbfc3f4d8571a

SHA256
575234ae51c7f81f26ba92a63c54ff15e969797060b954fb899c0520580bfda4

SHA512
04c3669fab81e607395856958730584013958587fc8ac7e912684bca327c68502b3ee1f0f63792e773d77ef9cf230c6e16ff081604397745c44747396b06aa3f

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Cache.xml

Filesize
10KB

MD5
187e3570f817a3d12f9a96272d7fb600

SHA1
dc7c7b55ccc24ec02dbd80927404853daccd61b8

SHA256
c43073eed7df11a913fb9e3cc1adc89df33df3115392d73d6374a411581ee9f8

SHA512
7b7bbfe9a640e5d09138a5db521f744933dff308be83f24927cf3a1afbdb65a37a69d43cbb462366da8231b3cee37e92c9a28e0f9dfe2fc7df7972d10aa789cb

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Cache.xml

Filesize
10KB

MD5
eb72e3ec3185df640233046340ab3cc7

SHA1
6db50f5ff70ee5009b20964c01e45c51cce218b1

SHA256
ec5421ca62d3f4b95fc624299abe80fd9f2e2b33d4d77a09902eb001c59c4e2f

SHA512
682d607798b5766467bd992b9d6826f125eb136c8da6b3217db3e417294a4ea1ebb50f13d1704f06ceb1d9a7862e3f707f22e5bb8f5ab628e99679a7683ef415

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Cache.xml

Filesize
10KB

MD5
1758c11ede8a5d8ac72be1ca2be58708

SHA1
323048210e2459b7a600a307c26b1dcccd2d653f

SHA256
618aa1f4c9a1217b881b834a71a7c3fc80081b93f74a822634d3bc2b9d159812

SHA512
83cd3de836f03a527db9fe8e0221feac740ff7fb806887f64277bb44bfae1a8fc0662542e5843638eabed5aee3626d11cea68b4a8772233ef7a5e7bbe1eb79d7

Download Submit
C:\Users\Admin\AppData\Roaming\GoSupportNow\TurboMeeting\Configure.xml

Filesize
736B

MD5
bbe008b9c8026dcb84871feea5b61a6d

SHA1
1db1797d6c14f07bb78690f0e13b12b1db69a4a0

SHA256
e4e2c18bbf55b5adc5ac64c886e60a6b7945e54a5235392504b8f31cd3412268

SHA512
44c2e81957041d3efad592b0ca98d07affaa1e6b5d02c4dc3214da282a0f1b7a90c59148ec4d4dac655cb21bbb19bcd76930db38d93b3c19ab530e71ba993a8c

Download Submit