Analysis

  • max time kernel
    93s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 17:14 UTC

General

  • Target

    Stormshot.PC.V1.0_ba8f13ebb8.exe

  • Size

    2.8MB

  • MD5

    6aae47cbaa4c56095a1eb0422c1d2ecb

  • SHA1

    34e29d1801d270a2bd7ac02d4ea84c14c553d66f

  • SHA256

    ffd63fe2aeaa91f05bef47b3583290ccdba3f44912ab8b67044f3d58bf817ebf

  • SHA512

    d6b2406922d2618816db55110bf12a8579b69325e0c196d0d2508bafec68a0430acf48482160bf42cca4bd0995d864abfa2425e8e5af794c8d8d1c430fee4cff

  • SSDEEP

    49152:c8ZQVqWu+fqu79LNTRBO1L2VQjJY80KruthaPVu+2zE0y5VCmdAlacRk3Y:vZARtBEqVQq80ThzTzEElask3Y

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 44 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 9 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Stormshot.PC.V1.0_ba8f13ebb8.exe
    "C:\Users\Admin\AppData\Local\Temp\Stormshot.PC.V1.0_ba8f13ebb8.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4364
    • C:\Users\Admin\AppData\Local\Temp\st_ba8f13ebb8.exe
      C:\Users\Admin\AppData\Local\Temp\st_ba8f13ebb8.exe
      2⤵
      • Enumerates connected drives
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1388
      • F:\FunPlus\Stormshot\Launcher.exe
        "F:\FunPlus\Stormshot\Launcher.exe"
        3⤵
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2920
        • F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe
          "F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe" --currentPath="F:\FunPlus\Stormshot" --configVersion=1.0.0.69 --launchExe="F:\FunPlus\Stormshot\Launcher.exe"
          4⤵
          • Adds Run key to start application
          • Enumerates connected drives
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks processor information in registry
          • Modifies system certificate store
          • Suspicious behavior: AddClipboardFormatListener
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:4360

Network

  • flag-us
    DNS
    kg-logagent-st.kingsgroupgames.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    kg-logagent-st.kingsgroupgames.com
    IN A
    Response
    kg-logagent-st.kingsgroupgames.com
    IN CNAME
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    IN A
    35.161.190.92
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    IN A
    52.35.161.63
  • flag-us
    DNS
    14.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    14.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.178.17.96.in-addr.arpa
    IN PTR
    Response
    208.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-208deploystaticakamaitechnologiescom
  • flag-us
    DNS
    92.190.161.35.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    92.190.161.35.in-addr.arpa
    IN PTR
    Response
    92.190.161.35.in-addr.arpa
    IN PTR
    ec2-35-161-190-92 us-west-2compute amazonawscom
  • flag-us
    DNS
    userplatform-download.akamaized.net
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    userplatform-download.akamaized.net
    IN A
    Response
    userplatform-download.akamaized.net
    IN CNAME
    a1496.dscd.akamai.net
    a1496.dscd.akamai.net
    IN A
    104.77.160.28
    a1496.dscd.akamai.net
    IN A
    104.77.160.26
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    28.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.160.77.104.in-addr.arpa
    IN PTR
    Response
    28.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-28deploystaticakamaitechnologiescom
  • flag-us
    DNS
    43.58.199.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    43.58.199.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    217.106.137.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    217.106.137.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    26.165.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.165.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    232.168.11.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.168.11.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.31.95.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.31.95.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    195.177.78.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    195.177.78.104.in-addr.arpa
    IN PTR
    Response
    195.177.78.104.in-addr.arpa
    IN PTR
    a104-78-177-195deploystaticakamaitechnologiescom
  • flag-us
    DNS
    119.110.54.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    119.110.54.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    210.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    210.178.17.96.in-addr.arpa
    IN PTR
    Response
    210.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-210deploystaticakamaitechnologiescom
  • flag-us
    DNS
    90.135.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    90.135.221.88.in-addr.arpa
    IN PTR
    Response
    90.135.221.88.in-addr.arpa
    IN PTR
    a88-221-135-90deploystaticakamaitechnologiescom
  • flag-us
    DNS
    203.33.253.131.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.33.253.131.in-addr.arpa
    IN PTR
    Response
    203.33.253.131.in-addr.arpa
    IN PTR
    a-0003 dc-msedgenet
  • flag-us
    DNS
    203.33.253.131.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    203.33.253.131.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    180.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    180.178.17.96.in-addr.arpa
    IN PTR
    Response
    180.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-180deploystaticakamaitechnologiescom
  • flag-us
    DNS
    kg-logagent-st.kingsgroupgames.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    kg-logagent-st.kingsgroupgames.com
    IN A
    Response
    kg-logagent-st.kingsgroupgames.com
    IN CNAME
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    IN A
    35.161.190.92
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    IN A
    52.35.161.63
  • flag-us
    DNS
    kg-logagent-st.kingsgroupgames.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    kg-logagent-st.kingsgroupgames.com
    IN A
    Response
    kg-logagent-st.kingsgroupgames.com
    IN CNAME
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    IN A
    35.161.190.92
    st-logagent-2054451332.us-west-2.elb.amazonaws.com
    IN A
    52.35.161.63
  • flag-us
    DNS
    kg-logagent-st.kingsgroupgames.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    kg-logagent-st.kingsgroupgames.com
    IN A
  • flag-us
    DNS
    upload-s3.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    upload-s3.funplus.com
    IN A
    Response
    upload-s3.funplus.com
    IN CNAME
    k8s-internalpublic-48dd149402-649442902.us-west-2.elb.amazonaws.com
    k8s-internalpublic-48dd149402-649442902.us-west-2.elb.amazonaws.com
    IN A
    52.25.232.15
    k8s-internalpublic-48dd149402-649442902.us-west-2.elb.amazonaws.com
    IN A
    52.32.163.129
  • flag-us
    DNS
    upload-s3.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    upload-s3.funplus.com
    IN A
  • flag-us
    DNS
    pc-client-api.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    pc-client-api.funplus.com
    IN A
    Response
    pc-client-api.funplus.com
    IN CNAME
    rob-waf-2048183979.us-west-2.elb.amazonaws.com
    rob-waf-2048183979.us-west-2.elb.amazonaws.com
    IN A
    52.36.246.101
    rob-waf-2048183979.us-west-2.elb.amazonaws.com
    IN A
    54.191.83.62
  • flag-us
    DNS
    pc-client-api.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    pc-client-api.funplus.com
    IN A
  • flag-us
    DNS
    187.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    187.178.17.96.in-addr.arpa
    IN PTR
    Response
    187.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-187deploystaticakamaitechnologiescom
  • flag-us
    DNS
    187.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    187.178.17.96.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    15.232.25.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.232.25.52.in-addr.arpa
    IN PTR
    Response
    15.232.25.52.in-addr.arpa
    IN PTR
    ec2-52-25-232-15 us-west-2compute amazonawscom
  • flag-us
    DNS
    15.232.25.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.232.25.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    101.246.36.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.246.36.52.in-addr.arpa
    IN PTR
    Response
    101.246.36.52.in-addr.arpa
    IN PTR
    ec2-52-36-246-101 us-west-2compute amazonawscom
  • flag-us
    DNS
    101.246.36.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    101.246.36.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    store-account.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    store-account.funplus.com
    IN A
    Response
    store-account.funplus.com
    IN CNAME
    store-account.funplus.com.edgesuite.net
    store-account.funplus.com.edgesuite.net
    IN CNAME
    a1211.r.akamai.net
    a1211.r.akamai.net
    IN A
    104.77.160.204
    a1211.r.akamai.net
    IN A
    104.77.160.196
  • flag-us
    DNS
    store-account.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    store-account.funplus.com
    IN A
  • flag-us
    DNS
    store-account.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    store-account.funplus.com
    IN A
  • flag-us
    DNS
    store-account.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    store-account.funplus.com
    IN A
  • flag-us
    DNS
    16.189.138.108.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.189.138.108.in-addr.arpa
    IN PTR
    Response
    16.189.138.108.in-addr.arpa
    IN PTR
    server-108-138-189-16mxp64r cloudfrontnet
  • flag-us
    DNS
    16.189.138.108.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    16.189.138.108.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    209.178.17.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.178.17.96.in-addr.arpa
    IN PTR
    Response
    209.178.17.96.in-addr.arpa
    IN PTR
    a96-17-178-209deploystaticakamaitechnologiescom
  • flag-us
    DNS
    204.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    204.160.77.104.in-addr.arpa
    IN PTR
    Response
    204.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-204deploystaticakamaitechnologiescom
  • flag-us
    DNS
    ame-st.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    ame-st.funplus.com
    IN A
    Response
    ame-st.funplus.com
    IN CNAME
    st-waf-proxy-1736918311.us-west-2.elb.amazonaws.com
    st-waf-proxy-1736918311.us-west-2.elb.amazonaws.com
    IN A
    35.164.148.41
    st-waf-proxy-1736918311.us-west-2.elb.amazonaws.com
    IN A
    34.211.222.241
  • flag-us
    DNS
    st-store.funplus.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    st-store.funplus.com
    IN A
    Response
    st-store.funplus.com
    IN CNAME
    st-waf-proxy-1736918311.us-west-2.elb.amazonaws.com
    st-waf-proxy-1736918311.us-west-2.elb.amazonaws.com
    IN A
    35.164.148.41
    st-waf-proxy-1736918311.us-west-2.elb.amazonaws.com
    IN A
    34.211.222.241
  • flag-us
    DNS
    st-passport.kingsgroupgames.com
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    st-passport.kingsgroupgames.com
    IN A
    Response
    st-passport.kingsgroupgames.com
    IN CNAME
    st-passport.kingsgroupgames.com.edgesuite.net
    st-passport.kingsgroupgames.com.edgesuite.net
    IN CNAME
    a950.r.akamai.net
    a950.r.akamai.net
    IN A
    104.77.160.199
    a950.r.akamai.net
    IN A
    104.77.160.217
  • flag-us
    DNS
    57.169.31.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    57.169.31.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    199.160.77.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    199.160.77.104.in-addr.arpa
    IN PTR
    Response
    199.160.77.104.in-addr.arpa
    IN PTR
    a104-77-160-199deploystaticakamaitechnologiescom
  • flag-us
    DNS
    41.148.164.35.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.148.164.35.in-addr.arpa
    IN PTR
    Response
    41.148.164.35.in-addr.arpa
    IN PTR
    ec2-35-164-148-41 us-west-2compute amazonawscom
  • flag-us
    DNS
    userplatform-download.akamaized.net
    PC-Launcher.exe
    Remote address:
    8.8.8.8:53
    Request
    userplatform-download.akamaized.net
    IN A
    Response
    userplatform-download.akamaized.net
    IN CNAME
    a1496.dscd.akamai.net
    a1496.dscd.akamai.net
    IN A
    104.77.160.28
    a1496.dscd.akamai.net
    IN A
    104.77.160.26
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    31.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    31.243.111.52.in-addr.arpa
    IN PTR
  • 35.161.190.92:443
    kg-logagent-st.kingsgroupgames.com
    tls
    Stormshot.PC.V1.0_ba8f13ebb8.exe
    2.0kB
    6.5kB
    10
    12
  • 104.77.160.28:443
    userplatform-download.akamaized.net
    tls
    Stormshot.PC.V1.0_ba8f13ebb8.exe
    1.4kB
    4.4kB
    12
    13
  • 104.77.160.28:443
    userplatform-download.akamaized.net
    tls
    Stormshot.PC.V1.0_ba8f13ebb8.exe
    2.3MB
    53.4MB
    34734
    38305
  • 35.161.190.92:443
    kg-logagent-st.kingsgroupgames.com
    tls
    Stormshot.PC.V1.0_ba8f13ebb8.exe
    1.9kB
    6.4kB
    8
    10
  • 52.25.232.15:443
    upload-s3.funplus.com
    tls
    PC-Launcher.exe
    2.3kB
    8.0kB
    12
    11
  • 35.161.190.92:443
    kg-logagent-st.kingsgroupgames.com
    tls
    PC-Launcher.exe
    10.1kB
    9.9kB
    27
    26
  • 35.161.190.92:443
    kg-logagent-st.kingsgroupgames.com
    tls
    PC-Launcher.exe
    6.4kB
    7.8kB
    19
    18
  • 35.161.190.92:443
    kg-logagent-st.kingsgroupgames.com
    tls
    PC-Launcher.exe
    6.1kB
    8.1kB
    19
    19
  • 52.36.246.101:443
    pc-client-api.funplus.com
    tls
    PC-Launcher.exe
    1.6kB
    8.9kB
    12
    14
  • 104.77.160.204:443
    store-account.funplus.com
    tls
    PC-Launcher.exe
    2.1kB
    5.7kB
    12
    13
  • 35.164.148.41:443
    ame-st.funplus.com
    tls
    PC-Launcher.exe
    1.3kB
    7.0kB
    8
    10
  • 35.164.148.41:443
    st-store.funplus.com
    tls
    PC-Launcher.exe
    2.6kB
    8.0kB
    15
    21
  • 104.77.160.199:443
    st-passport.kingsgroupgames.com
    tls
    PC-Launcher.exe
    1.7kB
    5.5kB
    9
    11
  • 35.161.190.92:443
    kg-logagent-st.kingsgroupgames.com
    tls
    PC-Launcher.exe
    746 B
    319 B
    4
    4
  • 104.77.160.28:443
    userplatform-download.akamaized.net
    tls
    PC-Launcher.exe
    4.0MB
    91.2MB
    57957
    65385
  • 8.8.8.8:53
    kg-logagent-st.kingsgroupgames.com
    dns
    PC-Launcher.exe
    80 B
    173 B
    1
    1

    DNS Request

    kg-logagent-st.kingsgroupgames.com

    DNS Response

    35.161.190.92
    52.35.161.63

  • 8.8.8.8:53
    14.160.190.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    14.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    208.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    208.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    92.190.161.35.in-addr.arpa
    dns
    72 B
    135 B
    1
    1

    DNS Request

    92.190.161.35.in-addr.arpa

  • 8.8.8.8:53
    userplatform-download.akamaized.net
    dns
    PC-Launcher.exe
    81 B
    145 B
    1
    1

    DNS Request

    userplatform-download.akamaized.net

    DNS Response

    104.77.160.28
    104.77.160.26

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
    156 B
    1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    28.160.77.104.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    28.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    43.58.199.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    43.58.199.20.in-addr.arpa

  • 8.8.8.8:53
    217.106.137.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    217.106.137.52.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    142 B
    135 B
    2
    1

    DNS Request

    41.110.16.96.in-addr.arpa

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    26.165.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    26.165.165.52.in-addr.arpa

  • 8.8.8.8:53
    232.168.11.51.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    232.168.11.51.in-addr.arpa

  • 8.8.8.8:53
    18.31.95.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    18.31.95.13.in-addr.arpa

  • 8.8.8.8:53
    195.177.78.104.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    195.177.78.104.in-addr.arpa

  • 8.8.8.8:53
    119.110.54.20.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    119.110.54.20.in-addr.arpa

  • 8.8.8.8:53
    210.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    210.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    90.135.221.88.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    90.135.221.88.in-addr.arpa

  • 8.8.8.8:53
    203.33.253.131.in-addr.arpa
    dns
    146 B
    107 B
    2
    1

    DNS Request

    203.33.253.131.in-addr.arpa

    DNS Request

    203.33.253.131.in-addr.arpa

  • 8.8.8.8:53
    180.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    180.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    kg-logagent-st.kingsgroupgames.com
    dns
    PC-Launcher.exe
    80 B
    173 B
    1
    1

    DNS Request

    kg-logagent-st.kingsgroupgames.com

    DNS Response

    35.161.190.92
    52.35.161.63

  • 8.8.8.8:53
    kg-logagent-st.kingsgroupgames.com
    dns
    PC-Launcher.exe
    160 B
    173 B
    2
    1

    DNS Request

    kg-logagent-st.kingsgroupgames.com

    DNS Request

    kg-logagent-st.kingsgroupgames.com

    DNS Response

    35.161.190.92
    52.35.161.63

  • 8.8.8.8:53
    upload-s3.funplus.com
    dns
    PC-Launcher.exe
    134 B
    177 B
    2
    1

    DNS Request

    upload-s3.funplus.com

    DNS Request

    upload-s3.funplus.com

    DNS Response

    52.25.232.15
    52.32.163.129

  • 8.8.8.8:53
    pc-client-api.funplus.com
    dns
    PC-Launcher.exe
    142 B
    160 B
    2
    1

    DNS Request

    pc-client-api.funplus.com

    DNS Request

    pc-client-api.funplus.com

    DNS Response

    52.36.246.101
    54.191.83.62

  • 8.8.8.8:53
    187.178.17.96.in-addr.arpa
    dns
    144 B
    137 B
    2
    1

    DNS Request

    187.178.17.96.in-addr.arpa

    DNS Request

    187.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    15.232.25.52.in-addr.arpa
    dns
    142 B
    133 B
    2
    1

    DNS Request

    15.232.25.52.in-addr.arpa

    DNS Request

    15.232.25.52.in-addr.arpa

  • 8.8.8.8:53
    101.246.36.52.in-addr.arpa
    dns
    144 B
    135 B
    2
    1

    DNS Request

    101.246.36.52.in-addr.arpa

    DNS Request

    101.246.36.52.in-addr.arpa

  • 8.8.8.8:53
    store-account.funplus.com
    dns
    PC-Launcher.exe
    284 B
    185 B
    4
    1

    DNS Request

    store-account.funplus.com

    DNS Request

    store-account.funplus.com

    DNS Request

    store-account.funplus.com

    DNS Request

    store-account.funplus.com

    DNS Response

    104.77.160.204
    104.77.160.196

  • 8.8.8.8:53
    16.189.138.108.in-addr.arpa
    dns
    146 B
    131 B
    2
    1

    DNS Request

    16.189.138.108.in-addr.arpa

    DNS Request

    16.189.138.108.in-addr.arpa

  • 8.8.8.8:53
    209.178.17.96.in-addr.arpa
    dns
    72 B
    137 B
    1
    1

    DNS Request

    209.178.17.96.in-addr.arpa

  • 8.8.8.8:53
    204.160.77.104.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    204.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    ame-st.funplus.com
    dns
    PC-Launcher.exe
    64 B
    158 B
    1
    1

    DNS Request

    ame-st.funplus.com

    DNS Response

    35.164.148.41
    34.211.222.241

  • 8.8.8.8:53
    st-store.funplus.com
    dns
    PC-Launcher.exe
    66 B
    160 B
    1
    1

    DNS Request

    st-store.funplus.com

    DNS Response

    35.164.148.41
    34.211.222.241

  • 8.8.8.8:53
    st-passport.kingsgroupgames.com
    dns
    PC-Launcher.exe
    77 B
    196 B
    1
    1

    DNS Request

    st-passport.kingsgroupgames.com

    DNS Response

    104.77.160.199
    104.77.160.217

  • 8.8.8.8:53
    57.169.31.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    57.169.31.20.in-addr.arpa

  • 8.8.8.8:53
    199.160.77.104.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    199.160.77.104.in-addr.arpa

  • 8.8.8.8:53
    41.148.164.35.in-addr.arpa
    dns
    72 B
    135 B
    1
    1

    DNS Request

    41.148.164.35.in-addr.arpa

  • 8.8.8.8:53
    userplatform-download.akamaized.net
    dns
    PC-Launcher.exe
    81 B
    145 B
    1
    1

    DNS Request

    userplatform-download.akamaized.net

    DNS Response

    104.77.160.28
    104.77.160.26

  • 8.8.8.8:53
    31.243.111.52.in-addr.arpa
    dns
    216 B
    158 B
    3
    1

    DNS Request

    31.243.111.52.in-addr.arpa

    DNS Request

    31.243.111.52.in-addr.arpa

    DNS Request

    31.243.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\st_ba8f13ebb8.exe

    Filesize

    8.6MB

    MD5

    07330fa0d9f84ce6adfd9d2749c77798

    SHA1

    540ed18f98e197ce7b60df148e01680c52c4ca60

    SHA256

    6244469afb0731ff40131020773bd38c708a7f03fecb6646a441b5e8e16e967f

    SHA512

    543797a2c852280769defbbc909d47f8bee90a8ddca4c509530f37e26b58804f5c7c5f59bcded3e4b0a65d6acc3cb9d10b71b6d93aa35b2b542fc205c017c14e

  • C:\Users\Admin\AppData\Local\Temp\st_ba8f13ebb8.exe

    Filesize

    9.7MB

    MD5

    5a7fd7ad3ab2e0ac01ec8d9be44971d4

    SHA1

    fa65708a3549d53dda7f0443a19f11daaaae34ad

    SHA256

    9b0412d15a4a4d03f21db1cbfbb2ebeb5e8466e558b195f78c918dc672fcd2b7

    SHA512

    4e325fd2696e0495af2f3dc7f6d37958f2449159972382ea73207617327c290406be2c313e311942a07a1841612e78b4372ae5e281a34611b8e219a2b7afe034

  • F:\FunPlus\Stormshot\1.0.0.69\MSVCP140.dll

    Filesize

    318KB

    MD5

    6ac45c00c287a60ed5d7928b68031e9b

    SHA1

    371f974fc0e6b70f90c6b4e654dd861deb94ecff

    SHA256

    79baa9b4a63d8ae749f4520f1a341179a4ab77cfd0a3f5d5bcfb416786c3d001

    SHA512

    7a20d8b50fcded0b4f6ff043049dec125d060fa85ce98dd52f639d0f2e733be77a8490c4444cc796865a8094c7b6386ebe161856ab51aeee1bf7d8eda1a912f5

  • F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe

    Filesize

    386KB

    MD5

    9baabb58f9946b8f310e8a7f03bec504

    SHA1

    3783bdeeaeda69cfd2dc7760898a04082e562eb3

    SHA256

    b4217db61b48b1a4ee9d971651cd3990c3346bea76030a9d21a61c1671fec446

    SHA512

    cc99320028ffd28cb20c312cbd6ed6a8b427ccd1fea930ee9923a8b34edb3e4228fb01050e1dbd0757c1a5ee6e2b5b42e0592b6b1925fa7a25ee9f1b5d538969

  • F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe

    Filesize

    603KB

    MD5

    b94a73653709c8715ec8237c0dcecaf5

    SHA1

    b33e0a341716749ba13cc099e31d415a47a09ef1

    SHA256

    30ca2f78455ad7cabbb98ab715870a4816a770bfb1b347a25b7ac461a44ac8a1

    SHA512

    d531525710e5dc2674c19c9984e42c1240ef1a85e1f8d734ee51d733a20dc5f71cc0e04c093273b6cd8e3ef036d841e8b3f72ee71f5a02da6a640f6504b96c11

  • F:\FunPlus\Stormshot\1.0.0.69\PC-Launcher.exe

    Filesize

    830KB

    MD5

    ad5fb573764faba1fbed0cff03a9e239

    SHA1

    f9a0ae798bed6944ebbc35f5025cac68abfa166f

    SHA256

    7be44d3fba7ff4416919d3ec114f78db184d09fab220ceef23954796cde4c231

    SHA512

    b4a17dce545ccea11b0aec4393db5bc07c3d5f7f6dd72f3af60b1558234130ddc6a5d42182c85846feffd0caea793db87f9bd04ec8d7b86c5327646e3a3ea920

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Core.dll

    Filesize

    273KB

    MD5

    d6c421bcadb39bc53ac3e0062b682460

    SHA1

    980f8debaa8d594c6822e9d793f43dcf9e9b111d

    SHA256

    d1349aabb351c6c054a6e5a11c71206df7010c208aca667adb32a9feb37ef866

    SHA512

    40c2cba0ca74b14bc30ca506d567a171beadb9c68a16dfdbbadf54432d7196fbef6f73b7921163cab61a23726c1fe12b706ffddf71bd3c581f0f3724843ebf38

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Core.dll

    Filesize

    183KB

    MD5

    44a1071e5ea7ba840f6c8749b814529e

    SHA1

    314f2c8fabfce0d20fb8b1441204ba0d28b73a04

    SHA256

    3c5e91cf8cdab3999a51f8b7e8261dfcd04f6a0f3ca5099a4b82faabf74de834

    SHA512

    e4b13480fddf84cbc6dcb5bab448a512af1a05f3e3983fafb988f3a15538b790b8fa0a952584c9e7bce7b51cf4a00559051396cfadc8157436262582a691bc90

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Core.dll

    Filesize

    249KB

    MD5

    1dea2ab499541e6f6a551175d9346265

    SHA1

    e25b2dae824ceeaaf3971c9c167a6a0edbe05afc

    SHA256

    47944cc9c4ac04467294a0eacbd3f482c2250cd7dc27144c282c7bc7123e7e7e

    SHA512

    2f8087d69b2246ecce68f25e3f19cfc8b5fd911a63dfd030bd824304515f623e61a9586f663ff1ac21920687142549cdccc150c370335ecab1883619488c2a0c

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Gui.dll

    Filesize

    459KB

    MD5

    211762474c3818e74ffe26a019168baf

    SHA1

    c018f80eb8c356c45c2e4d4ade278d1d50289351

    SHA256

    2350d3910d49a9ce989a1e481cfca2457f0394a2f4138252d29f8850a822dc0b

    SHA512

    5a4cb1216e6a7a2f2be4df7b5dc8611074e6ef3b4833bda699c6faf1e1f11d488fc87eb09e85ba8707dde0195f77bc56bb3c36cce385a358a5e8ce157ea21b0e

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Gui.dll

    Filesize

    246KB

    MD5

    679e5476470d009016c0a5967b230042

    SHA1

    ecd8229d3cfbe6a6e4c238cc52157ae30295aee8

    SHA256

    270d52e400266152ff75b4d57067e1346898aa2c341dba0db7e2ad574e869366

    SHA512

    5ffa032a02d907fe5a28e7cd772e975093b2177563533a5cda384cccd7bda2d60ce75549ea3989f6f1f2076383e6d828d7847107ba780430bef572717db66090

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Network.dll

    Filesize

    247KB

    MD5

    f3a1c6d8a1d200c484a21b7e3dcd286a

    SHA1

    67a587d66b8029cce00ee9a6246dd3ba3804415f

    SHA256

    6656089f765e0ca4acdb82854e29c549083992e01f34f903b9c0d6a8a9ad23b2

    SHA512

    e356a6c923667a353f13907cd39571aa7f96948e44473ae4a117ffd4d134aa5f1472ae6fe5af1fc6f4c12092eb5f19cffc4ff81efd7a7219eebfac247b5a68a3

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Network.dll

    Filesize

    418KB

    MD5

    91fda6c03eade35b98a976ebe4f63dcf

    SHA1

    70fdc8dce73efcd5a00e0c8040682a34d09d8aaa

    SHA256

    98a6f3a5fcbfbd6471ab3bbe7aa22f890a1cc8109518c0fb90d95d049ccaa7c5

    SHA512

    4f8310443f77b3c4f1d324ddb5ce88435a31ae22d6ca982b2153ab32bc401f23de350c1467f31fe6008fc109343f43e866fbf61bc0d536a81b711bccfea8620c

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Qml.dll

    Filesize

    312KB

    MD5

    f3188181a789c74e299691c3e47c5d88

    SHA1

    00236a322dbe7768c77bb1a3b351433ea4754cd6

    SHA256

    e5873b076ea6887c003cdfe0ec3eb611767b7575f558261da8b69a34eade78df

    SHA512

    e1a27bfd0f4d05f9952032596c2bcefd76ea9df796ea2f1f448cfbd66bbc007880fd8bb0712ce2921f30a4fc3468af5d90fca956c6b1d91c89b9631443fab977

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Qml.dll

    Filesize

    251KB

    MD5

    7a4eaf49c3616085aec67d46c46ef687

    SHA1

    9b4563566339b8642cac6d7ae7e71e1ee5a60342

    SHA256

    b36d007e6fb80089962e115feb474cece3d7b4dfc6e741d698fc1cd2b824b4d3

    SHA512

    8d6a264800853e441a3668d535a35e11f34d1e2c3b091e3999035f22e2049d2614fa67daf34e0d492f59bbaa756016fbce0842061f313c00dd9f02830827d600

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5QmlModels.dll

    Filesize

    85KB

    MD5

    f85d315e12ca37cb9a93e087ff1c57ed

    SHA1

    ae797927d26c0ea253c17ca806dbd35d3875ee91

    SHA256

    53150cd13577d25b299ef1080a9fbc91513730444628564525bcc7104a0f7b7f

    SHA512

    fbef082e977e58ac9c2547682c6c8e91d7ca46ce09a22c28440b2f350f15186c48bb7b646004ea41636311b155eebc67b7f1ad98ab0bf94c9ec6e4155769282a

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5QmlModels.dll

    Filesize

    17KB

    MD5

    fe933e0655c68baf66aec07eafe3221f

    SHA1

    2fb1e92dd93f241fd2bcff933dc95d27b9d72dd8

    SHA256

    346e537abd565cf6175986ad91c13916b33b0237e2ec53e2553e2712f1fe71fe

    SHA512

    be70b2fcbb83637773ed722bca316e2b567f65683b3c0c0153d96988f6cb1e516c35f77349ea5485d0f1caf42613ba595b65cc36ae5f04c709f98d8bd64bdbd1

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Quick.dll

    Filesize

    305KB

    MD5

    465d2ccd75d1a0627488509d7a0764b0

    SHA1

    95edbdb524bfab1ecf5a5df21466306a2af2e126

    SHA256

    f43b373703693017c7646f684a5c18787a83ac368c824bfc81673830fca01c32

    SHA512

    8cb01d6ad98b760e367e976e21a34cedce4afa9731c1b080f4ec8402267ed6d846ff1eef2f27f0c0df1a30a0bbbf317bec77699ddadf9079ea97712d81a9241b

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Quick.dll

    Filesize

    369KB

    MD5

    dab1e51b5f0f61b4d55edbaef955be91

    SHA1

    afe3c650e8aad95c417e4d500824bb1ec7ea1f12

    SHA256

    1b1663a3943fca1eaf199dd41a1ce1091baabae3f1b03b30b4ba26ab56cceea0

    SHA512

    3799c47d97ecd137732b8e3272f384c6e485bd9669dc4e9c6427d751372f5e7467345e1f93ed3897dcb5cfa8338644a31f7f5d995c1dc83be9374085c7d1ec2c

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5QuickWidgets.dll

    Filesize

    72KB

    MD5

    a2075c10b993bccd74523823d362a727

    SHA1

    e2f324e0f29bfa2b4016649aacecb71074e7a835

    SHA256

    2f3f0142e9b82e5c6d4f84c04578255a957981ee14ac96d76f5b93f0ca1c6769

    SHA512

    2dfd91deb83fa0ba2115ec8c03cd20515063fcf69a6919e5fa023672251d519664d33e8662670625745f85784445a559133c03a10bc7986859221045bbd07216

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5WebSockets.dll

    Filesize

    125KB

    MD5

    aaeac5122ab6a42e8b186ea771a72cc7

    SHA1

    26194f8d020d332990f33883294eb51bb8472bea

    SHA256

    41da80ee11c6d9caffa0ec863e61faf665c0ab3fea5add6febf131d2ad45071e

    SHA512

    f38b8c176f03c47bb7ed7942edfbcff7be20b1e796c5fa62a4fec2e3c7b664de06989699cd50be9c1cbae3501a9ac854870030576f5a4a8cc1cabf19bd73cf21

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Widgets.dll

    Filesize

    327KB

    MD5

    20c505e4225ea51b262f945c29a8a243

    SHA1

    465019a1c80242690c12ed7a893c94a0deeea484

    SHA256

    3823e0caa0087e1076fa320c32f09b00aef45058af8a0e3ecfb01657f7ae98eb

    SHA512

    24856146bf39d573343457103531497529b57ab8124e62bcce605ab982850d8220f5bd2b67146bf02b2bf7f1b4334675788ab705a280b647f07bc490f585bb22

  • F:\FunPlus\Stormshot\1.0.0.69\Qt5Widgets.dll

    Filesize

    287KB

    MD5

    b4caa984bb98b38cfd4caf528b39d31c

    SHA1

    4384b009477f6fb8c4730b2ab6c080388d4784a2

    SHA256

    bce1861fcb907f415e03df3abf6f242dabc052c79aac23ffb794376856757ce9

    SHA512

    64e9997bf4f627e6f68b6c3a538d5a3af4102a09285a4f62786185c70087d9041387440dcab5d965d90869425d9a0b8711361350f51186c643c4985852af9bb5

  • F:\FunPlus\Stormshot\1.0.0.69\SDL2.dll

    Filesize

    882KB

    MD5

    80a8e79ba79668bbd7afd17a247a232e

    SHA1

    541f8a99054507afc751d88ea6682b4568a5df26

    SHA256

    27d098a4b5f56f2a2f82c54ff9f63d8d3dd769a5433492eb38be6ce194d0ae56

    SHA512

    bab3556e1f344e9def32988317cf107150a10ba10a5241df6bd672190aa1850435c1427b7feb7df87dca2957dd7ac4f44a27d3bd301c724711d3c6c9f78f141d

  • F:\FunPlus\Stormshot\1.0.0.69\SDL2.dll

    Filesize

    720KB

    MD5

    6e87db831cd7b86cd1a30e830fcd4591

    SHA1

    b986a290d4b6cea4a35395d1af6da40f155b6f89

    SHA256

    604067eeaf0d22875cb75ca560525a7df752a54988e48f05ccef12f06d6e19fb

    SHA512

    00967fcd39c482698eb968d7e94c9af3b0d69edf222b2c9d53282da44802b74de3090f0d6032e4f02f2dca5999b808b2fa25936c639dc00fb9a480555ea2324f

  • F:\FunPlus\Stormshot\1.0.0.69\avcodec-58.dll

    Filesize

    711KB

    MD5

    c250f24c8e0ee56f7509c9e99bf4b774

    SHA1

    7ba7353115cdc06ee93d5237fd98638f43985161

    SHA256

    51ec5d83d5de5b78eaee71c11def388cb6888386fa1573ef5640aea7ffb06fb3

    SHA512

    64ed5d4a539fba07d9814243d701e7b3d625d8df3359ee74538c6de483b770d1d5610043444ff0cdd72e734ff9cedd50ff0cd4ffa27ac8b5e835da2c4a44bda4

  • F:\FunPlus\Stormshot\1.0.0.69\avcodec-58.dll

    Filesize

    225KB

    MD5

    5b5db7c50ea4ea716534f4fc470222d0

    SHA1

    30412adb9ca10ac31957159a24fe58b2ccfcf650

    SHA256

    851157e056abb7d19af64b48ac3321b7812866eea9847e3d906b66a47585562d

    SHA512

    f46e8c443e2859d0dea5a42d9a1356247feadd6b115deba8a1efd5ae1175fe15c22b8512e9e18db61649a0260c47136820998386f21955e6b65e656de7491828

  • F:\FunPlus\Stormshot\1.0.0.69\avfilter-7.dll

    Filesize

    1.0MB

    MD5

    7144b1b79b67f0318c0bc3401d9e1956

    SHA1

    095aa86cd73fd9a35bbd67627f0fa7f643681bde

    SHA256

    11f1868df2e6760aa377139e4c747d1406408282a50f7a3d766665947038d54f

    SHA512

    d3c37bb86c7c453887adb8d7da2cd06d56c4394f02f9f0789fd5b60b0977b25dcfa3e922cc93bdc0a5825e398606e50520ee757c8d1a2148102b1a7f790c1f42

  • F:\FunPlus\Stormshot\1.0.0.69\avfilter-7.dll

    Filesize

    1.0MB

    MD5

    7f6859755d937fb093f671c3e91318f6

    SHA1

    ae6c4f1858e807db86177e5632f18b1b3125ea3e

    SHA256

    5580e3facd1325e0a2509fa9439d3a2858568d1ca41086a057abed25ea17ce15

    SHA512

    b99d2b3fa0200a8f84a762210f1dd3e58c9c0ed1f8dbc6efc5a86908a31af1d67d734947944c1dfddd2a74847d3f085ea874ae2180df08643f6550c5f9bb93d1

  • F:\FunPlus\Stormshot\1.0.0.69\avformat-58.dll

    Filesize

    329KB

    MD5

    96e3fe36be7a0d5bffdad977ae214073

    SHA1

    b55a0a20ada34fd5630f3fc4a14081e20da1b927

    SHA256

    2b555ba63c0c199ff478abc53dbd11632d7c039e392c674651a92b9e2e1d9444

    SHA512

    87dbea3290fa68ccddee474c053f7d0a025b9c04d394b148b90b9ba7f5752bfbf0d4c3ae61d94e18f0cb90974553f8ae03d7fadca1ed232b6e9d1a9557b3e82e

  • F:\FunPlus\Stormshot\1.0.0.69\avformat-58.dll

    Filesize

    839KB

    MD5

    70467d0b4531c06a82d0f669bbb906e0

    SHA1

    fa7325ecc88f81364a731f688ec6dbe4ed57f7ed

    SHA256

    66b564d62af82d6f4c4765c302a0b46a58b3ad56d643fe8f9140f2916a24b66f

    SHA512

    6258041aec3250d0ac3931aefee7cd035e3ec54a39e298be6fc27d73e0fca36d5408ae1f610b9a65421eecb233ce1b1e4a6fd45e4a92682669c3f677f375a434

  • F:\FunPlus\Stormshot\1.0.0.69\avutil-56.dll

    Filesize

    640KB

    MD5

    60b41052a192625213696e44c615214b

    SHA1

    eae79465da62b09ffbb9ea86caa09b82dd62a8e7

    SHA256

    5f6d92ea508b9c2b8836cc2a757e60657a424d7c40ccfc6edfb3cf66468ac0c3

    SHA512

    1b4f3c778a34c40850746a113567acefe97c0b45a21479abcfa8ffa81486b119214f1c0692d36589e34bc9dd0a42ba22c9e9127f508b073d64d7477fc21c9449

  • F:\FunPlus\Stormshot\1.0.0.69\avutil-56.dll

    Filesize

    307KB

    MD5

    09a5e84148b6b65067f48f3537874991

    SHA1

    c7179a72502ac2dc693eb559e45cdb77aadad88d

    SHA256

    f44f7f59be318b521949680033d2eeaaf4a4b7b28e4eb5f263b4410e98fe49f2

    SHA512

    03b5c270e9faa732f064f33e8cc4d8a6c8ad008450d00455027eb63430f80b2dfecc4b434c4963bfb5fdc096356c2aa7071ea4acafd1d66cf8b3f5b59570fa04

  • F:\FunPlus\Stormshot\1.0.0.69\iconengines\qsvgicon.dll

    Filesize

    40KB

    MD5

    34732c85bc4f9bb4a4a2297a0aa20aad

    SHA1

    7e8d22f248e8d23b208807df1c86db99435afe49

    SHA256

    79e48711e6bdd497e9efc7c423f34f30d742db0aa04c0febd3b214004526a818

    SHA512

    3cb974eca119d2f521219c9f8037cd484d116a41ab3c8f2886b2219b75ff16c7accf619ba985645d1a8dc2c32c7acb10b03e3169111e786bd90a18fd69267f17

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qgif.dll

    Filesize

    38KB

    MD5

    6f1b578054aadf5e184d9153a0537364

    SHA1

    136c349a97957f406e45a60247fc1d2bd4296294

    SHA256

    c0964a239ba5b0b5262ac6ed36d41ba4b8c466d5e8cfc8577f8a061197e6272d

    SHA512

    28cc8d72e524dfbebc6ae35c150f874c082652cc6bc1d99712d0211219e893d63dfefeed8981dd2ed1097cf217d852c50845355d39691045bf19d53fa171750c

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qicns.dll

    Filesize

    42KB

    MD5

    3e887a30afb41edefc0651eed9478942

    SHA1

    5c132f72c3fb02497d565bfe066d1813e4d1e668

    SHA256

    af8a95934fddaee350425a26206b732567d6f47e52b33853447382e553df1916

    SHA512

    e9319e42349b491c9afb0ca72a1696f8af15e2b4bc9db0667057fecfd8b4fc7166c7ac4a0d764cd036c0784b5731b881a3da58d0914469b6e5495168172f8a48

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qico.dll

    Filesize

    36KB

    MD5

    3f7d35e556b2223286a9c70869192b20

    SHA1

    5e520e616170b4efd7f37f1f083b8c1613eedf8e

    SHA256

    004e88375bdf797c20a1fb83bcc461882155c3ce0bc51ef9f99f89beea11858b

    SHA512

    2158f0851cb08160e57aaba56e7eb7c6cf9d4e2e8104e2a458b23e8f11b468f1ce8950f45b1c85a777aade8c1ab3b53ba80eda4b101bd0689356d736294d8b18

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qjpeg.dll

    Filesize

    385KB

    MD5

    7adbe963467564d0e33335f9208209ab

    SHA1

    9773b6f12728e3e7b388972b5e44bcdbc5eb6d0b

    SHA256

    dfe1df3c8e7dec4a2e754f48012ccc18baa59b1332fa908a4cc34d09f260d010

    SHA512

    38f7e3bb4af8ac34abb779f2fbb64c9f96e9070de6385b2cfb381261ea863705d19ae9cb4a975f14f4b0fa62e9a47e1c3a21dccacd89989edc991f7b04b78d8d

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qpdf.dll

    Filesize

    33KB

    MD5

    6ec14154abfab839695ba85ba1d0d675

    SHA1

    7a6b116c5cb09fc6b2d48c0923395baddd7bbbc5

    SHA256

    7e05e808865b8633ff507482beefee9da290dbe5741bf12f0dae9eaf6faa0fdf

    SHA512

    e4bcc00221d9b3b9f1efb73e2e95c8c3fc906dc386cda4a3b486936cf62d2679ac291a0e754456d46d972ced7d906685f7778a3227f513f8cd8d0cc2308aba26

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qsvg.dll

    Filesize

    32KB

    MD5

    891c2966d58483c0e4b98dceb37d642a

    SHA1

    b1dbb83e021994b3ab8f3a3f5f9a7b5c7dfd9a1d

    SHA256

    236085c82fbbe4cc9a4a96a5744916da729cdfee91e89a8b56b68b0e8b831960

    SHA512

    1948f2bc9fe207ad2d5c2f23366ade8c27271bf6ca090e67c433c9033bde92852b5524d91d71f07a7277b18c1ecec966b0c5d6c6400dfff94c73969e2a7d0200

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qtga.dll

    Filesize

    31KB

    MD5

    015dba45aedc50a3ee5737c6bc7c97b1

    SHA1

    44545cd8ed24081a68f4524848c716f6c00e8281

    SHA256

    0adfc1901455be8fa9cfe420b0529c9f7a1fadcee4140ec0441256a1bb2235da

    SHA512

    66ad7811aba986339a2bd806aca7f5f8b33d2d4140e0cea5619642a3761447a2e8ef260cf06e22daf37df5df573b77b830cec9281065b64778a0bae3b5ac8376

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qtiff.dll

    Filesize

    356KB

    MD5

    6742a1c8b9687561ff37f385ac492c30

    SHA1

    5b9d8f698dc1ec47ab791225707db4af59360efc

    SHA256

    de742e6d940061f32d2dcaedbeaab6006f55b181db16d08faa66fc6eaf1ba8c2

    SHA512

    4eb40d887b6250951cb14f68918d3e6133367b246692b4d4eaf4c970d823d1183998280c1113e8453270dee8e94c52bb2ff36a6aed692b5bded3cefa480d64a6

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qwbmp.dll

    Filesize

    30KB

    MD5

    9228078a9ab4aa393a99c32b1a399e35

    SHA1

    6184f51bcfd52e3e14cdc0b595189fc7f89acdb9

    SHA256

    e45ac8841b5cb23ce1c46c8ca23cee7002ee66c77e6a6c8fde6e3a6a9ced581e

    SHA512

    f78aafbcc43af9ba9928619d55c1cc6ce3d996122cf9a68a31e9583317cbee31a88d62105eaf21053546b2ab5517761adf3f85e21ab444475b385fc9c52d6817

  • F:\FunPlus\Stormshot\1.0.0.69\imageformats\qwebp.dll

    Filesize

    398KB

    MD5

    73ccd7e22fbbfd7fe784c486f523d041

    SHA1

    fc9e60e0a043b20cc81ab85f17703969517fecda

    SHA256

    d8b92ff610af7a000edf5cc1fc03b6caa6a943a8dc82d2a975a75d078d0dce99

    SHA512

    d227955f87e926d2157979d4aa4dbbe38590142f5afaa81ddd88c3f63b4568b07b7ddd97a90d746434d0e453c59501608166ccbaba3470db759ce541b73ba1f8

  • F:\FunPlus\Stormshot\1.0.0.69\msvcp140.dll

    Filesize

    370KB

    MD5

    536763d4cf1f235d7e243786ad5ac626

    SHA1

    87dc18614951869ed04cea115275b8c1a28b36d8

    SHA256

    c9657dd6ba98fe24e99a917bbc7eabddc464bbf00f352f7dcb62d32a5a1981cf

    SHA512

    da091681d1c0a6a8cad167f72c46c820ea084ffc30b111d2d6dbeb7bfb5a3d7542f851dfab42ae3429e58894c91ded471a35514bdd13894245d5399d6326636c

  • F:\FunPlus\Stormshot\1.0.0.69\msvcp140_1.dll

    Filesize

    20KB

    MD5

    ca7c343e1f6ffdacd0818b9e46ad58a5

    SHA1

    9731858d1cc5f1c1ca3bb2253df8feb9a912b8f2

    SHA256

    87428634883461f50ef4dc812273dc8822cf608b32ef6f11bcc61223052c1ae1

    SHA512

    13602dbd97f41dfb32f9c2cb5fcc263fd2663667374372b4414f64f0f56191419a79e74add3286524710d1b75869933cd21c8d8401ff6df6d711dd8efc8800d9

  • F:\FunPlus\Stormshot\1.0.0.69\platforms\qwindows.dll

    Filesize

    267KB

    MD5

    3981a989ad587c71a54002f363049879

    SHA1

    068fbd95d08a4c9a86ea4ef74b52009653a66ef2

    SHA256

    438a890ca892b28fd55e8d47e87f3383ae1ab754aaf035b9ba6d220b2ba280a4

    SHA512

    5b368fc71e4683d3359ca61d93dc933e77d6d267ec11397d9536c7bdf6e8b146d15459c71619dd3c81f4612d21a7fe5b24692a4fa60daa222db736fea3d80b7f

  • F:\FunPlus\Stormshot\1.0.0.69\platforms\qwindows.dll

    Filesize

    326KB

    MD5

    dfbdb90610002d34cd86ed74d5cf3d46

    SHA1

    22800812aefabaf782becab1133c4e1e052d5548

    SHA256

    172b11e2e14a883ce1b5ef20fd0225f49bed609fdd57d60f5c87c95df25b7f73

    SHA512

    aaf6c18533a0f150f60d426fc0eb50c64e7aac33ce603d71b4fc2164eb4d061b9b8fc502bc33135da1e41c3349b8699dc43ff416c71a24eb9dae7bdf94a2b929

  • F:\FunPlus\Stormshot\1.0.0.69\postproc-55.dll

    Filesize

    111KB

    MD5

    c01ef967c4b2954a35739856f8e3aad0

    SHA1

    6f1acdd12773fe915e7559ea8c82008c3590b336

    SHA256

    d90ac8ff8dee9bfbcc932d3751db1a55e62a5e507299d36849b0f31e38730f7f

    SHA512

    b12fe1fc23ccdc1ff4979e39adb06829fcb6dafa90522e4b3fe30787c2462af04adfaf4ab9724175cf5419c3417de184ac87afbe3e073edc458ee220c3218706

  • F:\FunPlus\Stormshot\1.0.0.69\styles\qwindowsvistastyle.dll

    Filesize

    132KB

    MD5

    b65e3ef6042684b489d0cb2574b4d144

    SHA1

    98747aec7f187d03ee2604fca947744efcab0b99

    SHA256

    9fd317f3da3eee0d53dc78687aad61440dfbc30a0d42169be434731e11f423bb

    SHA512

    980a7e9a9265c275beeba3469a0e676bb68f0b18ee760b43c0b9ab9856a11cf23175d10b53532299e1f8c1f5b74aaace61352eef398b4307267812a698f0e008

  • F:\FunPlus\Stormshot\1.0.0.69\swresample-3.dll

    Filesize

    304KB

    MD5

    d665e9827bb31204020df5f4ec23b3d4

    SHA1

    f579549db8ae38a792be3d0f88b8272d08165349

    SHA256

    886f99c2296f88014cf146a7a7453bedfaf7e650011fc5a6c01a2064bd8881e3

    SHA512

    36a5923bffefc6dabc627ff6e2c01c5e893c8b2650711ea6ec44a66e7d97a717244d702f0877be08d9ad6e691732a65d011253f0cf2dd4989b28f371473aec53

  • F:\FunPlus\Stormshot\1.0.0.69\swscale-5.dll

    Filesize

    504KB

    MD5

    a377c134506f22f93a2e69fcb344acc6

    SHA1

    35017b15b9086a7918fe6c9b42fbc8de9cc70337

    SHA256

    71ab19a4d1b98e300f132de30fbf9af2f78b0a02d0900fed643915eb6eac1a69

    SHA512

    313c1203a16b1efd1ba40171d0c7185516e6413cdb184a66ab65bed99d671cd5209a845254fc0979331d836bbf195b1df350693cc4426f41b05de5a5fbe7682d

  • F:\FunPlus\Stormshot\1.0.0.69\vcruntime140.dll

    Filesize

    76KB

    MD5

    2cec885177f8e329a314f975806d0e3d

    SHA1

    942d6525d23833ac51af1fd0cb6c18f0aacc90fa

    SHA256

    e4989178cb90a65428bcb19b2f1d2c811ab66077b38c0645522d8669b176b99e

    SHA512

    210d12d8912341e1625bbc603060aaf37ded1fec58fe677b0f92dd5bdc89d1629f29b50f7e95985bda6c7f316790f753dee2305d154ae94f5ee7816886e91fb1

  • F:\FunPlus\Stormshot\InstallSettings.ini

    Filesize

    88B

    MD5

    29aec47e556c6de90a7c942a608fc06d

    SHA1

    ea7b667111db699acb9717a778bc56489e9d90c1

    SHA256

    b99998d0f658a059347bb992ed57fc9e220370d266e54519a98fdd3609d6da6a

    SHA512

    8abbe40a6e466799061861ff0e601a0f2fe14c48237a2ffe565d33d1cc23ff4ca70ed2dd918d5c43c6c29435a7a911dafdb9f8c9cd3b94edb19dbe44bef0acf6

  • F:\FunPlus\Stormshot\Launcher.exe

    Filesize

    1.1MB

    MD5

    3fa136e6183ea152816f12532ea9efd2

    SHA1

    de1c2a695e6c693fe4097f1349fd38391be54e05

    SHA256

    39d1b7f0e9c131d04a7019305fb9ec0f02428da8f7dc81649cab0b2cce509938

    SHA512

    778a9268104a5835b9f9687f5b020ffdc9fd4efc0278a5da8572abcd70f303e623f58bbc864d70f441dead6ff244722a29dd072d0868c849898c8264f3caf0c9

  • F:\FunPlus\Stormshot\Launcher.exe

    Filesize

    854KB

    MD5

    c88a67ad7f22180c472ae671ac017ca8

    SHA1

    dec1e53d87d449dba6c91b28272dc7ef980c54c4

    SHA256

    d3f68c84a539735489d2952a6fc3e1199d071996c83e8106096821a2fc923fca

    SHA512

    4f461c847b4cee2d0529c9a12221eadb58feffcc9d6f3026a58f76ad95a93b9e1f1bf456feb6c4ffd0cfbe638089b3b0d430026b070d9de41206608bf92f08d3

  • F:\FunPlus\Stormshot\Launcher.exe

    Filesize

    563KB

    MD5

    0d0aff53aa1e685dede17f0c731f7c41

    SHA1

    76821b77d729f908ae79cfa0374bc5feb3fcbe08

    SHA256

    dca68d4e2484b4768835ad0d19788082c86272d95466857fdd8e018ccc11b146

    SHA512

    9c78a1442bfc48016e75142a8ff78fc1a7384710a4a2bcadf38f8ecc904fa3dec8fa7ef65ce33a054024d3097477fc16694d8d4db257a894a4dea0d637fa7958

  • F:\FunPlus\Stormshot\config\version.ini

    Filesize

    16B

    MD5

    ea2aef80af6e37794e5e6b390ef72a14

    SHA1

    890aa1ba4acd0a0aca3241a7ad3fb6ff0dc99c90

    SHA256

    bf1128e2e041a860afe0721b73e67784ebef343d394708d7407d59e340a70e2d

    SHA512

    5ab0f7ebc5a27dcc10e4edd6e4397160320b7f2de5b8f4c0092c89dd38b85c121468454dfc6acf782840bbf8a41c4f5f945ab849d2d7c9215e28bd01c1ead3dc

  • F:\FunPlus\Stormshot\prefs\st_global_setting.ini

    Filesize

    45B

    MD5

    1ee78a788801270ef28cc1637a100c94

    SHA1

    8d50ce29be92a7d5c31a6195a4d3d305074d8cd8

    SHA256

    fe1253ccc38736f86d2b98b7dfa328cff25f27c5a4489b572df02f91a774363a

    SHA512

    5eb6aacdc4856d2631451b8e64ce0558874dca9c9c85e256e34588872a02a608001b897864d15357fa1d6f34f6ecc9a3f28ccd679f9b8d8478f4d0afad5d47d7

  • F:\FunPlus\Stormshot\prefs\st_global_setting.ini

    Filesize

    380B

    MD5

    a2a77944dd1ecc15e274eca47587ab56

    SHA1

    9b3b91fae432fc1e0d440cc794dcf70c11b78d72

    SHA256

    8cb49f58715cf579df5cc54503a036dcd5f42c248e0c8845258300b648e37705

    SHA512

    406596f5e8bbe5b4a0b3892ff4f7d683c5b6daf7e8c30a45a90898d4d2b5dab1fa5234c68abdac8d6b66e524d13db559f3000de75e9d3ac7adad17e550044a3b

  • F:\FunPlus\Stormshot\prefs\st_global_setting.ini.lock

    Filesize

    64B

    MD5

    845748d11f2228f4610c4425e81adb1e

    SHA1

    d71564e8e75b3581c69b6c3929f09bb93bd6316e

    SHA256

    a74e26448dc432d0d70b8c53bece50799e62251ed11036d9c6e416b1a37bcc92

    SHA512

    516b1a9a3cc4a2d20d47699cb943448cee27f148dc003fefe65236c746593fe3482fb93b6cef9a95f048dd4adcbe41ed7d2732abeb904a0914466d7828ad050f

  • F:\FunPlus\Stormshot\uninstall.exe

    Filesize

    1.4MB

    MD5

    940bc9594d74e3d82c6b6d0a64c8c885

    SHA1

    a589f1c76d9f2a27cb346af9d8ad7a769684fcf0

    SHA256

    2b1c76a3cf19ea5329b3f276ad049f9ec3f9f72232e0be181331778a31bb8843

    SHA512

    4b81147f7b44e0e605a5ee27b31ef1e0554b3aff4eed682332ee564851bcc61b0987fc5b405b286342569853c2045174d91ff060dd3bd2016265cffbe6462ddb

  • memory/4360-679-0x00000000036D0000-0x00000000036E0000-memory.dmp

    Filesize

    64KB

  • memory/4360-731-0x0000000006FD0000-0x00000000071D0000-memory.dmp

    Filesize

    2.0MB

  • memory/4360-747-0x0000000074A60000-0x0000000075133000-memory.dmp

    Filesize

    6.8MB

  • memory/4360-748-0x00000000744A0000-0x0000000074A5F000-memory.dmp

    Filesize

    5.7MB

  • memory/4360-750-0x0000000074380000-0x000000007440E000-memory.dmp

    Filesize

    568KB

  • memory/4360-751-0x000000006C740000-0x000000006C83F000-memory.dmp

    Filesize

    1020KB

  • memory/4360-749-0x0000000074410000-0x0000000074499000-memory.dmp

    Filesize

    548KB

  • memory/4360-729-0x0000000006B90000-0x0000000006FD0000-memory.dmp

    Filesize

    4.2MB

  • memory/4360-765-0x00000000742A0000-0x0000000074357000-memory.dmp

    Filesize

    732KB

  • memory/4360-766-0x00000000708A0000-0x00000000708C4000-memory.dmp

    Filesize

    144KB

  • memory/4360-767-0x000000000B4F0000-0x000000000B700000-memory.dmp

    Filesize

    2.1MB

  • memory/4360-752-0x0000000071280000-0x0000000073A3B000-memory.dmp

    Filesize

    39.7MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.