cb81d8f32965dd800cbacfe5b5f432b500ef969042efe76ed8f242fe9a319215

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46cfcfe1ae7c9db47e1228ee5f55734c_JaffaCakes118.exe
Size

1.2MB
MD5

46cfcfe1ae7c9db47e1228ee5f55734c
SHA1

3a74649f133818ce9da17bdb8e254f4824f09f5d
SHA256

cb81d8f32965dd800cbacfe5b5f432b500ef969042efe76ed8f242fe9a319215
SHA512

917121dfcc4a267aedd8d96f89cc91673418ed16c9a43daf372caeb1f012ee2851267a2bf6d40ce4cb960bc85ac06ca4658ebfa99358aeb3f222289e6cfeaa19
SSDEEP

24576:8WapRAFVRy/XJdxT1S0ALDUwukJy6jCdH95uWGSHHuyzkv:J6+R8XJTYpXUTYXjydfnHp

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
4936	d_mind-power-secrets.exe
2192	dtaplugin.exe
3560	dbxesellerate.exe
2004	dbxdigitalriver.exe
1728	dbplugin.exe

Loads dropped DLL 1 IoCs

pid	Process
3048	regsvr32.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000800000002344e-2.dat	upx
behavioral2/memory/4936-4-0x0000000000400000-0x0000000000822000-memory.dmp	upx
behavioral2/memory/3560-20-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/files/0x0007000000023454-17.dat	upx
behavioral2/files/0x000800000002344c-25.dat	upx
behavioral2/memory/2004-26-0x0000000000400000-0x0000000000452000-memory.dmp	upx
behavioral2/memory/3560-30-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/4936-35-0x0000000000400000-0x0000000000822000-memory.dmp	upx
behavioral2/memory/2004-39-0x0000000000400000-0x0000000000452000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dbxDgrevCheck.dll	dbxdigitalriver.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\npdbplug.dll	d_mind-power-secrets.exe
File created	C:\Windows\npdbplug.xpt	d_mind-power-secrets.exe
File created	C:\Windows\dbplugin.ocx	d_mind-power-secrets.exe
File created	C:\Windows\dtaplugin.exe	d_mind-power-secrets.exe
File created	C:\Windows\dbplugin.exe	dtaplugin.exe
File created	C:\Windows\dbrmdwb.exe	d_mind-power-secrets.exe
File created	C:\Windows\eSellerateEngine.dll	dbxesellerate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Webplugin.dnlplayer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\ = "_IdnlplayerEvents"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Webplugin.dnlplayer\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}\1.0\0\win32\ = "C:\\Windows\\dbplugin.ocx"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\TypeLib\ = "{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dnlfile\shell\open	dtaplugin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\Insertable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\MiscStatus	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\TypeLib\ = "{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Webplugin.dnlplayer.1\ = "dnlplayer Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Webplugin.dnlplayer\CurVer\ = "Webplugin.dnlplayer.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\MiscStatus\1\ = "131473"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\InprocServer32\ = "C:\\Windows\\dbplugin.ocx"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}\1.0\HELPDIR\ = "C:\\Windows\\"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\ = "_IdnlplayerEvents"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.dnl\Version = "6101"	dtaplugin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Webplugin.dnlplayer.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Webplugin.dnlplayer\ = "dnlplayer Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\TypeLib\ = "{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\ProgID\ = "Webplugin.dnlplayer.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\ = "Idnlplayer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\ToolboxBitmap32\ = "C:\\Windows\\dbplugin.ocx, 101"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\ = "dnlplayer Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\ = "Idnlplayer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.dnl	dtaplugin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dnlfile	dtaplugin.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Webplugin.dnlplayer.1\CLSID\ = "{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DE5B908-033C-4998-AC7D-09417284063D}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{479A14A3-3C6F-4837-A8FB-5AA57A2D8A8F}\TypeLib\ = "{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\VersionIndependentProgID\ = "Webplugin.dnlplayer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BFCFF69A-A7E0-44E3-94C1-8FD047EC2044}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{164B406B-0FD6-4E7F-BA7E-64D227D4CA37}\VersionIndependentProgID	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4796	46cfcfe1ae7c9db47e1228ee5f55734c_JaffaCakes118.exe
4796	46cfcfe1ae7c9db47e1228ee5f55734c_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 4936	4796	46cfcfe1ae7c9db47e1228ee5f55734c_JaffaCakes118.exe	84
PID 4796 wrote to memory of 4936	4796	46cfcfe1ae7c9db47e1228ee5f55734c_JaffaCakes118.exe	84
PID 4796 wrote to memory of 4936	4796	46cfcfe1ae7c9db47e1228ee5f55734c_JaffaCakes118.exe	84
PID 4936 wrote to memory of 3048	4936	d_mind-power-secrets.exe	85
PID 4936 wrote to memory of 3048	4936	d_mind-power-secrets.exe	85
PID 4936 wrote to memory of 3048	4936	d_mind-power-secrets.exe	85
PID 4936 wrote to memory of 2192	4936	d_mind-power-secrets.exe	86
PID 4936 wrote to memory of 2192	4936	d_mind-power-secrets.exe	86
PID 4936 wrote to memory of 2192	4936	d_mind-power-secrets.exe	86
PID 4936 wrote to memory of 3560	4936	d_mind-power-secrets.exe	87
PID 4936 wrote to memory of 3560	4936	d_mind-power-secrets.exe	87
PID 4936 wrote to memory of 3560	4936	d_mind-power-secrets.exe	87
PID 4936 wrote to memory of 2004	4936	d_mind-power-secrets.exe	88
PID 4936 wrote to memory of 2004	4936	d_mind-power-secrets.exe	88
PID 4936 wrote to memory of 2004	4936	d_mind-power-secrets.exe	88
PID 4936 wrote to memory of 1728	4936	d_mind-power-secrets.exe	91
PID 4936 wrote to memory of 1728	4936	d_mind-power-secrets.exe	91
PID 4936 wrote to memory of 1728	4936	d_mind-power-secrets.exe	91

C:\Users\Admin\AppData\Local\Temp\46cfcfe1ae7c9db47e1228ee5f55734c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\46cfcfe1ae7c9db47e1228ee5f55734c_JaffaCakes118.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Users\Admin\AppData\Local\Temp\ESW7782.tmp\d_mind-power-secrets.exe
  C:\Users\Admin\AppData\Local\Temp\ESW7782.tmp\d_mind-power-secrets.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4936
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32.exe /s C:\Windows\dbplugin.ocx
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:3048
- - C:\Windows\dtaplugin.exe
    C:\Windows\dtaplugin.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Modifies registry class
    PID:2192
- - C:\Users\Admin\AppData\Local\Temp\dbxesellerate.exe
    "C:\Users\Admin\AppData\Local\Temp\dbxesellerate.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    PID:3560
- - C:\Users\Admin\AppData\Local\Temp\dbxdigitalriver.exe
    "C:\Users\Admin\AppData\Local\Temp\dbxdigitalriver.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    PID:2004
- - C:\Windows\dbplugin.exe
    C:\Windows\dbplugin.exe C:\Users\Admin\Documents\My eBooks\d_mind-power-secrets.dnl
    3⤵
    - Executes dropped EXE
    PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ESW7782.tmp\d_mind-power-secrets.exe

Filesize
1.2MB

MD5
b4c36ee666335a9dcbc58695938b5e43

SHA1
1ec31e48ba94cbfebb88d1836c3469d137e1ebc5

SHA256
f95ee02d25f3b76fcab82406611c0154015042ed0b8175895e4aa004986cb4f5

SHA512
1212e982c275f3c085dc698d1daf1bc6f6134b70fe974f2d493b5ff25bb355b1d3730f952385008f1de3775d4cf890a0c87af9f59279bb0976ee3850fb474480

Download Submit
C:\Users\Admin\AppData\Local\Temp\dbxdigitalriver.exe

Filesize
118KB

MD5
200c381c27454cf5d650bebd1bcb68d8

SHA1
23197f27d5fd29b5fc55c5da3b3f22d3d9d04da8

SHA256
342357024b552323448997a0a376453417ecb44932d7a2404e686c6a8bf26325

SHA512
324e65c1a3dc55d0884aac0b680298e5cd200a9408b8e4e8d5dd5b44f7f9778d7e158d5d1ab644114fc911ffa0d3b7107f4d6c9c8a9dff5c684a6b21a02d5ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\dbxesellerate.exe

Filesize
179KB

MD5
dfa10cd63cbe131a9e7ad0ebd95fdb72

SHA1
b3e7ed049945ae12eb014228a14878d64dd2bfbc

SHA256
5f6f1e24e225d79040bcae9b796a5285e1ee19c48bbe32528a5e2ae3a8e2ec1a

SHA512
8915ce0a0d0a6b737a48311385ec7b3f1d72fba80f12182e5a314b7f04516a40be2ffe2e97dd6ab5941c9e2670d8c5a9eb4af5ce05bec5f8ec353ec62b1fa2a1

Download Submit
C:\Users\Admin\Documents\My eBooks\d_mind-power-secrets.dnl

Filesize
298KB

MD5
ef07c18a2c9c42f80baf1724121a9812

SHA1
7ca2fa86ca1400535099ae95d09ba2dac8e8973e

SHA256
8e7b8a84f0a2a5029c1889f83d19952b6daac23b5352201468b206b334a8ef84

SHA512
a8ad5cc2266a9b13d83fa2ceb97404663febd3cfdca558e0e953940bd7274a3c2fa03dd0436f24e558c3c6150fd8d607fef34bf91fa57c90f3c3f489057e5110

Download Submit
C:\Windows\dbplugin.exe

Filesize
623KB

MD5
333a5b555ca793078496ac86928e501a

SHA1
cd4971fd99847835915c98bab32e6aa1ea4d9216

SHA256
0da307a784f85d9e8acc328e19d9cc70ad873c1bebfc9de283112376e793a92d

SHA512
7de7bb4ded9591ceaaf0650c773c940b0755bf6c1460c6fab2425a6131a98e9f6205a5a3aefe8c737e5bcdf8276813153937e88c62cb464a93cd0d67f59f9075

Download Submit
C:\Windows\dbplugin.ocx

Filesize
2.3MB

MD5
5c4c18ab65f483c7e2213b64fb6a9e7c

SHA1
eb9ac7d2f5b760d0b5d8ca6875dc9dc4b4c187ab

SHA256
af00db56241bbb65158b68f25558ac368b8ed8e70643a5649d980d724d8c4285

SHA512
e785002ed8a85627d1c32a8a99b66eb74530a07a2a3cc5c506695cf13dd89d6043367645ecb3051018916961cfee5116b276a6e958185fc99ade021163513cbe

Download Submit
C:\Windows\dtaplugin.exe

Filesize
652KB

MD5
3db5dae0096410772cadf1b711d7187e

SHA1
cb5d564a99e9efb043ae2deca9d47e70aaa77294

SHA256
c55f1e8fc037f0b1575ef793095f061c9d391c4a9abee9b15862cd47fa0a6c02

SHA512
fb7e9e94842747ec207005b2020596ecec2bd5f5d64b569d5e2e9ff6b571d615ffba380cb72ec84a312ced5ddd51c1cd6f94b9031033fc79497c6443270c576f

Download Submit
memory/2004-26-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2004-39-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3560-20-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3560-30-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/4936-35-0x0000000000400000-0x0000000000822000-memory.dmp

Filesize
4.1MB

Download
memory/4936-4-0x0000000000400000-0x0000000000822000-memory.dmp

Filesize
4.1MB

Download