42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924

General

Target

42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
Size

83KB
MD5

4b8cca1bcb934b2307c9c7eb7817a526
SHA1

85e3d7a30bd20ceaf2e38b7248c989bc57e20b5d
SHA256

42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924
SHA512

0f4e70f0582bde9915625cca4e75a3f2cea1277809f4c5f21a77d8f1ef62b4d227a0dc2bdab2c46584f24eaa0d5629e5bfc3e7c0d3a5dddecfd5fbc9971d5352
SSDEEP

768:dvmKZor4WvMzGBrxUv7SBEMm7SB2WrAwsOlFkJ7SB2WrAwlTa0XZdPQbMoIRIdBk:dvmKZozvMzmNBzsmzv48v8G0Ct

Score

8^/10

evasion persistence

Malware Config

Signatures

Looks for VMWare Tools registry key 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Tools	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WinProfile = "sndcfg16.exe"	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\WinProfile = "sndcfg16.exe"	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe

Drops file in Program Files directory 64 IoCs

Processes:

42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe

description	ioc	process
File created	C:\Program Files\eDonkey2000\incoming\Call Of Duty no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Snowblind Eidos Interactive crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\WinZip Self-Extractor v2.2 keygen.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\FlashGet.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\windows server 2003 crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Microsoft Office XP Activation Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Morpheus patch.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Nero Burning ROM v6.x crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\FlashFXP v1.4.1 Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\DivX Player and Codec.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Soldier of Fortune II- Double Helix no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Download Accelerator Plus (spyware free).exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\The Sims - Vacation Expansion Pack no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Snowblind Eidos Interactive crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\FlashFXP v2.1 crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Microsoft Office XP Professional Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\DRIV3R Atari crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Rise of Nations - Thrones & Patriots Strategy Microsoft crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Macromedia FreeHand v10 Loader.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\WinZip v8.0 Keygen.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\The Elder Scrolls III - Morrowind Game of the Year Edition Role-Playing Bethesda Softworks crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\ShellShock - Nam 67 Eidos Interactive crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Fire Emblem - Seima no Kouseki GBA Role-Playing Nintendo crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\The Sims - Unleashed Expansion Pack no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Mario Tennis GC Nintendo crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Zoo Tycoon- Dinosaur Digs no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Need For Speed 5 - no cd.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Snood crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Enter the Matrix Atari crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Half-Life 2 Keygen.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Battlefield Vietnam Multiplayer Online Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\ICQ Pro 2003b.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Avant Browser.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Star Wars - Jedi Knight - Jedi Academy no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Avant Browser.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Besieger Strategy DreamCatcher Interactive crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\World of Warcraft Role-Playing Blizzard Entertainment crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Geist GC Nintendo crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Sponge Bob Square Pants - Operation Krabby Patty no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Macromedia Contribute v2.0 crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Command & Conquer - Generals Zero Hour Strategy EA Games crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Metal Gear Acid PSP Strategy Konami crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Battlefield 1942 no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Sponge Bob Square Pants - Operation Krabby Patty no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Resident Evil 4 GC Adventure Capcom crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Grand Theft Auto Vice City NO CD crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Halo 2 crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\mirc 6.1x reg entries.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Windows XP home edition Activation.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\mirc 6.1x reg entries.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Ninja Gaiden Tecmo crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Sim Theme Park World no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Need for speed underground - nocd.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\The Sims no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Adobe Serial Generator v2.0.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\FlashFXP v2.2 crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Warez P2P.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\Blitzkrieg - Burning Horizon Strategy CDV Software GmbH crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Trillian crasher.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\WWE Day of Reckoning GC THQ crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Star Wars - Knights of the Old Republic Role-Playing LucasArts crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\windows server 2003 crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\LimeWire\Shared\WinRAR crack (keygen).exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Program Files\eDonkey2000\incoming\Freedom Force no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe

Drops file in Windows directory 64 IoCs

Processes:

42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe

description	ioc	process
File created	C:\Windows\Downloaded Program Files\Battlefield Vietnam Multiplayer Online Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Harry Potter and the Sorcerers Stone no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Vacation Expansion Pack no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\MS Zoo Tycoon no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Star Wars - Jedi Knight - Jedi Academy no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Hot Date Expansion Pack no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Medieval - Total War no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Harry Potter & The Sorcerers Stone no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Call Of Duty no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Zoo Tycoon - Complete Collection no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\NeedforspeedUnderground-nocd.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Star Wars Jedi Knight II - Jedi Outcast no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Soldier of Fortune II- Double Helix no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims- Vacation no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Zoo Tycoon no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Command & Conquer - Generals no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Tom Clancys Ghost Recon - Desert Siege no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Zoo Tycoon- Dinosaur Digs no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Sim Theme Park World no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Backyard Baseball 2003 no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Dark Age Of Camelot - Trials Of Atlantis no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims Deluxe no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Windows XP home edition Activation.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Doom 3 NO CD Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Vacation Expansion Pack no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Medal Of Honor - Allied Assault no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Sim City 4 Deluxe no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Diablo 2 no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Nero Burning ROM v6.x crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Lord of the Rings The Return of The King crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Grand Theft Auto III no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Icewind Dale 2 no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims Double Deluxe no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\windows server 2003 crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File opened for modification	C:\Windows\Downloaded Program Files\Half-Life 2 NO CD Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Dungeon Siege no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Starcraft - Battlechest no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Mafia no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Halo - Combat Evolved - Microsoft no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Final Fantasy XI - Square Enix USA no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Unreal Tournament 2003 no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Medal Of Honor - Allied Assault no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Grand Theft Auto 3 no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Norton AntiVirus 2004 crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\CloneDVD v1.x crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Half-Life 2 NO CD Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Unleashed Expansion Pack no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Command & Conquer - Generals Zero Hour no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Need for speed underground - nocd.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Star Wars Jedi Knight II- Jedi Outcast no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Star Wars Galactic Battlegrounds- Clone Campaigns no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims Deluxe no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Madden NFL 2003 no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Makin Magic Expansion Pack no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Microsoft Flight Simulator 2004 - A Century Of Flight no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Sim City 4 - Rush Hour no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Max Payne 2 NO CD Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Battlefield 1942 no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Roller Coaster Tycoon no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Hot Date Expansion Pack no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Sponge Bob Square Pants - Operation Krabby Patty no cd crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
File created	C:\Windows\Downloaded Program Files\Hidden & Dangerous 2 NO CD Crack.exe	42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe

C:\Users\Admin\AppData\Local\Temp\42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe
"C:\Users\Admin\AppData\Local\Temp\42647e730b1d7dc26ab551e3fed41b469e190e8e61374b7d98de2b08e4c5e924.exe"
1⤵
- Looks for VMWare Tools registry key
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:584