60eb48e0dd59839447022ecc6ee0b536710b1709000921d7107aee9d04dbd41e

Analysis

max time kernel
140s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 05:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
Size

637KB
MD5

830c96b47e3548ae83684593765f1522
SHA1

042ec5f02cacac2ea53b183f048a55d6d746b646
SHA256

60eb48e0dd59839447022ecc6ee0b536710b1709000921d7107aee9d04dbd41e
SHA512

53d801dd3a3499fe891a8483763d33fb4e5b8297dc9a0ba165798dc5d7569809a8a15b270041e513d07e2984306c6914027cb1b66f5438b458ba7de98b6218d8
SSDEEP

12288:92Ka2pRmH6ysvWsmYDMtNhkxh3dfhg4OQYZeVHgMkakT/xdV+hoJ/R:9fvlmYDMt0ZuZeVeT/xX+hoJ

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4088	TMLauncher.exe

Executes dropped EXE 4 IoCs

pid	Process
4088	TMLauncher.exe
1412	TurboMeeting.exe
4468	TurboMeeting.exe
772	TurboMeeting.exe

Loads dropped DLL 3 IoCs

pid	Process
1412	TurboMeeting.exe
4468	TurboMeeting.exe
772	TurboMeeting.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Software\Microsoft\Internet Explorer\ProtocolExecute\TurboMeeting	TMLauncher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\TurboMeeting\WarnOnOpen = "0"	TMLauncher.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\TurboMeeting\URL Protocol	TMLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\TurboMeeting\shell\open\command	TMLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\TurboMeeting\shell	TMLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\TurboMeeting\shell\open	TMLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\TurboMeeting\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\TurboMeeting\\PCStarter.exe\" %1"	TMLauncher.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\TurboMeeting	TMLauncher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\TurboMeeting\ = "URL:TurboMeeting Starter"	TMLauncher.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
4088	TMLauncher.exe
4088	TMLauncher.exe
4088	TMLauncher.exe
4088	TMLauncher.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe
4468	TurboMeeting.exe
4468	TurboMeeting.exe
4468	TurboMeeting.exe
4468	TurboMeeting.exe
772	TurboMeeting.exe
772	TurboMeeting.exe
772	TurboMeeting.exe
772	TurboMeeting.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
Token: SeDebugPrivilege	1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
Token: SeDebugPrivilege	1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
Token: SeDebugPrivilege	4088	TMLauncher.exe
Token: SeDebugPrivilege	4088	TMLauncher.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1412	TurboMeeting.exe
1412	TurboMeeting.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1412	TurboMeeting.exe
1412	TurboMeeting.exe

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
4088	TMLauncher.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe
4468	TurboMeeting.exe
4468	TurboMeeting.exe
4468	TurboMeeting.exe
4468	TurboMeeting.exe
4468	TurboMeeting.exe
4468	TurboMeeting.exe
772	TurboMeeting.exe
772	TurboMeeting.exe
772	TurboMeeting.exe
772	TurboMeeting.exe
772	TurboMeeting.exe
772	TurboMeeting.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe
1412	TurboMeeting.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 4088	1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe	91
PID 1120 wrote to memory of 4088	1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe	91
PID 1120 wrote to memory of 4088	1120	2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe	91
PID 4088 wrote to memory of 1412	4088	TMLauncher.exe	94
PID 4088 wrote to memory of 1412	4088	TMLauncher.exe	94
PID 4088 wrote to memory of 1412	4088	TMLauncher.exe	94
PID 1412 wrote to memory of 4468	1412	TurboMeeting.exe	95
PID 1412 wrote to memory of 4468	1412	TurboMeeting.exe	95
PID 1412 wrote to memory of 4468	1412	TurboMeeting.exe	95
PID 1412 wrote to memory of 772	1412	TurboMeeting.exe	97
PID 1412 wrote to memory of 772	1412	TurboMeeting.exe	97
PID 1412 wrote to memory of 772	1412	TurboMeeting.exe	97

C:\Users\Admin\AppData\Local\Temp\2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-31_830c96b47e3548ae83684593765f1522_bkransomware.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMLauncher.exe
  "C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMLauncher.exe"
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4088
- - C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe
    "C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe" --program C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\rsp1024hcmd.txt
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1412
  - - C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe
      TurboMeeting.exe --MagDetect
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4468
  - - C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\TurboMeeting.exe
      TurboMeeting.exe --VSEDetect
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MagDetector.txt

Filesize
944B

MD5
0cbee98cafb920242fc7440e5c155005

SHA1
4d3f0b686ff7531d463cb7d1d71ea3937f2ba5e9

SHA256
e9b0d66e2c2b8a7a064799bffc3cc78b35c9a146c1a29e06284109a1086cac89

SHA512
f3efbd6f19d55aaebde6e38ae4bdfa9eac732563d535d8f45357796c565ce24da514a04939631dfa05189710398e0dee95d9fc4e4a83e2a70ff2e21726c6caf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\MagDetector.txt

Filesize
2KB

MD5
eeb8b11c98c734591aec3f089d92a213

SHA1
9431caa5e2db923c3e47cf4331618e2b6e7b588f

SHA256
598b489e29a709740747b63571599d3d56bae6bdc9c586e4df67e75d67be3d60

SHA512
e1960668568a973e3ebe32d701940b788997025401053f9447364c124f0e7ac0f7b45f36a99cbe18d2670a654cc7f3b6d3cccbde349755551da6c643caa9e50d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MagDetector.txt

Filesize
4KB

MD5
b793b876092a8e2ac2c650ea14df3cd3

SHA1
fe59c50079c9e66d6fee5dd041c89ad7e8a18953

SHA256
e473a015e09ee672e4927d736300f4b432dba98464dc1ad62b718aa35b4817ee

SHA512
9416772bd2d83903f369171176ac39c7af88b150491ee50d3c52274696e9b1cfb3d5ee8ee56b43c27390c732129b5c72c40299d5c045eb0393b3dcde294f1454

Download Submit
C:\Users\Admin\AppData\Local\Temp\SVEDetector.txt

Filesize
698B

MD5
0abe3e319134569945f9b31cba2ec8f8

SHA1
e741bfc94cfe5fa172aef75812847f42ec762ece

SHA256
8f678578d6ae3473e1d104ae28d670e8eaaad3dc7cc8a14f063d7ff395fa7d7e

SHA512
71911288981256e2ec7016e50777982deebfc8101365af61b97968f5aa7c79fb6ec0aebc2525022006c29a9556c89a67cfcb972b11bc37781b2d1c2684c4e4cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\SVEDetector.txt

Filesize
1KB

MD5
ddfb19349d00ab064a5f1bc578b2a7f9

SHA1
216d203a64549cee213c9adfc29375efadce9a2c

SHA256
3745a0b6720669a3721c2cf2b0d774e18ecca8f1b0e3dec1a713fc4fdbe9ccbc

SHA512
871b776adda9d1035aa5e79ff7e1fe0c8c45e29fb9bef4c03674afb612586ca3d954509c052cd7faeb8069f94233f14e9d2e859fe81a3b08fade07284277bd03

Download Submit
C:\Users\Admin\AppData\Local\Temp\SVEDetector.txt

Filesize
2KB

MD5
3501ed6518eaef813ce62b5fb943207c

SHA1
996d242d24ddb771651bac1f778fd9a64cd8ac00

SHA256
50e6d76e6860caf002ffd9b3c43c02ca16e8f4ee8d37e6a498c360642526764c

SHA512
4b0d1910035e47b4139f488e5f10491ab9b94fc158daa230ea1130b33fc221b660682cdb9cbcf22b8254a47def1edaa0ac5b7963cb0267375967bb2a66f9053c

Download Submit
C:\Users\Admin\AppData\Local\Temp\SVEDetector.txt

Filesize
3KB

MD5
fca74f534bd871c27962ad1a03fb75ab

SHA1
ac22017c85f493ad779a4a319717f930081f3e6f

SHA256
eb354b5420377d0438d9b30b960302dacc32c59270503dc815e08301620614c0

SHA512
0663d96916efe65342d255fcec282893630fc2ac44db8c03f6ac741299aee12905f6de39bd02cbcad26ffbd380b8ec3a4bd27824e2a24ebc6fdfd3abf0b519a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\SVEDetector.txt

Filesize
4KB

MD5
39214637d500553a1507ec3f116d64e0

SHA1
108fc41c0601e2d5edca41bb989bae2b1bedf645

SHA256
0473208561c0b8579f2bed04c3d0b8eae7f0c47e49d986e3a20eaac142c49728

SHA512
c255244e103ab206cd2ddf7f9d9c43d3c669ebb32af825a8e5b276d1fcad6e9cfc29c79e379f293c1a90955dd2039864d2d4212e1777de930d5f65e84ddf10ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMInstaller.txt

Filesize
5KB

MD5
c76f6a2aa38d0e5d4689b8c960842b56

SHA1
abcc6d0d32dddb1c20a64abae5ec7c8e21c32f1e

SHA256
a1074945f149a52b4179b599fceb16c51b122add6c838eb215580e6f0f903846

SHA512
e18fc8aea13f19ae3d41afe0f77ba8b2062bcb81ece3c14f5aa4c78cd7f33c5acbde34b77ca4a10e0d45571a8741bb1c7a9f9046c097ebc225844fadcedc154c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

Filesize
3KB

MD5
51506f67bc45dbc0dd36ce0bc19352ed

SHA1
22e71613a42283d0761b4f4d8c5a799bbc7efe07

SHA256
ee83e7f27cb4082aea04c06f0275ea58472abdb34b53d2cbec13b4dee3d40a02

SHA512
74ea0b31a46babe3fa51ea052c79a5d5b5a69d05da3f50a7dd28e1045f6244310d7852483f676a8b53f518dd4ec958b95ebb015fa574bb6b36c704e7fa2e960c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

Filesize
4KB

MD5
b87d669637d14067a00204b8d8d61898

SHA1
1d0c8256c1a9ed9c18d323d063ca2359a7fcb88c

SHA256
aeba6c87f4740956e4aa345ddee9810bef3389bbd9614739d554b3d610d465ec

SHA512
824570dac75b3b57fc1377151d1f6c1b6e8d66403f545e3ff4628ff1bfc2c08f660946c1253880489d018e4ded6d3c0aef15bb3b759bba3043143792b2d3d742

Download Submit
C:\Users\Admin\AppData\Local\Temp\TMSetup.txt

Filesize
3KB

MD5
15444d1c70303327041d46f1ec11caa7

SHA1
63041fa96be54100501fb47e72197c18c475fe73

SHA256
ea82565c879829fcf03f4c1372e2c271bb20fcd67863adea6a526f399da81fd0

SHA512
9998154361802f8e574d2adbd64a09e037cd1ca43e89120ad02abda53cb9cc01b23a7782a7c0bb3d8e4fa04f8f49f5b96cd4940baaf85d25db7c9c3b910220f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\rsp1024h.txt

Filesize
1KB

MD5
b90ca0bd39b75a318128426de408050a

SHA1
f6e81bf4dfe939878214c9018b2e7462b0bb97de

SHA256
08dd3745143c423d6ea3630ec5aeee3570d2b867f6c4ff37b5a068ba29f594ce

SHA512
50a1a3b6c5687b584da100b60e86bc1e3083ad1275e624aae04d1b2cf6bb5cdb7f1f182a2f52b4271b78062aae9acd1b89b0a8b33cf2b2c7119af93550c78878

Download Submit
C:\Users\Admin\AppData\Local\Temp\rsp1024h.txt

Filesize
2KB

MD5
7dd732950954cc208d9447e528803a36

SHA1
708dc0c1fa4fae0698c50c152631bb79b4a24cda

SHA256
52f0a0ef660b91e52d5a5ff99bdccc75530b3a605cc63e4ae6756a2c705f2ea4

SHA512
fc541a0cf501b57d023e0955210ad356032c3d783fce9167607144ab35fb2e6c0093b0cb04e5b8a34fa7702c2313baffc836d3105a6ce5a6e9e92aa39e33cf88

Download Submit
C:\Users\Admin\AppData\Local\Temp\rsp1024h.txt

Filesize
4KB

MD5
e94e51edda7461ac84d81eed0ee66277

SHA1
2a72240878f4cfd764a291d770f1146e6acfeaeb

SHA256
8f091382c8982a09c024aae83a54a83094466893f21528110e830070d79cfd55

SHA512
64d5d8dda6a96fa3c3d8029b576b603e69d9284bc24dc91af6d27fb620c3c7b74077e95526fdfa9d319adb90440aa5a8403d3fa63b530f3b2654cf542e6aacb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\ClientDatabase

Filesize
9KB

MD5
180d45be65098da1e2d0f72795581c5d

SHA1
b4b90f594bf1b1a0603d28a6342cc2052bb010c8

SHA256
c8a22ee90c0e0db5877fd047ea957452d827a077c5a823c2ff6a0a3e6d421a52

SHA512
f65a2667a5dbaee134c7b744e60b9a442a72ae6ead97501180da0e1b058fe5f33864d9b91daf2057c205db46276ad4b15d8f8d4af131c0c9b1a2eb5a90e32b01

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\InstallService.exe

Filesize
228KB

MD5
ca2c90a15e0b8701a71b28e875865f35

SHA1
319c1961f05d1d6c31984d141b91b870dc0b1efa

SHA256
7aeecedc2d37bd3ad549851121ccfed9b9d62285db474735998c8ea741dca867

SHA512
ac3cb38535a0d48b5ea14ec89868fdf9b5eea0bbc51ed11d59ff83fc43a5286aa67e7f5896434200cb0c615270dc6a1ba4f901c0cff6a79fa6a8b9d913872f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\PCStarter.exe

Filesize
768KB

MD5
c28568a1eb37159185590bccf20f9866

SHA1
dfe01651da872470e686c2be78400c80c98fa450

SHA256
ed500e8a0b1260f47ef142b06cf08af8719d003f227c5ef48dd0166c6456d941

SHA512
476324f2e9ba91053145a77d36d26020318ee12f336d056861d9556e989771d134ff65bfa18f5090419da131b082a711635c0e37592551af25e0bd0575c14f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\PCStarterXP.exe

Filesize
767KB

MD5
8ce1dc1e87f955f2529ca7a796ad8820

SHA1
9a51c28787d5ad0363dc33fcbcedd3995f855482

SHA256
27773d79b0ae6a473909434bf72642c2098b649f4033139bc06c274ada88e3be

SHA512
d40a82436183802f31e492d2c14ca4b3559edc24975dd937bbf6a7588f6595c24dd67b417cd109aaeed49dfba6319aa575047386bc08a859d5dbe8fd7df75941

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\Sss.exe

Filesize
87KB

MD5
e0861d6f2836555e2c1e5f223234a9f1

SHA1
c2f9c1b8eb85722b5ef83e080c78d5e378cb5210

SHA256
84f0b260e146d07f0be5a0c61cabcaefe5288850a707f073b5ebc8faaec408c5

SHA512
04f7d3943e49a54d45abe55ee93de1772a5c1183a994db521a9234c0b21d0211caddb2968b2b3c4e922e50db328cc4402043ff30b3e9ce5a69a18f6b31347c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMDownloader.exe

Filesize
371KB

MD5
ba7323cfa2e6b7a11e61e5c8621141cf

SHA1
bb49041c3257ce0a159c3aa49d0fcff093a24921

SHA256
0c4f996d1aa194951d756de74514f7a1d03f68270e33f3c7e7b5dcf262885166

SHA512
19abbd2f944bdcfb1770b31537206ad3610bcfe566ca25e23e172c14f17575e04a13c10cd08b8fb202515d43237504a341046e9eb7d34410b07f370de282be9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMInstaller.exe

Filesize
672KB

MD5
8fca72c59d3a9aa6eda33c64daa0296d

SHA1
5229d88a9e650430719dc5317f8f7601117ef637

SHA256
11b64793473c88aa0ef2f9bde703e9494495029d416e76d954fd3f044ef8fc10

SHA512
7d898f74d292c23d8f38a29c2c3d8c2e8f6d610c2cca5b89b5273222a6e31db078c266a25c4072533db4f907ba4f3fc700e020a4e7ebd4fbb4d4ea13d0faa0a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMRemover.exe

Filesize
223KB

MD5
f7a57d58de9e992509f28477d85ea442

SHA1
48747fe9ca9d804110462fbebcc13f4519230443

SHA256
b660b3f98e2c45770af8421e75d7cf7af71bd7af8a30efd4091e75f4d664b2b3

SHA512
c12118b16e606cac969b30462eb0af501ac7e53a1dfc6bc0635ae3e6c62aa659085dcf19e499f874141ccebc15245246bcbfa7ba15ecdf5148884a6599b737c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMResource.dll

Filesize
96KB

MD5
dd12c30e38fd57d25cd75b07e679330b

SHA1
00c725161356a75121a393f8615641da10eda4c6

SHA256
0c168e4e9aea222bbcb4eec3e61fa72b528f7276492fa4bacae029241b3808eb

SHA512
8555d52dea80903b5333e94697a0a26dbc0a0faef5e833c030c1d45d4bd300219193d7124a4b7e8b8e9fefdc862b1b8433610ac703149add39bfbc0b49264160

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TMService.exe

Filesize
356KB

MD5
26ac20e2f474ac15e0785770931001c3

SHA1
2bb6cc026b7766d2bacf71e257836771dd8ea462

SHA256
2a8a64ebbfbffda40db3eb7f6dd9efab0143818637914b6246fba81d938fa897

SHA512
c8669a17d1f4ce7c49325905fc3632faa420835c775196b6346252bd3f354b86e96eeeccfd1d654f278111f72f61e038d45944bbe8af75715c650039434644cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TurboMeeting.dll

Filesize
110KB

MD5
dfc9a458625b2095d18a17ff37eede74

SHA1
7b397e54eb28167dba481b0ae6a64d8b72a24dca

SHA256
ae13b7b55095775805a2a2d0ab8dd224678b1f08556252431107a9f3aa3a0ff3

SHA512
6b027ea5ae8bf21acec150d9b56c9fa8579e2f3bf357f17bf3ed08e9d2c37c3d194fdb4207a04d9b3e2fe700a6660ad28b9655e40764a78951ec312878660c92

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\TurboMeeting.exe

Filesize
17.3MB

MD5
d973ee70262adf0a3d8ac412964517f9

SHA1
5eff4b9800b66d63213162e7bb009928f86ddbfd

SHA256
bd69cc4974617a01d2759aab58cdde4af9199b8102e325178c2ae043e6783e28

SHA512
931152e6fe92e58f22eab65cc693c69736238333078bfedd294e2d7a547ea6a0179281db37395c52558a09defe48e35ab927539d2a425d0b2587b15facb271c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dbghelp.dll

Filesize
1.2MB

MD5
cc17ae159e28d331b7ec39a4f34527f2

SHA1
68bacd3808895db9987f11b63c857e288e022c17

SHA256
4bbae6b52a99355e7c695d901151513235e5b0bf01ff8d5345580d6529763b78

SHA512
a5bc90dacd81c278ed4bb3bf862af1406b4c704845c3f5be7f0927d4350da790b7a9fd98e774deaf5a5004251c45c558eede1f797b842e305fbfb6ce8d4a9de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_CHI.tmd

Filesize
96KB

MD5
e19c646ddc1e5b7af92280538a863e04

SHA1
4c87c7fb61dbc211c80a44928e6d121e55bdc929

SHA256
4e51c94eed094dc6a0d895366750c80b71f5270a3fc96dd9b8047a85c87d40a7

SHA512
cb3d2cb4921eddc12c49248c54712e503d304f4830dd528f66f45fe986f2c08a49f7c1ff244e470875843dcd99ac0d8b2d1393bf1aa8636435e96171f61401f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_CHIT.tmd

Filesize
96KB

MD5
b34e838e74870b3094da1db18fec92ea

SHA1
4414dc5f71facced09700c12769e61674574acc7

SHA256
3c34b2b116b9017826eb48cf6a6f44ec134fc36f07ad9171b233ac2dc0bfdf34

SHA512
f2b81cb346ac3e5296b497ff2e86fc2a12b0875da8faba4f6488dae7ae8720fd86bc50b4da00e6b17adf05385a7546e420cae662a843870b68db8f7649ca1ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_DTH.tmd

Filesize
98KB

MD5
ffc94815bcc52593e591f1db945da142

SHA1
09fd651ad0316f616374809ee23548acaab8e0e6

SHA256
85a9060d5370a433a147483ea8cd5129d6b77d3fc6c85861be43e51c83fbb082

SHA512
1cc917de72f7900baa6e56cf7984edcc0a9122b77c7c9fc05507d86f87a82827eaed9b58385075cba9eb6c9e18e7cf44f5339f6f616bd0985f607ef80fb4e7bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_ENG.tmd

Filesize
98KB

MD5
822e31dfdfcb95a50b6d28df87608cd6

SHA1
9c811ade35b8f0b7c4b6f69861755539499f10f4

SHA256
4a1f173b90493324698e29f089d829d0f6faaaa728405ebff602d86d72b77ba6

SHA512
a37824feec7c3ca968e2de2c36d213e662c1063d624534e1c420e8f3ad03c0285b6674858c8d6e5c0b7f6d74515f9e21fd01bbcc1e67bfd843f200c568fbca4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_FRE.tmd

Filesize
107KB

MD5
9f9effc7e14cfef695d97ba63d261341

SHA1
15b649b698acd53963e3442348ebc729a04b857c

SHA256
6f773a3b38d8ce1f077a53655f221559bf36f0a2e5611723167028de759fb45a

SHA512
96193d061c8c92aed1124cf4577a1242a5b0ed4a45176cdbb22486277fc1b9e88896a825c5135c05014ecdf0a1659ecab079e877f3c9b003cc8588793810fd41

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_GER.tmd

Filesize
103KB

MD5
9ad8edbe48a03ea9f026a63d1950f59c

SHA1
d4cfb9555dda08dc2582b18c54ced31282f7602e

SHA256
326816125fa54d4a09723807ef47884241b3513e8a52f42cad66ac177e040a6d

SHA512
e358c2b7a9827d14a8ded104f79a613c765042a016073fe166e40bbd0500ec0d129169180fa3f3745635378dbf4f9e7903f812b2ee9c8a713a9ebaf3f9211cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_ITA.tmd

Filesize
104KB

MD5
555ba58246b88d60247b6c9d6fa9106f

SHA1
b040e9a84618fbd0340755c500f92ce9e692a0a8

SHA256
fc60df878a62c597bf669f24178e1aeb73d619f15385cac798a654120141012c

SHA512
921aa1946e07ecbedd00a0ad2d58442820c17fe310fe1f6d0ca6f464a773f7ea6eff64e315d319e79f9644adac66b65d6f02a147a941a5f1f9c05580c7034c21

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_JPN.tmd

Filesize
112KB

MD5
f8fa38ebca233b3b805311979ec31646

SHA1
850778b2f3949d28c858534720e4cd1e154786f9

SHA256
e45d81061cf6ed74405d4ebf3bc530489f6a780b84df510894f8b0a8d4d8a89e

SHA512
c72c9a783e34db019fd4fbb251018b215d2157fddc70d273e76c3e5b59aa836097ed22cc341093becce8c367b89f03503f636d93070ac4c2988a738e6d5c5917

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_PRT.tmd

Filesize
109KB

MD5
6a3e7509311be81cc2ffcad1b697f3bd

SHA1
e24348698a2f8e316d017a47903683b08b7ec9cb

SHA256
5a92a07d17108ea6d852108731a2f7cb92f610ad485505d7f8f02baff5f5184f

SHA512
8acd6ddd22fc65e7745691e27ca811885c7f9c760191bebcc9108269745b5a284ff5d6b884e3e45c662fe2d9392ef2a6ad46de4a73e28c70409cc58fb45539e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_SPA.tmd

Filesize
104KB

MD5
59f4a43b89e599128da95f68c6c93c5e

SHA1
5de54065488d0417ec2c655f156fc6edc173ecb4

SHA256
b27c22ac64e6d231ae4c17cb93e0a889d376f24ea44864ac15349c7f70c94910

SHA512
a016029c5a9288755c96793fdbecfc2663ffc3b6c3e6db28b9a786d52458d8b9b4500fb923d1d58ca282ec92d1430dc550d368d664e8ee3f7bacabfbe4434d5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\dictionary_client_TUR.tmd

Filesize
66KB

MD5
01e157ed08e05ed80052ad8df404b530

SHA1
fd6229c6410350c30d5b7907db42c521fc3edb62

SHA256
295a963cce972904acf33153c7caf731027a36b5b8f5249eaafc5b5d03012d67

SHA512
1eee1112b12fb3feac86f9555af20ab1a16ebf0fdde09004d4a294603b4bc9a15105b6453bb31b2741998ba781527b339f5174d04b7fa3792172035c20582f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\ApplicationIcon.ico

Filesize
21KB

MD5
883746cda8ecf40ef07d2f26a687e550

SHA1
88d8d8d7676ae4890c06aced19212122be59f44e

SHA256
4435e5c62be3b529d5e2100b5f1f57edcc2be82281601313bc8594e52c445d66

SHA512
a8ca2e91aac490eaeeeeeeaf21f9de64fc1e24a5d690790bec09e694a3738f12fb4fcadea799fc54f9d4b766a5c951873f39bb4875e5d58b75243b4e2833f018

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\CTMeeting.ico

Filesize
14KB

MD5
f366c80b222e8e83d5ec6d90959c2c45

SHA1
cbefd8dc9c8e342c6165d0f9c1fcfb177d2e01be

SHA256
8cd38c8e1a62198bea0bcc85c0b339a835e460ed08a8d8c98be524b528f07531

SHA512
db1c073c9a7837d8d3d1e3f654c8c95060971130cdd527cdd1365cdfe48cc2bed963fb0d574a4705ba92e2e70102f73795adf97edf9edaab3eeefaa03d3e8517

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\DummyWebcam.png

Filesize
1KB

MD5
2cfeed234a8558fafa50655acb115fd8

SHA1
2ffb1a9fe6536723e96ae500554d3abeed2147fc

SHA256
615861e3be02b7ebcf9378bbfeefe969b503a11c738dfbd9a6514029205646f9

SHA512
da7e66a2da8eb2363583a9c055b590385412bb924fc0d0d28d8cbfde9567dd0ab98019f1ec752b16f590764c1d287aeb583b90458820a3d6a75c43e59c7b6583

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\IMDefault.png

Filesize
2KB

MD5
6e8f635f6528cc0433861a8dfb0c2d30

SHA1
e85ec2e9154d1b12835e0590ed00c22a49e3a6db

SHA256
a8cc2b4c182384537cad5e091dff777f6806e77eed0e5800b96c573e4fbc1a00

SHA512
12f54f49fddf6857a840608ed070822c7491d6c15b56f6f5a024c27a28264ed1525fab4d57f9716d49c284bbf24a677a46f8f084bfbbf485d0f62d11b5cbc725

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\MXmeeting.ico

Filesize
14KB

MD5
e7d9e81afa9cb104e0fe70ee9dabcb6b

SHA1
fa2d7df277cd730bad0786f5ba92d3e5d777403b

SHA256
a04e701256b583f226ce290d979b19d51a6ea4c5a94341e4e35db1ca94ddc6e8

SHA512
1fde7f4c1387fbe304acbd1ea2479a89306ac90bdf72c6c5ab88b92c44183dfbf7f01729b23c112d77ab7378d4fb007eb2343b50974436c84d69e51c11656a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\ProfileInfoDialogBackground.bmp

Filesize
448B

MD5
a8a6ef427c5c0ede5c70af58aa5680de

SHA1
127365eaf32cee2ba7a958e766fdccad0e3c50c6

SHA256
1d3f66e964cd9bff854a550d5acbb55b2c2027c05ceb7a9396a691b1c9d8c6c2

SHA512
c2ec78255ec33af2ae799972aa275c8fa3378d56092b480c4f39105cb5978983c16b97c33e94ccb5d76886340eea116b08c207a1d593945b7f600ed7c8751e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\Separator1.png

Filesize
715B

MD5
b7ccd0351eb77445e7323f2bb74788fd

SHA1
e0525da70a851e6dc72d57dd9064f16b949c2a26

SHA256
8baa0feaf55d59c0929419101bdab9ea326348f13de8b68edfb710076f0c3f78

SHA512
34015eca33a939e74481334a55db4731d2777b4975e4bcdd648a8df1cea80e2c65e93047a5d9c22c681d1ca417cced190c65e58e8099b740ca669dc9bf829579

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\SeperatorLine.png

Filesize
132B

MD5
4ce28b32c7836663ce74b29f11d176a7

SHA1
608ebf86c32394e609acb091e5fefcb0af4b9d39

SHA256
4199a78439525d778cf91fa5defe0c68320b3e51b3eb9c7672939dd4b2f33e50

SHA512
e5df9c12f74a92898a78702935c454ca0314997d7ba36b89126bbf177fd652b5dfecfe8c3687a117d60810fcdb0bcc91abcdef7f19b6c4ffb8725f793cc1bd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\TurboMeetingWatermark.png

Filesize
15KB

MD5
c939af5f23d396f55808e95668c73c18

SHA1
3e8767c4fcb16767e6e04a34a9b81b74c061e411

SHA256
b128c15ea8bb492570e441f2bd3f81d1a481c75997ae107a1d9e830c98067fd9

SHA512
be5d99bedeb70c53b127bced885c704c1e7e42634b64a5de9e4b9138cb91c14c5d774ce27742118e6549d7f562ad5dafd1395ab02bfb7e04b431f18fdce16b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\image\Ymeetee.ico

Filesize
14KB

MD5
e20adbd0c131a94e99fde12e0c60d247

SHA1
ee5eb66e8945ec49a178d739834d448350c1080d

SHA256
9473fe1fe2d941db548f70e716dd8ed841dbac60c02c71a5ce6ba760872dc69a

SHA512
e204339033903140ff0765f38f35daefd15c4d336d2c2595a04a481e9104cfc96892fcf9621ea4745e5ddb0f57d9a5641422eff6c03324842adac91a61beb5e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\jsproxy.dll

Filesize
25KB

MD5
7bcd58df45a40f865e8dbbcb5b2ef6d1

SHA1
6b8c19c6521ce5e4c8c81f5a59552f3714b15e17

SHA256
f8cdac83b1512b6bcfabc616f3865bf11c049e59e4a2c8b5d5d4f031332d83d8

SHA512
deaa3f5ca55d53eb398328f6910e86ab4e95a5e8b37fd67ee6fbd21c1ca8e747d09544d7a54a01815864c2cebd376aa5ed34313c21b7235d31450f996c84ca39

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\rsp1024hcmd.txt

Filesize
1KB

MD5
32e221508350f7f39f8142ae351410f3

SHA1
2bc939c3c3c73dd5f6110971373d39df67b3a291

SHA256
5b1a1f56a6601a4f2e1d4df588c73b67f0ccefc2561d15a403c53a8e9e74ff19

SHA512
c9ecad5c1503b69ea33fdc466a492a8b5a57460b41019d26425390fec1e16dec044662097e09a011f577178d207b9356e3efa41dc7d7f2415bd527c5ce0ecbee

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\version.txt

Filesize
21B

MD5
8797773bbb9b3585f186fc2684a48f6c

SHA1
460a68b60688e4ac8a169b5a972e5a0120a977bc

SHA256
18805ad87bd499c00bc4b72ec6b52e9ec1b9087760e1741ea73cd53a92cc839c

SHA512
a4f8da05be6f56a1a8347c58a439638967c0129b21884b5c7c624059c690fed7cd131fb1988c524f8d209c407725e223b388e984506a27803dc0f2cc24fb1d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\tm_starter_dir\vistafunc.dll

Filesize
89KB

MD5
d9f52809f0a87fa85638e08187040545

SHA1
7a4baf2dcba8193ae9209bff85af56b18df9344a

SHA256
867b919d932c496be91fdb3fc0ac489fdffae9371463bfc24c844fc7cf63a9e4

SHA512
8617f7b992f824294d1b840aa0d04b6c040e3c756907729740ccf56e709cf1509e7a8f79b06901fe944d5dbb5c9edcf1bfa4c1f166607cd2392ef8b6c81d14c7

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
10KB

MD5
b3346b133aaae24215bb4cd0f3546c89

SHA1
089cf740890c4dfd7b808d22bc72f3b9dfdc729b

SHA256
da7b07adcbd4bfcc9a01d58afc7c6b51c97bbcd5e5cca800ba5fb07c92f98ac5

SHA512
efeb5bdcd2d072d568a0e3eb167a2c3e049168adaafba55eee26088bbd3b4caa2cf272e76ba8df16ad1fa9dd159a967f9028a3ce531a0f07f884715b2e6605e0

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
10KB

MD5
ad7e911a48a9f45e48a9d3199617c6cf

SHA1
ee559dfadd96365bff4e29b4312b93edb16f810b

SHA256
00db46cc7857c32b20e4b2657a0cad050d6d04a34c7b8e7278fb73b9da15cd3f

SHA512
c18dba0f6d6c4437ecf063f122f72bda25ca0faac68df2cdfcdd1d299e1e4399d99bdb0ef582311526612f25652796ead887a90aac5ae4958fde71cdc51c91ad

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
11KB

MD5
698e4714d8e05521e2dcc63528356557

SHA1
63d0b89343afc9f25fceef2982ed538b46eed762

SHA256
72f29cca20e9efbd68082e7caee3916f1f78b2318e9072106f871300c5e30676

SHA512
5959c3773bfe3d591b1dd92f9fd605150abd2b250a0903767034cc0d9f50b1ce3b23fbeda9726c0b9b422b066d44e73b1aa179989e33adc09a416eb67f2b0f99

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
11KB

MD5
fd913a9611550691561727b78f49c994

SHA1
0f04860cbb48e69d69010c901b973e538c28b566

SHA256
f3d0e90d4d023da5cf004c81d78ad2928c364d1703fdf324d094699f342d5278

SHA512
439a691f87a3dd7bc1563ce05b330b7816618b444e43b63a580bfb1127c5756fc5784231d2b14928779a3466e92c1c91c9e554db7437014eee80853257abec9c

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
10KB

MD5
2209fbed3ebc32a3aee4236ad866fa30

SHA1
7b145c25555db66b70e5901c840bbfc3f4d8571a

SHA256
575234ae51c7f81f26ba92a63c54ff15e969797060b954fb899c0520580bfda4

SHA512
04c3669fab81e607395856958730584013958587fc8ac7e912684bca327c68502b3ee1f0f63792e773d77ef9cf230c6e16ff081604397745c44747396b06aa3f

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
10KB

MD5
c29d34cc3c1de4fd3d296e1d17e62eac

SHA1
b98b5d7e7e135262e6f862659bedfd2d866e0ef5

SHA256
c17168fdfbb56373a4662e71ddb7e3da5f4d11ba68e59e9ee7538910b9057a23

SHA512
378f1f6014e299b518fa30df3da53c9a5faff3bfb45f4d68589bafc1f8c89dd36bb7a09be0efd5e114e172a875bd9ecab5dc8a3e499dae277286105f16137a32

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
10KB

MD5
5a0d22d355795cee53ccdcc3282ea9d0

SHA1
0886b7edea1d4c1be82b9b56fd886ce9d6df3b10

SHA256
9257fa8b1c14af83a85266debeb08a479324e773b8f0ba8b7374dbe6cc4c5d76

SHA512
91064e41aa49c6c535fc84fb66744a3757cfdf45e412f99d4a9261d5fba8541739d689cce2afb4fcb0878bd94f3bf13aedaed6d63780af7fac10464649d6e937

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
10KB

MD5
253536279fedd735076fd451eb6d32e2

SHA1
df5972769086b4bf60300e90d6168c3e2934dc21

SHA256
4ac3dead8ff42de6c98fb2bf4bc4d94cea0f64a11a33f940a81389968fca624f

SHA512
452408abbaa69b6dcbfc6950ac7012b4b6f02fd72df22627400f6bd963f4eda204673a0257035f79269a27e8b0cce00a8decb5a51e607e264e80d85774319d1d

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Cache.xml

Filesize
10KB

MD5
83caf88275720e2d01e4c761ce63e0e7

SHA1
db20cf8486944d853470cf163f72831db4314224

SHA256
91c8d01f703ca26c464b9bb749ce036bea24554baa177ca22dba8b2724a9147e

SHA512
fb48139813c29a2c7b1badc18dcb98fd24e32662dd67723ec73f15e27ab59f4bc1d8de6fd9f4064302f4d0f7d15dba5297040cc7b2f7e8c72395a49d52e38011

Download Submit
C:\Users\Admin\AppData\Roaming\TurboMeeting\TurboMeeting\Configure.xml

Filesize
736B

MD5
123758bc7261fd214ad5e454a829656d

SHA1
9c661c902118488dff2b5e29a5182ce63c8a3a77

SHA256
3957edda90cdfe0ff751f563cbd3c864f3541a9d67e505108478904216577abe

SHA512
abd8a13fbfde33088c84399190bea9be73af1af1921a8a4111675fc1683e0d6bc20013d04eba0899e68292b24d54bd2defa6457433681d98d39b4412f6dc5102

Download Submit