25a8a2dfc4a48600526efd438b0adac7deda1b36b9a24d92de04fe9c2840cba5

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 10:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
Size

2.1MB
MD5

ef9823de499f14ac28ba73a264b4425b
SHA1

1adc0549fea489a6ae8ec5de9adf4579589ff990
SHA256

25a8a2dfc4a48600526efd438b0adac7deda1b36b9a24d92de04fe9c2840cba5
SHA512

9c0d2cca86186984338a74882a8bbaed58ee94229b13dcaa5991a8c87a87d866c7b4d7dcc29fc7d0d6ddd7e8ff4d3ba3b0f327a91b9c2e1460cd2b4ccd171441
SSDEEP

49152:kwHnSDy5hvrJATDTOElgzLv8G41L3AlU1hGyIFVFHEf/VlF:kwjryXlQR4yLzFVy5

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
896	mIRCTurk.exe

Loads dropped DLL 3 IoCs

pid	Process
796	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
796	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
796	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\notify.bmp	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\mdx\popups.dll	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\galatasaray\Thumbs.db	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj-1\yan.jpg	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\data\ciprix.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\script5.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\fenerbahce\yan.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\offline.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\remote.ini	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj-1\ust.jpg	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj2.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\nwhois.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\sounds\nudge.wav	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\besiktas\Thumbs.db	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\WhileFix.dll	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\sounds\op.wav	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\data\script2.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\none.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\mirc.ini	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\notfiy.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\script3.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\Uninstall.exe	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\nlist.ini	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\sounds\kick.wav	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\banner.jpg	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\nmenu.icl	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\script4.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\data\mesgulmenu.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\users.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj\Thumbs.db	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj\ust.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj-1\Thumbs.db	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\sounds\ac.wav	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj\orta.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\data\kanalseslenme.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\dlls\amp_in.dll	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\nnet.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\Thumbs.db	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\kayit.reg	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\refresh.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\mtglobal.jpg	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\besiktas\ust.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj\yan.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\nchat.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\ndel.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\script1.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\fenerbahce\Thumbs.db	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\data\titresim.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\mdx\views.mdx	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\fenerbahce.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\nedit.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\sounds\flash.wav	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\nweb.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\popups.ini	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\script9.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\besiktas\yan.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\aliases.ini	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\icons\yes.ico	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\galatasaray.gif	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File created	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\Uninstall.ini	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\script6.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
File opened for modification	C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\script7.mrc	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mIRCTurk.exe

Modifies registry class 38 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\command\ = "\"C:\\Program Files (x86)\\mIRCTurk\\mIRCTurk Global\\mIRCTurk.exe\" -noconnect"	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\ddeexec\Topic	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\ddeexec\Topic\ = "Connect"	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\ddeexec\ifexec\ = "%1"	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\.chat	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\ = "Chat File"	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\ = "URL:IRC Protocol"	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\DefaultIcon\ = "\"C:\\Program Files (x86)\\mIRCTurk\\mIRCTurk Global\\mIRCTurk.exe\""	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\ddeexec\Application\ = "mIRC"	mIRCTurk.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\EditFlags = 02000000	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\URL Protocol	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\DefaultIcon	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\.cha	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\command	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\ddeexec	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\ddeexec\ = "%1"	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\ddeexec\Application\ = "mIRC"	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\command	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\.chat\ = "ChatFile"	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\ddeexec\Application	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\ddeexec\ifexec	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\command\ = "\"C:\\Program Files (x86)\\mIRCTurk\\mIRCTurk Global\\mIRCTurk.exe\" -noconnect"	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\ddeexec	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\ddeexec\Topic\ = "Connect"	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\.cha\ = "ChatFile"	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\ddeexec\Topic	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\ddeexec\Application	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\ddeexec\ifexec	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\DefaultIcon	mIRCTurk.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\ChatFile\Shell\open\ddeexec\ifexec\ = "%1"	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\DefaultIcon\ = "\"C:\\Program Files (x86)\\mIRCTurk\\mIRCTurk Global\\mIRCTurk.exe\""	mIRCTurk.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_CLASSES\irc\Shell\open\ddeexec\ = "%1"	mIRCTurk.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
896	mIRCTurk.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
896	mIRCTurk.exe
896	mIRCTurk.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 896	796	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe	28
PID 796 wrote to memory of 896	796	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe	28
PID 796 wrote to memory of 896	796	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe	28
PID 796 wrote to memory of 896	796	ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe	28

C:\Users\Admin\AppData\Local\Temp\ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ef9823de499f14ac28ba73a264b4425b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:796
- C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\mIRCTurk.exe
  "C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\mIRCTurk.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\aliases.ini

Filesize
4KB

MD5
8bc73feaa55ada75611cca7e285e81f9

SHA1
7a28124caaf5eca52efd3caa5678f2edb86e5a1a

SHA256
ab24408a1f1acdb5b1e831e4ebf07c2e726115972fd5f2da048e54acd57c3d9c

SHA512
0bc4bc20fc1fd49238b5198496c41b7128f8782c88a88cb2e80ad4e7ba39b27d68b5906c7c5b43f02888ed49f09adf55e1376596d91581ab6c191c772ec62abc

Download Submit
C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\mIRCTurk.exe

Filesize
2.0MB

MD5
9b0798217f22b94fcc45e1241f8aad4a

SHA1
e287ce9e17da3c729177ae2684de013d66aa1a8f

SHA256
a7c615edff35fd5d44464407a11acb5a1ad6bfba36e9604f3dad17fcd4bb28ea

SHA512
3fc2c829dcfa0e27e43eb2d059ca3283c6a574e95e617b1fd80c78f49bac172561f303cd3eb13a5fcf1fee4cdcd62b6aa5fdcf7a9dd3bff21fd85b753ad80afc

Download Submit
C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\mirc.ini

Filesize
5KB

MD5
872fce54ef35c42ef5d94ac0855aaf9e

SHA1
7b4391a104a69c63aec6dc74fb1c9bfa439be06b

SHA256
d6291f56cb5eef4cc1207c52c9ec6c40a08719680ad2cd7598a5a33a4cc4d3f2

SHA512
9eaea1f59d0990651eea4cfedaf3ec9b94591379ca5b0319e98ee07df90faf5023293c9775c591eb602ee2a9e49fead072aa41122ea082449b0f5621d1e01794

Download Submit
C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\popups.ini

Filesize
73KB

MD5
2b330c23e2c7910758545662d7967548

SHA1
13bfff955929ce776850168646d535e9e3363bfa

SHA256
0a296ac6fcb53a6edab636dbb6f878af277635a1dec294b6799e919a779930ae

SHA512
130e32ed4bc1f192dfcf3a3b2216aada3dd633635cc631a65a15392ec4e63c9247ecc2fc8d758751ef9c54b8adbe3474fcaf3d2e0fa58d5a894ae0aaabf5492d

Download Submit
C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\servers.ini

Filesize
633B

MD5
618eb7a9181aaac55adc8f1901f07898

SHA1
5ff97831895389b4e164869d9feb9b2fd6ea1e6d

SHA256
809cf2ccebd958dae7c5ba04026f72c33ce228827e92f71e4c5e994a764d2600

SHA512
28e50287a5203ce6e7810f47b49a86148cad654b3cd4ad1804f762d7424cf1a903cf074574bb7c213e8994aff076b0121beba8b9a1157596a2c6600c16e2590e

Download Submit
C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj\orta.gif

Filesize
13KB

MD5
3125e0d0ccc817a4e2470c71f56eb43a

SHA1
6f848fdb1567a5e97c6fe218b4bf1f7b3c23e1ee

SHA256
7415f86a655e0d3ccd984753f86f1fa6d24245f50f558b89ac683f553678aa61

SHA512
205cb27f70a0881864dbd9f5f49a180a984019411e78b45785c0ec416cf1b0fb4f28de21efb2864238e4802473fa5d89a099864cca1346cef54051c8153e1921

Download Submit
C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj\ust.gif

Filesize
13KB

MD5
1a899a956cab55ce235afdf04ad9ac8c

SHA1
80cc943e3cdfd25b760669da25295c0a7421d9e4

SHA256
b0e511da025045c501864cf64246a5b6f70e5e0fdfe50e9c8d7506229d437a08

SHA512
671c9848192fe109ed2546eaf4fc0934025162fb4ae2efc48f9de65116b8e1b849888d1b5e9fc1d429a1d350e7d123cb4a2e96257c5302faa7cfc4f4883b0df8

Download Submit
C:\Program Files (x86)\mIRCTurk\mIRCTurk Global\tema\orj\yan.gif

Filesize
29KB

MD5
7592ea7b5c14c28023be2808a58a8389

SHA1
20b4baa59120d85267695ef585767d3d53857e22

SHA256
e9fa771f75d77e01c644e8a347dfd14e84d91a4a419aa9397ac7af678ae6d441

SHA512
0ce4efb14e6f492cbcf1d0d741156bf085b4a0efec5b88f9707664c5adad54736ad569a8dd75b43e5477d4bf6ef3fbfb3468c363d80288fe64da6f5ac793511c

Download Submit
memory/796-334-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download