Overview

overview

10

Static

static

1

pleg.zip

windows7-x64

1

pleg.zip

windows10-1703-x64

10

pleg.zip

windows10-2004-x64

10

Resubmissions

15-08-2023 16:13

230815-tn5swsbg58 10

15-08-2023 16:07

230815-tkykeadf8s 1

Analysis

  • max time kernel
    582s
  • max time network
    489s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-ja
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-jalocale:ja-jpos:windows10-2004-x64systemwindows
  • submitted
    15-08-2023 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pleg.zip

  • Size

    122.9MB

  • MD5

    9fa65e4744953f8863f8ecd59b0043f3

  • SHA1

    7ce01b3a3f9d942fbb29c09456162a4c679e05bc

  • SHA256

    8857e1127d2d06b194a0b7767a648b1f125984fd7b575a59d328a50f498c3695

  • SHA512

    6c519ffa890391479793582e96782aeb09dbf709662b9b31a70e755e066db71716d35abe2d69881eb9712097b2514e6d99df4cbe3cf94c8d7c3aebc328199be1

  • SSDEEP

    3145728:EKlxbiwxzfmBibpn5e42h/r3w2cIDwppwDBe3oEbd7:EkIii42h/r3r1uwgZ7

Score
10/10
gh0stratmimikatzratupx

Malware Config

Signatures

  • Gh0st RAT payload 2 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

    mimikatz
  • mimikatz is an open source tool to dump credentials on Windows 2 IoCs
  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\pleg.zip
    1⤵
      PID:3336
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2928
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap9155:66:7zEvent6736
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:3788
      • C:\Users\Admin\Desktop\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\生成器.exe
        "C:\Users\Admin\Desktop\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\生成器.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:4088
      • C:\Users\Admin\Desktop\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\相约巴黎ddos.exe
        "C:\Users\Admin\Desktop\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\相约巴黎ddos.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:1728
      • C:\Users\Admin\Desktop\大客户CC3.0\DDosClient.exe
        "C:\Users\Admin\Desktop\大客户CC3.0\DDosClient.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2648
      • C:\Users\Admin\Desktop\大客户CC3.0\DDosClient.exe
        "C:\Users\Admin\Desktop\大客户CC3.0\DDosClient.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3188
      • C:\Users\Admin\Desktop\Bin(1)\Bin(1)\Bin\Mushroom head.exe
        "C:\Users\Admin\Desktop\Bin(1)\Bin(1)\Bin\Mushroom head.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:4344

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Desktop\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Client\res\NoCam.ico
        Filesize

        894B

        MD5

        dbca18058442697e494d71b2d1e4868e

        SHA1

        d81383c4b1a6ead26bdc86895da3e7f3fde10ce7

        SHA256

        788e1e7869f95c5f5892e90c27e0bdb19e6350f0f04308058d8d4a83339e9677

        SHA512

        813c55ee28393f3a4c0f801cc79b34fa94e1aacc8d5127cb47045e25d465eaf29094cf60f8b010f9d7702820a7676ef63183dd4cb6cf2e1bd3c6235a9a77543a

        Download Submit

      • C:\Users\Admin\Desktop\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Client\res\Skins\SkinH.she
        Filesize

        20KB

        MD5

        aa236bf564ec453338953c40add9a757

        SHA1

        f451c7c4b82152b70278cceeaac66089270df2e5

        SHA256

        32dd4603028c255233fb1bb82f1c8944f01ef5f6ab44ef291c48ba323b8c38d5

        SHA512

        8a417b2e1ebd642dd9a33efcfd76acb19509d6dd06921354a69a75bb73e316c3a9498a8df8deabf68758292391bfbf7c2d1c618d650c56444acb20b05bf5538a

        Download Submit

      • C:\Users\Admin\Desktop\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\127.ico
        Filesize

        4KB

        MD5

        a3e0544e819e8f5140dbc75ce1819b89

        SHA1

        b49b2f6370a6575ddc88dd6104fe76a848b33abe

        SHA256

        a20738aea9fb523d2e215ae32320ad62754aaf6ed3f734d0de69904e26f21f1d

        SHA512

        86b3977d86807c8681be5ace38192879bc9a1fc26ea7a87f7d2218f316ea74bf2b3f9a17d2f7950744e87128ac83a0dfa2b934a2dfa37d875d735521307109f0

        Download Submit

      • C:\Users\Admin\Desktop\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\DriverCode.exe
        Filesize

        48KB

        MD5

        3e7da31ced6d137ab12ac8cb4d2a6bee

        SHA1

        67bb104bfa5c547af8ee3ddccd77f02b324b5696

        SHA256

        e9484004c55d75ffefd0321ab1e4e05eeb926101334d9453085867e08052b41d

        SHA512

        315335b7978e9977db15494c5fe863df9d193920404ebfdb48459af4e43ac3b6f0efb8ea6290caf35483a864b5825ba5c590ff7413ab3fe280b3ed6b9abaae09

        Download Submit

      • C:\Users\Admin\Desktop\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\common\Audio.h
        Filesize

        1KB

        MD5

        e97f38b1937cbc5e9abec8a49b4bf7a3

        SHA1

        1cab09a45428d54c35533aab328b79d2ea20b1b4

        SHA256

        4ef27c6730e866308b92a14d7bed8d60bf10a895617e532079defdac7d66a4cb

        SHA512

        e6b52bfa10d8136b3776bb966c1bf9b9244c8a9e7e596b6ee3e076e40af53d76fb84f1a3100115d0f5835e6b3cbcb02853feebeb7bf046e2881cdede11b37feb

        Download Submit

      • C:\Users\Admin\Desktop\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\common\CursorInfo.h
        Filesize

        1KB

        MD5

        afd57c3d22c5fb3bd15dc0ff3ad7ecc6

        SHA1

        f3c3399a644eea9a83d9474710aca996b9365d59

        SHA256

        0a697f821013e64e2e5978bbafa347eca880dbc7c8ff61b29e30e38ce5efdb11

        SHA512

        9c3122722a0e666085aed8f5a77e57ebe24b9b86efdcd322bf24875896510670b0de2aecbe8c38378a20db473e02f5599cb55d568caf3f5ff696dc9ca46879d4

        Download Submit

      • C:\Users\Admin\Desktop\8月4日star 5.0去后门改白加黑源码\8月4日star 5.0去后门改白加黑修改521\卓越star 5.0源码解压密码123\Server\sal.h
        Filesize

        208KB

        MD5

        6ec511f91d7f657576c898af044a7600

        SHA1

        250b11af887f37eac40c2a2822623d77448ba027

        SHA256

        04bba2805cdea003afa496931c150a272a90b7e999a33d029f20e08e7e333d1c

        SHA512

        5f95772005a417ff9ab4fac36b1890bb7848792889d3a0e2d66f35832306b2cf4180b5e62a0bb9ec7907733d745a306e58ddf81bf30468da2ef2383bc5255e08

        Download Submit

      • C:\Users\Admin\Desktop\Bin(1)\Bin(1)\Bin\Mushroom head.exe
        Filesize

        7.0MB

        MD5

        27369a4b81a03ddf58ed42224da2c063

        SHA1

        60bb59853787c7a046f1e9c8b8cfc9d765cd895f

        SHA256

        f5ef4feb056b4adad9a4b76beb88dcfa4a151e0cdda5f14569e6f17da3d77d85

        SHA512

        254953ffc65ba12d860489156828c1087ddd2e4832d101fba0360474d3ddc9d429166ab2494f90931630a2306649ab5d9bc04900eaecf18c5383ea5859a9704d

        Download Submit

      • C:\Users\Admin\Desktop\Bin(1)\Bin(1)\Bin\Mushroom head.exe
        Filesize

        7.0MB

        MD5

        27369a4b81a03ddf58ed42224da2c063

        SHA1

        60bb59853787c7a046f1e9c8b8cfc9d765cd895f

        SHA256

        f5ef4feb056b4adad9a4b76beb88dcfa4a151e0cdda5f14569e6f17da3d77d85

        SHA512

        254953ffc65ba12d860489156828c1087ddd2e4832d101fba0360474d3ddc9d429166ab2494f90931630a2306649ab5d9bc04900eaecf18c5383ea5859a9704d

        Download Submit

      • C:\Users\Admin\Desktop\Bin(1)\Bin(1)\Bin\Mushroom head.ini
        Filesize

        403B

        MD5

        8fe2032df2d4273c7abb31d3647b871f

        SHA1

        1e18c339688d4ad145c063f5ad9987c35e3a091f

        SHA256

        67b88e3c896752506d95d48c93961ff013af5fe2fff26559a9b2407a907e52e0

        SHA512

        7ab453c1bac88c0dc218be8dc78528705c0ffe608b912f373c2b9c049803e0c0bb05a419f1afc1a411bde215b59e3ab5038a164be9dccd05ec75e0830ca9953f

        Download Submit

      • C:\Users\Admin\Desktop\Bin(1)\Bin(1)\Bin\Mushroom head.ini
        Filesize

        403B

        MD5

        8fe2032df2d4273c7abb31d3647b871f

        SHA1

        1e18c339688d4ad145c063f5ad9987c35e3a091f

        SHA256

        67b88e3c896752506d95d48c93961ff013af5fe2fff26559a9b2407a907e52e0

        SHA512

        7ab453c1bac88c0dc218be8dc78528705c0ffe608b912f373c2b9c049803e0c0bb05a419f1afc1a411bde215b59e3ab5038a164be9dccd05ec75e0830ca9953f

        Download Submit

      • C:\Users\Admin\Desktop\Bin(1)\Bin(1)\Bin\SkinH.dll
        Filesize

        89KB

        MD5

        205e3693cb24b95018eaee62af86ae03

        SHA1

        038749709bb472031c000557e57857222619dcd5

        SHA256

        4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

        SHA512

        4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

        Download Submit

      • C:\Users\Admin\Desktop\Bin(1)\Bin(1)\Bin\SkinH.dll
        Filesize

        89KB

        MD5

        205e3693cb24b95018eaee62af86ae03

        SHA1

        038749709bb472031c000557e57857222619dcd5

        SHA256

        4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

        SHA512

        4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Plugins\Baidu.html
        Filesize

        2KB

        MD5

        11d5aedce6a2f649a86491087bffaccb

        SHA1

        738b6098b7a79bcca6c0aa6e56f03c2d80aa6c04

        SHA256

        81efecc3a0fe871fe4702ec1a21a96102fd60a09a0f5f712ecc999cdc41c8b35

        SHA512

        f17c3814ab6211f65227f613738ac5e2a1ed40c733ce1922fa0920815abec6c6bc19d422faa013e282b00d1548dd84f423b0875f95fdb74afe88ff966bca548f

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Plugins\BaiduE.html
        Filesize

        286B

        MD5

        9ff7b849cb97fdd76dd5c34803ecc019

        SHA1

        13698489d67bda5a6bc7704744895554e06564a4

        SHA256

        842dd0e62dc33289e7e69009aa90785b8f3fa823a8bfc1a25691f89a77fc04d0

        SHA512

        dcb827769889047753c4bfc3f22fb4e8cc5ef1b3f7000474eb986de168461e0ebd3700bc12293040f9244ba81f9c287409dfccfe79282a5c1885437c73fe13e9

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Plugins\Gaode.html
        Filesize

        1KB

        MD5

        f3cb0870b113e5ab9098b27df10043ed

        SHA1

        5d23c9846ae060ae5e93393f4541636dfb1f008e

        SHA256

        7c74ddb95e067b2f35bd7b72b14cf5c025fe671513288667e31cd15d99c82661

        SHA512

        99e3e81ef1904c4cf5b16224d02000b08ad8f3cd9664ba583c183ff15527bd6b4fe0c0bfb57c0639706bd4cebd5f1ab29c46266e924d49cb25e1356f70593d4b

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Plugins\GaodeE.html
        Filesize

        286B

        MD5

        355ad73e776b25aa006f69c0765c582f

        SHA1

        6817dabce5db2e0b5ddbd49ee0859ab79d3718f9

        SHA256

        af5a55180f040bb40656092a1ec5f7f537938d3c490ca96f031fa6f1bce4fd38

        SHA512

        8d91f47271f7c75a0af8d9005dcd60c43309596b55b4d76e42012b5dc2c755061a334f7ac70d4b22165922340bf9a54b27e0f8676d09bbe1dea7f9d9fb17a0b2

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\SkinH.dll
        Filesize

        89KB

        MD5

        205e3693cb24b95018eaee62af86ae03

        SHA1

        038749709bb472031c000557e57857222619dcd5

        SHA256

        4954323e4532552e5b3691986d579fdce8ebe60b6ec1eb049658103e05c9d52d

        SHA512

        4115d76eb964e8c84810ca1cb7758c74ef80d99168f38fb9ce036cea58f69b6579eabc16527b529a7f390f220d71952cbbcda84d20a05ef881714cf2c9a645cf

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Skins\SkinH.she
        Filesize

        6KB

        MD5

        d185fef6771d204ac1041fedbd1d0448

        SHA1

        29f48b1cd3058333e5cf8a43d4e40fbecc685b61

        SHA256

        14e834d99b611c3fe5eb0b85da56fc58d05f0863203142bfc4987805fc601284

        SHA512

        d9e1acef2bcc46485f4527d98d24dce110be9da892942d17fb776e7e486cb7aaebbeecf73732e08b6617c22b8876466d15889f320a86dc4eb91ba53393f4c2f1

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Skins\homestead.she
        Filesize

        30KB

        MD5

        d76c55cbce4d6e5190f5abe52d7e7c34

        SHA1

        f75965ed991e0611d066caaa690a01c4f5e1a55c

        SHA256

        b0d6bf3fec47e6b2d59bb9f86e593539d4a88b3e5a17213421d8d1c493cbb31a

        SHA512

        ae476ecf06983edd16236dfe37e0577f37beef7d1148be50a9a480c4c6edcd6731821d6f1a808eec4c2906fb05ac6875aad445dc4fc3995009fd96108e938d48

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Skins\itunes.she
        Filesize

        44KB

        MD5

        72961984c3330dfd79cadb71aa6e7ea5

        SHA1

        3b242c9b876dbfc689d0d8558feeb588b9ce070c

        SHA256

        4423f7ae0ca2ac9150642cd7b1dd1f464c529c101cf3e5eedeca56a2ac5d6b96

        SHA512

        f65380e25b04e48558e781a1df0f27ba19bf4960c23d8b1ac6048644fbd528dcbe1a23a74e39120cfa9fa68a81ca98e2774825e5521bef979bde0ac3fe5b9445

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Skins\niceblack.she
        Filesize

        9KB

        MD5

        57770a84ef41262815a02427b404438e

        SHA1

        3f772bdbbf5c38ac1e32c4fc444c4790f6f25869

        SHA256

        e1640dac4d9899bd6f45049747a044f6e48d0d7f261ee199fe8de15f4c568060

        SHA512

        5372f2a9c8010872ae4bf7444759b4723485cfeb89357b70df792759f88a83fa3d0fcc98fc8b14bd40497922370051fe7b35ec6337096a5444682a25ec4c4988

        Download Submit

      • C:\Users\Admin\Desktop\start6.8\无后门控\520\Skins\qqplayer.she
        Filesize

        18KB

        MD5

        07aea25839f5fe3b87a33e3ee3734767

        SHA1

        0421b354bc4a48fe7ceec385d5925d93d013f85a

        SHA256

        685e704fd8f530ba71fbe413da4c8c57c433aa3eb504f7abe736a770f76d622c

        SHA512

        28a3da5466dc8ee1e7120ecdd52d90b868857e8c0050407c4f4a4e5c84ca832074b887671aa97db31799dd4ca21f14ad568e19b84938d67365669e98a8f1fb27

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Cache\Install.dat
        Filesize

        1.2MB

        MD5

        211f84bbb8991bb0dc0db6abef4a5978

        SHA1

        b283903c267d169985df1b21d087615763d38ba3

        SHA256

        b43ee8666158bfc2caa0f3a9837c337cbbdc246f58a78001f23365c1f0c42732

        SHA512

        156fd7cc6eaba8463554617a62eb8f74413864c3852c1e1f4ef96e29db76b67a52f1e3a7feaaf5aadacd81f94a5bfe60fafb37c9a27c2b760d0524a0e404c0f3

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Plugins\GetPswd32.exe
        Filesize

        731KB

        MD5

        6d17bb7e8958d4927296261af95b4cd3

        SHA1

        1f598160904b136c8b2ac4cf9a0f2aa7358ab861

        SHA256

        59f9bb49b41f3206b60b4d479000bf9fff7ef73fb1fda55b2eb13231482c8c22

        SHA512

        c58f2abdc50c33c37534730502ae09df39a0e7d3ae9cd38dfd16d363e4f0e80e6b0193eb44b61bdf8cfa9ebae221d3bdb9a47a6efb9a393dd1360296c1a12f1e

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Plugins\GetPswd64.exe
        Filesize

        905KB

        MD5

        50300de5e4786530ea603224ccbcbb02

        SHA1

        d343b0019084de2dd882e92a79a872370bc6028f

        SHA256

        23a243a1ce474c4da90b1003ffcbaf9a3ff25e0787844bfe74c21671fdd8b269

        SHA512

        a41f0e2140046d1074e444881e7b23f3ba79e304acca4df25dcdb522e0a1ef21b5e64245748d359cad18e4966d76fe622cbc8f542ee1cf2a38f9de5971398b8c

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Plugins\IPUpdate.exe
        Filesize

        918KB

        MD5

        450c4149f3f5df5d5024437b49846a64

        SHA1

        477b9804b1092a99247b0114be3cc95f8d2d2f9d

        SHA256

        c34e57f55c88fe2d7c5036e82b24c985a55919e116f02adccdd07e4c480f5bf0

        SHA512

        6861fa968876f75a57076c454598777a0d45347b66df81f31e06147eb57f78c3637eb69bd7488445ce05b0583fcf034c590ccfcf0031f368c786ca3241e66e39

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Plugins\PcLock.exe
        Filesize

        573KB

        MD5

        91f6d17d7ba629cbfd949c26b6d15982

        SHA1

        aa16a91fd32d634560adf8242353b545de8ba8b4

        SHA256

        1bdbb2927c50e99ab1f61930d80e46afb3b77ccd1c30d3f95342e75650159295

        SHA512

        a02476aea31393e8aefef61732e60c37568bebaa614414d928bdcfff2f2f29a09f485267c9bc4e5a8aa4b7b8f31262bf8629bb9da89d1c19c596e3d400d31d08

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Plugins\ShellCode.bat
        Filesize

        602B

        MD5

        c95a398c4c804a6c4a59a67c59f2d304

        SHA1

        33acf9ca4c6b99df5f6f55903a4ea663f975b743

        SHA256

        dc317ae0b6956c3caa5ad87c94b28c61d21cc8424820784f7c0abcb4d7e4e2ea

        SHA512

        fab1db852d8f3eca8a890c71f255ec5c076c88e5760e28945d4bb38fea192d735cfefd56365df9da43e1f7ae2b592960a67517fac54cf43e7941fa2fddfd051b

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Plugins\mstscax.dll
        Filesize

        640KB

        MD5

        b202b160c128ccb5265082a94ee01a6c

        SHA1

        240dac2b308caccfdd0240acf036934e135a63d0

        SHA256

        c9f554d83c6c3e02d0baccc1c2124112390e57136072b8282ae24c04e4796694

        SHA512

        cd6b618a3b2ecb07999a56b08932486a081ec8d9e37558bc1fcf6970bf44989a81ac2ec59328596c9395b91b7e159bc8cdcbdcc03fd213b982d84ee6bf7f3f05

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Plugins\termsrv_t.dll
        Filesize

        210KB

        MD5

        a77219a971029dc2fb683e8513713803

        SHA1

        1c456520a7b7faf71900c71167038185f5a7d312

        SHA256

        1eba9a909641e64e935090956b03182335d298cad78052cef3b3f75691eb3f50

        SHA512

        06c8a1ce76f1600e2c791f9e634f9559c82948d0f7cc93648981476191e4c9f36cb5ee4148ee1fe94960e7275fc9d61550cab6ea0a43e783a0b7819764fd6215

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Skins\pixos.she
        Filesize

        28KB

        MD5

        0581c74e70ffb2fbd3991e3affc4a512

        SHA1

        41377847e1f640b072617c2015a534faaf2f37f1

        SHA256

        edc786fc3931959959273cec14c2a47998fdcd9fa83954470ef4adf3f6ff448f

        SHA512

        6bc114a1d46b547712d83081709bd30198c5383d5d8dac83e3ffdd2d3198489cea9e35e9edf8881f77168788ed3247c6a7490721eee87266eb8f4c76f4dfe3f9

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Skins\win8.she
        Filesize

        7KB

        MD5

        579abcf65c9cc95daf8317251e970101

        SHA1

        c5f8289c8187846b8ae622555e55a2df8d8f2bf5

        SHA256

        cb5aea4421c4b4800ebd4686d97fcb5a394ff9bcf45ea538ccdbd6d5cce1634d

        SHA512

        6fdb92ca93a3ac902f8b4a3ceef742e661427e9f92f1448c7f5564fabe90d2351372fea1b3daac4f51566ff8ef1f7a501e0c20125f50d5073102f4101b332e9a

        Download Submit

      • C:\Users\Admin\Desktop\stray5.0\Skins\xmp.she
        Filesize

        19KB

        MD5

        9b9c3df219c2adea6dd65564bc96dcd7

        SHA1

        dd4a6663e8cf781e66fd9fda9cea25923c15a058

        SHA256

        3856722fcf7db27bc5b0112c039b5ac3693875cb85db75fb6b1e1f939747144a

        SHA512

        394e6970bee79207ef237d509ccc15284099924d83afab8e82e53047314e64d1735143533204cc4dbf7acfda4c4a4f131676bc14e510d15133299c5050222527

        Download Submit

      • C:\Users\Admin\Desktop\〓狼情〓2022美版两版\〓狼情〓企业(VIP)尊享版2022最新版\ICO图标\29.ico
        Filesize

        766B

        MD5

        677b2846395261983110981ce2f2051c

        SHA1

        9ff8a6c4642010805abfdb817d6cd87cc9e25162

        SHA256

        449576aa7710c8143653fa74b2dcdc3ecec3a7a3bb3c2f725031239ae2da9117

        SHA512

        d1ff1adca3a29bd8b9b656f317b6e845f50acd1e3c9cafc9272c93f33bb6102eae022096151c73da21317f921ba2890126a1a50d356a4e96ec0c9afd5bdcb490

        Download Submit

      • C:\Users\Admin\Desktop\〓狼情〓2022美版两版\〓狼情〓企业(VIP)尊享版2022最新版\Plugins\upx.exe
        Filesize

        260KB

        MD5

        9d5599e6ebd2fddc068bfa56b2117649

        SHA1

        37613d93a85431bc74b6fbf123247c8f686a2a25

        SHA256

        7fab28fb1682255b9b13d68e5987e8e2660bad8f1fc1e450d5b63564de77aae3

        SHA512

        094f1b29b09668ecd34719fd62c682684e28c7f52d64aaa8472431f3a9792f74d72da03ad395a4ac2f4ff2205d2f10caf4cc3c8bd6478955a7121bf7d26b7742

        Download Submit

      • C:\Users\Admin\Desktop\大客户CC3.0\DDosClient.exe
        Filesize

        350KB

        MD5

        809d85614efdc6890fc551dd62943e65

        SHA1

        4c07495270123aff75906e6a0749ab8ba6403154

        SHA256

        39c951bbb605dd035cad41ca493a697ff380f5164c265152144a4d58ad14e10b

        SHA512

        a86c4a9658c5e20ae842d93f9bfcafc4c7d180322263a71dc62f1844c354a04b30acc6f7ce043a565a6004d034c8cdd0db77bf11252a4da8ae19393bda262334

        Download Submit

      • C:\Users\Admin\Desktop\大客户CC3.0\DDosClient.exe
        Filesize

        350KB

        MD5

        809d85614efdc6890fc551dd62943e65

        SHA1

        4c07495270123aff75906e6a0749ab8ba6403154

        SHA256

        39c951bbb605dd035cad41ca493a697ff380f5164c265152144a4d58ad14e10b

        SHA512

        a86c4a9658c5e20ae842d93f9bfcafc4c7d180322263a71dc62f1844c354a04b30acc6f7ce043a565a6004d034c8cdd0db77bf11252a4da8ae19393bda262334

        Download Submit

      • C:\Users\Admin\Desktop\大客户CC3.0\DDosClient.exe
        Filesize

        350KB

        MD5

        809d85614efdc6890fc551dd62943e65

        SHA1

        4c07495270123aff75906e6a0749ab8ba6403154

        SHA256

        39c951bbb605dd035cad41ca493a697ff380f5164c265152144a4d58ad14e10b

        SHA512

        a86c4a9658c5e20ae842d93f9bfcafc4c7d180322263a71dc62f1844c354a04b30acc6f7ce043a565a6004d034c8cdd0db77bf11252a4da8ae19393bda262334

        Download Submit

      • C:\Users\Admin\Desktop\大灰狼2018版-控件\大灰狼2018版\ICO图标\08.ico
        Filesize

        1KB

        MD5

        1317fe440a26aadadf30d94edd5a9525

        SHA1

        381e07477aae3c090d9cbe05abcf548fae8568af

        SHA256

        b4dbc05f77125b3b003dfe8c8485f38717dc1cc62a5aec541185e11ed5866550

        SHA512

        1e6aece38aba1c9222a4923624904e8c045610004b14a2e5b675c55e1a8e9cce8f7e9410bc59b59b07af411f4d432f9f06e8147f1d6737de74ce8a8b80f6eb9a

        Download Submit

      • C:\Users\Admin\Desktop\大灰狼2018版-控件\大灰狼2018版\ICO图标\13.ico
        Filesize

        1KB

        MD5

        8acde0598c2607ebff38be31c128c756

        SHA1

        f28882ccc2e750ff5a2857b2c5bb44e35ed627fd

        SHA256

        859b89f89dfc08dc2c2db447c758eaad634a802e572fa634a2c245a398900431

        SHA512

        f0d72b497fd8d4acce4bf19d2a053bb0ea05d2d842a1d0bcb68d7b1ea9abdad5e1267c792c12f0bd2dc76b1d0b773b7eea25af012b924df5a88e59513809e095

        Download Submit

      • C:\Users\Admin\Desktop\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\生成器.exe
        Filesize

        368KB

        MD5

        d1e481faa9ffd4308560bb77a71c5d7b

        SHA1

        402f84809c5722d8f893b1d59ecb33a9f298f34e

        SHA256

        d0cac9ee5f125bbd251cc081504352d8793a16593436b1bd99540303d8ee7ec1

        SHA512

        fca30e424b01b2b8a8480de786bf29ce5286fd2030fa4d75edfaa93f196e820f3b1a23a1c9fbf53656fa3b5f96196352e18b20856db44d4073537d946174e922

        Download Submit

      • C:\Users\Admin\Desktop\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\生成器.exe
        Filesize

        368KB

        MD5

        d1e481faa9ffd4308560bb77a71c5d7b

        SHA1

        402f84809c5722d8f893b1d59ecb33a9f298f34e

        SHA256

        d0cac9ee5f125bbd251cc081504352d8793a16593436b1bd99540303d8ee7ec1

        SHA512

        fca30e424b01b2b8a8480de786bf29ce5286fd2030fa4d75edfaa93f196e820f3b1a23a1c9fbf53656fa3b5f96196352e18b20856db44d4073537d946174e922

        Download Submit

      • C:\Users\Admin\Desktop\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\相约巴黎ddos.exe
        Filesize

        388KB

        MD5

        0b0642c27a7b91fb113bdbfa8f3ee92b

        SHA1

        352ce0d0d232d4c9e01db1214eed505dada8ddfb

        SHA256

        5857ac8371a73871ee92215a24fd0878d0d4ded9e385d694f6e95f557db72e84

        SHA512

        5a629729c7f5c9e2883534763ff39889b70c14ecd42e925b6fd54d9596171a1161e805ca6a0c597c4c19f0a47ef7c435768b94b24ece5de7da6ae624d733c303

        Download Submit

      • C:\Users\Admin\Desktop\相约巴黎密码123456(1)\相约巴黎DDOS解压密码123456\相约巴黎ddos.exe
        Filesize

        388KB

        MD5

        0b0642c27a7b91fb113bdbfa8f3ee92b

        SHA1

        352ce0d0d232d4c9e01db1214eed505dada8ddfb

        SHA256

        5857ac8371a73871ee92215a24fd0878d0d4ded9e385d694f6e95f557db72e84

        SHA512

        5a629729c7f5c9e2883534763ff39889b70c14ecd42e925b6fd54d9596171a1161e805ca6a0c597c4c19f0a47ef7c435768b94b24ece5de7da6ae624d733c303

        Download Submit

      • C:\Windows\Mushroom head.INI
        MD5

        d41d8cd98f00b204e9800998ecf8427e

        SHA1

        da39a3ee5e6b4b0d3255bfef95601890afd80709

        SHA256

        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

        SHA512

        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        Download Submit

      • C:\Windows\Mushroom head.INI
        Filesize

        506B

        MD5

        b93049383d84dfcc5cb50d1f7b75487f

        SHA1

        13a56d2ef4745d14d1d8f6dd907ced4857f61d75

        SHA256

        44c9649ebf53cfa6026bd1b640af7b9f7b46580e6bdadc6b4bee80ef6bad5330

        SHA512

        17f6d58ed36eef511a4cd962d522abf3fcca0fae796b7fa7a395434b683dfb89740dab82b7f7a4375a4900dfe042cace5a50fc07cd3f701507ab9b7e1f00bdd7

        Download Submit

      • memory/2648-2280-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2648-2278-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3188-2282-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/4344-2290-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/4344-2288-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/4344-2299-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/4344-2289-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/4344-2287-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download

      • memory/4344-2338-0x0000000010000000-0x000000001003B000-memory.dmp

        Filesize

        236KB

        Download