83eb34d651a0062ba7b91277fcf5ffb5239f5b1bbe43e3c69e3513f6c2d388d1

Analysis

max time kernel
61s
max time network
67s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 20:27

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Setup.exe
Size

161.3MB
MD5

33b8dc8e78d35da840ca6be0824a6781
SHA1

21a6e7d959b9b2e601bff093bada7cebcfc11ca7
SHA256

fe24a6d0000f20f8c4df987eed36b0aeb0c767d5e78030030653ccb678310755
SHA512

7e10a35325c28bc9d555f8a8ea92c081f128a0421a0317812eaaad50bc65da10fb3478188ed7d4991b95f5fa8a068eed50da0ec3dceb9dd4e4dd8ad6c1210973
SSDEEP

3145728:dbONIKO6wq0mz5+7MPqR04cySGQeKF3tKE8O/DlfO7tcsRW2anZ0jeV:dqI7g7PqSCSH7lfORj7jeV

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1412	DeleteTempFiles.exe
2796	UBFunkeys.exe
1736	MegaByte.exe

Loads dropped DLL 22 IoCs

pid	Process
1572	Setup.exe
1572	Setup.exe
1572	Setup.exe
1412	DeleteTempFiles.exe
1412	DeleteTempFiles.exe
1412	DeleteTempFiles.exe
356	regsvr32.exe
1572	Setup.exe
1572	Setup.exe
1572	Setup.exe
1572	Setup.exe
1572	Setup.exe
2796	UBFunkeys.exe
2796	UBFunkeys.exe
2796	UBFunkeys.exe
2796	UBFunkeys.exe
2796	UBFunkeys.exe
2796	UBFunkeys.exe
1736	MegaByte.exe
1736	MegaByte.exe
1736	MegaByte.exe
1736	MegaByte.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Macromed\Flash\Flash9.ocx	Setup.exe
File created	C:\Windows\SysWOW64\Macromed\Flash\Flash9.ocx	Setup.exe
File opened for modification	C:\Windows\SysWOW64\wdapi811.dll	Setup.exe
File created	C:\Windows\SysWOW64\wdapi811.dll	Setup.exe
File opened for modification	C:\Windows\SysWOW64\Macromed\Flash\flash9.ocx	regsvr32.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\110.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\148_i.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\image9_4.jpg	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\73f_OR.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\space_poles13.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\73f_IR.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\gem_water.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\image6_2.jpg	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\image8_2_l.jpg	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\games\game_room.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\games\lava_devil_pd.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\3c_IR.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\73d_OR.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\90_i.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\games\city_remix_fg.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\83.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\uninstall.exe	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\funkeys\sol.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\82_i.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\88.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\image5_3_s.jpg	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\city_building25.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\lava_stoune_5.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\83_i.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\soundfx\Line_37.mp3	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\games\underwater_goldfish_pd.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\106_i.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\112_i.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\4e_IL.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\57d_IR.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\65f.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\Mega_Store_13.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\city_rock3.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\underwater_building3.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\Music\stake_out_music.mp3	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\funkeys\solR.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\31.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\games\funkjongg_prew.jpg	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\36.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\52.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\65e_IR.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\77_i.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\fillNode.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\paint_can.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\MegaByte\borlndmm.dll	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\Main.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\funkeys\dotV.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\funkeys\webleyR.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\5c_OL.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\92.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\city_sign4.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\city_tramline.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\space_poles28.png	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\15.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\3d_IL.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\image9_4.jpg	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\space_building14.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\MegaByte\difxapi.dll	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\funkeys\fallout.swf	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\4c_IR.png	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\items\69.swf	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\soundfx\alert.mp3	Setup.exe
File created	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\soundfx\Line_18.mp3	Setup.exe
File opened for modification	C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\space_poles27.png	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	UBFunkeys.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	UBFunkeys.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\ = "Shockwave Flash Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.6\ = "Shockwave Flash Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.sor\Content Type = "text/plain"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashProp.FlashProp.1\ = "FlashProp Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\ = "Shockwave Flash Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\Macromed\\Flash\\flash9.ocx, 1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage\.mfp	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.swf\Content Type = "application/x-shockwave-flash"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\ = "FlashProp Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID\ = "ShockwaveFlash.ShockwaveFlash.9"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.spl\Content Type = "application/futuresplash"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashProp.FlashProp	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib\ = "{D27CDB6B-AE6D-11CF-96B8-444553540000}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32\ = "C:\\Windows\\SysWow64\\Macromed\\Flash\\flash9.ocx"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\ = "Macromedia Flash Factory Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1\ = "131473"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/futuresplash\Extension = ".spl"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-shockwave-flash\Extension = ".swf"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6C-AE6D-11CF-96B8-444553540000}\ = "IShockwaveFlash"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashFactory.FlashFactory\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.4\ = "Shockwave Flash Object"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0\ = "Shockwave Flash"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.3\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\CLSID\ = "{D27CDB6E-AE6D-11cf-96B8-444553540000}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID\ = "FlashFactory.FlashFactory"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.5\ = "Shockwave Flash Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.7\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash.9\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID\ = "ShockwaveFlash.ShockwaveFlash"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D27CDB6D-AE6D-11CF-96B8-444553540000}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.spl	regsvr32.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1572 wrote to memory of 1412	1572	Setup.exe	28
PID 1572 wrote to memory of 1412	1572	Setup.exe	28
PID 1572 wrote to memory of 1412	1572	Setup.exe	28
PID 1572 wrote to memory of 1412	1572	Setup.exe	28
PID 1572 wrote to memory of 1412	1572	Setup.exe	28
PID 1572 wrote to memory of 1412	1572	Setup.exe	28
PID 1572 wrote to memory of 1412	1572	Setup.exe	28
PID 1572 wrote to memory of 356	1572	Setup.exe	29
PID 1572 wrote to memory of 356	1572	Setup.exe	29
PID 1572 wrote to memory of 356	1572	Setup.exe	29
PID 1572 wrote to memory of 356	1572	Setup.exe	29
PID 1572 wrote to memory of 356	1572	Setup.exe	29
PID 1572 wrote to memory of 356	1572	Setup.exe	29
PID 1572 wrote to memory of 356	1572	Setup.exe	29
PID 1572 wrote to memory of 2796	1572	Setup.exe	31
PID 1572 wrote to memory of 2796	1572	Setup.exe	31
PID 1572 wrote to memory of 2796	1572	Setup.exe	31
PID 1572 wrote to memory of 2796	1572	Setup.exe	31
PID 1572 wrote to memory of 2796	1572	Setup.exe	31
PID 1572 wrote to memory of 2796	1572	Setup.exe	31
PID 1572 wrote to memory of 2796	1572	Setup.exe	31
PID 2796 wrote to memory of 1736	2796	UBFunkeys.exe	34
PID 2796 wrote to memory of 1736	2796	UBFunkeys.exe	34
PID 2796 wrote to memory of 1736	2796	UBFunkeys.exe	34
PID 2796 wrote to memory of 1736	2796	UBFunkeys.exe	34
PID 2796 wrote to memory of 1736	2796	UBFunkeys.exe	34
PID 2796 wrote to memory of 1736	2796	UBFunkeys.exe	34
PID 2796 wrote to memory of 1736	2796	UBFunkeys.exe	34

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1572
- C:\Program Files (x86)\U.B. Funkeys\MegaByte\DeleteTempFiles.exe
  DeleteTempFiles.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1412
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Windows\system32\Macromed\Flash\flash9.ocx"
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies registry class
  PID:356
- C:\Program Files (x86)\U.B. Funkeys\RadicaGame\UBFunkeys.exe
  "C:\Program Files (x86)\U.B. Funkeys\RadicaGame\UBFunkeys.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Program Files (x86)\U.B. Funkeys\MegaByte\MegaByte.exe
    ..\MegaByte\MegaByte.exe -MBRun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1736

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1012

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\U.B. Funkeys\Config.ini

Filesize
246B

MD5
0b59bbbd1eebb4c04df49523b0517e45

SHA1
73260558d05d6641915c99062bd97fd73274e1cc

SHA256
ab8e4bfc873e0429bfd17ec69b3bb502a5b575e514302094c345cbe1a858f3e0

SHA512
e48f62d7f93d757907efeb7b4dead83e4d41c4b5af584825f36eae749f8f7f7862a202c5e316572e61c03caffc37aad66e85ab3364c065246d9f3f11824ce860

Download Submit
C:\Program Files (x86)\U.B. Funkeys\MegaByte\MegaByte.exe

Filesize
528KB

MD5
3bfce00a2d440553f6d2e2f629ebd2a8

SHA1
9d912eea512d4b24c0a9b5ca643e1aa8cf6436d4

SHA256
f34ce1ad1c45978f44792eae48ff8a061c10f2131ca34969872ac85191f987d9

SHA512
80194725bc057367b93750e2a0e087cd45346b136e498914640953efa833a03828d4ce77a776f5a985a742ac62bdb2ff174bd870a1bf7a7827286d5c054d4656

Download Submit
C:\Program Files (x86)\U.B. Funkeys\MegaByte\MegaByte.exe

Filesize
96KB

MD5
626b82b553a3c16bfdbede3fd3fb178d

SHA1
27b9a59dfb88213279684ba9accbe658e454a584

SHA256
e653b002d65bfd5994a194858be1ad4a1ee8655ade7c8fdf37e881f4bc7c9148

SHA512
478f599fb4a46f3f04a2dd620487bed517e8dd47d7b14a1a77d212ad3a0fd1e4fd47dbec8b2f89069c0e13ed021e64530adc92285ee26c15ee9de587a6c10dde

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\Main.swf

Filesize
182KB

MD5
44c75b3d9538954204ac42c4ee8c3ee3

SHA1
3a3dbca4d2e2fe5e001ae2bf59dd5e98bb1e68bd

SHA256
4efe3160170f04c84a8f947abba325942251e71c0917e704624b6c30fecc6a9b

SHA512
ea91eb7b3ff02abc8924ad2e1f3dc3d1ae4cdc20bb8fb7d6baa1304b148c1203f16334d65ca548eec5304df63562b1cfaf8a711bc41e85323ccaa57c1e1c5fe6

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\UBFunkeys.exe

Filesize
724KB

MD5
220718fafc1e5e2cb61e568779bda7c1

SHA1
bf0cddd1d3758d7b17832d8b50007cf33ea197d7

SHA256
f57e1c87382f7f1ed31ecf84212f72d382884a0e8f7a1a2f750ab285da9aec6a

SHA512
7d2928f8f577f9f8a53bcb90852fe1fd37e89e984913e991462b24983cc924d5de7dcf01509f1dddf1de50cee8380757d13bc562926179fcd06b18512f184c55

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\UBFunkeys.exe

Filesize
219KB

MD5
dc2eff7392b253bf8c4ebabb2d61ba89

SHA1
58420733b351b6a94c874a247d9d8aeac692f311

SHA256
0a9414b0e7c87dc2e88d712674b8e9302d660d171b4b706f02593a8c94aa47a8

SHA512
eaecde7857381ee132289132004e626fe433f7365e6fcf3672249f9b88c69d0521dcb7238ee8d677654ac10f73acce07038b686f9e936874e4ce0a352c5b7866

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\data\system\config.rdf

Filesize
218B

MD5
4292e9b05bddd1c934973dee3b8836c3

SHA1
582d085429e4e2258efeb35c6f322fa586d52bad

SHA256
2c10c3ed2964a7674da854adb68d2d6bb296024945ebff4cca419de10b4885a3

SHA512
f2733488150a6de202cca506156379b5ba82628b7fda526fb3d551f665f5e08d90a8b97940607ebcbafd65254989efbf6035d1778031f560e7ac428a86799c63

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\data\system\crib.rdf

Filesize
6KB

MD5
a6783fe278fa89dd1c2327c789e99e90

SHA1
746f114454d03e082df8fcd1db670151269022e1

SHA256
0ad81ad6317caf44b4be8e17b4e6ce9690e26fd7ff318f58a5a9d3c0db2de4b7

SHA512
40c18986622369df4db981fe87999a00e1fdbf9f003c05bc0cca34a8c80f48f58452850d5ffe45738f019fe08992a1912a1a211e0d90983cfe929b51208fcbe4

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\data\system\guide.rdf

Filesize
163KB

MD5
0f0093d45135d5977132d04a0bbd2062

SHA1
1bde5040fd2b703710e7618c4bee7b66529b1f67

SHA256
7c1eda977d48a6407299bb99ccb76aca0a9e9383422d8efdd3dab6c93c9ccdc0

SHA512
c3f0b15d0902f3d0e773aa160e48ffd4819d734fc831722697b13bc84eae54b3dea47dee02ed7746ce7df1b713076d005712796d3af6ccf3b015d44ab915af6e

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\data\system\options.rdf

Filesize
186B

MD5
c63b67b76e158ec6d78788d3f8a2fd10

SHA1
135247380bad752a7573c14f6510706616fcd127

SHA256
bc1d6dfba17d98d6c89859bafc38179644d62fef8649e1dc3860524b34c71a95

SHA512
0a8e92e4f2c314bdb14ddd18bbcafed22ee63d654d7f5172a22690c388849df9e7ce4385bb524b9c5a362ad12314c91afd81ac5132f20924440bfab2d1706a93

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\data\system\profile.rdf

Filesize
1KB

MD5
4af4e149f7f0c5aef6c7555c178388a6

SHA1
5c72c1ca2e9a5f933dadd9036bca786bb4c3a84f

SHA256
6e7054e2859de2ed4d10b6fc766a422df1d7fff4f46bbe431e42055025192d59

SHA512
8775d5cf6faf3d05b347ea2b07a793142a5aa2bbe72f81c75592b4d0854476dff83376630544400d29602c98f8aa97a6d28085b7c6cf571e09de6157052474b1

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\data\system\promocodes.rdf

Filesize
3KB

MD5
a436518eff6bdc15c27954514f856a21

SHA1
fac40afc61024564878a850bcfe63956c7f79ae1

SHA256
5066ddc21917c063e79e5ad40379617499ed0de9f5bae11658c974d4fa116adc

SHA512
75d87db0e2b6a0188b92399df98cc0d89bdd02543d1bea1baf4c9be0df3a63c951f14ef0eee1c4993d6b974385ac61a3e3829e2cecee5600c39336f605843d5b

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\data\system\users.rdf

Filesize
26B

MD5
d4e4469d892a3941418137f495029e6d

SHA1
1121cebaadc9759852d0e283c28827027930e3d0

SHA256
34ce2e67e30cc3df8b60a823e9687be24e08abecbda52118e12dc340be94cc10

SHA512
011acc00e72ef36267c2e901b10e0cd74fdc6f8ff656cd7a51a11928a5bf9120df40de297d4e87d9399db3fa83d7502001feebb5853871efdfd703d0a040e182

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\data\system\voc.rdf

Filesize
26KB

MD5
6f29d7745dc8b50c8902354da28cddfe

SHA1
b53c3dbbeee78107983522c971a0566bf3d860f5

SHA256
a89a3b468797bd49a3feaa2a1aaca4ca7aafc7c1d64e8572c8f7215a12d8f88f

SHA512
02f90085dabc6b3c46ea3c480d36a85bf41191990f8277dcc6cc5211cfde8502a4722d79c330347f538a0abf53a68def302453d38a2e41d94048ad9f497014be

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\MainMenu.swf

Filesize
103KB

MD5
06ea64ee32cba3b2ef3077b49a37a9b2

SHA1
bc8db3cfd0c44a9d9baad9bebf098b757225aa53

SHA256
da085f4056806cd1f9b49d0c55a3a34bb416a2259fb9b0287513e57d3402e929

SHA512
8417d6ba8dbbbbb250a529366ae92d2e17e778ab5ff1b99060ce791791e182500453b70f60c3f1e368a19313bd767aee04ff282fa490fa93ae19355db1d527f7

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\cursor.swf

Filesize
10KB

MD5
1fd93e86def735a3f6ce9e75b04d2cdd

SHA1
8763d5b46c2d4b01dc621e239654e884e8f080bc

SHA256
742045aaae0279c0aec6d1336f1ae3787d7af1340cce19ab1f0260f276393313

SHA512
ae4f29c68b44a8d650189c8236a9a1f71f69c0bcc901c70badab30bedb9dbc8fc84ac4edb3f9d5a337f4a1bbf12716bbb04493fd35f642cf7eadc3b548ffe8db

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\misc\splash.swf

Filesize
41KB

MD5
4af5398d72a5dd40f28b932c456ec753

SHA1
36a2e1402d60717ee5d2792f51f6bf57529134b6

SHA256
a0f47cc065aa4419af41831a7a85ccb5d0494f4d7241c9a609f4246ac249ab02

SHA512
6277e06fb1ff11de9c539695d555968a41c5b651ac025cc672858af6794b063ce2616f1725336839f8c0efcdff364f3a35daf29962017e4ef52b85c2196227bf

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\music\Intro Song.mp3

Filesize
157KB

MD5
f74563b216aacd83f6dab80e0e382c3c

SHA1
dca41c876403fe1581d0f1a47d930cc525809669

SHA256
0ff4be17ad0dee9bc6982f4007ca0f1ee08369899c9db84bdde542fd69562b67

SHA512
4b7d955d40dd20ad39c6479ecba52e8d368328a2e08d4d373b098d0c5c090fecf81e8a41883e5c5e6094453b97e2250872bfe3e7779692640622de0ec0da5767

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\soundfx\alert.mp3

Filesize
42KB

MD5
d66ed5fb90cca995bcded3407887a008

SHA1
3833b4bf85e2c22a7743d9502c209352ab99b7db

SHA256
712ed0c5c7bbcbc32e9e45ccb8af7dd564885059be5d4b212f3e5c42407741d0

SHA512
3afb643ed39908a49ac3ef5353d6c6354d76ef5b8da25aea696912bcb74acfb79a051c7756d474663a4f4fcc6278833cc39d72967ae13f470a80a8e6a46f98e9

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\soundfx\click.mp3

Filesize
22KB

MD5
77925093bd5cffa2d6d717aa99337b97

SHA1
3fc34b93a60e89b9ef0a6c4bcdb0711ad28910e8

SHA256
f99648c15ad556940f21725d73839c27c35cffddc9ff1220651e510937336b44

SHA512
437fd5458a407774e4e4c2489ddefb4fb3af10694634baeb537bfca3812857ea71f95d9122094f6e42528f634cec23ed9e271a31713ef1b8e6ec191bb1608f4e

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\soundfx\pop_up_window.mp3

Filesize
8KB

MD5
4c2e6a7dc8d9a616241b83a4c11808df

SHA1
43a2459184bef08d0bdcc92ab4f12d07e7b8e1a9

SHA256
4b77d6894f87bcd1fcc64db248b28e504f8112ac10a032a4f33fcf0f34f3127c

SHA512
586a3b82188cef208499dac94477260a2ccc402c40b8c1f3c62a2f5451ab3f290c66bbcdb3472a17f5937132fa2b3c49d9a140cb8104337c152d3a387ba63931

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\Map.swf

Filesize
129KB

MD5
476227136d261ce8cecf942e074d62d0

SHA1
9d2d7549d91559fcb4ef85b2a87c5e3fe31032c4

SHA256
767f8ea0cf3521194d7dcc89285a220245fde2cc38c985843adca5d3e6c2ea39

SHA512
3b80499fefae7dde424da3b0b3039b6824121ae1b07723fa86786817694177aa5472d027479332befbbcd517744228b7e6b4562359d9102f3dfed9e68049966a

Download Submit
C:\Program Files (x86)\U.B. Funkeys\RadicaGame\zones\space_poles12.png

Filesize
4KB

MD5
fb14e01d86b9e4a68e8c1cb2c45b3fb8

SHA1
b40e832d2e1a0a9bb9c5fc34ffcd9802898dadd8

SHA256
4a44f5dfebaa40c706f8d7ac2a9a360b2ce2efdaa44812a9e28fbfd4012af71d

SHA512
a4f40e7a48346c892cb7f2a36858150fe6596af59aee5a89c4018d0e25d4da1a330f2581ffa9f0bd6aa3842a1ba28dc1b35f4f709e508f9997a0fffd1b5f1d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3B6C.tmp\Header.bmp

Filesize
119KB

MD5
9407d8c0ce2e3e65f01eff523d1ee918

SHA1
c426b3564d90cb185bd68659d9f5709c26f5148d

SHA256
a440e48c3af4f3f6c92b5636f548aed54ad7f158512439cc810d1b90b523e5b1

SHA512
0c41361b4bff74076b0f2ca7997c95e761e0e78483f67aca4a2b0ce8f37a0f38657885ee6ecefa9be571947e857793ad95c28c399a182779a4a0fe6c6a727bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3B6C.tmp\ioSpecial.ini

Filesize
501B

MD5
38b032156c5429f4826be7cc1b4ecad9

SHA1
4748185cbb9721839de4e9713304ab20934a890e

SHA256
18b6b36e184c26c0637ffcb518117d9f2a84250811eca81329c7c040766a9240

SHA512
fe72ecd00d53bcbf0c3b28d2c1b9af1db694ad3aa2aea6552e6cea95eaa4ffad3bd9b11b11c1ac788286ea6b31c0cf81d3318a818832abbea99c2352dc3212ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3B6C.tmp\ioSpecial.ini

Filesize
495B

MD5
180b2d04417f63c49dd428adaf6545dd

SHA1
19999a8a834f4d9e0630a9f895087316364d9e0a

SHA256
6251b933c8042ea8e94ebd6c009c51271270ce5114071cafed7310bf40acc51c

SHA512
7eba67dc4db6feb736b32568644f45d639d97028a5d2379835bab7b41a1477339a8245a43b56489685baf3411726c8dbd8c9730d52654b63a12cc961030886e3

Download Submit
C:\Windows\SysWOW64\Macromed\Flash\flash9.ocx

Filesize
365KB

MD5
41de5386832ebc10ed90daf6689b4587

SHA1
1c1bb30f678761a3c67d6be893abfe46edb58431

SHA256
d133095ac6176da64f54382104d372fda823d508bc192f18ff9ca46e60241937

SHA512
8ad6b8f2ae7fc7b15b7c3e4ae042b5a8883cb82cc3058ab7998714b97509b626bdbc95ebe1b6b8f937fd3bec0de5778e6d9dbb8eed0c30b465200feebe7a8cfe

Download Submit
\Program Files (x86)\U.B. Funkeys\MegaByte\DeleteTempFiles.exe

Filesize
87KB

MD5
173531c361cb8144a2427830e734c98c

SHA1
2628066cca1e96bda8a8a83039623c8b6071fa2d

SHA256
c74f97354d1c40ade120c6c12f7bc64334496d744755837b33b2efd97674c428

SHA512
3467b2c3cc8180068f53baad8633530b2d79c5c35ef65f1b43047ad3aa206a7dea38fc0f7739f59ad016dbbb5aedfa891f96461718b1ffe18653fd79be63f159

Download Submit
\Program Files (x86)\U.B. Funkeys\MegaByte\MegaByte.exe

Filesize
211KB

MD5
7dfad0e87dd3f6c67b379c0c1dea6dc0

SHA1
25f296ede9cfa86fbcb24af1671235d132ea78d6

SHA256
3fdb29554ec6648bb7797d704c651f50ae16e1cbec2a01e3e24534014753d530

SHA512
f56e6997f0dd2c6e22807fc06e40907051d3b8e321e35a1038385575f94069e5a88a51c5d3b8a0ebd4552fa60c77fa9aca2e863c4cc6555272e5509ea0096439

Download Submit
\Program Files (x86)\U.B. Funkeys\MegaByte\MegaByte.exe

Filesize
92KB

MD5
8d36c25449d13e3db110c7b1cc9b88d3

SHA1
307fc1a00e99026479adf7a541b4ff071748a17e

SHA256
0033a96fc2b4ef3e1371b914e220eafb074cd368d5b4fd1026056788616e476f

SHA512
bf364796ddfebcb6f17d16de74c8ced3d56d3acdda7fc3da65d627478637580ada2436985b651358d2b1300b18097a9bbb3a347267af59b3de133564b1ee2e8f

Download Submit
\Program Files (x86)\U.B. Funkeys\MegaByte\MegaByte.exe

Filesize
137KB

MD5
e076db0309ac748eda4ba2f32bb8ac9c

SHA1
1f0c35227a6aff3f1603edbfcc9883709f23a0b7

SHA256
2581c508679273899f4f316d9c49c6d8fb950925934d47872228e51374f20e4c

SHA512
0901b173b5ae76a34b3baf40e140275dc408268d9d7c1a1054798e5f133c8a9a011e076799b891bf99051a89a3bbb23bdfecee98df8b5165669b3935adc523d8

Download Submit
\Program Files (x86)\U.B. Funkeys\MegaByte\MegaByte.exe

Filesize
125KB

MD5
dea95a05a329fce2591abb8bbcaee105

SHA1
6cbcb3ee2484855836501adfbd791ea7ef0802a1

SHA256
754413ac0e671fc2044377ab591e379b18bac2477e73fab7f1a16d5b5b97dedf

SHA512
d6aed282f5b47b0f311d25fec50b2493f420d995e1f4e4e35f75e16bcf8165ffbfc5ed2b3910a9fd62d981ff6cedf44bc31534066803b1a270c4718e596c7293

Download Submit
\Program Files (x86)\U.B. Funkeys\MegaByte\MegaByte.exe

Filesize
192KB

MD5
35c109e40a871c05a620169567dd4adf

SHA1
989ee0b1b4c38a92067d77d4cfc7e9fb4a31c586

SHA256
bc45f548fb9ef71460d8d478aceafb6341710d38cf48832e3ffe012d05af3fec

SHA512
e311f3a1c711d30a25450ac18d4f788360dca0dca1003bda075ac2e4dc092a2b5a4167b98f9451ff26b95a7e6677ed40d7b960ce3660b0921e8ab387806cf951

Download Submit
\Program Files (x86)\U.B. Funkeys\MegaByte\wdapi811.dll

Filesize
100KB

MD5
f3202fcd811a1322f3bc9beeb3cff281

SHA1
253e81e7bae5acc04cf1e12843e94a08b753672f

SHA256
222cb43e13c99ea9e912761d1ad8a9485b123db9f56d360fe90eb28e0a9cd982

SHA512
65a44bc15fee81e2b3272300809b2632a01a12937210530d88e234c377f62c04cff29ea20573405f6e869b31b26cb07dff8f7aeee15c7f91bda50769a12425f1

Download Submit
\Program Files (x86)\U.B. Funkeys\RadicaGame\UBFunkeys.exe

Filesize
92KB

MD5
68226c66e1b7f45ab3f37e6e1f3d31d3

SHA1
8acebae7e53a51218ba34fc4229d48423afda9d1

SHA256
23812558e5c28c8c912bc47753b75022b32520749fe078fa1d6eacfcc51b9c8a

SHA512
de24cfbecdd01df78cf212a836d708437a5fa84cebfb1cf40a7b36f6b7093e0bdaab403ca695a37dd2c76c0f2fa903d4ebb52a1e5a05c09a79870e1d5ad720e9

Download Submit
\Program Files (x86)\U.B. Funkeys\RadicaGame\UBFunkeys.exe

Filesize
284KB

MD5
1806f2cb5c977d135842dc8f0505c4ac

SHA1
5ba313ae3be25c8db10ca6abf85d0d28d4a10df2

SHA256
a763bead9a20ce5ade837395e94278b4cef32ac75184aea48449cf77a0657841

SHA512
47736511b2fac6e1bf432aaed5b5a145b919c0dbd8ade715fa61c7affeba461409e648ed648a4d0774f9ce7dd717b596a3f8186bf541cc8b96115574a0563947

Download Submit
\Program Files (x86)\U.B. Funkeys\RadicaGame\UBFunkeys.exe

Filesize
200KB

MD5
7cf78bbf03b81afc682cc47da4d8b8da

SHA1
0e8dfee8e7de4dc3ead22fdbae100a0cf545ecba

SHA256
7904671f8cd7a188535b7a00d712ebc3fba69844618cdb383acbccd39683d03d

SHA512
68f02328bd067ae7aecb11de99caf3cf1d7382b14858ea62a176c3a972a71961fc11d8b0820cafbe309e8aeec02a78ad82ea85aeb9a8204b6249eca6ead867cb

Download Submit
\Program Files (x86)\U.B. Funkeys\RadicaGame\UBFunkeys.exe

Filesize
478KB

MD5
e8773921629d3abfa1bc3f0bc3952af5

SHA1
9fe5d34fa4ee913759e92c8f4dd1b5f371d4f349

SHA256
f8db5444124cd723c219333ce431bb3db484f364a5e6be75cc77357eef09f2c6

SHA512
c9e176fb65d551b41cc3446c1b49b6bb38c10d0407f43a4e497ebb129b44000b506021b76093b3b120ee691623cf49d813c03eb9133b131137dc8dc8fdc22841

Download Submit
\Users\Admin\AppData\Local\Temp\nst3B6C.tmp\InstallOptions.dll

Filesize
12KB

MD5
444e1109d960c307df0ca2b33a24731b

SHA1
55e3b57d06128911ed4af44858d199d9b1945edc

SHA256
b3ba181120cd5b57e2cd5435bbd64c3257f7525ade359f89554e93f466692125

SHA512
9efdb45ee0eae73c24d3f01ff799160090f2b1f0f28ee8da3af52992fec220bf905070ce5a6cc1b5657642440ad29c22bc6889cd3ee1f674a908a935dcf4c2a8

Download Submit
\Windows\SysWOW64\Macromed\Flash\Flash9.ocx

Filesize
6KB

MD5
d5812e1d67ab3dea36e1b0572ba05ce3

SHA1
b248139290b30c173ead29cdf922eec987efb0fd

SHA256
ffb2c5b2ec669ed3e264a97f35c56039436dfdaeca8e2a6df7f16cd33338dc1b

SHA512
350b0741c17ca3ba866624584cf50cd6ad237706d36b444d54dd9ac68376206c5e0937a90d460f13402e39332f75e6f7f6662156d6e891e55cb6b04c299c60d9

Download Submit
\Windows\SysWOW64\Macromed\Flash\Flash9.ocx

Filesize
265KB

MD5
558c67119bf6f42db5244be62a2034ce

SHA1
b2e1bd0725f9949684ced1172afb0a27fc35d7a0

SHA256
e21347e2063bdc33f0d27ae4c2c974d008a7363c31a2581d6a630b08ae833d18

SHA512
061a71da499bac95e69ee1867de3e5afc878227ce0cd3044de1312aad4b846531313cc21e57ae9a5a43c96a776140ae4d28e447730f3b7cc3cf91cf269e49ebc

Download Submit
memory/304-1651-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/356-1512-0x00000000035E0000-0x0000000003A29000-memory.dmp

Filesize
4.3MB

Download
memory/1012-1650-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/1412-80-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1736-1647-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1736-1648-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/2796-1646-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2796-1649-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download