ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6

General

Target

ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
Size

108KB
MD5

e478f4a5702d2d1db3955b34d4bafe70
SHA1

c582678b884075ad873fb79bea641e6ef69af8db
SHA256

ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6
SHA512

da64bba0e41aa168949c7f236863b08efbbd9a21fab6acb63de6e532405bce34dffc9b781c7d5f600400c8ee0b689c614f6407b9644d10fcca6df12b97c9a303
SSDEEP

768:dvmKZor4WvMzGBrxUv7SBEMoI9Ta0XZdPQWI9Ta0XZdPQghWcCrYW1TARcS4SFBZ:dvmKZozvMzmNiMzMF0CyJrG0CoMAtO

Score

8^/10

evasion persistence

Malware Config

Signatures

Looks for VMWare Tools registry key 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware Tools	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WinProfile = "sndcfg16.exe"	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunServices\WinProfile = "sndcfg16.exe"	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe

Drops file in Program Files directory 64 IoCs

Processes:

ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe

description	ioc	process
File created	C:\Program Files\eDonkey2000\incoming\Worms Armageddon NO CD crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\MSN advert remover.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Forgotten Realms - Demon Stone crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Thief - Deadly Shadows Eidos Interactive crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\FlashFXP v2.0 Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Need for Speed Hot Pursuit 2 CD KeyGenerator.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Madden NFL 2005 EA crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Dragon Warrior VIII Role-Playing Square Enix crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Battlefield 1942 no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Webroot Spy Sweeper.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Civilization III crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\DivX Player and Codec.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Adobe Photoshop 7 keygen.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Spider-Man 2 GC Activision crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Sim Theme Park World no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\WinZip v8.0 Keygen.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\RealPlayer crack (keygen).exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Norton AntiVirus 2004 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\The Sims Deluxe no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Purge Jihad Freeform Interactive LLC crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Knights Apprentice Memoricks Adventures Games crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Front Mission 4 Strategy Square Enix crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\The Legend of Zelda (working title) GC Nintendo crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Hidden & Dangerous 2 NO CD Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Soldier of Fortune II- Double Helix no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Metal Gear Solid 3 - Snake Eater Konami crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Adobe Illustrator v10.0 Time Limit Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Final Fantasy XI - Square Enix USA no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Anti-Trojan 4.0.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\ICQ Pro 2003b.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\VirtualLab Data Recovery crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\McFarlanes Evil Prophecy Konami crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Mario Pinball Land GBA Puzzle Nintendo crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Dungeon Lords Role-Playing DreamCatcher Interactive crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Macromedia Contribute v2.0 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Need For Speed 5 - no cd.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Shadow Ops - Red Mercury Atari crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Harry Potter & The Sorcerers Stone no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Classic NES Series - The Legend of Zelda GBA Role-Playing Nintendo crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Max Payne 2 NO CD Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Star Wars Jedi Knight II - Jedi Outcast no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Microsoft Office XP Professional Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Alias Acclaim crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\WWE Day of Reckoning GC THQ crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Halo 2 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Goblin Commander - Unleash the Horde Strategy Jaleco Entertainment crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Adobe PageMaker v7.0 Keygen.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\The Chronicles of Riddick - Escape From Butcher Bay VU Games crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Half-Life 2 Keygen.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Adobe Serial Generator v2.0.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Macromedia Dreamweaver 4.0 Patch.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\FlashFXP v1.4.3 Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Far Cry Ubisoft crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\mirc 6.1x reg entries.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Microsoft Office 2000 Regmaker.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Resident Evil 4 GC Adventure Capcom crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Enter the Matrix Atari crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\DRIV3R Atari crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\WWE SmackDown! vs. Raw THQ crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Warcraft III - Reign Of Chaos no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Call Of Duty no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\LimeWire\Shared\Snood crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\Macromedia Dreamweaver UltraDev 4.0 Patch.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Program Files\eDonkey2000\incoming\NBA Live 2004 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe

Drops file in Windows directory 64 IoCs

Processes:

ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe

description	ioc	process
File created	C:\Windows\Downloaded Program Files\Doom 3 NO CD Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Icewind Dale 2 no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Command & Conquer - Generals Zero Hour no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\The Sims Deluxe no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Adobe Acrobat Reader crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Microsoft Office XP Activation Killer.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\WinZip Self-Extractor v2.2 keygen.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Need for Speed Underground NO CD crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File opened for modification	C:\Windows\Downloaded Program Files\Diablo 2 NO CD crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Jedi Academy NO CD Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Superstar Expansion Pack no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Windows XP Professional crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\FlashFXP v1.4.1 Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Tony Hawks Underground crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Half-Life 2 Keygen.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Tom Clancys Ghost Recon - Desert Siege no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Star Wars Jedi Knight II- Jedi Outcast no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File opened for modification	C:\Windows\Downloaded Program Files\Nero Burning ROM v6.x crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Norton AntiVirus 2004 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Macromedia Contribute v2.0 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Spybot Search and Destroy.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Unreal Tournament 2004 NO CD crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Grand Theft Auto San Andreas NO CD crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Star Wars Jedi Knight II - Jedi Outcast no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\The Sims no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Halo 2 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\F.E.A.R. VU Games crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\The Sims no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\The Sims- Vacation no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Age Of Mythology no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Macromedia Dreamweaver MX v6.0 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\NBA Live 2003 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Vampire - The Masquerade - Bloodlines Role-Playing Activision crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Medal Of Honor - Allied Assault no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Call Of Duty no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\CloneDVD v1.x crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Adobe Golive v6.0 Keygen.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Adobe PageMaker v7.0 Keygen.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Madden NFL 2005 EA crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File opened for modification	C:\Windows\Downloaded Program Files\Psi-Ops - The Mindgate Conspiracy Midway crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Command & Conquer - Generals no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Macromedia Flash SWF-Unprotect v2.0.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\MSN advert remover.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Shadow Ops - Red Mercury Atari crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Final Fantasy XI - Square Enix USA no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Microsoft Flight Simulator 2004 - A Century Of Flight no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\windows server 2003 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Macromedia FreeHand v10 Loader.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\DivX Player and Codec.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Webroot Spy Sweeper.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Harry Potter & The Sorcerers Stone no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Microsoft Office XP Professional Crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Morpheus patch.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\GTA crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Need for Speed Underground 2 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Besieger Strategy DreamCatcher Interactive crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\The Sims - Vacation Expansion Pack no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Medieval - Total War no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\The Sims Double Deluxe no cd crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\FlashFXP v2.1 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\FlashFXP v2.2 crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Need for Speed4 - NOCD.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\SolSuite 2004 - Solitaire Card Games Suite crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
File created	C:\Windows\Downloaded Program Files\Grand Theft Auto - San Andreas Rockstar Games crack.exe	ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe

C:\Users\Admin\AppData\Local\Temp\ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
"C:\Users\Admin\AppData\Local\Temp\ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe"
1⤵
- Looks for VMWare Tools registry key
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1720