gh0strat | 8857e1127d2d06b194a0b7767a648b1f125984fd7b575a59d328a50f498c3695

Resubmissions

15-08-2023 16:13

230815-tn5swsbg58 10

15-08-2023 16:07

230815-tkykeadf8s 1

Analysis

max time kernel
229s
max time network
416s
platform
windows10-1703_x64
resource
win10-20230703-ja
resource tags

arch:x64arch:x86image:win10-20230703-jalocale:ja-jpos:windows10-1703-x64systemwindows
submitted
15-08-2023 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pleg.zip
Size

122.9MB
MD5

9fa65e4744953f8863f8ecd59b0043f3
SHA1

7ce01b3a3f9d942fbb29c09456162a4c679e05bc
SHA256

8857e1127d2d06b194a0b7767a648b1f125984fd7b575a59d328a50f498c3695
SHA512

6c519ffa890391479793582e96782aeb09dbf709662b9b31a70e755e066db71716d35abe2d69881eb9712097b2514e6d99df4cbe3cf94c8d7c3aebc328199be1
SSDEEP

3145728:EKlxbiwxzfmBibpn5e42h/r3w2cIDwppwDBe3oEbd7:EkIii42h/r3r1uwgZ7

Score

10^/10

gh0strat mimikatz purplefox xorddos botnet cryptone downloader packer rat rootkit trojan upx vmprotect

Malware Config

Extracted

Family

xorddos

Attributes

crc_polynomial
EDB88320

Signatures

Detect PurpleFox Rootkit 6 IoCs

Detect PurpleFox Rootkit.

rootkit

resource	yara_rule
behavioral2/memory/5080-9070-0x0000000010000000-0x00000000101B9000-memory.dmp	purplefox_rootkit
behavioral2/memory/5080-9073-0x0000000010000000-0x00000000101B9000-memory.dmp	purplefox_rootkit
behavioral2/memory/5080-9111-0x0000000010000000-0x00000000101B9000-memory.dmp	purplefox_rootkit
behavioral2/memory/2752-9119-0x0000000010000000-0x00000000101B9000-memory.dmp	purplefox_rootkit
behavioral2/memory/3304-9141-0x0000000010000000-0x00000000101B9000-memory.dmp	purplefox_rootkit
behavioral2/memory/3304-9298-0x0000000010000000-0x00000000101B9000-memory.dmp	purplefox_rootkit

Gh0st RAT payload 12 IoCs

resource	yara_rule
behavioral2/files/0x000600000001b3ba-4292.dat	family_gh0strat
behavioral2/files/0x000600000001b3ba-4293.dat	family_gh0strat
behavioral2/files/0x000600000001b418-8991.dat	family_gh0strat
behavioral2/files/0x000600000001b418-9007.dat	family_gh0strat
behavioral2/memory/5080-9070-0x0000000010000000-0x00000000101B9000-memory.dmp	family_gh0strat
behavioral2/memory/5080-9073-0x0000000010000000-0x00000000101B9000-memory.dmp	family_gh0strat
behavioral2/memory/5080-9111-0x0000000010000000-0x00000000101B9000-memory.dmp	family_gh0strat
behavioral2/memory/2752-9119-0x0000000010000000-0x00000000101B9000-memory.dmp	family_gh0strat
behavioral2/files/0x000a00000001b4fa-9128.dat	family_gh0strat
behavioral2/memory/3304-9141-0x0000000010000000-0x00000000101B9000-memory.dmp	family_gh0strat
behavioral2/files/0x000a00000001b4fa-9129.dat	family_gh0strat
behavioral2/memory/3304-9298-0x0000000010000000-0x00000000101B9000-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat
Mimikatz
mimikatz is an open source tool to dump credentials on Windows.
mimikatz
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
rootkit trojan purplefox
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 2 IoCs

resource	yara_rule
behavioral2/files/0x000600000001b054-2329.dat	family_xorddos
behavioral2/files/0x000600000001b054-2330.dat	family_xorddos

CryptOne packer 4 IoCs

Detects CryptOne packer defined in NCC blogpost.

cryptone packer

resource	yara_rule
behavioral2/files/0x000600000001b05c-3279.dat	cryptone
behavioral2/files/0x000600000001b05c-3278.dat	cryptone
behavioral2/files/0x000600000001b3f8-8323.dat	cryptone
behavioral2/files/0x000600000001b3f8-8324.dat	cryptone

mimikatz is an open source tool to dump credentials on Windows 2 IoCs

resource	yara_rule
behavioral2/files/0x000600000001b400-1856.dat	mimikatz
behavioral2/files/0x000600000001b401-1858.dat	mimikatz

ACProtect 1.3x - 1.4x DLL software 20 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x000600000001b3ea-1820.dat	acprotect
behavioral2/files/0x000600000001b49e-2265.dat	acprotect
behavioral2/files/0x000600000001b49e-2264.dat	acprotect
behavioral2/files/0x000600000001b49e-2275.dat	acprotect
behavioral2/files/0x000600000001b49e-2284.dat	acprotect
behavioral2/files/0x000600000001b49e-2292.dat	acprotect
behavioral2/files/0x000600000001b49e-2300.dat	acprotect
behavioral2/files/0x000600000001b49e-2306.dat	acprotect
behavioral2/files/0x000600000001b06d-3283.dat	acprotect
behavioral2/files/0x000600000001b06d-3282.dat	acprotect
behavioral2/files/0x000600000001b3bc-4297.dat	acprotect
behavioral2/files/0x000600000001b3bc-4296.dat	acprotect
behavioral2/files/0x000600000001b3ea-7256.dat	acprotect
behavioral2/files/0x000600000001b3ea-7255.dat	acprotect
behavioral2/files/0x000600000001b409-8327.dat	acprotect
behavioral2/files/0x000600000001b409-8326.dat	acprotect
behavioral2/files/0x000600000001b4fb-9130.dat	acprotect
behavioral2/files/0x000600000001b4fb-9132.dat	acprotect
behavioral2/files/0x000600000001b4ec-9289.dat	acprotect
behavioral2/files/0x000600000001b4ec-9288.dat	acprotect

Executes dropped EXE 16 IoCs

pid	Process
4684	〓狼情〓企业（VIP）尊享版2022美化版.exe
4636	〓狼情〓企业（VIP）尊享版2022最新版.exe
4172	〓狼情〓企业（VIP）尊享版2022最新版.exe
4152	〓狼情〓企业（VIP）尊享版2022美化版.exe
2448	〓狼情〓企业（VIP）尊享版2022最新版.exe
1360	〓狼情〓企业（VIP）尊享版2022美化版.exe
1296	Client.exe
2792	生成器.exe
4768	分控.exe
3944	Client.exe
4760	Mushroom head.exe
4240	控制端.exe
4376	Plug 1.2.exe
4648	Plug 1.2.exe
3644	Client.exe
2508	Client.exe

Loads dropped DLL 10 IoCs

pid	Process
4684	〓狼情〓企业（VIP）尊享版2022美化版.exe
4636	〓狼情〓企业（VIP）尊享版2022最新版.exe
4172	〓狼情〓企业（VIP）尊享版2022最新版.exe
4152	〓狼情〓企业（VIP）尊享版2022美化版.exe
2448	〓狼情〓企业（VIP）尊享版2022最新版.exe
1360	〓狼情〓企业（VIP）尊享版2022美化版.exe
3944	Client.exe
4760	Mushroom head.exe
3644	Client.exe
2508	Client.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000600000001b3ea-1820.dat	upx
behavioral2/files/0x000600000001b404-1864.dat	upx
behavioral2/files/0x000600000001b49c-2142.dat	upx
behavioral2/files/0x000600000001b49e-2265.dat	upx
behavioral2/files/0x000600000001b49e-2264.dat	upx
behavioral2/memory/4684-2268-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/4684-2272-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b49e-2275.dat	upx
behavioral2/memory/4636-2278-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/4636-2282-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b49e-2284.dat	upx
behavioral2/memory/4172-2285-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/4172-2290-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b49e-2292.dat	upx
behavioral2/memory/4152-2293-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/4152-2298-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b49e-2300.dat	upx
behavioral2/memory/2448-2303-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b49e-2306.dat	upx
behavioral2/memory/1360-2307-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/1360-2313-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/2448-2316-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b06d-3283.dat	upx
behavioral2/memory/3944-3285-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b06d-3282.dat	upx
behavioral2/memory/3944-3950-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b3bc-4297.dat	upx
behavioral2/memory/4760-4299-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b3bc-4296.dat	upx
behavioral2/memory/4760-4891-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b3ea-7256.dat	upx
behavioral2/files/0x000600000001b3ea-7255.dat	upx
behavioral2/memory/3644-7257-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/3644-8049-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/2508-8329-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b409-8327.dat	upx
behavioral2/files/0x000600000001b409-8326.dat	upx
behavioral2/memory/2508-8666-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/5080-9062-0x0000000010000000-0x00000000101B9000-memory.dmp	upx
behavioral2/memory/5080-9070-0x0000000010000000-0x00000000101B9000-memory.dmp	upx
behavioral2/memory/5080-9073-0x0000000010000000-0x00000000101B9000-memory.dmp	upx
behavioral2/memory/5080-9111-0x0000000010000000-0x00000000101B9000-memory.dmp	upx
behavioral2/memory/2752-9119-0x0000000010000000-0x00000000101B9000-memory.dmp	upx
behavioral2/files/0x000600000001b4fb-9130.dat	upx
behavioral2/memory/4276-9133-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/4276-9140-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b4fb-9132.dat	upx
behavioral2/memory/3304-9141-0x0000000010000000-0x00000000101B9000-memory.dmp	upx
behavioral2/files/0x000600000001b4ec-9289.dat	upx
behavioral2/memory/1068-9291-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/1068-9293-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/files/0x000600000001b4ec-9288.dat	upx
behavioral2/memory/3304-9298-0x0000000010000000-0x00000000101B9000-memory.dmp	upx
behavioral2/memory/4276-9387-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/1068-9779-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/4276-10055-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/2740-11708-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/2740-12805-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/4952-13364-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/4952-13810-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/3348-14472-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3348-14592-0x0000000000400000-0x0000000000466000-memory.dmp	upx
behavioral2/memory/3936-15377-0x0000000010000000-0x000000001003B000-memory.dmp	upx
behavioral2/memory/3936-15381-0x0000000010000000-0x000000001003B000-memory.dmp	upx

VMProtect packed file 6 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/2740-11698-0x0000000000400000-0x0000000001275000-memory.dmp	vmprotect
behavioral2/memory/2740-11729-0x0000000000400000-0x0000000001275000-memory.dmp	vmprotect
behavioral2/memory/2740-12061-0x0000000000400000-0x0000000001275000-memory.dmp	vmprotect
behavioral2/memory/2740-12810-0x0000000000400000-0x0000000001275000-memory.dmp	vmprotect
behavioral2/memory/4952-13786-0x0000000000400000-0x0000000001275000-memory.dmp	vmprotect
behavioral2/memory/4952-13817-0x0000000000400000-0x0000000001275000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1296	Client.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\控制端.INI	控制端.exe
File opened for modification	C:\Windows\Client.INI	Client.exe
File opened for modification	C:\Windows\Mushroom head.INI	Mushroom head.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3212	4376	WerFault.exe	90
3900	4648	WerFault.exe	93

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4356	PING.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1296	Client.exe
1296	Client.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3644	Client.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4664	7zG.exe
Token: 35	4664	7zG.exe
Token: SeSecurityPrivilege	4664	7zG.exe
Token: SeSecurityPrivilege	4664	7zG.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
4664	7zG.exe
3944	Client.exe
3944	Client.exe
4760	Mushroom head.exe
4760	Mushroom head.exe
4376	Plug 1.2.exe
4648	Plug 1.2.exe
3644	Client.exe
3644	Client.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
3944	Client.exe
3944	Client.exe
4760	Mushroom head.exe
4760	Mushroom head.exe
4376	Plug 1.2.exe
4648	Plug 1.2.exe
3644	Client.exe
3644	Client.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
4684	〓狼情〓企业（VIP）尊享版2022美化版.exe
4636	〓狼情〓企业（VIP）尊享版2022最新版.exe
4172	〓狼情〓企业（VIP）尊享版2022最新版.exe
4152	〓狼情〓企业（VIP）尊享版2022美化版.exe
2448	〓狼情〓企业（VIP）尊享版2022最新版.exe
1360	〓狼情〓企业（VIP）尊享版2022美化版.exe
3944	Client.exe
3944	Client.exe
3944	Client.exe
3944	Client.exe
4760	Mushroom head.exe
4760	Mushroom head.exe
4760	Mushroom head.exe
4760	Mushroom head.exe
4240	控制端.exe
4240	控制端.exe
4376	Plug 1.2.exe
4376	Plug 1.2.exe
4376	Plug 1.2.exe
4376	Plug 1.2.exe
4376	Plug 1.2.exe
4648	Plug 1.2.exe
4648	Plug 1.2.exe
4648	Plug 1.2.exe
4648	Plug 1.2.exe
4648	Plug 1.2.exe
3644	Client.exe
3644	Client.exe
3644	Client.exe
3644	Client.exe
2508	Client.exe
2508	Client.exe
2508	Client.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\pleg.zip
1⤵
PID:3384

C:\Windows\System32\IME\SHARED\imebroker.exe
C:\Windows\System32\IME\SHARED\imebroker.exe -Embedding
1⤵
PID:1780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1068

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\pleg\" -spe -an -ai#7zMap7418:88:7zEvent22625
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4664

C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4684

C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4636

C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4172

C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4152

C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\pleg\2\2\Client.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\2\2\Client.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1296

C:\Users\Admin\AppData\Local\Temp\pleg\2\2\生成器.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\2\2\生成器.exe"
1⤵
- Executes dropped EXE
PID:2792

C:\Users\Admin\AppData\Local\Temp\pleg\2\2\分控.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\2\2\分控.exe"
1⤵
- Executes dropped EXE
PID:4768

C:\Users\Admin\AppData\Local\Temp\pleg\3\3\3\Bin\Client.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\3\3\3\Bin\Client.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3944

C:\Users\Admin\AppData\Local\Temp\pleg\Bin(1)\Bin(1)\Bin\Mushroom head.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\Bin(1)\Bin(1)\Bin\Mushroom head.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4760

C:\Users\Admin\AppData\Local\Temp\pleg\CkDdos\CkDdos\控制端.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\CkDdos\CkDdos\控制端.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4240

C:\Users\Admin\AppData\Local\Temp\pleg\Plug 1.2\Plug 1.2\Plug 1.2.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\Plug 1.2\Plug 1.2\Plug 1.2.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4376
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 1140
  2⤵
  - Program crash
  PID:3212

C:\Users\Admin\AppData\Local\Temp\pleg\Plug 1.2\Plug 1.2\Plug 1.2.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\Plug 1.2\Plug 1.2\Plug 1.2.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 1128
  2⤵
  - Program crash
  PID:3900

C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Client.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Client.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3644

C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Client.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Client.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\pleg\v9.5\v9.5\Bin.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\v9.5\v9.5\Bin.exe"
1⤵
PID:4244
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\svchost.exe"
  2⤵
  PID:5080
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\RarSFX0\svchost.exe > nul
    3⤵
    PID:1224
  - - C:\Windows\SysWOW64\PING.EXE
      ping -n 2 127.0.0.1
      4⤵
      Runs ping.exe
      PID:4356
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\大灰狼远程管理软件 v9.5.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\大灰狼远程管理软件 v9.5.exe"
  2⤵
  PID:4276

C:\Windows\SysWOW64\Vnfvn.exe
C:\Windows\SysWOW64\Vnfvn.exe -auto
1⤵
PID:2752
- C:\Windows\SysWOW64\Vnfvn.exe
  C:\Windows\SysWOW64\Vnfvn.exe -acsi
  2⤵
  PID:3304

C:\Users\Admin\AppData\Local\Temp\pleg\火云DDoS集群网站攻击软件_VIP穿透破防版解压密码：360\火云DDoS集群网站攻击软件 VIP穿透破防版\火云DDoS集群网站攻击软件 VIP穿透破防版.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\火云DDoS集群网站攻击软件_VIP穿透破防版解压密码：360\火云DDoS集群网站攻击软件 VIP穿透破防版\火云DDoS集群网站攻击软件 VIP穿透破防版.exe"
1⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\pleg\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\生成器.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\生成器.exe"
1⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\pleg\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\相约巴黎ddos.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\相约巴黎ddos.exe"
1⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\pleg\台风DDOS集群[领航网络修改去后门版]\台风DDOS集群[领航网络修改去后门版]\生成器.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\台风DDOS集群[领航网络修改去后门版]\台风DDOS集群[领航网络修改去后门版]\生成器.exe"
1⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\pleg\大灰狼2018版-控件\大灰狼2018版\乌龙寺.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\大灰狼2018版-控件\大灰狼2018版\乌龙寺.exe"
1⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\pleg\大灰狼2018版-控件\大灰狼2018版\乌龙寺.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\大灰狼2018版-控件\大灰狼2018版\乌龙寺.exe"
1⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\pleg\大客户4.0\主控.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\大客户4.0\主控.exe"
1⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\pleg\大客户CC3.0\DDosClient.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\大客户CC3.0\DDosClient.exe"
1⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\pleg\天罚DDoS-v7版本\天罚V7集群压力测试系统\天罚V7集群压力测试系统.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\天罚DDoS-v7版本\天罚V7集群压力测试系统\天罚V7集群压力测试系统.exe"
1⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\pleg\傀儡机驱动级复活DDoS攻击穿透破防版\傀儡机驱动级复活DDoS攻击穿透破防版\傀儡机驱动级复活DDoS攻击穿透破防版.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\傀儡机驱动级复活DDoS攻击穿透破防版\傀儡机驱动级复活DDoS攻击穿透破防版\傀儡机驱动级复活DDoS攻击穿透破防版.exe"
1⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\pleg\华中修改的天罚\jdahjksha34\集群.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\华中修改的天罚\jdahjksha34\集群.exe"
1⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\pleg\华中修改的天罚\jdahjksha34\集群.exe
"C:\Users\Admin\AppData\Local\Temp\pleg\华中修改的天罚\jdahjksha34\集群.exe"
1⤵
PID:1184

C:\Users\Admin\Desktop\集群.exe
"C:\Users\Admin\Desktop\集群.exe"
1⤵
PID:2932
- C:\Users\Admin\Desktop\集群.exe
  "C:\Users\Admin\Desktop\集群.exe"
  2⤵
  PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\svchost.exe

Filesize
2.8MB

MD5
41f932a60d920b888a92c162a548d913

SHA1
f3b64736c7616f1c06a975e670ef7ee08c80289e

SHA256
da0b486cf8801e268cf3019a689cf08737e582f35e251e3c89920dcd025d7854

SHA512
6a3a1eecc741e723e22fd02b2112307c1116e8d71d22bbdb29734391c025c2993cb9ae91187c9a5407b6445979a9f60d9b0a7daaa861201ded5dc458857eb20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\svchost.exe

Filesize
2.8MB

MD5
41f932a60d920b888a92c162a548d913

SHA1
f3b64736c7616f1c06a975e670ef7ee08c80289e

SHA256
da0b486cf8801e268cf3019a689cf08737e582f35e251e3c89920dcd025d7854

SHA512
6a3a1eecc741e723e22fd02b2112307c1116e8d71d22bbdb29734391c025c2993cb9ae91187c9a5407b6445979a9f60d9b0a7daaa861201ded5dc458857eb20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\大灰狼远程管理软件 v9.5.exe

Filesize
7.1MB

MD5
460541d5a8e45307e06cedcc14003f8c

SHA1
62d46fe66bbedb525f8738deea13c31ac80ceef4

SHA256
842c8f50a9be5fc32dcc17fc0eef40971cd8b62b12349fe36a0a4e8a1b0bacee

SHA512
3c14a0d77d54741c44d1f9a32e075811138559e8485520859b2ba1939af0b2d37536bb1cf8f59bbf321b9f02b7b9d275c51aa93e24698e12d69bbcd709787456

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\大灰狼远程管理软件 v9.5.exe

Filesize
7.1MB

MD5
460541d5a8e45307e06cedcc14003f8c

SHA1
62d46fe66bbedb525f8738deea13c31ac80ceef4

SHA256
842c8f50a9be5fc32dcc17fc0eef40971cd8b62b12349fe36a0a4e8a1b0bacee

SHA512
3c14a0d77d54741c44d1f9a32e075811138559e8485520859b2ba1939af0b2d37536bb1cf8f59bbf321b9f02b7b9d275c51aa93e24698e12d69bbcd709787456

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe

Filesize
4.2MB

MD5
08420827ad509b93e1128c13781bc101

SHA1
e86172ab48f6638772cc6d666ade2318d306f735

SHA256
e7e409ba875abb219146744c7b32b715eaf3d5e7e785b2dea76fe4ea6272ca0f

SHA512
705703a2ad34e79a7527ad8367bcdcf47674440a6533eef262996ce22a3ffcbe8fff2afc9a7a920c962844d4c218f3976e8e93d5ed388220b89f360f92ed4e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe

Filesize
4.2MB

MD5
08420827ad509b93e1128c13781bc101

SHA1
e86172ab48f6638772cc6d666ade2318d306f735

SHA256
e7e409ba875abb219146744c7b32b715eaf3d5e7e785b2dea76fe4ea6272ca0f

SHA512
705703a2ad34e79a7527ad8367bcdcf47674440a6533eef262996ce22a3ffcbe8fff2afc9a7a920c962844d4c218f3976e8e93d5ed388220b89f360f92ed4e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe

Filesize
4.2MB

MD5
08420827ad509b93e1128c13781bc101

SHA1
e86172ab48f6638772cc6d666ade2318d306f735

SHA256
e7e409ba875abb219146744c7b32b715eaf3d5e7e785b2dea76fe4ea6272ca0f

SHA512
705703a2ad34e79a7527ad8367bcdcf47674440a6533eef262996ce22a3ffcbe8fff2afc9a7a920c962844d4c218f3976e8e93d5ed388220b89f360f92ed4e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022最新版.exe

Filesize
4.2MB

MD5
08420827ad509b93e1128c13781bc101

SHA1
e86172ab48f6638772cc6d666ade2318d306f735

SHA256
e7e409ba875abb219146744c7b32b715eaf3d5e7e785b2dea76fe4ea6272ca0f

SHA512
705703a2ad34e79a7527ad8367bcdcf47674440a6533eef262996ce22a3ffcbe8fff2afc9a7a920c962844d4c218f3976e8e93d5ed388220b89f360f92ed4e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe

Filesize
5.4MB

MD5
ec30c5ad8a8965e6a24b1ca5db4c229f

SHA1
cdb10c13cd848e9ce3461995463789008ae9fb5d

SHA256
62551f66a02ec0ef9a3a6cf2c5e2248a4e5ed29b93a796184fd07da2e20c762a

SHA512
e695845ec84a345c913d1867f6558b437a1324466bc2b458853ba1559d61d05a92b54f9e6c4902c9d84a74b935622f15daee7ed6cb68a799d7fd394d708ea4a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe

Filesize
5.4MB

MD5
ec30c5ad8a8965e6a24b1ca5db4c229f

SHA1
cdb10c13cd848e9ce3461995463789008ae9fb5d

SHA256
62551f66a02ec0ef9a3a6cf2c5e2248a4e5ed29b93a796184fd07da2e20c762a

SHA512
e695845ec84a345c913d1867f6558b437a1324466bc2b458853ba1559d61d05a92b54f9e6c4902c9d84a74b935622f15daee7ed6cb68a799d7fd394d708ea4a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe

Filesize
5.4MB

MD5
ec30c5ad8a8965e6a24b1ca5db4c229f

SHA1
cdb10c13cd848e9ce3461995463789008ae9fb5d

SHA256
62551f66a02ec0ef9a3a6cf2c5e2248a4e5ed29b93a796184fd07da2e20c762a

SHA512
e695845ec84a345c913d1867f6558b437a1324466bc2b458853ba1559d61d05a92b54f9e6c4902c9d84a74b935622f15daee7ed6cb68a799d7fd394d708ea4a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\1\1\〓狼情〓企业（VIP）尊享版2022美化版.exe

Filesize
5.4MB

MD5
ec30c5ad8a8965e6a24b1ca5db4c229f

SHA1
cdb10c13cd848e9ce3461995463789008ae9fb5d

SHA256
62551f66a02ec0ef9a3a6cf2c5e2248a4e5ed29b93a796184fd07da2e20c762a

SHA512
e695845ec84a345c913d1867f6558b437a1324466bc2b458853ba1559d61d05a92b54f9e6c4902c9d84a74b935622f15daee7ed6cb68a799d7fd394d708ea4a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\2\2\Client.exe

Filesize
2.9MB

MD5
1cb5a3a4439bd5590e438eeb412183a0

SHA1
19322c41cc2063743f30cc5c0182bce0f23d5c56

SHA256
1d1a82602fe0e2126e107bd3447fe4f253a7c1dbc956a3af60d6760596c064b2

SHA512
7bb362a00e7c64bd63ab00b243f8a2c0d114b3df29b464b82f49850577c95c34a1a5d84df486983901f6388e2a16b3207250dd9025721a8b136c367471be549e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\2\2\Client.exe

Filesize
2.9MB

MD5
1cb5a3a4439bd5590e438eeb412183a0

SHA1
19322c41cc2063743f30cc5c0182bce0f23d5c56

SHA256
1d1a82602fe0e2126e107bd3447fe4f253a7c1dbc956a3af60d6760596c064b2

SHA512
7bb362a00e7c64bd63ab00b243f8a2c0d114b3df29b464b82f49850577c95c34a1a5d84df486983901f6388e2a16b3207250dd9025721a8b136c367471be549e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\2\2\client.ini

Filesize
21B

MD5
d7d92f41e4299ebd5ad489bb7a92aa0b

SHA1
dc350aa44f67ee2546855c4df0465d666538cbbf

SHA256
898b6ac62f2e7327fdef09ee089b109e56186c8ebf59e1db238f5f74c1cece76

SHA512
2bdca78c54088c86c218629ac42c992c239ae0b018b2430beb67a2bbee7cf35774518a451b0a7a51cb229477bddb5f73c08a6f4256fa49470dd3c598a6089038

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\2\2\分控.exe

Filesize
3.6MB

MD5
52e969b6c402bf03a6a70b1bb518b125

SHA1
f09826129410a6cc9f8c7a14fcd6dedf51ae6914

SHA256
64cd35199272f7f8a4a5b7cc1b8d2dba04785b6adb3457792624ca28117cfc70

SHA512
885fb7951ad9bbbfc742894677c90256dfe457a26d6169d309fc9ccb245bff89c7f2ecbc2b405952ee8a33190041ccb76061990dc34f85664e44c8b30c64813e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\2\2\分控.exe

Filesize
3.6MB

MD5
52e969b6c402bf03a6a70b1bb518b125

SHA1
f09826129410a6cc9f8c7a14fcd6dedf51ae6914

SHA256
64cd35199272f7f8a4a5b7cc1b8d2dba04785b6adb3457792624ca28117cfc70

SHA512
885fb7951ad9bbbfc742894677c90256dfe457a26d6169d309fc9ccb245bff89c7f2ecbc2b405952ee8a33190041ccb76061990dc34f85664e44c8b30c64813e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\2\2\生成器.exe

Filesize
2.8MB

MD5
eab0773372614ace2abf754cccc82f85

SHA1
6fa7ab49317c994ea692939bc932560e74dbf5d9

SHA256
09ccceae67f1defb52d0fef2c990520331990e3055e77c3e821d16cad7eff38f

SHA512
addaa962b78e2d5094d167b79e2ab3c482e6c11ec6878c635f488136e83bcf8c72626eb025338c265112a9f0e6ed2be32c9a88125c9b6986d3b6bee320f75a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\2\2\生成器.exe

Filesize
2.8MB

MD5
eab0773372614ace2abf754cccc82f85

SHA1
6fa7ab49317c994ea692939bc932560e74dbf5d9

SHA256
09ccceae67f1defb52d0fef2c990520331990e3055e77c3e821d16cad7eff38f

SHA512
addaa962b78e2d5094d167b79e2ab3c482e6c11ec6878c635f488136e83bcf8c72626eb025338c265112a9f0e6ed2be32c9a88125c9b6986d3b6bee320f75a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\3\3\3\Bin\Client.exe

Filesize
6.3MB

MD5
8dc390b6bd48dbaf8e38670e1e5e3000

SHA1
79e429e5c84e1fdd97a0a36618d9191210ed8afe

SHA256
4054a34697c59b3aeca7214b2fd18896a4df983f72d5d323fa6c69ebfe72b2e7

SHA512
6380c869d2ce58f41e6b926a60ee64f1268e6ae58f249583b3f5e4f46b0429ba32883c05879da6592c97d6e69677a216c9556343a81f420b7143baf193c025c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\3\3\3\Bin\Client.exe

Filesize
6.3MB

MD5
8dc390b6bd48dbaf8e38670e1e5e3000

SHA1
79e429e5c84e1fdd97a0a36618d9191210ed8afe

SHA256
4054a34697c59b3aeca7214b2fd18896a4df983f72d5d323fa6c69ebfe72b2e7

SHA512
6380c869d2ce58f41e6b926a60ee64f1268e6ae58f249583b3f5e4f46b0429ba32883c05879da6592c97d6e69677a216c9556343a81f420b7143baf193c025c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\3\3\3\Bin\Client.ini

Filesize
653B

MD5
47d6b4d9df7a6686c015ce7b13ea88ac

SHA1
b424012ee5109ad28ce201462057a9cce2f7fb63

SHA256
a386f80872324574eb766ade2f5409fb8fbda91b3b889bfb189f5858d0bdad83

SHA512
8e6599d8c4dd64efae042d11c2a6767f4b6e26e995f6b0f72c82f38d7b3a336b0538ea7124e7a14adf786b7622f1e3800bb827932642fdadc1c092e29d58ce2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\3\3\3\Bin\Plugins\QQwry.dat

Filesize
9.9MB

MD5
291956913117d411c5d5c2c423f9d210

SHA1
10e24e198336f95b8d23ee88a35669278224a943

SHA256
404dbb188d91176a0ca0ab172b2a80ddc8c4de4b5fb41817c14823c33168df1b

SHA512
fe14899016d7f8e883641c564b85181ee476511418843fdd81296b9271c237a0e78edf822cda097314e78071c488ac91a071eaa21ce62327a0c8998e8e3ea2d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\3\3\3\Bin\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Client\res\NoCam.ico

Filesize
894B

MD5
dbca18058442697e494d71b2d1e4868e

SHA1
d81383c4b1a6ead26bdc86895da3e7f3fde10ce7

SHA256
788e1e7869f95c5f5892e90c27e0bdb19e6350f0f04308058d8d4a83339e9677

SHA512
813c55ee28393f3a4c0f801cc79b34fa94e1aacc8d5127cb47045e25d465eaf29094cf60f8b010f9d7702820a7676ef63183dd4cb6cf2e1bd3c6235a9a77543a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Client\res\Skins\SkinH.she

Filesize
20KB

MD5
aa236bf564ec453338953c40add9a757

SHA1
f451c7c4b82152b70278cceeaac66089270df2e5

SHA256
32dd4603028c255233fb1bb82f1c8944f01ef5f6ab44ef291c48ba323b8c38d5

SHA512
8a417b2e1ebd642dd9a33efcfd76acb19509d6dd06921354a69a75bb73e316c3a9498a8df8deabf68758292391bfbf7c2d1c618d650c56444acb20b05bf5538a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\127.ico

Filesize
4KB

MD5
a3e0544e819e8f5140dbc75ce1819b89

SHA1
b49b2f6370a6575ddc88dd6104fe76a848b33abe

SHA256
a20738aea9fb523d2e215ae32320ad62754aaf6ed3f734d0de69904e26f21f1d

SHA512
86b3977d86807c8681be5ace38192879bc9a1fc26ea7a87f7d2218f316ea74bf2b3f9a17d2f7950744e87128ac83a0dfa2b934a2dfa37d875d735521307109f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\DriverCode.exe

Filesize
48KB

MD5
3e7da31ced6d137ab12ac8cb4d2a6bee

SHA1
67bb104bfa5c547af8ee3ddccd77f02b324b5696

SHA256
e9484004c55d75ffefd0321ab1e4e05eeb926101334d9453085867e08052b41d

SHA512
315335b7978e9977db15494c5fe863df9d193920404ebfdb48459af4e43ac3b6f0efb8ea6290caf35483a864b5825ba5c590ff7413ab3fe280b3ed6b9abaae09

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\common\Audio.h

Filesize
1KB

MD5
e97f38b1937cbc5e9abec8a49b4bf7a3

SHA1
1cab09a45428d54c35533aab328b79d2ea20b1b4

SHA256
4ef27c6730e866308b92a14d7bed8d60bf10a895617e532079defdac7d66a4cb

SHA512
e6b52bfa10d8136b3776bb966c1bf9b9244c8a9e7e596b6ee3e076e40af53d76fb84f1a3100115d0f5835e6b3cbcb02853feebeb7bf046e2881cdede11b37feb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\common\CursorInfo.h

Filesize
1KB

MD5
afd57c3d22c5fb3bd15dc0ff3ad7ecc6

SHA1
f3c3399a644eea9a83d9474710aca996b9365d59

SHA256
0a697f821013e64e2e5978bbafa347eca880dbc7c8ff61b29e30e38ce5efdb11

SHA512
9c3122722a0e666085aed8f5a77e57ebe24b9b86efdcd322bf24875896510670b0de2aecbe8c38378a20db473e02f5599cb55d568caf3f5ff696dc9ca46879d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\sal.h

Filesize
208KB

MD5
6ec511f91d7f657576c898af044a7600

SHA1
250b11af887f37eac40c2a2822623d77448ba027

SHA256
04bba2805cdea003afa496931c150a272a90b7e999a33d029f20e08e7e333d1c

SHA512
5f95772005a417ff9ab4fac36b1890bb7848792889d3a0e2d66f35832306b2cf4180b5e62a0bb9ec7907733d745a306e58ddf81bf30468da2ef2383bc5255e08

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\Bin(1)\Bin(1)\Bin\Mushroom head.exe

Filesize
7.0MB

MD5
27369a4b81a03ddf58ed42224da2c063

SHA1
60bb59853787c7a046f1e9c8b8cfc9d765cd895f

SHA256
f5ef4feb056b4adad9a4b76beb88dcfa4a151e0cdda5f14569e6f17da3d77d85

SHA512
254953ffc65ba12d860489156828c1087ddd2e4832d101fba0360474d3ddc9d429166ab2494f90931630a2306649ab5d9bc04900eaecf18c5383ea5859a9704d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\Bin(1)\Bin(1)\Bin\Mushroom head.exe

Filesize
7.0MB

MD5
27369a4b81a03ddf58ed42224da2c063

SHA1
60bb59853787c7a046f1e9c8b8cfc9d765cd895f

SHA256
f5ef4feb056b4adad9a4b76beb88dcfa4a151e0cdda5f14569e6f17da3d77d85

SHA512
254953ffc65ba12d860489156828c1087ddd2e4832d101fba0360474d3ddc9d429166ab2494f90931630a2306649ab5d9bc04900eaecf18c5383ea5859a9704d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\Bin(1)\Bin(1)\Bin\Mushroom head.ini

Filesize
403B

MD5
8fe2032df2d4273c7abb31d3647b871f

SHA1
1e18c339688d4ad145c063f5ad9987c35e3a091f

SHA256
67b88e3c896752506d95d48c93961ff013af5fe2fff26559a9b2407a907e52e0

SHA512
7ab453c1bac88c0dc218be8dc78528705c0ffe608b912f373c2b9c049803e0c0bb05a419f1afc1a411bde215b59e3ab5038a164be9dccd05ec75e0830ca9953f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\Bin(1)\Bin(1)\Bin\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\CkDdos\CkDdos\控制端.exe

Filesize
400KB

MD5
cda0f972129bba66d0b43e42b4da5e63

SHA1
ae5be4bbffc08a8252164169465298d1019260f8

SHA256
f6a4869e492ea6b28028979eece2b5718e5cdede9d1f8ac5c9532bea7f23c10e

SHA512
7e378ba6ab33dadc2eb887af1d392fa92fe5e1cd25d2fb786b665d3a8a554a7fcd51eb4a6714daf27fcbf8c9e60e6136b04cada4fc47281826448e1f0e9733d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\CkDdos\CkDdos\控制端.exe

Filesize
400KB

MD5
cda0f972129bba66d0b43e42b4da5e63

SHA1
ae5be4bbffc08a8252164169465298d1019260f8

SHA256
f6a4869e492ea6b28028979eece2b5718e5cdede9d1f8ac5c9532bea7f23c10e

SHA512
7e378ba6ab33dadc2eb887af1d392fa92fe5e1cd25d2fb786b665d3a8a554a7fcd51eb4a6714daf27fcbf8c9e60e6136b04cada4fc47281826448e1f0e9733d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\Plug 1.2\Plug 1.2\Plug 1.2.exe

Filesize
11.8MB

MD5
3e34634dfb70ee7b787279e238b844ec

SHA1
6cab3ee747ad0e614ac2a20018be0fa023ae56ec

SHA256
420f0a60cc096826dc4b374bbacd387309d8657c7f05dd6fc0222542a713c863

SHA512
81d8ffdd7cb8da16aef3a9744c463b716024378f11129b53047b558a35e4403939d7b00bcc3b9b86fd80863a276feccaa3e0f31fb20a37fa1f572b19ee2d463a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\Plug 1.2\Plug 1.2\Plug 1.2.exe

Filesize
11.8MB

MD5
3e34634dfb70ee7b787279e238b844ec

SHA1
6cab3ee747ad0e614ac2a20018be0fa023ae56ec

SHA256
420f0a60cc096826dc4b374bbacd387309d8657c7f05dd6fc0222542a713c863

SHA512
81d8ffdd7cb8da16aef3a9744c463b716024378f11129b53047b558a35e4403939d7b00bcc3b9b86fd80863a276feccaa3e0f31fb20a37fa1f572b19ee2d463a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\Plug 1.2\Plug 1.2\Plug 1.2.exe

Filesize
11.8MB

MD5
3e34634dfb70ee7b787279e238b844ec

SHA1
6cab3ee747ad0e614ac2a20018be0fa023ae56ec

SHA256
420f0a60cc096826dc4b374bbacd387309d8657c7f05dd6fc0222542a713c863

SHA512
81d8ffdd7cb8da16aef3a9744c463b716024378f11129b53047b558a35e4403939d7b00bcc3b9b86fd80863a276feccaa3e0f31fb20a37fa1f572b19ee2d463a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Client.exe

Filesize
7.0MB

MD5
71627b672cf4d3d9582664ab863a0259

SHA1
e08a8b8ee5f03a6566c0eaa6c777b5346183f5ff

SHA256
eb6bc91065fcfb389c6025f96caa3c2438c496bd95d6d7fcab50b3a42b06191d

SHA512
2273a8311b5753deb34ce29ab1306b2b629b8ea94141f2293458a9ebadbba33bab39355a161952240ade8df92cd96092f02b5cb490c786e12f24b2709acf45eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Client.exe

Filesize
7.0MB

MD5
71627b672cf4d3d9582664ab863a0259

SHA1
e08a8b8ee5f03a6566c0eaa6c777b5346183f5ff

SHA256
eb6bc91065fcfb389c6025f96caa3c2438c496bd95d6d7fcab50b3a42b06191d

SHA512
2273a8311b5753deb34ce29ab1306b2b629b8ea94141f2293458a9ebadbba33bab39355a161952240ade8df92cd96092f02b5cb490c786e12f24b2709acf45eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Plugins\Baidu.html

Filesize
2KB

MD5
11d5aedce6a2f649a86491087bffaccb

SHA1
738b6098b7a79bcca6c0aa6e56f03c2d80aa6c04

SHA256
81efecc3a0fe871fe4702ec1a21a96102fd60a09a0f5f712ecc999cdc41c8b35

SHA512
f17c3814ab6211f65227f613738ac5e2a1ed40c733ce1922fa0920815abec6c6bc19d422faa013e282b00d1548dd84f423b0875f95fdb74afe88ff966bca548f

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Plugins\BaiduE.html

Filesize
286B

MD5
9ff7b849cb97fdd76dd5c34803ecc019

SHA1
13698489d67bda5a6bc7704744895554e06564a4

SHA256
842dd0e62dc33289e7e69009aa90785b8f3fa823a8bfc1a25691f89a77fc04d0

SHA512
dcb827769889047753c4bfc3f22fb4e8cc5ef1b3f7000474eb986de168461e0ebd3700bc12293040f9244ba81f9c287409dfccfe79282a5c1885437c73fe13e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Plugins\Gaode.html

Filesize
1KB

MD5
f3cb0870b113e5ab9098b27df10043ed

SHA1
5d23c9846ae060ae5e93393f4541636dfb1f008e

SHA256
7c74ddb95e067b2f35bd7b72b14cf5c025fe671513288667e31cd15d99c82661

SHA512
99e3e81ef1904c4cf5b16224d02000b08ad8f3cd9664ba583c183ff15527bd6b4fe0c0bfb57c0639706bd4cebd5f1ab29c46266e924d49cb25e1356f70593d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Plugins\GaodeE.html

Filesize
286B

MD5
355ad73e776b25aa006f69c0765c582f

SHA1
6817dabce5db2e0b5ddbd49ee0859ab79d3718f9

SHA256
af5a55180f040bb40656092a1ec5f7f537938d3c490ca96f031fa6f1bce4fd38

SHA512
8d91f47271f7c75a0af8d9005dcd60c43309596b55b4d76e42012b5dc2c755061a334f7ac70d4b22165922340bf9a54b27e0f8676d09bbe1dea7f9d9fb17a0b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Skins\SkinH.she

Filesize
6KB

MD5
d185fef6771d204ac1041fedbd1d0448

SHA1
29f48b1cd3058333e5cf8a43d4e40fbecc685b61

SHA256
14e834d99b611c3fe5eb0b85da56fc58d05f0863203142bfc4987805fc601284

SHA512
d9e1acef2bcc46485f4527d98d24dce110be9da892942d17fb776e7e486cb7aaebbeecf73732e08b6617c22b8876466d15889f320a86dc4eb91ba53393f4c2f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Skins\homestead.she

Filesize
30KB

MD5
d76c55cbce4d6e5190f5abe52d7e7c34

SHA1
f75965ed991e0611d066caaa690a01c4f5e1a55c

SHA256
b0d6bf3fec47e6b2d59bb9f86e593539d4a88b3e5a17213421d8d1c493cbb31a

SHA512
ae476ecf06983edd16236dfe37e0577f37beef7d1148be50a9a480c4c6edcd6731821d6f1a808eec4c2906fb05ac6875aad445dc4fc3995009fd96108e938d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Skins\itunes.she

Filesize
44KB

MD5
72961984c3330dfd79cadb71aa6e7ea5

SHA1
3b242c9b876dbfc689d0d8558feeb588b9ce070c

SHA256
4423f7ae0ca2ac9150642cd7b1dd1f464c529c101cf3e5eedeca56a2ac5d6b96

SHA512
f65380e25b04e48558e781a1df0f27ba19bf4960c23d8b1ac6048644fbd528dcbe1a23a74e39120cfa9fa68a81ca98e2774825e5521bef979bde0ac3fe5b9445

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Skins\niceblack.she

Filesize
9KB

MD5
57770a84ef41262815a02427b404438e

SHA1
3f772bdbbf5c38ac1e32c4fc444c4790f6f25869

SHA256
e1640dac4d9899bd6f45049747a044f6e48d0d7f261ee199fe8de15f4c568060

SHA512
5372f2a9c8010872ae4bf7444759b4723485cfeb89357b70df792759f88a83fa3d0fcc98fc8b14bd40497922370051fe7b35ec6337096a5444682a25ec4c4988

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\Skins\qqplayer.she

Filesize
18KB

MD5
07aea25839f5fe3b87a33e3ee3734767

SHA1
0421b354bc4a48fe7ceec385d5925d93d013f85a

SHA256
685e704fd8f530ba71fbe413da4c8c57c433aa3eb504f7abe736a770f76d622c

SHA512
28a3da5466dc8ee1e7120ecdd52d90b868857e8c0050407c4f4a4e5c84ca832074b887671aa97db31799dd4ca21f14ad568e19b84938d67365669e98a8f1fb27

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Cache\Install.dat

Filesize
1.2MB

MD5
211f84bbb8991bb0dc0db6abef4a5978

SHA1
b283903c267d169985df1b21d087615763d38ba3

SHA256
b43ee8666158bfc2caa0f3a9837c337cbbdc246f58a78001f23365c1f0c42732

SHA512
156fd7cc6eaba8463554617a62eb8f74413864c3852c1e1f4ef96e29db76b67a52f1e3a7feaaf5aadacd81f94a5bfe60fafb37c9a27c2b760d0524a0e404c0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Client.exe

Filesize
6.3MB

MD5
8dc390b6bd48dbaf8e38670e1e5e3000

SHA1
79e429e5c84e1fdd97a0a36618d9191210ed8afe

SHA256
4054a34697c59b3aeca7214b2fd18896a4df983f72d5d323fa6c69ebfe72b2e7

SHA512
6380c869d2ce58f41e6b926a60ee64f1268e6ae58f249583b3f5e4f46b0429ba32883c05879da6592c97d6e69677a216c9556343a81f420b7143baf193c025c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Client.exe

Filesize
6.3MB

MD5
8dc390b6bd48dbaf8e38670e1e5e3000

SHA1
79e429e5c84e1fdd97a0a36618d9191210ed8afe

SHA256
4054a34697c59b3aeca7214b2fd18896a4df983f72d5d323fa6c69ebfe72b2e7

SHA512
6380c869d2ce58f41e6b926a60ee64f1268e6ae58f249583b3f5e4f46b0429ba32883c05879da6592c97d6e69677a216c9556343a81f420b7143baf193c025c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Client.ini

Filesize
653B

MD5
47d6b4d9df7a6686c015ce7b13ea88ac

SHA1
b424012ee5109ad28ce201462057a9cce2f7fb63

SHA256
a386f80872324574eb766ade2f5409fb8fbda91b3b889bfb189f5858d0bdad83

SHA512
8e6599d8c4dd64efae042d11c2a6767f4b6e26e995f6b0f72c82f38d7b3a336b0538ea7124e7a14adf786b7622f1e3800bb827932642fdadc1c092e29d58ce2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Plugins\GetPswd32.exe

Filesize
731KB

MD5
6d17bb7e8958d4927296261af95b4cd3

SHA1
1f598160904b136c8b2ac4cf9a0f2aa7358ab861

SHA256
59f9bb49b41f3206b60b4d479000bf9fff7ef73fb1fda55b2eb13231482c8c22

SHA512
c58f2abdc50c33c37534730502ae09df39a0e7d3ae9cd38dfd16d363e4f0e80e6b0193eb44b61bdf8cfa9ebae221d3bdb9a47a6efb9a393dd1360296c1a12f1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Plugins\GetPswd64.exe

Filesize
905KB

MD5
50300de5e4786530ea603224ccbcbb02

SHA1
d343b0019084de2dd882e92a79a872370bc6028f

SHA256
23a243a1ce474c4da90b1003ffcbaf9a3ff25e0787844bfe74c21671fdd8b269

SHA512
a41f0e2140046d1074e444881e7b23f3ba79e304acca4df25dcdb522e0a1ef21b5e64245748d359cad18e4966d76fe622cbc8f542ee1cf2a38f9de5971398b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Plugins\IPUpdate.exe

Filesize
918KB

MD5
450c4149f3f5df5d5024437b49846a64

SHA1
477b9804b1092a99247b0114be3cc95f8d2d2f9d

SHA256
c34e57f55c88fe2d7c5036e82b24c985a55919e116f02adccdd07e4c480f5bf0

SHA512
6861fa968876f75a57076c454598777a0d45347b66df81f31e06147eb57f78c3637eb69bd7488445ce05b0583fcf034c590ccfcf0031f368c786ca3241e66e39

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Plugins\PcLock.exe

Filesize
573KB

MD5
91f6d17d7ba629cbfd949c26b6d15982

SHA1
aa16a91fd32d634560adf8242353b545de8ba8b4

SHA256
1bdbb2927c50e99ab1f61930d80e46afb3b77ccd1c30d3f95342e75650159295

SHA512
a02476aea31393e8aefef61732e60c37568bebaa614414d928bdcfff2f2f29a09f485267c9bc4e5a8aa4b7b8f31262bf8629bb9da89d1c19c596e3d400d31d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Plugins\QQwry.dat

Filesize
9.9MB

MD5
291956913117d411c5d5c2c423f9d210

SHA1
10e24e198336f95b8d23ee88a35669278224a943

SHA256
404dbb188d91176a0ca0ab172b2a80ddc8c4de4b5fb41817c14823c33168df1b

SHA512
fe14899016d7f8e883641c564b85181ee476511418843fdd81296b9271c237a0e78edf822cda097314e78071c488ac91a071eaa21ce62327a0c8998e8e3ea2d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Plugins\ShellCode.bat

Filesize
602B

MD5
c95a398c4c804a6c4a59a67c59f2d304

SHA1
33acf9ca4c6b99df5f6f55903a4ea663f975b743

SHA256
dc317ae0b6956c3caa5ad87c94b28c61d21cc8424820784f7c0abcb4d7e4e2ea

SHA512
fab1db852d8f3eca8a890c71f255ec5c076c88e5760e28945d4bb38fea192d735cfefd56365df9da43e1f7ae2b592960a67517fac54cf43e7941fa2fddfd051b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Plugins\mstscax.dll

Filesize
640KB

MD5
b202b160c128ccb5265082a94ee01a6c

SHA1
240dac2b308caccfdd0240acf036934e135a63d0

SHA256
c9f554d83c6c3e02d0baccc1c2124112390e57136072b8282ae24c04e4796694

SHA512
cd6b618a3b2ecb07999a56b08932486a081ec8d9e37558bc1fcf6970bf44989a81ac2ec59328596c9395b91b7e159bc8cdcbdcc03fd213b982d84ee6bf7f3f05

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Plugins\termsrv_t.dll

Filesize
210KB

MD5
a77219a971029dc2fb683e8513713803

SHA1
1c456520a7b7faf71900c71167038185f5a7d312

SHA256
1eba9a909641e64e935090956b03182335d298cad78052cef3b3f75691eb3f50

SHA512
06c8a1ce76f1600e2c791f9e634f9559c82948d0f7cc93648981476191e4c9f36cb5ee4148ee1fe94960e7275fc9d61550cab6ea0a43e783a0b7819764fd6215

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Skins\pixos.she

Filesize
28KB

MD5
0581c74e70ffb2fbd3991e3affc4a512

SHA1
41377847e1f640b072617c2015a534faaf2f37f1

SHA256
edc786fc3931959959273cec14c2a47998fdcd9fa83954470ef4adf3f6ff448f

SHA512
6bc114a1d46b547712d83081709bd30198c5383d5d8dac83e3ffdd2d3198489cea9e35e9edf8881f77168788ed3247c6a7490721eee87266eb8f4c76f4dfe3f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Skins\win8.she

Filesize
7KB

MD5
579abcf65c9cc95daf8317251e970101

SHA1
c5f8289c8187846b8ae622555e55a2df8d8f2bf5

SHA256
cb5aea4421c4b4800ebd4686d97fcb5a394ff9bcf45ea538ccdbd6d5cce1634d

SHA512
6fdb92ca93a3ac902f8b4a3ceef742e661427e9f92f1448c7f5564fabe90d2351372fea1b3daac4f51566ff8ef1f7a501e0c20125f50d5073102f4101b332e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\stray5.0\Skins\xmp.she

Filesize
19KB

MD5
9b9c3df219c2adea6dd65564bc96dcd7

SHA1
dd4a6663e8cf781e66fd9fda9cea25923c15a058

SHA256
3856722fcf7db27bc5b0112c039b5ac3693875cb85db75fb6b1e1f939747144a

SHA512
394e6970bee79207ef237d509ccc15284099924d83afab8e82e53047314e64d1735143533204cc4dbf7acfda4c4a4f131676bc14e510d15133299c5050222527

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\v9.5\v9.5\Bin.exe

Filesize
10.9MB

MD5
36a04cf9940d07c9ce2a0a42b5613b5c

SHA1
7b92c5fff29fde5e348ce44a57760a50df25908f

SHA256
43fc546c1f226b32e237a3af3b54c083fd7eec012667cf851437514500e41732

SHA512
3192a54a865fe8ec3aa90a10aedcd5e8effc7df0600f0996840dea6b0935a9a2aa0375885e100e34a09a26a8ca9295d972bbbd8e29294b7ad6c36edfb1446d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\v9.5\v9.5\Bin.exe

Filesize
10.9MB

MD5
36a04cf9940d07c9ce2a0a42b5613b5c

SHA1
7b92c5fff29fde5e348ce44a57760a50df25908f

SHA256
43fc546c1f226b32e237a3af3b54c083fd7eec012667cf851437514500e41732

SHA512
3192a54a865fe8ec3aa90a10aedcd5e8effc7df0600f0996840dea6b0935a9a2aa0375885e100e34a09a26a8ca9295d972bbbd8e29294b7ad6c36edfb1446d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\〓狼情〓2022美版两版\〓狼情〓企业（VIP）尊享版2022最新版\ICO图标\29.ico

Filesize
766B

MD5
677b2846395261983110981ce2f2051c

SHA1
9ff8a6c4642010805abfdb817d6cd87cc9e25162

SHA256
449576aa7710c8143653fa74b2dcdc3ecec3a7a3bb3c2f725031239ae2da9117

SHA512
d1ff1adca3a29bd8b9b656f317b6e845f50acd1e3c9cafc9272c93f33bb6102eae022096151c73da21317f921ba2890126a1a50d356a4e96ec0c9afd5bdcb490

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\〓狼情〓2022美版两版\〓狼情〓企业（VIP）尊享版2022最新版\Plugins\upx.exe

Filesize
260KB

MD5
9d5599e6ebd2fddc068bfa56b2117649

SHA1
37613d93a85431bc74b6fbf123247c8f686a2a25

SHA256
7fab28fb1682255b9b13d68e5987e8e2660bad8f1fc1e450d5b63564de77aae3

SHA512
094f1b29b09668ecd34719fd62c682684e28c7f52d64aaa8472431f3a9792f74d72da03ad395a4ac2f4ff2205d2f10caf4cc3c8bd6478955a7121bf7d26b7742

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\大灰狼2018版-控件\大灰狼2018版\ICO图标\08.ico

Filesize
1KB

MD5
1317fe440a26aadadf30d94edd5a9525

SHA1
381e07477aae3c090d9cbe05abcf548fae8568af

SHA256
b4dbc05f77125b3b003dfe8c8485f38717dc1cc62a5aec541185e11ed5866550

SHA512
1e6aece38aba1c9222a4923624904e8c045610004b14a2e5b675c55e1a8e9cce8f7e9410bc59b59b07af411f4d432f9f06e8147f1d6737de74ce8a8b80f6eb9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\大灰狼2018版-控件\大灰狼2018版\ICO图标\13.ico

Filesize
1KB

MD5
8acde0598c2607ebff38be31c128c756

SHA1
f28882ccc2e750ff5a2857b2c5bb44e35ed627fd

SHA256
859b89f89dfc08dc2c2db447c758eaad634a802e572fa634a2c245a398900431

SHA512
f0d72b497fd8d4acce4bf19d2a053bb0ea05d2d842a1d0bcb68d7b1ea9abdad5e1267c792c12f0bd2dc76b1d0b773b7eea25af012b924df5a88e59513809e095

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\火云DDoS集群网站攻击软件_VIP穿透破防版解压密码：360\火云DDoS集群网站攻击软件 VIP穿透破防版\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\火云DDoS集群网站攻击软件_VIP穿透破防版解压密码：360\火云DDoS集群网站攻击软件 VIP穿透破防版\火云DDoS集群网站攻击软件 VIP穿透破防版.exe

Filesize
1.2MB

MD5
4951234cb341b21fd3c1c9a1a2dda6a2

SHA1
e6f796329c0a1e8cfc145e687d0827a71c431d87

SHA256
b2f427f01cb55550eabec86704fa9ac3fdde4dd175c742fbfccbe73006def247

SHA512
060fc2a4cc011bffaa9fd91ead0e4779e7d492a9bdde3a1466d55213892a71b08c38962f02f3c62b42eb5d13eca126f6020e686a31b61ddccd6ed4064561c3a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\pleg\火云DDoS集群网站攻击软件_VIP穿透破防版解压密码：360\火云DDoS集群网站攻击软件 VIP穿透破防版\火云DDoS集群网站攻击软件 VIP穿透破防版.exe

Filesize
1.2MB

MD5
4951234cb341b21fd3c1c9a1a2dda6a2

SHA1
e6f796329c0a1e8cfc145e687d0827a71c431d87

SHA256
b2f427f01cb55550eabec86704fa9ac3fdde4dd175c742fbfccbe73006def247

SHA512
060fc2a4cc011bffaa9fd91ead0e4779e7d492a9bdde3a1466d55213892a71b08c38962f02f3c62b42eb5d13eca126f6020e686a31b61ddccd6ed4064561c3a6

Download Submit
C:\Windows\Client.INI

Filesize
702B

MD5
75351096d6c002a85c5e9d4f98d0edbb

SHA1
5dcc32f5caa84016cfd4cd12df91f4c61c996cc4

SHA256
84bfb26b97b00e2257329928a306f9921bef38c000dda91d8ad4c7229650f480

SHA512
f78ebe9fcdc28a130671ac3726a59e372a438c1d6e59ffde9da935cc35fdddc21865ba51c53e72cd6ba8fa2892bdaba1c133d90a70f98acb826b9dde10c9bbe0

Download Submit
C:\Windows\Client.INI

Filesize
702B

MD5
75351096d6c002a85c5e9d4f98d0edbb

SHA1
5dcc32f5caa84016cfd4cd12df91f4c61c996cc4

SHA256
84bfb26b97b00e2257329928a306f9921bef38c000dda91d8ad4c7229650f480

SHA512
f78ebe9fcdc28a130671ac3726a59e372a438c1d6e59ffde9da935cc35fdddc21865ba51c53e72cd6ba8fa2892bdaba1c133d90a70f98acb826b9dde10c9bbe0

Download Submit
C:\Windows\Mushroom head.INI

Filesize
506B

MD5
b93049383d84dfcc5cb50d1f7b75487f

SHA1
13a56d2ef4745d14d1d8f6dd907ced4857f61d75

SHA256
44c9649ebf53cfa6026bd1b640af7b9f7b46580e6bdadc6b4bee80ef6bad5330

SHA512
17f6d58ed36eef511a4cd962d522abf3fcca0fae796b7fa7a395434b683dfb89740dab82b7f7a4375a4900dfe042cace5a50fc07cd3f701507ab9b7e1f00bdd7

Download Submit
C:\Windows\SysWOW64\Vnfvn.exe

Filesize
2.8MB

MD5
41f932a60d920b888a92c162a548d913

SHA1
f3b64736c7616f1c06a975e670ef7ee08c80289e

SHA256
da0b486cf8801e268cf3019a689cf08737e582f35e251e3c89920dcd025d7854

SHA512
6a3a1eecc741e723e22fd02b2112307c1116e8d71d22bbdb29734391c025c2993cb9ae91187c9a5407b6445979a9f60d9b0a7daaa861201ded5dc458857eb20b

Download Submit
C:\Windows\SysWOW64\Vnfvn.exe

Filesize
2.8MB

MD5
41f932a60d920b888a92c162a548d913

SHA1
f3b64736c7616f1c06a975e670ef7ee08c80289e

SHA256
da0b486cf8801e268cf3019a689cf08737e582f35e251e3c89920dcd025d7854

SHA512
6a3a1eecc741e723e22fd02b2112307c1116e8d71d22bbdb29734391c025c2993cb9ae91187c9a5407b6445979a9f60d9b0a7daaa861201ded5dc458857eb20b

Download Submit
C:\Windows\SysWOW64\Vnfvn.exe

Filesize
2.8MB

MD5
41f932a60d920b888a92c162a548d913

SHA1
f3b64736c7616f1c06a975e670ef7ee08c80289e

SHA256
da0b486cf8801e268cf3019a689cf08737e582f35e251e3c89920dcd025d7854

SHA512
6a3a1eecc741e723e22fd02b2112307c1116e8d71d22bbdb29734391c025c2993cb9ae91187c9a5407b6445979a9f60d9b0a7daaa861201ded5dc458857eb20b

Download Submit
C:\Windows\SysWOW64\Vnfvn.exe

Filesize
2.8MB

MD5
41f932a60d920b888a92c162a548d913

SHA1
f3b64736c7616f1c06a975e670ef7ee08c80289e

SHA256
da0b486cf8801e268cf3019a689cf08737e582f35e251e3c89920dcd025d7854

SHA512
6a3a1eecc741e723e22fd02b2112307c1116e8d71d22bbdb29734391c025c2993cb9ae91187c9a5407b6445979a9f60d9b0a7daaa861201ded5dc458857eb20b

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\1\1\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\1\1\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\1\1\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\1\1\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\1\1\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\1\1\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\3\3\3\Bin\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\Bin(1)\Bin(1)\Bin\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\start6.8\无后门控\520\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\stray5.0\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
\Users\Admin\AppData\Local\Temp\pleg\火云DDoS集群网站攻击软件_VIP穿透破防版解压密码：360\火云DDoS集群网站攻击软件 VIP穿透破防版\SkinH.dll

Filesize
89KB

MD5
205e3693cb24b95018eaee62af86ae03

SHA1
038749709bb472031c000557e57857222619dcd5

SHA256
4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

SHA512
4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

Download Submit
memory/1068-9293-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/1068-9779-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/1068-9291-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/1224-9527-0x0000000000750000-0x00000000007FE000-memory.dmp

Filesize
696KB

Download
memory/1296-2322-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/1296-2328-0x0000000000400000-0x0000000000BC5000-memory.dmp

Filesize
7.8MB

Download
memory/1296-2327-0x0000000004780000-0x0000000004803000-memory.dmp

Filesize
524KB

Download
memory/1296-2326-0x0000000004780000-0x0000000004803000-memory.dmp

Filesize
524KB

Download
memory/1296-2325-0x0000000000400000-0x0000000000BC5000-memory.dmp

Filesize
7.8MB

Download
memory/1296-2324-0x0000000073F00000-0x0000000073F01000-memory.dmp

Filesize
4KB

Download
memory/1296-2321-0x0000000077140000-0x0000000077141000-memory.dmp

Filesize
4KB

Download
memory/1296-2320-0x0000000000400000-0x0000000000BC5000-memory.dmp

Filesize
7.8MB

Download
memory/1296-2319-0x0000000000400000-0x0000000000BC5000-memory.dmp

Filesize
7.8MB

Download
memory/1360-2311-0x0000000001450000-0x0000000001490000-memory.dmp

Filesize
256KB

Download
memory/1360-2307-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/1360-2313-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/1360-2309-0x0000000000400000-0x00000000012AA000-memory.dmp

Filesize
14.7MB

Download
memory/1360-2308-0x0000000001450000-0x0000000001490000-memory.dmp

Filesize
256KB

Download
memory/1360-2310-0x0000000001450000-0x0000000001490000-memory.dmp

Filesize
256KB

Download
memory/2428-11334-0x0000000000400000-0x0000000000687000-memory.dmp

Filesize
2.5MB

Download
memory/2428-11202-0x0000000000400000-0x0000000000687000-memory.dmp

Filesize
2.5MB

Download
memory/2448-2314-0x00000000011D0000-0x0000000001210000-memory.dmp

Filesize
256KB

Download
memory/2448-2315-0x0000000000400000-0x0000000001037000-memory.dmp

Filesize
12.2MB

Download
memory/2448-2316-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/2448-2305-0x00000000011D0000-0x0000000001210000-memory.dmp

Filesize
256KB

Download
memory/2448-2303-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/2448-2302-0x0000000000400000-0x0000000001037000-memory.dmp

Filesize
12.2MB

Download
memory/2448-2301-0x00000000011D0000-0x0000000001210000-memory.dmp

Filesize
256KB

Download
memory/2508-8666-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/2508-8329-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/2740-12107-0x0000000003320000-0x00000000033A3000-memory.dmp

Filesize
524KB

Download
memory/2740-12810-0x0000000000400000-0x0000000001275000-memory.dmp

Filesize
14.5MB

Download
memory/2740-12805-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/2740-11708-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/2740-12061-0x0000000000400000-0x0000000001275000-memory.dmp

Filesize
14.5MB

Download
memory/2740-11729-0x0000000000400000-0x0000000001275000-memory.dmp

Filesize
14.5MB

Download
memory/2740-11698-0x0000000000400000-0x0000000001275000-memory.dmp

Filesize
14.5MB

Download
memory/2752-9119-0x0000000010000000-0x00000000101B9000-memory.dmp

Filesize
1.7MB

Download
memory/2792-9983-0x0000000002970000-0x0000000002B40000-memory.dmp

Filesize
1.8MB

Download
memory/2792-6887-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/2792-10390-0x0000000002970000-0x0000000002B40000-memory.dmp

Filesize
1.8MB

Download
memory/2792-9986-0x0000000075E50000-0x0000000075F8C000-memory.dmp

Filesize
1.2MB

Download
memory/2792-2331-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/2792-10437-0x0000000002600000-0x000000000279F000-memory.dmp

Filesize
1.6MB

Download
memory/2792-9984-0x0000000002600000-0x000000000279F000-memory.dmp

Filesize
1.6MB

Download
memory/2792-2332-0x0000000073AE0000-0x0000000073CA2000-memory.dmp

Filesize
1.8MB

Download
memory/3304-9298-0x0000000010000000-0x00000000101B9000-memory.dmp

Filesize
1.7MB

Download
memory/3304-9141-0x0000000010000000-0x00000000101B9000-memory.dmp

Filesize
1.7MB

Download
memory/3348-14592-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3348-14472-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/3352-14010-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/3644-8049-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/3644-7257-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/3936-15506-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/3936-15381-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/3936-15377-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/3944-3285-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/3944-3950-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4152-2296-0x0000000003010000-0x0000000003050000-memory.dmp

Filesize
256KB

Download
memory/4152-2297-0x0000000000400000-0x00000000012AA000-memory.dmp

Filesize
14.7MB

Download
memory/4152-2295-0x0000000003010000-0x0000000003050000-memory.dmp

Filesize
256KB

Download
memory/4152-2293-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4152-2298-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4152-2294-0x0000000003010000-0x0000000003050000-memory.dmp

Filesize
256KB

Download
memory/4172-2286-0x00000000014F0000-0x0000000001530000-memory.dmp

Filesize
256KB

Download
memory/4172-2287-0x00000000014F0000-0x0000000001530000-memory.dmp

Filesize
256KB

Download
memory/4172-2285-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4172-2288-0x00000000014F0000-0x0000000001530000-memory.dmp

Filesize
256KB

Download
memory/4172-2290-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4172-2289-0x0000000000400000-0x0000000001037000-memory.dmp

Filesize
12.2MB

Download
memory/4276-9387-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4276-10055-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4276-9133-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4276-9140-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4636-2278-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4636-2276-0x0000000002D80000-0x0000000002DC0000-memory.dmp

Filesize
256KB

Download
memory/4636-2282-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4636-2279-0x0000000002D80000-0x0000000002DC0000-memory.dmp

Filesize
256KB

Download
memory/4636-2280-0x0000000002D80000-0x0000000002DC0000-memory.dmp

Filesize
256KB

Download
memory/4636-2277-0x0000000000400000-0x0000000001037000-memory.dmp

Filesize
12.2MB

Download
memory/4636-2281-0x0000000000400000-0x0000000001037000-memory.dmp

Filesize
12.2MB

Download
memory/4684-2271-0x0000000000400000-0x00000000012AA000-memory.dmp

Filesize
14.7MB

Download
memory/4684-2267-0x0000000003150000-0x0000000003190000-memory.dmp

Filesize
256KB

Download
memory/4684-2272-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4684-2270-0x0000000003150000-0x0000000003190000-memory.dmp

Filesize
256KB

Download
memory/4684-2269-0x0000000003150000-0x0000000003190000-memory.dmp

Filesize
256KB

Download
memory/4684-2268-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4684-2266-0x0000000000400000-0x00000000012AA000-memory.dmp

Filesize
14.7MB

Download
memory/4760-4299-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4760-4891-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4768-9985-0x0000000002900000-0x0000000002AD1000-memory.dmp

Filesize
1.8MB

Download
memory/4768-10575-0x0000000002590000-0x0000000002721000-memory.dmp

Filesize
1.6MB

Download
memory/4768-2378-0x0000000073AE0000-0x0000000073CA2000-memory.dmp

Filesize
1.8MB

Download
memory/4768-2352-0x0000000000400000-0x00000000007A0000-memory.dmp

Filesize
3.6MB

Download
memory/4768-7064-0x0000000000400000-0x00000000007A0000-memory.dmp

Filesize
3.6MB

Download
memory/4768-10514-0x0000000002900000-0x0000000002AD1000-memory.dmp

Filesize
1.8MB

Download
memory/4768-9987-0x0000000002590000-0x0000000002721000-memory.dmp

Filesize
1.6MB

Download
memory/4768-9989-0x0000000075E50000-0x0000000075F8C000-memory.dmp

Filesize
1.2MB

Download
memory/4952-13786-0x0000000000400000-0x0000000001275000-memory.dmp

Filesize
14.5MB

Download
memory/4952-13817-0x0000000000400000-0x0000000001275000-memory.dmp

Filesize
14.5MB

Download
memory/4952-13810-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/4952-13364-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/5080-9111-0x0000000010000000-0x00000000101B9000-memory.dmp

Filesize
1.7MB

Download
memory/5080-9073-0x0000000010000000-0x00000000101B9000-memory.dmp

Filesize
1.7MB

Download
memory/5080-9070-0x0000000010000000-0x00000000101B9000-memory.dmp

Filesize
1.7MB

Download
memory/5080-9062-0x0000000010000000-0x00000000101B9000-memory.dmp

Filesize
1.7MB

Download