ffd63fe2aeaa91f05bef47b3583290ccdba3f44912ab8b67044f3d58bf817ebf

Analysis

max time kernel
154s
max time network
202s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stormshot.PC.V1.0_ba8f13ebb8.exe
Size

2.8MB
MD5

6aae47cbaa4c56095a1eb0422c1d2ecb
SHA1

34e29d1801d270a2bd7ac02d4ea84c14c553d66f
SHA256

ffd63fe2aeaa91f05bef47b3583290ccdba3f44912ab8b67044f3d58bf817ebf
SHA512

d6b2406922d2618816db55110bf12a8579b69325e0c196d0d2508bafec68a0430acf48482160bf42cca4bd0995d864abfa2425e8e5af794c8d8d1c430fee4cff
SSDEEP

49152:c8ZQVqWu+fqu79LNTRBO1L2VQjJY80KruthaPVu+2zE0y5VCmdAlacRk3Y:vZARtBEqVQq80ThzTzEElask3Y

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\st_global = "F:\\FunPlus\\Stormshot\\Launcher.exe"	PC-Launcher.exe

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	st_ba8f13ebb8.exe
File opened (read-only)	\??\D:	PC-Launcher.exe
File opened (read-only)	\??\F:	PC-Launcher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 3 IoCs

pid	Process
2672	st_ba8f13ebb8.exe
112	Launcher.exe
292	PC-Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	PC-Launcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	PC-Launcher.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Stormshot.PC.V1.0_ba8f13ebb8.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Stormshot.PC.V1.0_ba8f13ebb8.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PC-Launcher.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	PC-Launcher.exe

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st\ = "URL:funplus.st Protocol"	Launcher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st\URL Protocol	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st\shell\open	Launcher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st\shell\open\command\ = "F:\\FunPlus\\Stormshot\\Launcher.exe %1"	Launcher.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st\DefaultIcon\ = "F:\\FunPlus\\Stormshot\\Launcher.exe"	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st\shell\open\command	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st\shell	Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\funplus.st\DefaultIcon	Launcher.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	PC-Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	PC-Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	PC-Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	PC-Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	PC-Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	PC-Launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	PC-Launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	PC-Launcher.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
292	PC-Launcher.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2520	Stormshot.PC.V1.0_ba8f13ebb8.exe
2672	st_ba8f13ebb8.exe
2672	st_ba8f13ebb8.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
292	PC-Launcher.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2464	AUDIODG.EXE
Token: 33	2464	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2464	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
292	PC-Launcher.exe
292	PC-Launcher.exe
292	PC-Launcher.exe
292	PC-Launcher.exe
292	PC-Launcher.exe
292	PC-Launcher.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
292	PC-Launcher.exe
292	PC-Launcher.exe
292	PC-Launcher.exe
292	PC-Launcher.exe
292	PC-Launcher.exe
292	PC-Launcher.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2672	2520	Stormshot.PC.V1.0_ba8f13ebb8.exe	29
PID 2520 wrote to memory of 2672	2520	Stormshot.PC.V1.0_ba8f13ebb8.exe	29
PID 2520 wrote to memory of 2672	2520	Stormshot.PC.V1.0_ba8f13ebb8.exe	29
PID 2520 wrote to memory of 2672	2520	Stormshot.PC.V1.0_ba8f13ebb8.exe	29
PID 2520 wrote to memory of 2672	2520	Stormshot.PC.V1.0_ba8f13ebb8.exe	29
PID 2520 wrote to memory of 2672	2520	Stormshot.PC.V1.0_ba8f13ebb8.exe	29
PID 2520 wrote to memory of 2672	2520	Stormshot.PC.V1.0_ba8f13ebb8.exe	29
PID 2672 wrote to memory of 112	2672	st_ba8f13ebb8.exe	30
PID 2672 wrote to memory of 112	2672	st_ba8f13ebb8.exe	30
PID 2672 wrote to memory of 112	2672	st_ba8f13ebb8.exe	30
PID 2672 wrote to memory of 112	2672	st_ba8f13ebb8.exe	30
PID 2672 wrote to memory of 112	2672	st_ba8f13ebb8.exe	30
PID 2672 wrote to memory of 112	2672	st_ba8f13ebb8.exe	30
PID 2672 wrote to memory of 112	2672	st_ba8f13ebb8.exe	30
PID 112 wrote to memory of 292	112	Launcher.exe	32
PID 112 wrote to memory of 292	112	Launcher.exe	32
PID 112 wrote to memory of 292	112	Launcher.exe	32
PID 112 wrote to memory of 292	112	Launcher.exe	32
PID 112 wrote to memory of 292	112	Launcher.exe	32
PID 112 wrote to memory of 292	112	Launcher.exe	32
PID 112 wrote to memory of 292	112	Launcher.exe	32

C:\Users\Admin\AppData\Local\Temp\Stormshot.PC.V1.0_ba8f13ebb8.exe
"C:\Users\Admin\AppData\Local\Temp\Stormshot.PC.V1.0_ba8f13ebb8.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\Temp\st_ba8f13ebb8.exe
  C:\Users\Admin\AppData\Local\Temp\st_ba8f13ebb8.exe
  2⤵
  - Enumerates connected drives
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2672
- - F:\FunPlus\Stormshot\Launcher.exe
    "F:\FunPlus\Stormshot\Launcher.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:112
  - - F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe
      "F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe" --currentPath="F:\FunPlus\Stormshot" --configVersion=1.0.0.69 --launchExe="F:\FunPlus\Stormshot\Launcher.exe"
      4⤵
      Adds Run key to start application
      Enumerates connected drives
      Executes dropped EXE
      Checks processor information in registry
      Modifies system certificate store
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:292

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4651eb0fa83e1703cfafc822d6816e42

SHA1
91827207112723a6483b11b7026afa546b5d8e73

SHA256
e99916d4d34163821aa14bf5c42f09a89713a42603054a58e8bf5c955477356b

SHA512
f2885e04e1de2390d3771abdf6e5e957d4dfe8ca3fa06ffd6de9eab28c5f91e0cf186e0c52a5e54c4f992b9ead5bbc0e3b006ccb0a9263f6b820dfae8ae45727

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA2EB.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\st_ba8f13ebb8.exe

Filesize
16.6MB

MD5
13b038d39094f9e3bd083eaaa2c15a74

SHA1
329148ae1ff883400a646f1dbeed40ba2c95d284

SHA256
8db047900cde6c173d1e0bffa84f24bc64d18d9b4990c0a5f1f8130427f87958

SHA512
c14ac14120a079027afa84dea35954470378f0c659b9a02e98e54099800932f740858238c53195c840d59943708298a7e96bf021ece39749ab18e0eca3a1c2e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\st_ba8f13ebb8.exe

Filesize
14.7MB

MD5
ee4fccffe31cd07fa1dccc2d2777988a

SHA1
f29352767ba5ac08baa71b27806ebd47bfabc9a4

SHA256
ec58f453ec1e9fabd6dfabc8c9571895165362cfaed4753a5eac6a31a4b94ab0

SHA512
48ec9e4f6d0679a96adaa95b865f15a16d8cf520a8cbef62963d74ae6d266057ea79723e7b074c888a8eacd895fa7c74400ff24b547b0c8993613ed5bdc65928

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\FPXGameManager32.dll

Filesize
1.5MB

MD5
b541fa38053b226b06250b22661379a7

SHA1
64256ea94eb6954fa62c269e0174c50e69294eb0

SHA256
eb135763442b9cdfc7155c010a32004da192b5a7d3fe4e384f1053e04f4eb2fa

SHA512
318f09bce1066d6532ee02b57b19ea5da0c50bfd81dac0e30dbb29109c3409ced5047ecc6743189378afd41ce20db9ae47ed911c18aab13195e8dce42b82e16d

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\MSVCP140.dll

Filesize
425KB

MD5
d4e9ae2301232a7599807ae02023187e

SHA1
af68af4f51c1affd0a8c29b3e707642636374583

SHA256
322af358aad037db8136623586e65fedbba3040b355f76ed34e7aa1763b2dc89

SHA512
5fe2cba77f0c285c519142a71cc1e6216b4ad78077aebf1c3f23e84e4b8fcd7f9cb6363668674869e3bd2c56ffd178b2c2d51725ab38e0a2338e5dc15d7d05f8

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\MSVCP140_1.dll

Filesize
20KB

MD5
ca7c343e1f6ffdacd0818b9e46ad58a5

SHA1
9731858d1cc5f1c1ca3bb2253df8feb9a912b8f2

SHA256
87428634883461f50ef4dc812273dc8822cf608b32ef6f11bcc61223052c1ae1

SHA512
13602dbd97f41dfb32f9c2cb5fcc263fd2663667374372b4414f64f0f56191419a79e74add3286524710d1b75869933cd21c8d8401ff6df6d711dd8efc8800d9

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe

Filesize
2.5MB

MD5
2e53b2a1b9411b73cec8910755cd0202

SHA1
facceae543ffc26502cc9f6bcb018c5aba4196f9

SHA256
942a5649be3a95e0b8084748d788e2d9b28cf1df85f4f45947630bd7d820d0d6

SHA512
6593b3d7ef34f6ec845419c5702c52db49e6e73b5c0c1946070d363c5f3b4a162061551476efe2ffb7e17a229f8dbe5723a3461a74063a6e53b124a4e2c67bb9

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe

Filesize
2.2MB

MD5
ceb1faaa84e20714b785532ace83767c

SHA1
3510ec90a7f164f113f5a4feeb02fba1c3dfe8a7

SHA256
8ae13729e833219fb8e61e912acf7b35b426d03e9e74ad6613f05135dcb1cc77

SHA512
5ac97748822cd19f5ad960a30f218861a54aac26a72ac9bbd950d90b698004a511cafd7d3bfc87dcf44a0dcfebf19cd097d81c558c51fa04d92f84592ba42efd

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5Core.dll

Filesize
3.1MB

MD5
af65458af3525e87550bd230bc743c1c

SHA1
92a4418042bb662274626d64e79abb80fb06ea31

SHA256
56eacbc792fab6ef5348d369bb30ff7926ecb53467ecfaa524bbfaf8a9c38a03

SHA512
32ad85d45e35cf20ddc097233e66eeb3059d688b7c103ea5b03f1fda7fce6448b18a42e5308626f512c3dfd886c1e55d44dfdc24183202e9c9a5d2f0330e8d6d

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5Gui.dll

Filesize
5.7MB

MD5
00375b48f58242be0aeb9fea5db47a34

SHA1
f5ff390642cf75f562aa43e5041b3ecaeae19e8e

SHA256
b5d8b8997a484f342739e15689b4a29389c1cd99e61d8a2ab208bc5644c1d8a8

SHA512
3aa570d2395019bea0be84523a1c81f9a8bc8ae984066f478aa7ff967fbc241f150bc23b0d9bd727a960b0799d84e1d36d46a7bd8e5ff95b60b24a4cc92130b0

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5Network.dll

Filesize
1.0MB

MD5
6ac9a28a6fbc7f48e7504f34b5480797

SHA1
348d596e4566cc99cb7b78ba4e9076ba9d8a1d38

SHA256
fc6179c80db2afb79f67b2f0e39ed1739717129ae30b8b81c6155f17ba83c576

SHA512
a3a5da0bce62d5ec48563b93e4faf59e89162afa8f5c01ae23198490b9b202251baa550582d84d83e51187b93ca77b7bb7a3c3ec07950b283f49e16beb6f077a

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5Qml.dll

Filesize
2.9MB

MD5
2247c7ba00ffd5fb0b8bed697e7e7ab3

SHA1
0977e47d8efb192fd2a05c845e5633109858ea0d

SHA256
61bc4ed1824d6c1327d298a7a788d7ce3d8a2e64dd9e7955fd08088920890642

SHA512
2331e1d1dfb71f1482efd1d5ba4c71e67ca84570e089a020d4cfc9341dc3053bd79a39448ad952b53f9055ca49cbbbd6b0f1d071f96ca5b16a3e3d7fa585949c

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5QmlModels.dll

Filesize
349KB

MD5
b79193c4770635dbc6d578d4bc24142a

SHA1
83aea1916910f865449a2db90a68e9c1cfd22a1f

SHA256
e488c6ae94e9610f8df22a97732c918f3261c32a897c3c357e6fc8995e94810b

SHA512
37f362fe14dfebacf32cea643a59a059f6e6116c6986516c98681b0314290894c9cfc7571d7ce04dbeab93aad5a869eb7ff586a88f7b30606e1ce05a6cd94a46

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5QmlWorkerScript.dll

Filesize
52KB

MD5
0a481a9b25f05852dbadc934633a72c1

SHA1
4f736ee9475b2654bea7209586176573027105d7

SHA256
f5d6d8c34e5129103918b1fa7234ea61870eb7a3d9dc70804a3b1e2359a2c9b4

SHA512
f0731db999329f96385680bebc6d2211e82b3a8655f80523f80d0aae1e6f3e334382fedbf3b6900c5dc89408389890bbdc13d497d1130dfbb911d3e2e0ed97bc

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5Quick.dll

Filesize
320KB

MD5
c756e175c0b0d38149b4775deff0ceb0

SHA1
3fcc8ccc9899cce6e0487ed61607c5a766bcd968

SHA256
9ae998803bda7e38de11fd13316f198b15e3fa1611a081ead194e350aa128171

SHA512
d657f1e97d23c6c56db5754af8f7a2868be0875f4424b3f4d729377aa2f9c8a75187923ae187088e719579675139c9a67d6d00ee72306d81125c2ead5c18eadb

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5QuickWidgets.dll

Filesize
72KB

MD5
a2075c10b993bccd74523823d362a727

SHA1
e2f324e0f29bfa2b4016649aacecb71074e7a835

SHA256
2f3f0142e9b82e5c6d4f84c04578255a957981ee14ac96d76f5b93f0ca1c6769

SHA512
2dfd91deb83fa0ba2115ec8c03cd20515063fcf69a6919e5fa023672251d519664d33e8662670625745f85784445a559133c03a10bc7986859221045bbd07216

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5Svg.dll

Filesize
264KB

MD5
37265e6e2e85b59f9cc85c9b8fba9074

SHA1
f1db159aeb042fc9aa2d017e67a0a384ee9e5382

SHA256
f4453045b5bb77f14ab3ff2e7a05d6aa49681f3120851ccfb8e33660cd2662da

SHA512
ef9de075a05defcd6812bff34f4d7cbbeb9d7c39d17c213ab120b93410b43415be8bbfab78a4c911ffd2e4361df9efcc9e4b21fd725e8e67e49a87f6764a7579

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5WebSockets.dll

Filesize
125KB

MD5
aaeac5122ab6a42e8b186ea771a72cc7

SHA1
26194f8d020d332990f33883294eb51bb8472bea

SHA256
41da80ee11c6d9caffa0ec863e61faf665c0ab3fea5add6febf131d2ad45071e

SHA512
f38b8c176f03c47bb7ed7942edfbcff7be20b1e796c5fa62a4fec2e3c7b664de06989699cd50be9c1cbae3501a9ac854870030576f5a4a8cc1cabf19bd73cf21

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\Qt5Widgets.dll

Filesize
4.3MB

MD5
a372a06ef5d5dfaeca77e54597585e03

SHA1
035c5bc89dd0fbe93ce411ebcb808c5fb50cc63d

SHA256
14230cbb6fcabd799c0269723c0f77dc46d4b89789b3d8eba0920ea217548c5a

SHA512
e68a5df0a1a70f0a11127d071dc528dec43a0d7e34ae568b282f3ed888a674b8ae0c80c0714d7f04fdc4a2fe4e820ae4629bf3429be7ab606784d9107b9f8604

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\QtQuick.2\qmldir

Filesize
131B

MD5
d2cf96786ce59e93a2feb2178603a27f

SHA1
7478dfedcd7ac1795bf4ff2732ef716ec82b061a

SHA256
b6f63056ade6925aa070d3b2bd4133d26e80df4ea2719e81ad90027e19661ae8

SHA512
4fcde288c6a690728f919b70308b3bb2ead62c40223bea14e52ec5f3ef74f5467b1930f419df77d78b8d50e84ec81a1fe78cc9a3b42c4a6d261ba77c654a1714

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\QtQuick.2\qtquick2plugin.dll

Filesize
26KB

MD5
c37e3d04acb53488b1558f3c7f686036

SHA1
5b6a38908a84e3bfa4bb60703ec3b351bcbc5327

SHA256
9aed7aac5e2530221ece8d3a66315e1818b7516d935f43a5554484b4d4d4daa1

SHA512
277f21ea145dc2281eee24f601136a2904ff607b01a9d9262ae6d5eefd0d9d3b6c0a9a3a209c7dbc9d7d7ace0a9d5357803b0370e3353f386c2f0654d868f8c7

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\QtQuick\Timeline\qmldir

Filesize
134B

MD5
8610059f5530f0e4b2111a2e1596db94

SHA1
a2908e9b5b5254d4a190e8ab8f63ab968b6ef670

SHA256
50e526690f8c397d9136436a1b44f1d93ae0363f5dabab98481b8788e42add13

SHA512
cc7c92afeed6a286193b02ae4646aa601462649b3edb634499c4f23bc4cf2dbc33133bb099e563e4198991f9f73f5cbfd8b8c712d94de08eebcab9d7fa2bef90

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\QtQuick\Timeline\qtquicktimelineplugin.dll

Filesize
56KB

MD5
d9d0b9b8a3fe6ba53d8a1ff3759d56e7

SHA1
b1094cf2d378e76799c8d4de530680eef27b20a1

SHA256
63adf5c163f04e8186f0a38676c8fc46649d02acd6a87e5fda6b76b0b47d0cfc

SHA512
9aec692806c215104a5c08fcb4efff0b74c82f81fe1b6fb73c3e12659cc8f03b8831d3d8bebf9fa0bc488c9ca4950014c4f33f3f89baa060bb7f6388356c4634

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\SDL2.dll

Filesize
512KB

MD5
567e2ea868433380e12bfee49b1fce4c

SHA1
06adbf2d1dedbc1f1070a9dc852159cff4d42e80

SHA256
663210f216dd644bf671f767f320d614e0ead4e7d53e690632225ff598e7565d

SHA512
a1fae4f2d6b9626db501128a3c380ab3e69833295791ef431ff3a40138ed0e5aae6a960527659b090ca00c7390d35dff7938ae7ced858a241674df69dd502634

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\VCRUNTIME140.dll

Filesize
76KB

MD5
2cec885177f8e329a314f975806d0e3d

SHA1
942d6525d23833ac51af1fd0cb6c18f0aacc90fa

SHA256
e4989178cb90a65428bcb19b2f1d2c811ab66077b38c0645522d8669b176b99e

SHA512
210d12d8912341e1625bbc603060aaf37ded1fec58fe677b0f92dd5bdc89d1629f29b50f7e95985bda6c7f316790f753dee2305d154ae94f5ee7816886e91fb1

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\avcodec-58.dll

Filesize
2.1MB

MD5
9b732062b097e739b8b4cb3069de4709

SHA1
c580535a1c2c33ce68bcf201c4ef0f98ffec6d1a

SHA256
defb1ea28e890dddb7b182c7497ecd40ef943786cd8d273f7952a6e24951c195

SHA512
7d5d859a38f6f651474837101388aec00b740ac8238dbfdf4fb7dc5dfb9870de3492fe04a23d1a12e8d3aa00fdcc32bb0ce22ad911b496517d3456f62a3448b3

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\avfilter-7.dll

Filesize
768KB

MD5
6e9367fcac06c67127d7d1b7c9d79a58

SHA1
c197ec416c076e0902661519cd8c31f1c8f8b658

SHA256
b621066a8b88e758c4f78e378120204ef5473d099b2d4e534d346143181d7f3e

SHA512
3d76f22f94ce7c7d01798751f68b7a5cf0ae78ab5b39c8864788802a9bf698783b6a76c9c3f8778292f1eb83798c0e3a19c1d4f48eafd1279b2f994820118ab6

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\avformat-58.dll

Filesize
704KB

MD5
b3bbf34d519c37678bc59d30bb713c77

SHA1
797b590f4e634c79121d313a5c5b5aa7b461af73

SHA256
750f311dc714733ae9b63bac90cf92f0c92033fb71ae37e91289220e9ec5757f

SHA512
8da9493c6533df3914763f9013cd93518e64a6579ad114a217ca48c87c2814bdf13747ba8c7dbfc7887d8d683dca31ac72f4673435c227f4c4cae2ca56e6a499

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\avutil-56.dll

Filesize
640KB

MD5
60b41052a192625213696e44c615214b

SHA1
eae79465da62b09ffbb9ea86caa09b82dd62a8e7

SHA256
5f6d92ea508b9c2b8836cc2a757e60657a424d7c40ccfc6edfb3cf66468ac0c3

SHA512
1b4f3c778a34c40850746a113567acefe97c0b45a21479abcfa8ffa81486b119214f1c0692d36589e34bc9dd0a42ba22c9e9127f508b073d64d7477fc21c9449

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\fpxcore.dll

Filesize
6.6MB

MD5
8082299bc394324885eaadaa880c37f6

SHA1
4512b2441622d56089b12273feeb5ab466391639

SHA256
87434863f2a2f89b672adab0d2ba791fc01ba474b7a6ebbf20b85ae761f6a1c1

SHA512
91389a1b1fd2dd2743d88fb666e1a9d855ab3b73c75215be044daeb001a7dc744a82f3ced013e8def4d8449cd0612ebddd26cc04b555e1d3343773bdc747a10b

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\iconengines\qsvgicon.dll

Filesize
40KB

MD5
34732c85bc4f9bb4a4a2297a0aa20aad

SHA1
7e8d22f248e8d23b208807df1c86db99435afe49

SHA256
79e48711e6bdd497e9efc7c423f34f30d742db0aa04c0febd3b214004526a818

SHA512
3cb974eca119d2f521219c9f8037cd484d116a41ab3c8f2886b2219b75ff16c7accf619ba985645d1a8dc2c32c7acb10b03e3169111e786bd90a18fd69267f17

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qgif.dll

Filesize
38KB

MD5
6f1b578054aadf5e184d9153a0537364

SHA1
136c349a97957f406e45a60247fc1d2bd4296294

SHA256
c0964a239ba5b0b5262ac6ed36d41ba4b8c466d5e8cfc8577f8a061197e6272d

SHA512
28cc8d72e524dfbebc6ae35c150f874c082652cc6bc1d99712d0211219e893d63dfefeed8981dd2ed1097cf217d852c50845355d39691045bf19d53fa171750c

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qicns.dll

Filesize
42KB

MD5
3e887a30afb41edefc0651eed9478942

SHA1
5c132f72c3fb02497d565bfe066d1813e4d1e668

SHA256
af8a95934fddaee350425a26206b732567d6f47e52b33853447382e553df1916

SHA512
e9319e42349b491c9afb0ca72a1696f8af15e2b4bc9db0667057fecfd8b4fc7166c7ac4a0d764cd036c0784b5731b881a3da58d0914469b6e5495168172f8a48

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qico.dll

Filesize
36KB

MD5
3f7d35e556b2223286a9c70869192b20

SHA1
5e520e616170b4efd7f37f1f083b8c1613eedf8e

SHA256
004e88375bdf797c20a1fb83bcc461882155c3ce0bc51ef9f99f89beea11858b

SHA512
2158f0851cb08160e57aaba56e7eb7c6cf9d4e2e8104e2a458b23e8f11b468f1ce8950f45b1c85a777aade8c1ab3b53ba80eda4b101bd0689356d736294d8b18

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qjpeg.dll

Filesize
385KB

MD5
7adbe963467564d0e33335f9208209ab

SHA1
9773b6f12728e3e7b388972b5e44bcdbc5eb6d0b

SHA256
dfe1df3c8e7dec4a2e754f48012ccc18baa59b1332fa908a4cc34d09f260d010

SHA512
38f7e3bb4af8ac34abb779f2fbb64c9f96e9070de6385b2cfb381261ea863705d19ae9cb4a975f14f4b0fa62e9a47e1c3a21dccacd89989edc991f7b04b78d8d

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qpdf.dll

Filesize
33KB

MD5
6ec14154abfab839695ba85ba1d0d675

SHA1
7a6b116c5cb09fc6b2d48c0923395baddd7bbbc5

SHA256
7e05e808865b8633ff507482beefee9da290dbe5741bf12f0dae9eaf6faa0fdf

SHA512
e4bcc00221d9b3b9f1efb73e2e95c8c3fc906dc386cda4a3b486936cf62d2679ac291a0e754456d46d972ced7d906685f7778a3227f513f8cd8d0cc2308aba26

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qsvg.dll

Filesize
32KB

MD5
891c2966d58483c0e4b98dceb37d642a

SHA1
b1dbb83e021994b3ab8f3a3f5f9a7b5c7dfd9a1d

SHA256
236085c82fbbe4cc9a4a96a5744916da729cdfee91e89a8b56b68b0e8b831960

SHA512
1948f2bc9fe207ad2d5c2f23366ade8c27271bf6ca090e67c433c9033bde92852b5524d91d71f07a7277b18c1ecec966b0c5d6c6400dfff94c73969e2a7d0200

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qtga.dll

Filesize
31KB

MD5
015dba45aedc50a3ee5737c6bc7c97b1

SHA1
44545cd8ed24081a68f4524848c716f6c00e8281

SHA256
0adfc1901455be8fa9cfe420b0529c9f7a1fadcee4140ec0441256a1bb2235da

SHA512
66ad7811aba986339a2bd806aca7f5f8b33d2d4140e0cea5619642a3761447a2e8ef260cf06e22daf37df5df573b77b830cec9281065b64778a0bae3b5ac8376

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qtiff.dll

Filesize
356KB

MD5
6742a1c8b9687561ff37f385ac492c30

SHA1
5b9d8f698dc1ec47ab791225707db4af59360efc

SHA256
de742e6d940061f32d2dcaedbeaab6006f55b181db16d08faa66fc6eaf1ba8c2

SHA512
4eb40d887b6250951cb14f68918d3e6133367b246692b4d4eaf4c970d823d1183998280c1113e8453270dee8e94c52bb2ff36a6aed692b5bded3cefa480d64a6

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qwbmp.dll

Filesize
30KB

MD5
9228078a9ab4aa393a99c32b1a399e35

SHA1
6184f51bcfd52e3e14cdc0b595189fc7f89acdb9

SHA256
e45ac8841b5cb23ce1c46c8ca23cee7002ee66c77e6a6c8fde6e3a6a9ced581e

SHA512
f78aafbcc43af9ba9928619d55c1cc6ce3d996122cf9a68a31e9583317cbee31a88d62105eaf21053546b2ab5517761adf3f85e21ab444475b385fc9c52d6817

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\imageformats\qwebp.dll

Filesize
409KB

MD5
1bd1829d0fdd041dec9d50c8c0a77e32

SHA1
728afbad0fcf76395f98a46e1da06c500cdf8472

SHA256
190da7505ed54ad3ad06a274e73f00f26405a043bcac86fc437549dde8070719

SHA512
4dc545b03b9399c57ca01a69cff45d332fbb9da996746d8bf7fd84ec3cefcc45772a35c30a4cdd0f589ecf83910440dcbebd2b05fd7f6361f08004ebbb504eb5

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\libEGL.DLL

Filesize
27KB

MD5
b376aef29ac7182c5295c7c832b2572a

SHA1
2b5cf8ecb72ab961434d7404f37d75ea708673f7

SHA256
8bba8a3a48eda82e55ee804b4410a6223be10ef24e37264d1ad3af8b066c1261

SHA512
e1d93ed5850f1e71a8666078e20dcf6db4502643e43b2aab69c16d42af02b5872efbfb9e80362670e6f951a5fd39f519f94d241ebb740ecfcf5847b66f27b44f

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\libGLESv2.dll

Filesize
2.8MB

MD5
face71fafc50dd1faf2f0c18af2c2d29

SHA1
297679eee244a5aa941deb9481256fd8c89a18d4

SHA256
33570abecf27463aa26bfffb1a9e6d3a2c4f43f878b4279a0782314b3db4a1af

SHA512
23fc3317170cb5430237b1801d42d85d2ef788da3c634e974cc0ac668f5f26eb28cedd9ebfe8aa0cc52b53436c3c205140c30a6b463d9d9eba6bfe19457fd109

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\libcrypto-1_1.dll

Filesize
2.4MB

MD5
0399619c3a5fe9ed498af787cdc10f15

SHA1
23d7b48d4a99d18b3d6987b9ffd9ad5ff8f3498a

SHA256
fb5071bdfbfb59fb1102ed7c159edfb291e90d08c864ea4e372415192da19fc2

SHA512
0dd63c0f54a7228b8641f7c0d33f8b7051315ea9da53f48ffc3c9ff78a43cb31406585962f0d31eef1f85013c50279c30efde41672e18794e723c37226eca44d

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\libssl-1_1.dll

Filesize
520KB

MD5
9ad86cd2cf928eec82bb877a50bed442

SHA1
319ee98c31f3a142abea30ab933c78062d860765

SHA256
7041e2c62651c6f1215dd0fa325ec3bb0e9dda5dc956a54e20b0089e4e1c7eec

SHA512
5ccd0de6782291da7ce0460d804156123eff25a78c67c6af3daadf745b8136f31a864410c509cdf9a22fe8d80ba75888ce74320c43c200227081d2fb48a52f36

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\platforms\qwindows.dll

Filesize
1.2MB

MD5
981f9dc4f537012d21aab34071896788

SHA1
58e0c4baf55f1908c6abf8f2b81fa5cab6a5c840

SHA256
334f317e5afd0b9cf05e85ba1c241e57cc84833658c6db04595c0f1accdfe69c

SHA512
d4327a401909fe8b0e9cf561c525a51fbd6e168cf6daf1513653c524b08d0fe12b9b2db588a3398ef1285e993cd3078a9d3770a676a001c61f3f358178266e5d

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\postproc-55.dll

Filesize
111KB

MD5
c01ef967c4b2954a35739856f8e3aad0

SHA1
6f1acdd12773fe915e7559ea8c82008c3590b336

SHA256
d90ac8ff8dee9bfbcc932d3751db1a55e62a5e507299d36849b0f31e38730f7f

SHA512
b12fe1fc23ccdc1ff4979e39adb06829fcb6dafa90522e4b3fe30787c2462af04adfaf4ab9724175cf5419c3417de184ac87afbe3e073edc458ee220c3218706

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\styles\qwindowsvistastyle.dll

Filesize
132KB

MD5
b65e3ef6042684b489d0cb2574b4d144

SHA1
98747aec7f187d03ee2604fca947744efcab0b99

SHA256
9fd317f3da3eee0d53dc78687aad61440dfbc30a0d42169be434731e11f423bb

SHA512
980a7e9a9265c275beeba3469a0e676bb68f0b18ee760b43c0b9ab9856a11cf23175d10b53532299e1f8c1f5b74aaace61352eef398b4307267812a698f0e008

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\swresample-3.dll

Filesize
304KB

MD5
d665e9827bb31204020df5f4ec23b3d4

SHA1
f579549db8ae38a792be3d0f88b8272d08165349

SHA256
886f99c2296f88014cf146a7a7453bedfaf7e650011fc5a6c01a2064bd8881e3

SHA512
36a5923bffefc6dabc627ff6e2c01c5e893c8b2650711ea6ec44a66e7d97a717244d702f0877be08d9ad6e691732a65d011253f0cf2dd4989b28f371473aec53

Download Submit
F:\FunPlus\Stormshot\1.0.0.69\swscale-5.dll

Filesize
504KB

MD5
a377c134506f22f93a2e69fcb344acc6

SHA1
35017b15b9086a7918fe6c9b42fbc8de9cc70337

SHA256
71ab19a4d1b98e300f132de30fbf9af2f78b0a02d0900fed643915eb6eac1a69

SHA512
313c1203a16b1efd1ba40171d0c7185516e6413cdb184a66ab65bed99d671cd5209a845254fc0979331d836bbf195b1df350693cc4426f41b05de5a5fbe7682d

Download Submit
F:\FunPlus\Stormshot\InstallSettings.ini

Filesize
88B

MD5
29aec47e556c6de90a7c942a608fc06d

SHA1
ea7b667111db699acb9717a778bc56489e9d90c1

SHA256
b99998d0f658a059347bb992ed57fc9e220370d266e54519a98fdd3609d6da6a

SHA512
8abbe40a6e466799061861ff0e601a0f2fe14c48237a2ffe565d33d1cc23ff4ca70ed2dd918d5c43c6c29435a7a911dafdb9f8c9cd3b94edb19dbe44bef0acf6

Download Submit
F:\FunPlus\Stormshot\Launcher.exe

Filesize
1.1MB

MD5
3fa136e6183ea152816f12532ea9efd2

SHA1
de1c2a695e6c693fe4097f1349fd38391be54e05

SHA256
39d1b7f0e9c131d04a7019305fb9ec0f02428da8f7dc81649cab0b2cce509938

SHA512
778a9268104a5835b9f9687f5b020ffdc9fd4efc0278a5da8572abcd70f303e623f58bbc864d70f441dead6ff244722a29dd072d0868c849898c8264f3caf0c9

Download Submit
F:\FunPlus\Stormshot\config\version.ini

Filesize
16B

MD5
ea2aef80af6e37794e5e6b390ef72a14

SHA1
890aa1ba4acd0a0aca3241a7ad3fb6ff0dc99c90

SHA256
bf1128e2e041a860afe0721b73e67784ebef343d394708d7407d59e340a70e2d

SHA512
5ab0f7ebc5a27dcc10e4edd6e4397160320b7f2de5b8f4c0092c89dd38b85c121468454dfc6acf782840bbf8a41c4f5f945ab849d2d7c9215e28bd01c1ead3dc

Download Submit
F:\FunPlus\Stormshot\prefs\st_global_setting.ini

Filesize
58B

MD5
5749764c2f4fc228a705315887ae9f18

SHA1
6e09eeeb6bfd4b4be7986cecc522735e8357c1ab

SHA256
245a5dae8a8d568ebf6de6d0a319c3518b76b8afe956f4afa6fa61a8ab7c6096

SHA512
c993eb55af4a3028e26207265bd54f08d7332ac1adb42e81e001f4216fdb3f77c39fba46814ee2851eebf33e2850fd648f6fef4d2ffdf4de14d795aa11a8fbb6

Download Submit
F:\FunPlus\Stormshot\prefs\st_global_setting.ini.lock

Filesize
63B

MD5
2f7a8729b70db7b995ae8c9f34b00130

SHA1
e9ef90aef355ee82ce2a76f356ef7dacf73a58c5

SHA256
713d9f10ec0921195ffbc5046e42e21342ca45b692f5a9754c223aeb1b6b9a96

SHA512
1be701d5a059a6619a56bbf25cf941d8eba6d39e3a62c4e8868574f0430f640e78f43988b879c29fe43ba1ee30cd62e752231bb8a2ca59bd1c80adef8a5dc9b6

Download Submit
F:\FunPlus\Stormshot\uninstall.exe

Filesize
1.6MB

MD5
446140061cbee38c50f4b6baadb19598

SHA1
c2d1f8d2ee185fa89ba47776018a9619f474fafb

SHA256
85b0a0c3a444a020c414bfec8cff10fed1076f03fcc4de985b6c91b1ad0a3f44

SHA512
be49e1fe20cf9073534ff009d6303c784fc294308d76d2b5ac3db04a238b7bfca5dd745bed88cdf4d5fc597cd475615977362b98f0c9778bbe9f3c19283ec269

Download Submit
memory/292-710-0x00000000002C0000-0x00000000002D0000-memory.dmp

Filesize
64KB

Download
memory/292-708-0x0000000002F10000-0x0000000002F1A000-memory.dmp

Filesize
40KB

Download
memory/292-697-0x0000000006580000-0x0000000006780000-memory.dmp

Filesize
2.0MB

Download
memory/292-707-0x0000000002F10000-0x0000000002F1A000-memory.dmp

Filesize
40KB

Download
memory/292-695-0x0000000006140000-0x0000000006580000-memory.dmp

Filesize
4.2MB

Download
memory/292-832-0x0000000002F10000-0x0000000002F1A000-memory.dmp

Filesize
40KB

Download
memory/292-833-0x0000000002F10000-0x0000000002F1A000-memory.dmp

Filesize
40KB

Download
memory/292-659-0x00000000002C0000-0x00000000002D0000-memory.dmp

Filesize
64KB

Download
memory/2672-8-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download