Malaysian Government Breached By Chinese-speaking APT

Using a custom threat intelligence framework that I built, I identified that there was a small window of time, 6 minutes 32 seconds, in which a threat actor modified their C2 configuration, briefly exposing a directory listing which my tooling archived before the port was promptly closed. The content of this directory indicated that a Chinese-speaking actor breached one of the Malaysian Government’s VSphere instances, indicating a potentially significant compromise of their environment.

This is a quick writeup on another exposed directory listing that I identified when monitoring infrastructure suspected to be operated by an Advanced Persistent Threat (APT). Based on the available data this activity likely persisted between the dates 2021-05-27 - 2021-09-02 using windows and linux implants.

This host was fingerprinted as an active CobaltStrike Teamserver. At port 8080 the threat actor accidentally exposed a directory listing over HTTP for a short period of time, which my tooling was able to capture.

103.338.225.37:8080

Exposed Directory Listing

Directory Listing:

drwxr-xr-x  4 root root     4096 Dec 12 03:11 G1-Beta
drwxr-xr-x 2 root root 4096 Dec 12 03:11 old
-rw-r--r-- 1 root root 19665659 Dec 12 03:11 xxx.7z

Within G1-Beta there are Client and Generator folders containing the following:

G1-Beta/Client:

total 24584
-rw-r--r-- 1 root root 15096 Apr 12 2019 api-ms-win-crt-convert-l1-1-0.dll
-rw-r--r-- 1 root root 15608 Apr 12 2019 api-ms-win-crt-runtime-l1-1-0.dll
-rw-r--r-- 1 root root 17144 Apr 12 2019 api-ms-win-crt-stdio-l1-1-0.dll
-rw-r--r-- 1 root root 17352 Apr 12 2019 api-ms-win-crt-string-l1-1-0.dll
-rw-r--r-- 1 root root 13560 Apr 12 2019 api-ms-win-crt-time-l1-1-0.dll
-rw-r--r-- 1 root root 11512 Apr 12 2019 api-ms-win-crt-utility-l1-1-0.dll
drwxr-xr-x 2 root root 4096 Dec 12 03:13 certificate
-rw-r--r-- 1 root root 6320128 May 8 2021 G1.exe
drwxr-xr-x 4 root root 4096 Dec 12 03:13 Hosts
-rw-r--r-- 1 root root 2521600 Sep 23 2020 libcrypto-1_1.dll
-rw-r--r-- 1 root root 530944 Sep 23 2020 libssl-1_1.dll
-rw-r--r-- 1 root root 455328 Oct 4 2013 msvcp120.dll
-rw-r--r-- 1 root root 970912 Oct 4 2013 msvcr120.dll
drwxr-xr-x 2 root root 4096 Dec 12 03:13 platforms
drwxr-xr-x 4 root root 4096 Dec 12 03:13 plugin
-rw-r--r-- 1 root root 4670976 Apr 16 2012 Qt5Core.dll
-rw-r--r-- 1 root root 5011968 May 25 2016 Qt5Gui.dll
-rw-r--r-- 1 root root 4472320 May 25 2016 Qt5Widgets.dll
-rw-r--r-- 1 root root 80112 Nov 20 2018 vcruntime140.dll

G1-Beta/Generator:

total 21332
-rw-r--r-- 1 root root 6233088 May 8 2021 Generator.exe
-rw-r--r-- 1 root root 455328 Oct 4 2013 msvcp120.dll
-rw-r--r-- 1 root root 970912 Oct 4 2013 msvcr120.dll
drwxr-xr-x 4 root root 4096 Dec 12 03:13 Output
drwxr-xr-x 2 root root 4096 Dec 12 03:13 platforms
-rw-r--r-- 1 root root 4670976 Apr 16 2012 Qt5Core.dll
-rw-r--r-- 1 root root 5011968 May 25 2016 Qt5Gui.dll
-rw-r--r-- 1 root root 4472320 May 25 2016 Qt5Widgets.dll
-rw-r--r-- 1 root root 459 Feb 4 2021 使用说明.txt

Within xxx.7z there’s more interesting files.

Directory listing of xxx.7z:

total 53712
-rw-r--r-- 1 root root 167 Sep 2 11:58 269aa5960ef1bdc4
-rw-r--r-- 1 root root 15096 Apr 12 2019 api-ms-win-crt-convert-l1-1-0.dll
-rw-r--r-- 1 root root 15608 Apr 12 2019 api-ms-win-crt-runtime-l1-1-0.dll
-rw-r--r-- 1 root root 17144 Apr 12 2019 api-ms-win-crt-stdio-l1-1-0.dll
-rw-r--r-- 1 root root 17352 Apr 12 2019 api-ms-win-crt-string-l1-1-0.dll
-rw-r--r-- 1 root root 13560 Apr 12 2019 api-ms-win-crt-time-l1-1-0.dll
-rw-r--r-- 1 root root 11512 Apr 12 2019 api-ms-win-crt-utility-l1-1-0.dll
-rw-r--r-- 1 root root 9967 Apr 24 2019 cer.crt
drwx------ 2 root root 4096 Feb 23 2021 certificate
drwx------ 2 root root 4096 May 21 2021 Client
-rw-r--r-- 1 root root 56832 Dec 2 2020 CmdShell.exe
-rw-r--r-- 1 root root 40960 Dec 18 2020 CmdShell.pln
drwx------ 2 root root 4096 May 24 2021 Custom
drwx------ 2 root root 4096 Sep 2 11:53 Default
-rw-r--r-- 1 root root 142336 Dec 2 2020 DiskFile.exe
-rw-r--r-- 1 root root 68608 Dec 18 2020 DiskFile.pln
-rw-r--r-- 1 root root 198 May 27 2021 fed186c5a12922bc
drwx------ 2 root root 4096 Feb 23 2021 G1-Beta
-rw-r--r-- 1 root root 6320128 May 8 2021 G1.exe
drwx------ 2 root root 4096 May 21 2021 Generator
-rw-r--r-- 1 root root 6233088 May 8 2021 Generator.exe
drwx------ 2 root root 4096 May 24 2021 gov.my
-rw-r--r-- 1 root root 133472 May 24 2021 host_linux_x64.so
drwx------ 2 root root 4096 May 21 2021 Hosts
-rw-r--r-- 1 root root 234721 May 27 2021 host_win_x64.exe
-rw-r--r-- 1 root root 194846 May 27 2021 host_win_x86.exe
-rw-r--r-- 1 root root 129528 May 24 2021 kernle
-rw-r--r-- 1 root root 1679 Apr 24 2019 key.pem
-rw-r--r-- 1 root root 2521600 Sep 23 2020 libcrypto-1_1.dll
-rw-r--r-- 1 root root 530944 Sep 23 2020 libssl-1_1.dll
drwx------ 2 root root 4096 Dec 11 15:42 Linux
-rw-r--r-- 1 root root 455328 Oct 4 2013 msvcp120.dll
-rw-r--r-- 1 root root 970912 Oct 4 2013 msvcr120.dll
drwx------ 2 root root 4096 May 21 2021 Output
drwx------ 2 root root 4096 Feb 23 2021 platforms
-rw-r--r-- 1 root root 73498 Dec 18 2020 plnuser.pln
drwx------ 2 root root 4096 Feb 23 2021 plugin
-rw-r--r-- 1 root root 4670976 Apr 16 2012 Qt5Core.dll
-rw-r--r-- 1 root root 5011968 May 25 2016 Qt5Gui.dll
-rw-r--r-- 1 root root 4472320 May 25 2016 Qt5Widgets.dll
-rw-r--r-- 1 root root 1014168 Feb 27 2017 qwindows.dll
-rw-r--r-- 1 root root 463872 Dec 2 2020 Scheduler.exe
-rw-r--r-- 1 root root 80896 Dec 18 2020 Scheduler.pln
-rw-r--r-- 1 root root 102400 Dec 2 2020 Services.exe
-rw-r--r-- 1 root root 119296 Dec 18 2020 Services.pln
-rw-r--r-- 1 root root 231424 Sep 14 2020 SocksMap.exe
-rw-r--r-- 1 root root 55296 Dec 18 2020 SocksMap.pln
-rw-r--r-- 1 root root 186368 Dec 3 2020 S-Tools.exe
-rw-r--r-- 1 root root 41984 Dec 18 2020 S-Tools.pln
-rw-r--r-- 1 root root 120320 Dec 2 2020 SyncShell.exe
-rw-r--r-- 1 root root 41472 Feb 3 2021 SyncShell.pln
-rw-r--r-- 1 root root 81920 Dec 2 2020 TaskMgr.exe
-rw-r--r-- 1 root root 59904 Dec 18 2020 TaskMgr.pln
-rw-r--r-- 1 root root 135680 Jun 12 2018 Terminal.exe
-rw-r--r-- 1 root root 1 Dec 18 2020 Terminal.pln
-rw-r--r-- 1 root root 80112 Nov 20 2018 vcruntime140.dll
drwx------ 2 root root 4096 May 21 2021 Windows
drwx------ 2 root root 4096 Feb 23 2021 x64
drwx------ 2 root root 4096 Feb 23 2021 x86
-rw-r--r-- 1 root root 459 Feb 4 2021 使用说明.txt

One file within the archive is named 使用说明.txt , which translate from Chinese as Instructions for use.txt so we are likely dealing with a Chinese threat actor.

使用说明.txt:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Window:
1:exe直接运行。
2:dll运行方式:
rundll32 host_win_x86.dll,elapsed
rundll32 host_win_x64.dll,elapsed
3:bin为shellcode,自定义加载。

Linux :
1:exe 直接运行:
chmod 755 host_linux_x64
./host_linux_x64
2:so 支持 ldd 加载。
LD_PRELOAD=./host_linux_x64.so /usr/sbin/sshd
rm -fr /host_linux_x64.so



注:Windows/Linux都支持低权限执行,比如webshell等。

English translation:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Window:
1: exe runs directly.
2: dll operation mode:
rundll32 host_win_x86.dll,elapsed
rundll32 host_win_x64.dll,elapsed
3: bin is shellcode, customized loading.

Linux:
1: exe run directly:
chmod 755 host_linux_x64
./host_linux_x64
2:so supports ldd loading.
LD_PRELOAD=./host_linux_x64.so /usr/sbin/sshd
rm -fr /host_linux_x64.so



Note: Both Windows/Linux support low-privilege execution, such as webshell.

Another file within xxx.7z, named fed186c5a12922bc, contains the output of an attacker tool running on a victim host, shown below.

10.29.113.67||(none)|Linux|203.217.176.244|10.29.113.67|TCP|vsphere-ui|#1-photon SMP Wed Oct 17 12:15:18 UTC 2018 - 4.4.161-1.ph1|130:07:36|2021-05-27 22:25:02|2021-05-27 22:25:56|fed186c5a12922bc

The threat actor has targeted a vSphere instance at the external IP 203.217.176.244

Host: 203.217.176.244
ASN: 17564
ISP: GITN M Sdn. Bhd.
Organization: GITN M Sdn. Bhd.
Services: None detected
Type: Corporate
Assignment: Likely Static IP
Continent: Asia
Country: Malaysia
State/Region: Putrajaya
City: Putrajaya

Another file within xxx.7z, named 269aa5960ef1bdc4, contains another victim host:

SVR069||intan.dir|Windows|202.60.56.221|10.1.3.31|TCP|SYSTEM|Microsoft Windows Server 2019 Standard|13:13:40|2021-09-02 23:57:30|2021-09-02 23:58:47|269aa5960ef1bdc4

The threat actor has targeted a Windows Server named SVR069 at the external IP 202.60.56.221

Host: 202.60.56.221
ASN: 38044
ISP: Gitn-network
Organization: Gitn-network
Services: None detected
Type: Broadband
Assignment: Likely Static IP
Continent: Asia
Country: Malaysia
State/Region: Kuala Lumpur
City: Kuala Lumpur

Another folder within the archive is empty, with the name gov.my.
When googling the ISP, we get the following result:

GITN is commissioned by the Government to turn the vision of an e-Government into reality. GITN Sdn. Berhad (GSB) is the official network provider for the e-Government and we have a comprehensive range of infrastructure, hardware and software aimed to help enhance, improve and integrat
e your organization into the e-Government

This threat actor was targeting the Malaysian government.
The fact that the victim host was vSphere indicates that this threat actor has gained significant access into the environment.

Hashes:

67375ebcfa13ea7b549fea105aff391d39dcd814bd03b4dc4f522c182070aa00  ./xxx/key.pem
405ee1521bc97fc5d2c45f36f462f678ce0daef2117c40c5923c54b0f3f32685 ./xxx/CmdShell.exe
2452671492eba95a9fa8dc08d87c54d64b4142f04301209dbaa8447808b0e7b0 ./xxx/TaskMgr.pln
7317d236a1d7b132b80b09284a5c31b61371c66d6eee4cbe4597772223c040c9 ./xxx/S-Tools.pln
9b5dfbb6027d28c1a41cab008148e4a98bcd3d6a6d43269cd08dd8bbc366aa0f ./xxx/api-ms-win-crt-runtime-l1-1-0.dll
9bfa883a0a53ed1f3ef5330925f9a8b460569335150e46fa4b15b9913a9594c2 ./xxx/SyncShell.exe
b61a021e4ed6e29f48adef22d58dca2eb30b8f492e6bcbee47c2efbd351a2d51 ./xxx/host_win_x64.exe
0bcbbedeb21bd05efb36d432df7a2062eabdb3639531f62e07cc755be3c25769 ./xxx/kernle
c6acad7eecd63b54c2f12610b273a6bf5b4db737c0f8ce7670e778dd7a394e39 ./xxx/api-ms-win-crt-utility-l1-1-0.dll
90c6921ab9ef94f410db26cc15abf68f1f1b71993e13e110a95afbf718ec671e ./xxx/269aa5960ef1bdc4
f6f5ba59676e706e35adbbc7b946f9067734ff7847bafa4ed55a9557454b3ad2 ./xxx/Generator.exe
b9246fd06b64894d08fbc1d504ea17017da836f070fbd441625c446ab28c7d80 ./xxx/Scheduler.pln
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608 ./xxx/msvcp120.dll
115b9211d5bd978a0abe6408dae2f819b7da04f42f914a1af1fca40eb9ab90ee ./xxx/xxx.7z
b805f965d1a73d34b5b6c694520b2316884fe44c1c2849ed89565e251d50f658 ./xxx/CmdShell.pln
85a702b2a2c6d552a20eacbec38e5ba6e6b170872d6596af475b5bdbe84104e7 ./xxx/Qt5Widgets.dll
855788aa837927ba05b0c352637b49de5b4b22ed05447e8c10a103120c1a4537 ./xxx/DiskFile.pln
59dbe1cabfb0674d6c4d69c7c38b22a9a0ac44fa2473065ac96bd7746289f508 ./xxx/Qt5Core.dll
0104fd31724d08e895f09b1d75bc230f104e4e62cabc9cfe33ef770e14e70d04 ./xxx/SocksMap.exe
2e41310981f08d2dfc7f692a776ab215c9d16d0e6152c1a5a4d8babc82b35e9b ./xxx/Terminal.exe
c6145356da138655e7b1f3a81273b5298c0c9c059afdda230e0742388db8a4f8 ./xxx/Scheduler.exe
0abd032b0fd90d492330480f79993881b1fcde4fc66a2699c3689ef5f1d4a869 ./xxx/qwindows.dll
795c8e66f347cb030bef6d5b2076197c2da6acd24b654e40f2374d66553ab4ef ./xxx/SyncShell.pln
3a5fe5eb657c5dc6e2ecdf41373de0e6399592929930a1771750aadbac52120d ./xxx/host_linux_x64.so
804f94010467936ddfeb18a9f53a4750ddb4857e4a611e1d99c24928f7390f8e ./xxx/S-Tools.exe
ed259a7d769419dcc3c02291ff6ed228e9c39556827b3df4f73e28cd61b43af5 ./xxx/vcruntime140.dll
9e5d937c72c6d5709b907130cf4c2bd12e3427e44d217a2047d461940c281c1f ./xxx/api-ms-win-crt-time-l1-1-0.dll
e798b43c4bb92cf40d25bb9042e167536aa02de8998645a462f2314a3ec1f4c7 ./xxx/libcrypto-1_1.dll
372ed316b3bad2416f1d22117160acdde60327cee23d2cf9d6f6c4379778746f ./xxx/host_win_x86.exe
b3dc986f9821a1d3c0bfd5fa62ff4d93166b9a779c6417a84d9366e9e53b4b7c ./xxx/G1.exe
f3334fd8cde800152651200258dc4719271010677e1a55218c5f24bc6e7c7ff5 ./xxx/api-ms-win-crt-convert-l1-1-0.dll
a8bf9a04af5d74e783d78b8dec6d47f7943c3c06e8c544856f075e78a1d66d2e ./xxx/plnuser.pln
1460f52fca965a5ec0aa186116909963ddd7a7e1bc78dcea28759d0b66e9bcfc ./xxx/fed186c5a12922bc
794353b72b77f934507d0501024e89cdebc97dc40c571769bafaf794fbfaa8a4 ./xxx/SocksMap.pln
6eb4e6d55d329c9d0c7ffc6291969ab5b9605e48efc97455d131300435184af4 ./xxx/TaskMgr.exe
b12dc850a3b0a3b79fc2255e175241ce20489fe45df93ff35c42c6c348df4fbf ./xxx/Terminal.pln
23f27409df8da51b7a61781bccdc0f011decbf57833151436d3e6c78f8524b66 ./xxx/Services.pln
f575fbb2d0fd77f11deaf31f9422bf11c667284e76ecad8b8825d4a861716272 ./xxx/使用说明.txt
8d6abcce9cdebf8636f738bbbad5dfc019a5cec5c865304a1b44dce7da7d0e82 ./xxx/libssl-1_1.dll
a43a33ff200b3a6abe2b5a2081fd75a433a46bb93ec0f4f9480e14026a53f1ed ./xxx/cer.crt
8597f9f239b350b86350f3cdb326bdca49cb23022703fe049f838998a8a32cd5 ./xxx/api-ms-win-crt-string-l1-1-0.dll
15d2aac51ef02eb8242e7c121d4f405237da415e4a05f41a16b8e3640dc27298 ./xxx/api-ms-win-crt-stdio-l1-1-0.dll
ad551e7b9e91a5f79b269baf438dcfde7dd8014af1016ad2358ea3505714cb88 ./xxx/DiskFile.exe
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f ./xxx/msvcr120.dll
348472da6ef03742089181b62364096131bc3b01a009d613b3708ce04c807206 ./xxx/Services.exe
2bce82442f77b087f8b0b9181ade541c3f613b3aa270c54291daaf0efe2523aa ./xxx/Qt5Gui.dll
115b9211d5bd978a0abe6408dae2f819b7da04f42f914a1af1fca40eb9ab90ee ./xxx.7z
f6f5ba59676e706e35adbbc7b946f9067734ff7847bafa4ed55a9557454b3ad2 ./old/Generator.exe
b3dc986f9821a1d3c0bfd5fa62ff4d93166b9a779c6417a84d9366e9e53b4b7c ./old/G1.exe
f6f5ba59676e706e35adbbc7b946f9067734ff7847bafa4ed55a9557454b3ad2 ./G1-Beta/Generator/Generator.exe
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608 ./G1-Beta/Generator/msvcp120.dll
85a702b2a2c6d552a20eacbec38e5ba6e6b170872d6596af475b5bdbe84104e7 ./G1-Beta/Generator/Qt5Widgets.dll
59dbe1cabfb0674d6c4d69c7c38b22a9a0ac44fa2473065ac96bd7746289f508 ./G1-Beta/Generator/Qt5Core.dll
0abd032b0fd90d492330480f79993881b1fcde4fc66a2699c3689ef5f1d4a869 ./G1-Beta/Generator/platforms/qwindows.dll
b61a021e4ed6e29f48adef22d58dca2eb30b8f492e6bcbee47c2efbd351a2d51 ./G1-Beta/Generator/Output/Windows/host_win_x64.exe
372ed316b3bad2416f1d22117160acdde60327cee23d2cf9d6f6c4379778746f ./G1-Beta/Generator/Output/Windows/host_win_x86.exe
0bcbbedeb21bd05efb36d432df7a2062eabdb3639531f62e07cc755be3c25769 ./G1-Beta/Generator/Output/Linux/kernle
3a5fe5eb657c5dc6e2ecdf41373de0e6399592929930a1771750aadbac52120d ./G1-Beta/Generator/Output/Linux/host_linux_x64.so
f575fbb2d0fd77f11deaf31f9422bf11c667284e76ecad8b8825d4a861716272 ./G1-Beta/Generator/使用说明.txt
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f ./G1-Beta/Generator/msvcr120.dll
2bce82442f77b087f8b0b9181ade541c3f613b3aa270c54291daaf0efe2523aa ./G1-Beta/Generator/Qt5Gui.dll
9b5dfbb6027d28c1a41cab008148e4a98bcd3d6a6d43269cd08dd8bbc366aa0f ./G1-Beta/Client/api-ms-win-crt-runtime-l1-1-0.dll
c6acad7eecd63b54c2f12610b273a6bf5b4db737c0f8ce7670e778dd7a394e39 ./G1-Beta/Client/api-ms-win-crt-utility-l1-1-0.dll
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608 ./G1-Beta/Client/msvcp120.dll
85a702b2a2c6d552a20eacbec38e5ba6e6b170872d6596af475b5bdbe84104e7 ./G1-Beta/Client/Qt5Widgets.dll
59dbe1cabfb0674d6c4d69c7c38b22a9a0ac44fa2473065ac96bd7746289f508 ./G1-Beta/Client/Qt5Core.dll
0abd032b0fd90d492330480f79993881b1fcde4fc66a2699c3689ef5f1d4a869 ./G1-Beta/Client/platforms/qwindows.dll
ed259a7d769419dcc3c02291ff6ed228e9c39556827b3df4f73e28cd61b43af5 ./G1-Beta/Client/vcruntime140.dll
9e5d937c72c6d5709b907130cf4c2bd12e3427e44d217a2047d461940c281c1f ./G1-Beta/Client/api-ms-win-crt-time-l1-1-0.dll
e798b43c4bb92cf40d25bb9042e167536aa02de8998645a462f2314a3ec1f4c7 ./G1-Beta/Client/libcrypto-1_1.dll
67375ebcfa13ea7b549fea105aff391d39dcd814bd03b4dc4f522c182070aa00 ./G1-Beta/Client/certificate/key.pem
a43a33ff200b3a6abe2b5a2081fd75a433a46bb93ec0f4f9480e14026a53f1ed ./G1-Beta/Client/certificate/cer.crt
b3dc986f9821a1d3c0bfd5fa62ff4d93166b9a779c6417a84d9366e9e53b4b7c ./G1-Beta/Client/G1.exe
f3334fd8cde800152651200258dc4719271010677e1a55218c5f24bc6e7c7ff5 ./G1-Beta/Client/api-ms-win-crt-convert-l1-1-0.dll
26e5bfe4b0686167e3e4e0aac40cbae03515171d375f91ea563c9c044e9c5cc7 ./G1-Beta/Client/plugin/Linux/DiskFile.pln
0104fd31724d08e895f09b1d75bc230f104e4e62cabc9cfe33ef770e14e70d04 ./G1-Beta/Client/plugin/Linux/SocksMap.exe
2e41310981f08d2dfc7f692a776ab215c9d16d0e6152c1a5a4d8babc82b35e9b ./G1-Beta/Client/plugin/Linux/Terminal.exe
478508483cbb05defd7dcdac355dadf06282a6f2e14342cccba99e840202f943 ./G1-Beta/Client/plugin/Linux/SocksMap.pln
b12dc850a3b0a3b79fc2255e175241ce20489fe45df93ff35c42c6c348df4fbf ./G1-Beta/Client/plugin/Linux/Terminal.pln
c2a0b250573feae45ed9d406d2bbddef8b1735a60c456b9cc10fefed46b71748 ./G1-Beta/Client/plugin/Linux/DiskFile.exe
90c6921ab9ef94f410db26cc15abf68f1f1b71993e13e110a95afbf718ec671e ./G1-Beta/Client/Hosts/Default/269aa5960ef1bdc4
8d6abcce9cdebf8636f738bbbad5dfc019a5cec5c865304a1b44dce7da7d0e82 ./G1-Beta/Client/libssl-1_1.dll
8597f9f239b350b86350f3cdb326bdca49cb23022703fe049f838998a8a32cd5 ./G1-Beta/Client/api-ms-win-crt-string-l1-1-0.dll
15d2aac51ef02eb8242e7c121d4f405237da415e4a05f41a16b8e3640dc27298 ./G1-Beta/Client/api-ms-win-crt-stdio-l1-1-0.dll
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f ./G1-Beta/Client/msvcr120.dll
2bce82442f77b087f8b0b9181ade541c3f613b3aa270c54291daaf0efe2523aa ./G1-Beta/Client/Qt5Gui.dll
  • Copyrights © 2021-2024 blindCyber

请我喝杯咖啡吧~

支付宝
微信