d4b30c1f2c1f10f46037533e5768b6abba1f60a613e779d871c21abe8ef02d48

Analysis

max time kernel
149s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sunshine-windows-installer.exe
Size

10.9MB
MD5

2265b5e06f44918f7c2b8979e0a9c165
SHA1

bbd95e9d1f3c62bf6b05276e5cbe61b5b9dd035f
SHA256

d4b30c1f2c1f10f46037533e5768b6abba1f60a613e779d871c21abe8ef02d48
SHA512

951c8ec6815b7bbdaebf781dcbd61fd402369d9cb37fdfbcca522ebe74cea1f867ad8c69a01979b4f55804844592172ed950b762c48c744205aed6dafc297629
SSDEEP

196608:hKXpNOzxlx+WuRhr2G7uBIqTZnqFhqRC67VJxbYgiVJ3FMYMLec6P:QXvX12K0dTZnqFhqRX9bYgiRMzZ6P

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Creates new service(s) 1 TTPs
persistence

Windows Service
T1543.003

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2600	netsh.exe
3008	netsh.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Executes dropped EXE 12 IoCs

pid	Process
1740	nsF50B.tmp
2312	nsF6A1.tmp
2580	nsF7FA.tmp
2516	nsFA3C.tmp
1192	ns1B25.tmp
2720	sunshinesvc.exe
2472	ns2488.tmp
1308	Sunshine.exe
2928	ddprobe.exe
1184	Process not Found
1488	sunshine.exe
2868	sunshine.exe

Loads dropped DLL 35 IoCs

pid	Process
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
484	Process not Found
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
1948	sunshine-windows-installer.exe
2720	sunshinesvc.exe
1296	Process not Found
1308	Sunshine.exe
1308	Sunshine.exe
1184	Process not Found
1184	Process not Found
1692	Process not Found
2120	Process not Found

Modifies file permissions 1 TTPs 4 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1572	icacls.exe
2012	icacls.exe
996	icacls.exe
1192	icacls.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Sunshine\assets\web\assets\troubleshooting-894850dd.js	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-pausing-16.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\config\sunshine.log	Sunshine.exe
File created	C:\Program Files\Sunshine\zlib1.dll	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\scripts\migrate-config.bat	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\scripts\add-firewall-rule.bat	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\fa-brands-400-3a8924cd.woff2	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\tools\ddprobe.exe	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_packed_uv_type0_ps_linear.hlsl	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-pausing.ico	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-pausing.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\cursor_ps_normalize_white.hlsl	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\steam.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\pin-92c23863.js	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\config\credentials\cacert.pem	Sunshine.exe
File created	C:\Program Files\Sunshine\tools\dxgi-info.exe	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\fa-v4compatibility-09663a36.ttf	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-playing-16.png	sunshine-windows-installer.exe
File opened for modification	C:\Program Files\Sunshine\assets\web\images\sunshine.ico	Sunshine.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-locked.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-playing-45.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\Uninstall.exe	sunshine-windows-installer.exe
File opened for modification	C:\Program Files\Sunshine\config\apps.json	Sunshine.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_planar_y_ps_perceptual_quantizer.hlsl	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\scripts\install-service.bat	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\apps-f0a1239f.js	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\fa-regular-400-5d02dc9b.ttf	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\config\credentials\cakey.pem	Sunshine.exe
File created	C:\Program Files\Sunshine\assets\web\assets\config-7f23f092.js	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\logo-sunshine-45.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-locked-45.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\config\apps.json	Sunshine.exe
File created	C:\Program Files\Sunshine\assets\web\troubleshooting.html	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\Navbar-48ec9d0d.css	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\Navbar-4fa05ff0.js	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\_plugin-vue_export-helper-56074fbc.css	sunshine-windows-installer.exe
File opened for modification	C:\Program Files\Sunshine\config\credentials\cacert.pem	Sunshine.exe
File created	C:\Program Files\Sunshine\assets\apps.json	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-pausing-45.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\config\sunshine.conf	Sunshine.exe
File opened for modification	C:\Program Files\Sunshine\config\credentials\cakey.pem	Sunshine.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_packed_uv_type0_ps_perceptual_quantizer.hlsl	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\include\convert_perceptual_quantizer_base.hlsl	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\scripts\delete-firewall-rule.bat	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\fa-regular-400-2bccecf0.woff2	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\cursor_ps.hlsl	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\include\common.hlsl	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\desktop.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-locked.svg	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_packed_uv_type0_vs.hlsl	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\desktop-alt.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\assets\fa-solid-900-9fc85f3a.woff2	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-playing.svg	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\password.html	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\pin.html	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-locked-16.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine.ico	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\tools\sunshinesvc.exe	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\scripts\uninstall-service.bat	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\scripts\install-gamepad.bat	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\config.html	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-locked.ico	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\web\images\sunshine-playing.png	sunshine-windows-installer.exe
File created	C:\Program Files\Sunshine\assets\shaders\directx\include\convert_linear_base.hlsl	sunshine-windows-installer.exe

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2652	sc.exe
2604	sc.exe
2760	sc.exe
2612	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\lizardbyte.dev\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 305cbed8b775da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000f30101b6d7e94853b4d9c6e2340f56a2edbc6cb6d59f70f382da2144c4043af7000000000e800000000200002000000006ff43986eaa4f024b99f82815d9ed45db635d0bcad88815040c98330465eda220000000f2de6a65279a50107e60174b442d40aae4fb88e308c48c06269456498216447d4000000096fc68bec28e067a42214569962b00dbfb675277f47857981778e3707c50ef7849b009095e33e6096bced64c5037d78fc40f661c5cce0f8abe2e1987d5ae04b9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F90EAAD1-E1AA-11EE-878B-CAFA5A0A62FD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DOMStorage\lizardbyte.dev	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{144528B1-E1AB-11EE-878B-CAFA5A0A62FD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e000000000200000000001066000000010000200000006a6cc9b6e22dc241154bde512f7fe42285135cd829ba065089e56b922db855e0000000000e80000000020000200000000f94820fa73ce23f90d96fd209585fad4f2410277af57e16b7a279ca10b797ea900000003c299ab65af2ca13bd5e4d8ff5ba50f1f87f564cd9d8dca2e132be3dc89006be19c1402235f417bec1ce0692ec44e8f6e93622c2a9646347a2f50b9fab5c9ca25dc9a29dec5036654cc6fd2c09b866f06b11b77a06c69373f0e44064ca2bf20d0a339294504069b3c4e919682c42670282a72cd72860756a0d6710c1da94c51fbcce062c5ac2ab675f361cef9259298240000000dcb4f6cfdd51627947ae99e268dc5150b0ab54eadbe07dad74c2fcece0f9244028570c2a254d6ef28883b415291aaed47871f26bcc8c2c7276e06f48649b0fba	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = d06759e2b775da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\Version = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software	ddprobe.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft	ddprobe.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\DirectX	ddprobe.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\DirectX\UserGpuPreferences	ddprobe.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\DirectX\UserGpuPreferences\C:\Program Files\Sunshine\tools\ddprobe.exe = "GpuPreference=1;"	ddprobe.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\DirectX\UserGpuPreferences	Sunshine.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\DirectX\UserGpuPreferences\C:\Program Files\Sunshine\Sunshine.exe = "GpuPreference=1;"	Sunshine.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\DirectX\UserGpuPreferences	ddprobe.exe

Runs net.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3060	WMIC.exe
Token: SeSecurityPrivilege	3060	WMIC.exe
Token: SeTakeOwnershipPrivilege	3060	WMIC.exe
Token: SeLoadDriverPrivilege	3060	WMIC.exe
Token: SeSystemProfilePrivilege	3060	WMIC.exe
Token: SeSystemtimePrivilege	3060	WMIC.exe
Token: SeProfSingleProcessPrivilege	3060	WMIC.exe
Token: SeIncBasePriorityPrivilege	3060	WMIC.exe
Token: SeCreatePagefilePrivilege	3060	WMIC.exe
Token: SeBackupPrivilege	3060	WMIC.exe
Token: SeRestorePrivilege	3060	WMIC.exe
Token: SeShutdownPrivilege	3060	WMIC.exe
Token: SeDebugPrivilege	3060	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3060	WMIC.exe
Token: SeRemoteShutdownPrivilege	3060	WMIC.exe
Token: SeUndockPrivilege	3060	WMIC.exe
Token: SeManageVolumePrivilege	3060	WMIC.exe
Token: 33	3060	WMIC.exe
Token: 34	3060	WMIC.exe
Token: 35	3060	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3060	WMIC.exe
Token: SeSecurityPrivilege	3060	WMIC.exe
Token: SeTakeOwnershipPrivilege	3060	WMIC.exe
Token: SeLoadDriverPrivilege	3060	WMIC.exe
Token: SeSystemProfilePrivilege	3060	WMIC.exe
Token: SeSystemtimePrivilege	3060	WMIC.exe
Token: SeProfSingleProcessPrivilege	3060	WMIC.exe
Token: SeIncBasePriorityPrivilege	3060	WMIC.exe
Token: SeCreatePagefilePrivilege	3060	WMIC.exe
Token: SeBackupPrivilege	3060	WMIC.exe
Token: SeRestorePrivilege	3060	WMIC.exe
Token: SeShutdownPrivilege	3060	WMIC.exe
Token: SeDebugPrivilege	3060	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3060	WMIC.exe
Token: SeRemoteShutdownPrivilege	3060	WMIC.exe
Token: SeUndockPrivilege	3060	WMIC.exe
Token: SeManageVolumePrivilege	3060	WMIC.exe
Token: 33	3060	WMIC.exe
Token: 34	3060	WMIC.exe
Token: 35	3060	WMIC.exe
Token: SeRestorePrivilege	1644	msiexec.exe
Token: SeTakeOwnershipPrivilege	1644	msiexec.exe
Token: SeSecurityPrivilege	1644	msiexec.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2268	iexplore.exe
1308	Sunshine.exe
1308	Sunshine.exe
1308	Sunshine.exe
2420	iexplore.exe
2420	iexplore.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1308	Sunshine.exe
1308	Sunshine.exe
1308	Sunshine.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2268	iexplore.exe
2268	iexplore.exe
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
3000	IEXPLORE.EXE
2420	iexplore.exe
2420	iexplore.exe
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2036	IEXPLORE.EXE
2420	iexplore.exe
2420	iexplore.exe
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2268	1948	sunshine-windows-installer.exe	30
PID 1948 wrote to memory of 2268	1948	sunshine-windows-installer.exe	30
PID 1948 wrote to memory of 2268	1948	sunshine-windows-installer.exe	30
PID 1948 wrote to memory of 1740	1948	sunshine-windows-installer.exe	31
PID 1948 wrote to memory of 1740	1948	sunshine-windows-installer.exe	31
PID 1948 wrote to memory of 1740	1948	sunshine-windows-installer.exe	31
PID 1740 wrote to memory of 1572	1740	nsF50B.tmp	34
PID 1740 wrote to memory of 1572	1740	nsF50B.tmp	34
PID 1740 wrote to memory of 1572	1740	nsF50B.tmp	34
PID 2268 wrote to memory of 3000	2268	iexplore.exe	35
PID 2268 wrote to memory of 3000	2268	iexplore.exe	35
PID 2268 wrote to memory of 3000	2268	iexplore.exe	35
PID 2268 wrote to memory of 3000	2268	iexplore.exe	35
PID 1948 wrote to memory of 2312	1948	sunshine-windows-installer.exe	36
PID 1948 wrote to memory of 2312	1948	sunshine-windows-installer.exe	36
PID 1948 wrote to memory of 2312	1948	sunshine-windows-installer.exe	36
PID 2312 wrote to memory of 2324	2312	nsF6A1.tmp	38
PID 2312 wrote to memory of 2324	2312	nsF6A1.tmp	38
PID 2312 wrote to memory of 2324	2312	nsF6A1.tmp	38
PID 2324 wrote to memory of 2012	2324	cmd.exe	39
PID 2324 wrote to memory of 2012	2324	cmd.exe	39
PID 2324 wrote to memory of 2012	2324	cmd.exe	39
PID 2324 wrote to memory of 996	2324	cmd.exe	40
PID 2324 wrote to memory of 996	2324	cmd.exe	40
PID 2324 wrote to memory of 996	2324	cmd.exe	40
PID 2324 wrote to memory of 1192	2324	cmd.exe	41
PID 2324 wrote to memory of 1192	2324	cmd.exe	41
PID 2324 wrote to memory of 1192	2324	cmd.exe	41
PID 1948 wrote to memory of 2580	1948	sunshine-windows-installer.exe	42
PID 1948 wrote to memory of 2580	1948	sunshine-windows-installer.exe	42
PID 1948 wrote to memory of 2580	1948	sunshine-windows-installer.exe	42
PID 2580 wrote to memory of 2556	2580	nsF7FA.tmp	44
PID 2580 wrote to memory of 2556	2580	nsF7FA.tmp	44
PID 2580 wrote to memory of 2556	2580	nsF7FA.tmp	44
PID 2556 wrote to memory of 2600	2556	cmd.exe	45
PID 2556 wrote to memory of 2600	2556	cmd.exe	45
PID 2556 wrote to memory of 2600	2556	cmd.exe	45
PID 2556 wrote to memory of 3008	2556	cmd.exe	46
PID 2556 wrote to memory of 3008	2556	cmd.exe	46
PID 2556 wrote to memory of 3008	2556	cmd.exe	46
PID 1948 wrote to memory of 2516	1948	sunshine-windows-installer.exe	47
PID 1948 wrote to memory of 2516	1948	sunshine-windows-installer.exe	47
PID 1948 wrote to memory of 2516	1948	sunshine-windows-installer.exe	47
PID 2516 wrote to memory of 328	2516	nsFA3C.tmp	49
PID 2516 wrote to memory of 328	2516	nsFA3C.tmp	49
PID 2516 wrote to memory of 328	2516	nsFA3C.tmp	49
PID 2516 wrote to memory of 328	2516	nsFA3C.tmp	49
PID 2516 wrote to memory of 328	2516	nsFA3C.tmp	49
PID 328 wrote to memory of 1620	328	cmd.exe	50
PID 328 wrote to memory of 1620	328	cmd.exe	50
PID 328 wrote to memory of 1620	328	cmd.exe	50
PID 1620 wrote to memory of 3060	1620	cmd.exe	51
PID 1620 wrote to memory of 3060	1620	cmd.exe	51
PID 1620 wrote to memory of 3060	1620	cmd.exe	51
PID 328 wrote to memory of 2524	328	cmd.exe	54
PID 328 wrote to memory of 2524	328	cmd.exe	54
PID 328 wrote to memory of 2524	328	cmd.exe	54
PID 2524 wrote to memory of 1800	2524	cmd.exe	55
PID 2524 wrote to memory of 1800	2524	cmd.exe	55
PID 2524 wrote to memory of 1800	2524	cmd.exe	55
PID 2524 wrote to memory of 1700	2524	cmd.exe	56
PID 2524 wrote to memory of 1700	2524	cmd.exe	56
PID 2524 wrote to memory of 1700	2524	cmd.exe	56
PID 328 wrote to memory of 808	328	cmd.exe	57

C:\Users\Admin\AppData\Local\Temp\sunshine-windows-installer.exe
"C:\Users\Admin\AppData\Local\Temp\sunshine-windows-installer.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://sunshinestream.readthedocs.io/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3000
- C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsF50B.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsF50B.tmp" icacls "C:\Program Files\Sunshine" /reset
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Windows\system32\icacls.exe
    icacls "C:\Program Files\Sunshine" /reset
    3⤵
    - Modifies file permissions
    PID:1572
- C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsF6A1.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsF6A1.tmp" "C:\Program Files\Sunshine\scripts\migrate-config.bat"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Windows\system32\cmd.exe
    cmd /c ""C:\Program Files\Sunshine\scripts\migrate-config.bat""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2324
  - - C:\Windows\system32\icacls.exe
      icacls "C:\Program Files\Sunshine\config" /reset
      4⤵
      Modifies file permissions
      PID:2012
  - - C:\Windows\system32\icacls.exe
      icacls "C:\Program Files\Sunshine\config\credentials" /inheritance:r
      4⤵
      Modifies file permissions
      PID:996
  - - C:\Windows\system32\icacls.exe
      icacls "C:\Program Files\Sunshine\config\credentials" /grant:r *S-1-5-32-544:(OI)(CI)(F)
      4⤵
      Modifies file permissions
      PID:1192
- C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsF7FA.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsF7FA.tmp" "C:\Program Files\Sunshine\scripts\add-firewall-rule.bat"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Windows\system32\cmd.exe
    cmd /c ""C:\Program Files\Sunshine\scripts\add-firewall-rule.bat""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name=Sunshine dir=in action=allow protocol=tcp program="C:\Program Files\Sunshine\sunshine.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:2600
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name=Sunshine dir=in action=allow protocol=udp program="C:\Program Files\Sunshine\sunshine.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:3008
- C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsFA3C.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsFA3C.tmp" "C:\Program Files\Sunshine\scripts\install-gamepad.bat"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Windows\system32\cmd.exe
    cmd /c ""C:\Program Files\Sunshine\scripts\install-gamepad.bat""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:328
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c wmic product where "name='ViGEm Bus Driver' or name='Nefarius Virtual Gamepad Emulation Bus Driver'" get Version /format:Textvaluelist
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic product where "name='ViGEm Bus Driver' or name='Nefarius Virtual Gamepad Emulation Bus Driver'" get Version /format:Textvaluelist
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3060
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" | find /i "ProxyEnable"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Windows\system32\reg.exe
        
        reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
        5⤵
        
        PID:1800
    - - C:\Windows\system32\find.exe
        
        find /i "ProxyEnable"
        5⤵
        
        PID:1700
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c curl -s -L https://api.github.com/repos/nefarius/vigembus/releases/latest | findstr browser_download_url
      4⤵
      PID:808
- C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\ns1B25.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\ns1B25.tmp" "C:\Program Files\Sunshine\scripts\install-service.bat"
  2⤵
  - Executes dropped EXE
  PID:1192
- - C:\Windows\system32\cmd.exe
    cmd /c ""C:\Program Files\Sunshine\scripts\install-service.bat""
    3⤵
    PID:2568
  - - C:\Windows\system32\net.exe
      net stop sunshinesvc
      4⤵
      PID:1584
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop sunshinesvc
        5⤵
        
        PID:1712
  - - C:\Windows\system32\sc.exe
      sc delete sunshinesvc
      4⤵
      Launches sc.exe
      PID:2760
  - - C:\Windows\system32\sc.exe
      sc qc SunshineService
      4⤵
      Launches sc.exe
      PID:2652
  - - C:\Windows\system32\sc.exe
      sc create SunshineService binPath= "C:\Program Files\Sunshine\tools\sunshinesvc.exe" start= demand DisplayName= "Sunshine Service"
      4⤵
      Launches sc.exe
      PID:2604
  - - C:\Windows\system32\sc.exe
      sc description SunshineService "Sunshine is a self-hosted game stream host for Moonlight."
      4⤵
      Launches sc.exe
      PID:2612
  - - C:\Windows\system32\net.exe
      net start SunshineService
      4⤵
      PID:2188
    - - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 start SunshineService
        5⤵
        
        PID:2496
- C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\ns2488.tmp
  "C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\ns2488.tmp" "C:\Program Files\Sunshine\scripts\autostart-service.bat"
  2⤵
  - Executes dropped EXE
  PID:2472

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1644

C:\Program Files\Sunshine\tools\sunshinesvc.exe
"C:\Program Files\Sunshine\tools\sunshinesvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2720
- C:\Program Files\Sunshine\Sunshine.exe
  "Sunshine.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies data under HKEY_USERS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1308
- - C:\Program Files\Sunshine\tools\ddprobe.exe
    tools\ddprobe.exe 1 ""
    3⤵
    - Executes dropped EXE
    - Modifies data under HKEY_USERS
    PID:2928

C:\Program Files\Sunshine\sunshine.exe
"C:\Program Files\Sunshine\sunshine.exe" --shortcut
1⤵
- Executes dropped EXE
PID:1488
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://localhost:47990
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2420
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2036
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:537622 /prefetch:2
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2368

C:\Program Files\Sunshine\sunshine.exe
"C:\Program Files\Sunshine\sunshine.exe" --shortcut
1⤵
- Executes dropped EXE
PID:2868
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://localhost:47990
  2⤵
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

File and Directory Permissions Modification

T1222

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Sunshine\assets\apps.json

Filesize
295B

MD5
4dec1cf39b94cc2a310bef765e607724

SHA1
28339e691fd5036eee4aa2fad0853f5804e437c9

SHA256
6aa14f95e7ba22b05a06acb24c077df2b0959de43c201a686a5ef5a628fd6de5

SHA512
6b367a03dbd199d7d2f7effa02e681c44130ef195aa41ec3e727a631221b8e92ec354aa8fa69d09d25d0aa2a81e2a01f5c3e2a9ab86a5723c9bb8548b7bfd62c

Download Submit
C:\Program Files\Sunshine\assets\box.png

Filesize
680B

MD5
59745f1e7bbf3fe5654a83cde6790c62

SHA1
33513094e568b477f03c698964611b5be20204b2

SHA256
d9164ebd069b5f735eb8efc557801778498da37f572ef70e3d35604739e6c613

SHA512
a66b09dc6abde9e32ed04b8b4135c5f14901d2b6b574318922aa0087ec0c20f1dbe06701b09904d8432a44dd18ff952d52ba6c1ef769f50f2b2ecff8174eab5e

Download Submit
C:\Program Files\Sunshine\assets\desktop-alt.png

Filesize
8KB

MD5
ba6801478a9c11ea2befe4568d960df7

SHA1
a8132d0b16d0cbe295e75f329cdd796841c5560b

SHA256
d78b2200827aee21f1d5549e229d8629d711558348737b1dd6456ebf30b1a418

SHA512
e7e13fca09420634955ab2ab9cc638b096d83da96d3a4ef3e0c42851ce5d495be7997e53a32d280fc6146ed4c24e505020d4786569cad81a3b62f59380985c4c

Download Submit
C:\Program Files\Sunshine\assets\desktop.png

Filesize
8KB

MD5
ed4554d88f9e29f610fa9187d71972aa

SHA1
07335966af06728a4559a3648c5648ec9f961d36

SHA256
477c3fbcd1e9c796a0e23bd201220706c30cd787e5be5753f9e0d385b7577761

SHA512
d951b5e962f158734d24f41be35084f851cd836b8ff1ba1755688589adb292ae4e30f4d347a652bd9b70bd01fe1ee836e38864133496c546b4c6a6b4c0b1eb67

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_packed_uv_type0_ps.hlsl

Filesize
126B

MD5
920bfd762632909d51768df25483356c

SHA1
c01c7218a1c92c9323d2efb6a51b5224d7384fa3

SHA256
897bc37d0319b5400e142ee5d04c7dd260af1071040b4d8f0bb6dca90c510a3e

SHA512
6426c87984968520fcab63567746dcf851ec72ae63278bb96c160e1d70bbc0acb0c81319cf53a64a3066baf4cfa1ae706e8068e2e0a564b3abaaeba6872b7cae

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_packed_uv_type0_ps_linear.hlsl

Filesize
133B

MD5
7ba99f704e3d336b7da19ec698373f18

SHA1
fe51c72f2839443efabd925160d32032a0904d93

SHA256
c0a67152c118e59c7b19bb55d180b3dbc7fc5841fc93688d799bd572f62997b8

SHA512
cb7d6218e4945eb5acdc91b9ecd90e9a02411bfc8bd6433d8680126c07e6666efcd5ebcd896b4a2f8d8dd1826ffba676243408f6cb2e425342d71ecebbcbf1a7

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_packed_uv_type0_ps_perceptual_quantizer.hlsl

Filesize
147B

MD5
770e5f40434c5b20dc0e4684a3869044

SHA1
708f87e3f9fe5617dc526c444acbe3bf6ab8aceb

SHA256
d5f937713422d2122bf57f482cf14c9b7cf70dbdb2e7a881742334e22fd951f2

SHA512
00fede04b8f4a8615441134acbc8add4782f98cb972ee22976420785a0461da7600003281eb72dd99fb769fc14cb309fc7ea041e4827abd0d380c94974d68a36

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_packed_uv_type0_vs.hlsl

Filesize
396B

MD5
87394b1fe823d0f44f53de4c401b515e

SHA1
14a1c1cb611fa88e4e321bec1a22148652a55ed1

SHA256
f41d68fe1cfb57ec0a7feea1fa39d546673f19e1a858181d2a5e4852acd3f260

SHA512
457cef08eed6d85989083c6fa76d3b57e73333f4a6f0781c270b1a26c82d138538567b658d897c9cef7f49a4b1ddfb778914b9e990355c9b138e80bc7953514a

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_planar_y_ps.hlsl

Filesize
97B

MD5
a0189ee10a7066186095ae31703c4f5d

SHA1
11ed45f663215994276d15bb5506147c21e134a3

SHA256
38a257893b34d9854a033e353584242820e586ddb2d8245fd43aae182ef38360

SHA512
ecbbb6a313c297fa2d9ab310652b28123c3ebef42f8a575396d93f98ca85f4de014f0187a3eab630a809b01b7b8bd86d1f472cc87e5821ef801838130281d7ac

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_planar_y_ps_linear.hlsl

Filesize
104B

MD5
ccf41a6c14f7f15f15be17b06b27afe9

SHA1
6f08d6f1ae5469d0b4092535ecf43a8df61bc43f

SHA256
5778fc50bc74b44b752273a24b262ed0f960ccfa5f92c2dbf8a06589f614d43d

SHA512
553187fd79339b32a4b4035d01996b25a681ac4eef42df62aaf60717c979ae2b2eee3bdbdaa9035af8d2a513ce0a8d4f53459a9f2d9e1a8104a8eaab13c15f06

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_planar_y_ps_perceptual_quantizer.hlsl

Filesize
118B

MD5
afac5679472a0d41e358f4d3a2356843

SHA1
a33b6156b05a0809b39d3d5fb6637f50883b2965

SHA256
cd21ae3a466040e6ab59713b625ee7a8edf07a83a89bdef3a044ba04e839943f

SHA512
72ffcb3a817da49f70c93ac32c8775c8d3e000cea24e12ceb3b416a1de11e5a73eb24cba378536615d0ae2ba861114858138133e2d78785f4c4f27d4dfea7ba0

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\convert_yuv420_planar_y_vs.hlsl

Filesize
263B

MD5
2204bc27502cd5d11688560386d08bee

SHA1
2b7b20b6f3fa624d39ab56059357d194490181b6

SHA256
e029cdc9b794ac859a787f6e73f357fc62efe1f6cb161ea59b43b874428e81c0

SHA512
282d7221221fc5f15f5ce4050eb3efedbe831abd30684b77ea8e5719c43491b017fdfe616fdabc000b5faad1b05d7bdec9cf311379b8759f43f9b86e76abe579

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\cursor_ps.hlsl

Filesize
229B

MD5
de9e70303529910e180611cafef30a0e

SHA1
a9c3f6db7ceef7d2259f42da3bdd80232788f823

SHA256
3ec1efcb2157233ae997f16633383a239a8d2399ca170d3fa12a6d5c09662662

SHA512
930c47c4ba438066654be1aded191e3e4b60a36960ea70c9a50455a734656273fb8a9f366f5703b2de9d94943c3d417570a986a5a754c9c46dc1ee7419f5128c

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\cursor_ps_normalize_white.hlsl

Filesize
396B

MD5
ed2f2e42926ff9b7174bb8226891a64d

SHA1
db7b600918f7cfbb8aa3706b7f05b1d008bf2b6b

SHA256
9609bdf0965fafce8958dcdd8ecf68c81b56f256a01962d3a90aca765ca4fe83

SHA512
d4ad0a44d328dbc820b56997d14e4d9b75e259ef6f3e92feb40f88b309ca0c29e80e62888cd66290ee12df9132706409ec24e94e5c7196e5c1f66dc10402b72c

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\cursor_vs.hlsl

Filesize
263B

MD5
47f6811c033f6b24fbc4ad1483fd5535

SHA1
05bd9a974d77fb3e8438852178fe0c6e8d914945

SHA256
68deb54ff6873a33e8c7b65aaa6a3e2adb58529ce3a6858d50317c352d295809

SHA512
9d4cd74638fbc9782a623ab8a17e920da14e00712b6cd8a0a46b960739c124dc4f8dd80fded1b494ae99f6d7b2b9ebec2fd6eb2c577692677e1e426a763e3463

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\include\base_vs.hlsl

Filesize
1KB

MD5
794bbe4d1b833770b705acadbc653c4b

SHA1
5e2aed2e00ebd207f08657dabf82f8aa1f1fb41d

SHA256
05a76e53633eaa52804278cb27640e4bae2752c6380c6571ce23f470af162a1e

SHA512
ccf5085232d4192834872cce682a74eb78f65f2ceb7896b44af9cd645a97234168323787dfcacbb45003bedd49891f3f335a51654ab14f2a98e027828407deb1

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\include\base_vs_types.hlsl

Filesize
317B

MD5
faf9a9a13141e6363688cda0b37acd79

SHA1
b5a11efe70977fbb66897b725887af2e0bb6ec59

SHA256
663eb326ff7c0aeb222bb224f7d78ad7749137451c91cf33c9c3f3c4dcd3b051

SHA512
c056333606eff356ff3838f2648d73627081b9b5f11112a1a8fd16b9e039f7ece95237537ebffe3dc9b3f6cb815c5f30d9ac2953da2c35ba2909ecbb7c0857d3

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\include\common.hlsl

Filesize
1KB

MD5
ace9dfb404a47d0f8501f159e9140615

SHA1
50d0bffc673d8ceecbcb3a2252bd050e1ca4f76b

SHA256
994090a79b7be68db00e72ed9d5dc50ca76e633e2658d84c1f1f5fa7284a3a16

SHA512
ab1710dc52642e2592a52adb397e169164a61e7d27f7b583da03d76f5da7a66db578264fd1c4154d3de9060ea21668f88632371a4e97760d5b29a4d66e0f6402

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\include\convert_base.hlsl

Filesize
35B

MD5
b8bb3b4128e8be1577e3054188a9dfc9

SHA1
58c44cd7ebdd3b42b5563f1fdc4b54112596cad8

SHA256
08c17550d9e6a4428585afed515e7f08ae5e685cc0434cf6ed9ee7845a05a07c

SHA512
23ecba2f6085c009ad5fab7052a78aa369a8aeba2c0964b059ba0c349d37a13b3a9ed6c32bd96e9eea62d4135f8f97ca4089860a51e02f829529d07cd2c67d10

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\include\convert_linear_base.hlsl

Filesize
124B

MD5
ff6ffe8bbdb89e871cf2b0963406bb0d

SHA1
01ef0e0b16f15bafb38c6c614a8f90be831967d4

SHA256
f1b1550980b607f0d57cde69feb16789cf71f16b3f6588d2eed0bb4f07c10372

SHA512
333aafc389bdbb328dfc243fd2cc074cfdb6acd5c3e419ebd7f95b27b2af8cde9990a11a93d92aec555b9b343da6e4dcd21e6843572c9a852ba962a44c1574f8

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\include\convert_perceptual_quantizer_base.hlsl

Filesize
74B

MD5
2c9c3b1173f8519bdf19a7dfda30f4d7

SHA1
762db0a8f99c55b15048ad66fec900a34e12cfd6

SHA256
28f1df6f42f3ffbf4e321e7460b8c50d6bea0271e255f3c9c0453dad33e7395c

SHA512
ae4dfaf3b7f673911dfa10958387d202cbaf0594879342973b320ba6d9a38cfc7413e0eec04477725744c222d72f8719d5ab6da527adae62d168bfdcb110a3df

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\include\convert_yuv420_packed_uv_ps_base.hlsl

Filesize
1KB

MD5
f75a65f52324a9bd1bfbe3f7c9b9637b

SHA1
d042e88b0ca00e3ad7d03975d3c77ae1ade091fb

SHA256
c332cb3fb2e2f8ad1346574cd7fd613c12c37daef2188b92acdc6a774ff1183b

SHA512
499f24444f47739166837fe58590a6d9a21513af968283ac3e3dd584ecfd83aca201f8142a4959ff5b088703dc3dcb19d61f92b4ff48919a7e58641311d748ff

Download Submit
C:\Program Files\Sunshine\assets\shaders\directx\include\convert_yuv420_planar_y_ps_base.hlsl

Filesize
526B

MD5
15b9ae307e623da0ff120b483bc8d4d5

SHA1
091410e80b476633697bdff0782391aeb0e863b1

SHA256
136743a99284d18774b2b1cfcfbf9724d34e0817afb266a4fe479ab5afff7867

SHA512
345fd38a256b84d742048b4982bff1e91f6575e845ea2ade5f44921b3a988b65f1af2650def69f7b129249af664a1853718d29486d3b7f85f39cdf68741c610e

Download Submit
C:\Program Files\Sunshine\assets\steam.png

Filesize
24KB

MD5
f580399d977c674150f26498a2701387

SHA1
4afde6c42e990921647b73685a0ff982e887218d

SHA256
ed59b134e64597baeb109a3567ad7c29936e77d0074398a5ad23606fb48d3108

SHA512
7c47126a34086aff652737a291e7c7b6de92591ddf4080e2b23428b5fa7cb74d2aab378bf3bc15e90990b4ca2f874f353e06c5302d425e0f62746517a073c647

Download Submit
C:\Program Files\Sunshine\assets\web\apps.html

Filesize
17KB

MD5
62004cee42a310adb6d4d98b2b90f414

SHA1
bd8a8892452e486590b19feb5a032c8c969078c9

SHA256
1765e7e95e1c652c3339c99a89f61317b4a53010508d9f80252e96794800fbaf

SHA512
2948bc3fa8b5710b31aeadbc7cc7f8fa624a5db3b5043c4fccd11d22fa89a75c81d1f8664e0e228899b1f1606aa95d775fce9f1193f469a3c722a8534d1d7523

Download Submit
C:\Program Files\Sunshine\assets\web\assets\Navbar-48ec9d0d.css

Filesize
72B

MD5
cce38d090763b078000ab271ab76bbd2

SHA1
4ce402dbaa747864745f2ea0a4e0937f6a6eeefe

SHA256
48ec9d0d09077a5abc105953edc0091ae1b1e7e7c3b57a8ffa9b22839701be79

SHA512
d490c28fef62f542e985fd5e5821873647f223525031ad592b3223d6cea4dab347b8e55b581e554d0641ec4f4a2da4dd221baa79b6924a28983dcd15cd58afe4

Download Submit
C:\Program Files\Sunshine\assets\web\assets\Navbar-4fa05ff0.js

Filesize
1KB

MD5
4e219faa0902658854202b184925e251

SHA1
9f55cb7af469b5c35f3e702e0afd0ce7eaea8183

SHA256
d3f5489b37d6930878da6f1d1f5d20b8cc21d5effefe7824314febadb1c3cc20

SHA512
3891eb1097890ce2ada7bba39e88630ff0d7116487c329a064f007f8e8bb33375e97694728077c42a79d95519883e9717826cb313f8ba79b539a6adb76688160

Download Submit
C:\Program Files\Sunshine\assets\web\assets\ResourceCard-85906521.js

Filesize
1KB

MD5
273ebf7f717523c72b9d6712c58329f3

SHA1
2bdbbdaf4a57e8b765130336cf15249c264c6170

SHA256
5d4abcde037a25e870c92b16ee3c4320652f5c0d985172deb699e1b31790faaf

SHA512
615b08dbed70238b7030742cf024cb709ecf784ef41aeb93852fcbdc3b27390c788f67e6a2855af7fb9055e621409e6afad01b914c95b7570f5e4c1e7b0a0254

Download Submit
C:\Program Files\Sunshine\assets\web\assets\_plugin-vue_export-helper-56074fbc.css

Filesize
97KB

MD5
8b2bf0ee1ab72316ba4b34a23b450c0d

SHA1
b762343d1878c077d7703e3c67047c76a5aff08d

SHA256
8e5d8df548d77eadd2a150eaf92d786e75a272c8824fcd68fcfad5f8753eb4bb

SHA512
78d83e23b19e2485b3d201fcd70145fe776595dbf07bc198bbf9e5ea2fba2d05095ca8c79aa199c93f31b855a4715399f6e4d2e43accec6c0913eb16fe236aa2

Download Submit
C:\Program Files\Sunshine\assets\web\assets\_plugin-vue_export-helper-63b51ba4.js

Filesize
113KB

MD5
bf94f7e76db2d1cd5ca0371beeee997d

SHA1
c6612748fa1cfbf1ff5ac55951bf10d7d2286275

SHA256
0600803cf13268776be15703d576fc2aba00df05ae48081e1d0658f36a82fd8b

SHA512
29a3ff08c04e7b36281bbf3433074ceb09e4fa96ea1675ed68d1f8081ebf81c33f3230eeba8c7b8fa1cc11d4499ebaa0f9a84f9b5dfc01bb67688484061675d6

Download Submit
C:\Program Files\Sunshine\assets\web\assets\apps-f0a1239f.js

Filesize
83KB

MD5
fd955e4cc910555c715d3673b506c4dd

SHA1
2505e659389c1b1df6a56b53df612184bc1e4643

SHA256
f42cf7750a4ee5f02e0489ee9096971b7350df86e78bd8044f9995396addea5e

SHA512
9704d049bad2b06d685244f0acdc59e4761c7623058c223a9cc033386a6a3157cfbcb808db9b3923f5a2517db3d7cb3b0b0b6c5cc6ac855594480e902f37b31f

Download Submit
C:\Program Files\Sunshine\assets\web\assets\config-7f23f092.js

Filesize
4KB

MD5
7f0802721dbec091d0d4ac48dda72a5b

SHA1
b0dc922679efe92cfff42c8917da0c5a13189aa9

SHA256
582d1a58ff955d7e52d4ff836caca0fac12df6e712f15498408531a1300a1956

SHA512
2bd79b6a682913e1318088b70180e6767de1166e81c2361685c7c81774b50f473f7b645015918f27555b924ff70f03763ec803a79853925894102356fc1ce904

Download Submit
C:\Program Files\Sunshine\assets\web\assets\fa-brands-400-3a8924cd.woff2

Filesize
114KB

MD5
b6356c957274676e6571c1ff5e11c9a8

SHA1
4022f95e001d734ca8f082b8e7627abd205609ec

SHA256
3a8924cd5203a28628716aedb5cef0943da4c3b44e3ffcee90ab06387b41c490

SHA512
83de79c74480fafc62cdac4012ff2a129d8701772ee16216c3d9488826ac21a9c2f8a416fe3208a61bfea7e12c24ac1cc2d26f6d22bd2b0ba39a22d630238b59

Download Submit
C:\Program Files\Sunshine\assets\web\assets\fa-brands-400-5656d596.ttf

Filesize
116KB

MD5
610ff7bc8e864c0ce1f52a883b03bc28

SHA1
2756ab0ab3e745725e9e3a773d052c32f8ab0a25

SHA256
9eb1f139b64019aa7477001d9c95c5cc88d78c3799677762ac7761436065ad52

SHA512
ddacb011b6d00b77b5abfb42cd76bed1f78fd190f4fdcd957400365a2fb4270bdbba59ac792c9323844d53c801afd677f139d113c72abe18919cb9421e5be7c1

Download Submit
C:\Program Files\Sunshine\assets\web\assets\fa-regular-400-2bccecf0.woff2

Filesize
24KB

MD5
023a4a925fa3fce0f66b769ef6bbb264

SHA1
2ed706340547d19c10a409ee02fb08f3d52ff670

SHA256
2bccecf0bc7e96cd5ce4003abeb3ae9ee4a3d19158c4e6edfd2df32d2f0d5721

SHA512
40f3ef2bfde073d33a2d3cbc280fb40ea50dc2b0c3619c8d9717d665351ae219caa5f17ae67cc87e777ff73c1275c1f3778b26e95f19459594d2f42ab95aecc1

Download Submit
C:\Program Files\Sunshine\assets\web\assets\fa-regular-400-5d02dc9b.ttf

Filesize
66KB

MD5
a0cc1c8265e3163aa654a5284ea11ace

SHA1
784b4d493ab9a7996b07e4f9f71674b2f2e43e22

SHA256
5d02dc9b858e3c85a794f87e379857f4fedc4e26cf15001714a9a0e0b1d2294d

SHA512
913c28ddc4deef2b4791d1a78b95e5ee2fe52d62b0afb46c51eeb3a1bc8c1c35a3cacc8e141073d590a5a9b685479796192a49759176fa9b6ba60ba702e8500a

Download Submit
C:\Program Files\Sunshine\assets\web\assets\fa-solid-900-9fc85f3a.woff2

Filesize
49KB

MD5
55ccebb5c9fa2cb2a4d19313939063ce

SHA1
50ee7c70f687e85bd0228d3b2800ba02c6918ba7

SHA256
449bb82fe0b3c1af5ecfcf74eb394f004f872825075a8654d6abd22215d3f7c5

SHA512
b464b2a98ab7092bcaaa5b8ab3aed28728ba42aee6e21d9423fa407904c93e517383c8331bf1b897924e6b31fbb00124c7567fbeb8ac63c247c8333db4368745

Download Submit
C:\Program Files\Sunshine\assets\web\assets\fa-solid-900-fbbf06d7.ttf

Filesize
118KB

MD5
32cf46c14d2b34ffddfd6f6e353c2025

SHA1
bb1de976785f778d131924db99a57f482eafe6e8

SHA256
b40921369c250287feea70fbc83e4287aa87cc3a978fe6de51d3656e29b80670

SHA512
d40d0196cc6c366c6ed1f13806e181233534d16a948213dd2a510e4c7478ea995a0c7c7bf51b74f26fffbe832103cca8ad6d6472fbf8fdaf7c2391632598f930

Download Submit
C:\Program Files\Sunshine\assets\web\assets\fa-v4compatibility-09663a36.ttf

Filesize
10KB

MD5
71808e147dc6d82c198a4ba292c0cb69

SHA1
e47d5bf853d39ec86e62f4897cbcac7dd5c3b5b9

SHA256
09663a36fc05e7190af8324b855105c5bb511ad94f94b81b34afee503279eca2

SHA512
851d6d994ae804567defd4cb114af4d3a06f961f6b016e9e1b0b68f39baf49dfd6304b22b04671dfa242a0eeb4c9c8ea54aa5bf973f0089cbc548c62d620cd11

Download Submit
C:\Program Files\Sunshine\assets\web\assets\fa-v4compatibility-4d4a2d7f.woff2

Filesize
4KB

MD5
c9e50ccabe9e36f370272197595ea1e5

SHA1
7009126c938f8dad77426a5b44bc21685ee8dfec

SHA256
4d4a2d7fd1c6684845cb174fdd7fc073bd64cb741286fb247f8b76c2b7b852c4

SHA512
005d607ed3e65f21a7a878c85c2ba429a0985a7bff1d3c1dc0d65421c81dbfdc06229f3b65e6bf19f1efe224878a5e902d80928fe1385a2f8eedae2ac7dda549

Download Submit
C:\Program Files\Sunshine\assets\web\assets\index-4db940ef.js

Filesize
1KB

MD5
2f6beda8569364a99046df4c731161e2

SHA1
c376b931f560a90651e3195a1f6dfafed599c8fd

SHA256
247873149d58c7e7b1610d967624bd788a791de39e2c61f650a5ace4baabbb83

SHA512
915553328924cb5bb76fed3be736fa6f56f9dff58a5b6e413917903ef33d494511254be30d7661f79d07a65e5d3097cb8b9efa0d828224afbce16817e36cede9

Download Submit
C:\Program Files\Sunshine\assets\web\assets\password-537fcfab.js

Filesize
603B

MD5
6210b80ffebc4cf55d7d91398967ab20

SHA1
76e745df31f6ac45fb262482a5b7dd2c3e152380

SHA256
1e9f25b449b5a4a05b6e5813b4e2bffd797ea5e04e8415f4b87c14880735103c

SHA512
583f72793e9d6bd6f7a059bb7bb6b27958f883031be1f21412e700b07e75c5ec0ad2c584dfc90e60e5e020826b6ffd5e7943e029148056bed5a63c444db378e0

Download Submit
C:\Program Files\Sunshine\assets\web\assets\pin-92c23863.js

Filesize
812B

MD5
4709d42ed79edd71c24f7052808e4cd7

SHA1
387be79405b71b2f684a576c2b67ae9666b6618c

SHA256
4fd0653707ccd5a8270923f3b1459a9c72e85781063df61da13f660a89fad4a6

SHA512
34a3ef1cef3bef00d27f370c28a564c8910dc62eaac1a2538ccbc2dcf5fb7d961ad94ae02957c1a5e86224f10516fd41925ea874b3fbc3d564c20664a8c59ee1

Download Submit
C:\Program Files\Sunshine\assets\web\assets\troubleshooting-894850dd.js

Filesize
1KB

MD5
3c5196990db9fb8bd773b5b92c3dd6a4

SHA1
1df15c5539aacdefca8d42cc176c0fdf9d1625fc

SHA256
f3e5fc9576c56bc3f446aac20dc5eeb335d8625d00fdaef7433cf517767662a7

SHA512
b2c4dad4debc4003c6b8f268c131a0561007f8a5a029358aa4b18e905c1022bf2e7c4b853008427bcf1e38cd0123663d247f84dc77c649dd3257ff8302832c28

Download Submit
C:\Program Files\Sunshine\assets\web\assets\welcome-e3607f01.js

Filesize
626B

MD5
bc49ca3182c125d94a04e3fba151830a

SHA1
79c8f6e3a02a5392312e2d2596d3c302059e3ff6

SHA256
9d9cb20498db5bc49db9c032445a09b563f1ea0e9ff030a2adad6f28a2a9f2bb

SHA512
c3a398911e24aaf327d1d865b54dc580e18b2989034e5b5b410f7ef43ea2468eeade6ad9bed26caa437fd5292acefa81827cc1a658a65dc127dd97ebdda46bdb

Download Submit
C:\Program Files\Sunshine\assets\web\config.html

Filesize
57KB

MD5
14a2acb295b96d43185f1d238e219da0

SHA1
ae5f3e8a2b2298b10bc2296de5f22dea1b6134ce

SHA256
0140ae253d5bbf74750645b2036ffc226811d432e17c653af6bbe5b5f7dbe7e4

SHA512
a2c86fe2034e5fdc71979e85e970742188812d20ff90f5b22fb67077dd64c832eb1e7326265509f6c485f354bc80d742958e0d4e943989474c9af4e02fa02f99

Download Submit
C:\Program Files\Sunshine\assets\web\images\logo-sunshine-16.png

Filesize
643B

MD5
fa3f7772dd06306bcb0a7bfa6015208d

SHA1
0431d4373a4e90de00dfbb01c93b3750675de655

SHA256
e93a8da6f56c14f50f4390a5c6ae77ec916b59e8889c4c059d9e60dc35e77c62

SHA512
1ef2ab1e2158c96a1c7e86303a2e83636f8d885e78f85e6f22aff6d5412a186aaf07d054284b9ded5606fba06453e7b10088785d9206d065cd6ce8b9f6d8b475

Download Submit
C:\Program Files\Sunshine\assets\web\images\logo-sunshine-45.png

Filesize
1KB

MD5
eb0cffa63840332f3207d418f5a59c08

SHA1
bebfb67dd03ffae7c43e7232ba601254e37bf2f7

SHA256
03c4d786461fb6e602817d6ef49664c77c2efb41b050dbf3b520744b96ae2a30

SHA512
aee20c502833fae537a8afa571b016022c3a7211b53f1bda791642329dccef2bd52af9f1917af0db5f5948ab81377da815432dcbec51a5399494c7426780630d

Download Submit
C:\Program Files\Sunshine\assets\web\images\sunshine-locked-16.png

Filesize
650B

MD5
105ff04a7634e1f5a1b2d17515da467f

SHA1
a000936770dfc5620317444540e815c74b14307e

SHA256
723011254a9d6d577e535c01870cf93315f4ece8ed01e111e3115f883605db53

SHA512
077291c59a4693dd5d9b57525b2af545f717e84762d7da33ad3568abc726b32673aaec2b61bb0ee78f61655da18ebe93a45db49706cfd62c84e37673b790a1e6

Download Submit
C:\Program Files\Sunshine\assets\web\images\sunshine-locked-45.png

Filesize
1KB

MD5
7233de7cfb43a2d832c0878c71f60701

SHA1
8ad1513480c81e62def0dabde78725846e2047c2

SHA256
df76e3be5ebfca84b56ef5b0bdb5ec1ec2f115cbeb65ba0066683fbb52f7dd62

SHA512
9f6d19cf6e162088c95cbe8f46a223c974e9154657eb2fb3779924d5c842adebb91158977388b4a1547e6143500d278c15fad230ba5b6d81156624c9d04f8eec

Download Submit
C:\Program Files\Sunshine\assets\web\images\sunshine-locked.ico

Filesize
108KB

MD5
f662b044819af49c8f2e4de6b65bcfd8

SHA1
024a65a0612fd36ef582ff4378ccf86de8ebea4c

SHA256
eac593f5f2a90565b93326a150ee155a30464e04d245233388cd5b8c6ccb944c

SHA512
ef84e115024217f9f07c097bf841e39a7fea123be25bf9a0c4402e5450675f4b596e016b00e7fbe35dd75f931e2c53fa1efede1ee54c4611e5edfba977839342

Download Submit
C:\Program Files\Sunshine\assets\web\images\sunshine-locked.png

Filesize
12KB

MD5
24314e08f1e03674e525bfcaa80d64f9

SHA1
c6d777e194242b2af70578509ff757f4b7d53ed7

SHA256
d2957aea96b07d9459075ebd5885cb6a9873fb242be57627ab52201b7c10293c

SHA512
e768e03914453dfb6db0d2dc9ebfc0b5f9aed978c971a37e3001d08f966f5cada1c7af5b973c067d962982961db89a3202bb1a2b619bf4793502de91248e4c2a

Download Submit
C:\Program Files\Sunshine\assets\web\images\sunshine-locked.svg

Filesize
4KB

MD5
04d66baaef68180bceee12dbc2d377e8

SHA1
333a69879432ce2b8341d878a640f9c0d5b9c6d1

SHA256
6111572504558e3dd753f02515a1c7f792f6223306918e558d4ca05dcf048aee

SHA512
8209f4a3cf91da4ebf280f7be34d8406123aea7c890abdb71c334bd4e7041888082f5cbfe436ca9b23460d7f99809f439074abc29b4a198afb22d6b0005262d1

Download Submit
C:\Program Files\Sunshine\config\credentials\cacert.pem

Filesize
1KB

MD5
82cfbe0d2a1dd451c950cfe089ec6de1

SHA1
e17d937e906551706d8e0cd3e9c47eee44a19809

SHA256
0d5a1391c34f806e5d0641466d9bce6bdae85b05927758a1c10d6e0a15cb6660

SHA512
9c369050a6ce2c044e6a0de98c36b9114437899892cb14afad8f91235d062ec642ca43f3e5240d1c5ed1a0a47f71387d4a97bce07aaa14947b8fc4ad76d0553f

Download Submit
C:\Program Files\Sunshine\config\credentials\cakey.pem

Filesize
1KB

MD5
40c5d261af2b015e9d15f2a3969534fb

SHA1
a5cc2c32886deb02d26495c8789cc0992897f2a8

SHA256
7889015dc0064f4fa03a665b97f3af0884248853f5e4c7be1f3e39b94e4493da

SHA512
407007e47e27a6b4cfe646802eb607649859ec8035f118853e2afa6c39e790d5d036881e6c67b06e11d0b7c9adb0e8b165f567e4e0df28c724aa9b15399293e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32914f827a810c45f19a92c249d342bd

SHA1
d066f417c59789a56153f0bc6cb1feb162789edf

SHA256
6eaf0ca1809509f4fa277bd14a2b7c3ebc74b3a43624d60a60e013929d5be368

SHA512
16c42846c5c62f183760693806152fd5d39d1687152c11f7e6eb1580dde19d71ade817c9f9a2e7e40adc80fdb19cbb5c5184a2240cfed7c857f82d6c684d63fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dccf3cb784c43b8d1e7e656e5e8d0d04

SHA1
e48d6e4e5ed2a444d1d570e402dc3f0a477f2416

SHA256
9e26dacef8f6ec2fbac8a293f229d714b15f7601c52c4e21af6dd833272e3b21

SHA512
3e58d16d9851ef75203d81879a901591325cad4e6121ef68ea3abebf1334f3ec54b63fe8dc8cb59555e3e363278c3bb326a3fa27c5591047452985e979a55c04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1567807a53b7aefff8d0a7e53b8e7f1a

SHA1
dbc9cac2fedc4fe973ef9d9055019a1f5b1d71c2

SHA256
683842dd9f6fd50a0f31c40b0319276d471be8ac99df65aa5c69721cb30df27c

SHA512
a23ba9747a76d69a6c2fc5d4869e7344118ae39cb8fc5a097444307e2abb9d705bc58d5afe7f6195d384ff962dfaf6259faee0a26f12c270208e22740d152458

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8177b46f68bdbe1f446d420f7ac45dbe

SHA1
37b98de14f441bec7ac50afd286586f7957bfdf6

SHA256
28fcb6591832fb5e70b024787bb527991a9e064e21346e9615c98ee211a3363b

SHA512
508a7d51c1e92f7ff91e7c0e0922d689f832591a38ddb77c5f0d025c217244d00ee69fa0aa71d38d2442bd6ac88ea045a9f29d5ed27d60e1ca6eff0c5f6c166d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3144dcd68ce18db0f182813a3e5738df

SHA1
570e4ddd23c1916bd4a325e0ec789bb9b872c46f

SHA256
724cc0de964e68caad60b1ba1a50f3f9d06d59011c77a0e7e6e38d37bdea5b47

SHA512
eceeffa024f7d88b494f2077a03ee3865d579e508ad591e7bd5b1b9f36813e1a93dfe89d071ee98d5960c10ec0ef091d9c2d66fb693cecba3f4f3631ec8a9823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c12d437ca02657259dcd97245457f81

SHA1
9f85dcead972f276e3a4080d4091cbd7b7f5eae5

SHA256
6469c9f53a44700c82dab730b5400c62de30532fd9ece5d104037131f0110487

SHA512
e0e91eb0d4fd3427abf5defc40bc0c0497cbed16d7f07c39c339cb419d16235f438484186592fa6db8441bde7e73062e01363ca7e0651d6c068af88bcd0aa1f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f58783056d1a0c2c76d056271a2d1781

SHA1
3ae94daa4e9da55304b37e216cba9ffa076502f9

SHA256
102369aa6cbcebd248291373f186b5c944f6333cfa4ecb3cdc0f1464eb3c55c4

SHA512
2423454ab622c3203a1bcdaebfa422e6c38f35ff95ab4c34bcfcca5d482edd7415fc4d2c3836db65377d37288561416c65f8e02c16b35004cd720e7a9914e37b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ee76130b22b06a9e6d4e7e9e98a0fe6

SHA1
fd2f5393cabf6740e0c522b85632400a50080c4d

SHA256
95034bbd8833566285f2fa025d017ef8c3e9e4cdaacbbaf641548be145e827eb

SHA512
5c63afd9761f2239e63346c14b1c13121566e13070fb23f68ff0812ef83d6b93bb55f7d66c3f49551c7dc87e44392523b6c1185c80684f78f7510cd01a1016dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23cfc4db433b49be05ee4ba62433e198

SHA1
84417a6468b517905aebb059cb21445d58a11b83

SHA256
8e87359733c80b32fb4607abc016a7dce300d6e3763ce40bdedea4be44dc3e37

SHA512
1139b61df12b0fda9863ae55bd9025b694ef82a08774f3e4c90488bd31ed5222a23ad14e7490182993804a20518d9a1ac750b98eae3d710e829282a1989ee452

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8535e287b0db052be545c3e5e85a59a3

SHA1
af88c1a6d8c23cc5c8438084aaa2e8eaac2e1f96

SHA256
31f5ab2bd827497709e47bbebb4c653f01f210152fa53d9c616a180e7180a591

SHA512
3ebdfbc2f1fa690e3497dea1b33e7cdc707dcbf68bd7d90eaafd34e928d9aa59ad423c5b41a46de812077b95e504fb360c5075313da8cb38e98f7722a600f6f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edbc99b71ddf0ddb396d6de07c148fd5

SHA1
93a2acca14f73574baa1af08d31ee703c8b1295a

SHA256
49c792e3431b6fe7baf0318e446baf68f5a7a6a22ce37abb2c1a13d63f0a720d

SHA512
96b9801ab2b96822333e5cb7047fb0d2639780383dfab16ca6647194061b5108b98bf9bc9f9c9bb9fbc078c5e5ef40304c8bfeaa3c0217e12349ed08229e6fed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
529430477f6d6d940668f7b815108849

SHA1
4e12d08782eb1e9127240af246600aad912fb9ec

SHA256
7b71b1290ceb09f5bfb8e5fc07b2049c655fb7f1db8ac75938f4b0a08c49538d

SHA512
8fcfaafa401c53f7606572d012cb9c5e9ac083a492be47fddfdc1676f5ac8bf0d9f457f192f8c36623327f1b1d42db5bef3b61f1c62e2b82b7f59d693846e72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat

Filesize
125KB

MD5
b9a4defd1abc10a88d8214b899502f04

SHA1
02c5b36a0b470106921605ea24a4e35e3c72b542

SHA256
97b28108b670d1299ad669cffef9efad93fa15107b7eca0474a7349dccc2b9d2

SHA512
2de4a5d6bb99085e5a141da371dce21ade1f61ca7c30deb3c8ad20fad111e51a9e6fd19e029f0e5f339e91ee1fbbf9648f784e8d0c2f0550bbc56d3ed1d1e980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\sunshine[1].ico

Filesize
120KB

MD5
57b84ac734aa700ea97d186039875c0f

SHA1
0155984bfa1977bfaa5c187a93a6ce86c3208d41

SHA256
c89e08407c0b47d4c37f4f74e26f95393b80f2313239b4a320e9a84a468b61e8

SHA512
7051a13b5fe9be321f2b9d3bf1248bbdbf50154dde90d66b905afae502270eab925f5e425f891d1c1a7204ee5d9d3e0c84e0730c438408f5a47d4250e793a943

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFCB8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA37.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\System.dll

Filesize
25KB

MD5
853d33d653fb8622e5fd1aa862d07aa0

SHA1
310561cc0f30657974ab627a2341adfcec84ab92

SHA256
dbeb911118606a36e430e8d8be39e944b80167fb81ccd11c56afafb25747e633

SHA512
6d944929b0a4350aba32b28ef9f26d6c8f1a7c44aade158587829101a110ac7d892a9c5ca4ce60945c8cbd63eb0df63c3e8785c871e85ad22635f0ac80dba70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\ioSpecial.ini

Filesize
1KB

MD5
00423861f7b021922dec240dd6fa3abb

SHA1
5e8e2dc2d3d29d437fe2418a4ba3d1bf0827c1a7

SHA256
2d15fc0e50bcfd0f12a148d16cc5319f488f048fb9c39b5aa31099824332cae7

SHA512
a8d78806418fd1ad2f68c195269c2cb0a5da3951aedf2bf66b6b314dbbdf97c43c7d2818fcfdb470cbd0c5b72c743a772382b1cf76e12b146b209acc13536cc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\ioSpecial.ini

Filesize
1KB

MD5
bd053bb2a8c2d0a3b6b3a28a38e3cb31

SHA1
8c9857e84e665d1f2646500eaba4faf0b55e0be7

SHA256
e82a6c6bd658598b9cbb59d50fa68b401a93690986be24425eaf0ceef3352026

SHA512
ae1bf0b6ce70c2dc64f8fe9fbb251652aeca199d1c03f3997c444e6f4a65b2434a7cb053deeaf1b3309c73a075b63bcbf56706bc24d58a78aeee2269a27f8204

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsExec.dll

Filesize
11KB

MD5
d9624f8a2014d31c4f114b78e20ad6b3

SHA1
0c1b5761bc42372778ab5af27165cc52666924c4

SHA256
1822b4b0c0111e82361ddf3d603d14392d80908c17d51d187bd2aa8d48e104e9

SHA512
db2015d2f2783b1734a8b92154d9fe454d212ff586b66fb235986872b0ee5dc6c6e7d8498fe000097b3fa11aff2f6136dd28b618408d85995602e2664b941c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFA84EF0E69542E1C1.TMP

Filesize
16KB

MD5
c8c9d3f7b6f0fab6777d7e9c7756c819

SHA1
866c0718d7262bc95757b7418aa25a1dccf61ce7

SHA256
82fdd89154bef3ce893b448e35615ca79bc47680b97096b421d4c1f19f33d8db

SHA512
10b7bc57c431345f6afb6a0d36fb34f584ce71cb103f7fb021cf58c6277cf07d9612c09aa5571900ff28401e102482af82ed1b08fd3962444203e3b02a0cc2bc

Download Submit
\Program Files\Sunshine\Uninstall.exe

Filesize
216KB

MD5
7eee847f7fc1e353f37a11c30fd4ee5b

SHA1
5352472aea3888ec3c66c06e2076e35b5f5ccdd0

SHA256
1ffb8dbd3357037229c42c3f870cff5cbea363deb36b26f5d837b25f70b1d276

SHA512
b040db6e73714e0dfcc728acb98fb57b7cb1203f4482ff01fcf44a1aff5a392c9498e1f456f5627041b7c0ce57345b20afb1bd836451caa7f2610f7f30640fa9

Download Submit
\Program Files\Sunshine\sunshine.exe

Filesize
732KB

MD5
0dd6427d47cae7648f2f5100f747abbb

SHA1
cf07a0da5fa46b18f870e8d44ded2841e6d7711f

SHA256
0b1a32cf38035ef6a4c02b948af2c5a500466b932a43cb1ea416458c3f08edaf

SHA512
c18ebbda2c9ac3c635472c3e972d443369c3202059adb5b478292e661a8e622e7ebbaa21514968e0c0d86d170229a1fe1d78bfba5a8d1b99352c17f57d76195a

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\InstallOptions.dll

Filesize
30KB

MD5
ff6cb85adb441e639dc58948651d54d2

SHA1
2ba0514b1e64ce4c13c987c30f1b6e61225f192c

SHA256
bbd81555abbfeff33aacdc8c34c307c2eb680953c7f4c4c02b20a8fe10e88bd6

SHA512
bf4c8e862b548011f7d465c82d3c4bc84e7836c4bcd943ffa6dbfbe95d43fc355cf00936cfc4db34822906212bbbc69271f356b74d70051b52cfb9b74f58149d

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\StartMenu.dll

Filesize
11KB

MD5
3e60c0b440b1ecc21d956e83bcba0976

SHA1
8fc85b2d7b4192105afc73dec15d49280345e474

SHA256
135e5a8272b9732d4b9a798b29adf953b4fe4e802b3f6178896ada530d4ecdfb

SHA512
57c879668f28d29d45b91538e27fafa9628881e1423673402579cf670a5a3fdc3b03abb19feea3655969ce8789e18f70508a78d26174add767738821557a8354

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\UserInfo.dll

Filesize
7KB

MD5
8e1998776ffd1d578a80d603c55721fc

SHA1
48ff2d677739d0f34f6c8cda41258af3989f534d

SHA256
7616de346ee28e4314d8a5bf67575c0010b1b07c93c6c29798f9106589ba25ae

SHA512
90c0800e485bd56177576b1d245457427d15b81b475eca4154a65225b82fe9c2ae7f07b07d48a61a3f622c4b2a2cb0b834a5d0b0b895f5bbf88b5bdead2257eb

Download Submit
\Users\Admin\AppData\Local\Temp\nsi2A1D.tmp\nsF50B.tmp

Filesize
11KB

MD5
0d35158cad33cd0ad3191f0655001100

SHA1
b68a901b71e78c6f3797d10dcafafdc0a08b9172

SHA256
f51cb324b319e6561aca7c0472555ebe0417252b2f0cd8e756eb7c5dab5c61d5

SHA512
c3c7f4bf4d5a7b0a8ace238c8998672aaf436c6731fee746001ecaef873b8c725ac661ede364f0d9d1501ccdf625986affcb5a180e62c713f5c8c12f334e5663

Download Submit
memory/1192-449-0x00000000007B0000-0x0000000000879000-memory.dmp

Filesize
804KB

Download
memory/1192-456-0x0000000000010000-0x000000000001A000-memory.dmp

Filesize
40KB

Download
memory/1192-448-0x0000000000610000-0x000000000073D000-memory.dmp

Filesize
1.2MB

Download
memory/1192-446-0x0000000000570000-0x000000000060F000-memory.dmp

Filesize
636KB

Download
memory/1192-450-0x0000000000B50000-0x0000000000C59000-memory.dmp

Filesize
1.0MB

Download
memory/1308-664-0x000000013F450000-0x0000000141444000-memory.dmp

Filesize
32.0MB

Download
memory/1308-665-0x000007FEF5D60000-0x000007FEF5D84000-memory.dmp

Filesize
144KB

Download
memory/1740-280-0x0000000000010000-0x000000000001A000-memory.dmp

Filesize
40KB

Download
memory/1740-225-0x0000000000BD0000-0x0000000000CD9000-memory.dmp

Filesize
1.0MB

Download
memory/1740-223-0x0000000000650000-0x000000000077D000-memory.dmp

Filesize
1.2MB

Download
memory/1740-221-0x00000000005B0000-0x000000000064F000-memory.dmp

Filesize
636KB

Download
memory/1740-222-0x0000000000070000-0x000000000008F000-memory.dmp

Filesize
124KB

Download
memory/1740-224-0x00000000007F0000-0x00000000008B9000-memory.dmp

Filesize
804KB

Download
memory/1948-93-0x000007FEF7520000-0x000007FEF7534000-memory.dmp

Filesize
80KB

Download
memory/1948-405-0x000007FEF7500000-0x000007FEF750A000-memory.dmp

Filesize
40KB

Download
memory/1948-402-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1948-92-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1948-105-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1948-650-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1948-106-0x000007FEF7520000-0x000007FEF7534000-memory.dmp

Filesize
80KB

Download
memory/1948-107-0x000007FEFB1E0000-0x000007FEFB1ED000-memory.dmp

Filesize
52KB

Download
memory/1948-114-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1948-125-0x000007FEFB1E0000-0x000007FEFB1ED000-memory.dmp

Filesize
52KB

Download
memory/1948-574-0x0000000140000000-0x000000014018A000-memory.dmp

Filesize
1.5MB

Download
memory/1948-575-0x000007FEF7520000-0x000007FEF7534000-memory.dmp

Filesize
80KB

Download
memory/1948-577-0x000007FEFA4F0000-0x000007FEFA4FF000-memory.dmp

Filesize
60KB

Download
memory/2312-293-0x0000000000180000-0x000000000019F000-memory.dmp

Filesize
124KB

Download
memory/2312-296-0x0000000000B80000-0x0000000000C89000-memory.dmp

Filesize
1.0MB

Download
memory/2312-292-0x0000000000590000-0x000000000062F000-memory.dmp

Filesize
636KB

Download
memory/2312-294-0x0000000000630000-0x000000000075D000-memory.dmp

Filesize
1.2MB

Download
memory/2312-295-0x00000000007D0000-0x0000000000899000-memory.dmp

Filesize
804KB

Download
memory/2312-298-0x0000000000010000-0x000000000001A000-memory.dmp

Filesize
40KB

Download
memory/2472-468-0x00000000005D0000-0x000000000066F000-memory.dmp

Filesize
636KB

Download
memory/2472-474-0x0000000000010000-0x000000000001A000-memory.dmp

Filesize
40KB

Download
memory/2472-472-0x0000000000BC0000-0x0000000000CC9000-memory.dmp

Filesize
1.0MB

Download
memory/2472-471-0x0000000000810000-0x00000000008D9000-memory.dmp

Filesize
804KB

Download
memory/2472-470-0x0000000000670000-0x000000000079D000-memory.dmp

Filesize
1.2MB

Download
memory/2516-434-0x0000000000010000-0x000000000001A000-memory.dmp

Filesize
40KB

Download
memory/2516-335-0x0000000000450000-0x00000000004EF000-memory.dmp

Filesize
636KB

Download
memory/2516-336-0x0000000000150000-0x000000000016F000-memory.dmp

Filesize
124KB

Download
memory/2580-313-0x00000000007A0000-0x0000000000869000-memory.dmp

Filesize
804KB

Download
memory/2580-314-0x0000000000BB0000-0x0000000000CB9000-memory.dmp

Filesize
1.0MB

Download
memory/2580-312-0x00000000005F0000-0x000000000071D000-memory.dmp

Filesize
1.2MB

Download
memory/2580-311-0x00000000005D0000-0x00000000005EF000-memory.dmp

Filesize
124KB

Download
memory/2580-310-0x0000000000530000-0x00000000005CF000-memory.dmp

Filesize
636KB

Download
memory/2580-323-0x0000000000010000-0x000000000001A000-memory.dmp

Filesize
40KB

Download
memory/2720-660-0x000000013F5B0000-0x000000013F5F4000-memory.dmp

Filesize
272KB

Download
memory/2928-547-0x000000013F020000-0x000000013F12B000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads