Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 21:52
Static task
static1
Behavioral task
behavioral1
Sample
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
Resource
win10v2004-20220812-en
General
-
Target
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
-
Size
108KB
-
MD5
e478f4a5702d2d1db3955b34d4bafe70
-
SHA1
c582678b884075ad873fb79bea641e6ef69af8db
-
SHA256
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6
-
SHA512
da64bba0e41aa168949c7f236863b08efbbd9a21fab6acb63de6e532405bce34dffc9b781c7d5f600400c8ee0b689c614f6407b9644d10fcca6df12b97c9a303
-
SSDEEP
768:dvmKZor4WvMzGBrxUv7SBEMoI9Ta0XZdPQWI9Ta0XZdPQghWcCrYW1TARcS4SFBZ:dvmKZozvMzmNiMzMF0CyJrG0CoMAtO
Malware Config
Signatures
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
Processes:
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exedescription ioc process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\VMware, Inc.\VMware Tools ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exedescription ioc process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\WinProfile = "sndcfg16.exe" ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\WinProfile = "sndcfg16.exe" ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe -
Drops file in System32 directory 64 IoCs
Processes:
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exedescription ioc process File created C:\Windows\SysWOW64\IME\SHARED\ShellShock - Nam 67 Eidos Interactive crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Star Wars - Jedi Knight - Jedi Academy no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Forgotten Realms - Demon Stone Atari crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Call of Duty Activision crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Star Wars - Knights of the Old Republic Role-Playing LucasArts crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\The Sims no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Grand Theft Auto San Andreas NO CD crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Dark Age Of Camelot - Trials Of Atlantis no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\NBA Live 2003 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\SolSuite 2004 - Solitaire Card Games Suite crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\The Elder Scrolls III - Morrowind Game of the Year Edition Role-Playing Bethesda Softworks crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Anti-Trojan 4.0.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Dark Matter - The Baryon Proj crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\mirc 6.1x reg entries.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Need for Speed4 - NOCD.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Microsoft Office XP Professional Serial.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Madden NFL 2005 EA crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Adobe Photoshop 7 keygen.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Macromedia Dreamweaver UltraDev 4.0 Patch.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Adobe Illustrator v10.0 Time Limit Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Download Accelerator Plus (spyware free).exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Max Payne 2 The Fall of Max Payne NO CD crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\MVP Baseball 2004 EA crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Dragon Ball Z - Budokai 3 Atari crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\The Sims- Vacation no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Battlefield 1942 no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\The Sims - Superstar Expansion Pack no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\NeedforspeedUnderground-nocd.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\RYL crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Final Fantasy XII Role-Playing Square Enix crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\World of Warcraft Role-Playing Blizzard Entertainment crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Fable Role-Playing Microsoft crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Need for Speed Underground 2 Electronic Arts crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Roller Coaster Tycoon no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Mega Man Anniversary Collection GC Capcom crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\FlashFXP v1.4.1 Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Spider-Man 2 GC Activision crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\The Sims - Hot Date Expansion Pack no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Age of Empires II The Age of Kings NO CD crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Need for Speed Underground 2 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Doom 3 NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Battlefield Vietnam Multiplayer Online Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Windows XP home edition Activation.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\The Sims - Hot Date Expansion Pack no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Trillian crasher.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Need for Speed Underground NO CD crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Far Cry Ubisoft crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Dragon Warrior VIII Role-Playing Square Enix crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\ZoneAlarm crack (keygen).exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\CloneDVD v1.x crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Halo - Combat Evolved - Microsoft no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Counter-Strike Condition Zero Keygen.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Warcraft III - Reign Of Chaos no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Adobe Acrobat Reader crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Half-Life 2 VU Games crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\The Sims Deluxe no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\The Legend of Zelda (working title) GC Nintendo crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Diablo 2 no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Halo 2 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\Dungeon Lords Role-Playing DreamCatcher Interactive crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File opened for modification C:\Windows\SysWOW64\IME\SHARED\The Legend of Zelda - The Minish Cap GBA Nintendo crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\The Sims - Vacation Expansion Pack no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Medal Of Honor - Allied Assault BreakThrough no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SysWOW64\IME\SHARED\Snowblind Eidos Interactive crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe -
Drops file in Program Files directory 64 IoCs
Processes:
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exedescription ioc process File created C:\Program Files\eDonkey2000\incoming\ICQ 4.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Morpheus patch.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\DivX Player and Codec.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\The Legend of Zelda - Four Swords Adventures GC Nintendo crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Tom Clancys Ghost Recon - Desert Siege no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Adobe Photoshop all.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Max Payne 2 NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Zoo Tycoon - Complete Collection no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Battlefield 1942 no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Roller Coaster Tycoon no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\The Sims - Hot Date Expansion Pack no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Need for Speed Underground 2 Electronic Arts crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\WinZip All Versions keygen.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Final Fantasy XII Role-Playing Square Enix crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\mirc 6.1x reg entries.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Front Mission 4 Strategy Square Enix crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\The Legend of Zelda - Four Swords Adventures GC Nintendo crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Warcraft III - Reign Of Chaos no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Star Wars Jedi Knight II- Jedi Outcast no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Trillian crasher.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Alias Acclaim crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Crusader Kings Strategy Paradox Entertainment crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Dragon Ball Z - Budokai 3 Atari crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\The Suffering Encore Software Inc. crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Kingdom Hearts II Role-Playing Square Enix crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\windows server 2003 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\NeedforspeedUnderground-nocd.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Microsoft Office XP Professional Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\The Sims 2 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Half-Life 2 NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Fable Role-Playing Microsoft crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Unreal Tournament 2004 NO CD crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Battlefield Vietnam Multiplayer Online Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Star Wars Jedi Knight II - Jedi Outcast no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Cubase Audio XT 3.X crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\WinRAR crack (keygen).exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Need for Speed Underground 2 Electronic Arts crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\GTA crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\WinZip Self-Extractor v2.2 Patch.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\MVP Baseball 2004 EA crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Windows XP home edition Activation.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Sim City 4 Deluxe no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\MSN advert remover.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\FlashGet.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Grand Theft Auto III no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\The Sims Double Deluxe no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Windows XP Professional crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Doom 3 NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Need For Speed 5 - no cd.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Onimusha 3 - Demon Siege Adventure Capcom crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Full Spectrum Warrior Strategy THQ crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\The Sims- Vacation no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\MS Office XP Activation Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Grand Theft Auto 3 no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Spider-Man 2 Activision crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Jedi Academy NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\eDonkey2000\incoming\Dark Matter - The Baryon Proj crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Deus Ex Invisible War NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\WinZip All Versions keygen.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\ICQ Pro 2003b.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Madden NFL 2005 EA crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\The Sims Deluxe no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Sim Theme Park World no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Program Files\LimeWire\Shared\Adobe Serial Generator v2.0.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe -
Drops file in Windows directory 64 IoCs
Processes:
ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exedescription ioc process File created C:\Windows\SoftwareDistribution\Download\Call of Duty Activision crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\Vampire - The Masquerade - Bloodlines Role-Playing Activision crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\Sonic the Hedgehog 3 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\Star Wars Galactic Battlegrounds- Clone Campaigns no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\Yoshinoya Success crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\Trillian crasher.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\InputMethod\SHARED\Need for Speed Underground 2 Electronic Arts crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\windows server 2003 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\The Sims Deluxe no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Winzip keygen.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Backyard Wrestling 2 - There Goes the Neighborhood Eidos Interactive crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Star Wars - Knights of the Old Republic Role-Playing LucasArts crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Battlefield Vietnam Multiplayer Online Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\MSN Toolbar advert remover.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\Medal Of Honor - Allied Assault no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\The Sims no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\Tony Hawks Underground crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\Forgotten Realms - Demon Stone crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\MS Office XP Activation Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\Spider-Man 2 Activision crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Fire Emblem - Seima no Kouseki GBA Role-Playing Nintendo crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\Windows XP Professional crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\InputMethod\SHARED\Soldier of Fortune II- Double Helix no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\InputMethod\SHARED\Yoshinoya Success crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\Blitzkrieg - Burning Horizon Strategy CDV Software GmbH crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\Deus Ex Invisible War NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Blitzkrieg - Burning Horizon Strategy CDV Software GmbH crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\The Sims - Makin Magic Expansion Pack no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\InputMethod\SHARED\F.E.A.R. VU Games crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\Roller Coaster Tycoon no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\Unreal Tournament 2004 crack (keygen).exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\WinZip All Versions keygen.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Fable Role-Playing Microsoft crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\Star Wars Knights of the Old Republic II - The Sith Lords Role-Playing LucasArts crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\Dungeon Siege no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\Microsoft Office XP Activation Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\InputMethod\SHARED\The Sims Deluxe no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\Resident Evil 4 GC Adventure Capcom crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\Madden NFL 2003 no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\InputMethod\SHARED\Ad-aware Pro Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SoftwareDistribution\Download\Credit card generator.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\Need for Speed4 - NOCD.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Need for Speed Underground 2 Electronic Arts crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\Avant Browser.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\Tiger Woods PGA Tour 2004 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\SolSuite 2004 - Solitaire Card Games Suite crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\mIRC 6.X crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\Half-Life 2 NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\Deus Ex Invisible War NO CD Crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\Tony Hawks Underground crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\Yoshinoya Success crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\Red Dead Revolver Rockstar Games crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\Doom 3 Activision crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\Fable Role-Playing Microsoft crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\Madden NFL 2005 EA crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\Grand Theft Auto - San Andreas Rockstar Games crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\CloneDVD v1.x crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\The Sims - Hot Date Expansion Pack no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\Macromedia Flash MX v6.0 crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\Microsoft Office XP Activation Killer.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\Resident Evil 4 GC Adventure Capcom crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\Grand Theft Auto - San Andreas Rockstar Games crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\Battlefield 1942 no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe File created C:\Windows\SoftwareDistribution\Download\Grand Theft Auto III no cd crack.exe ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe"C:\Users\Admin\AppData\Local\Temp\ec0daa3e40dd36bd2e39cdc833bd7ee9d176b48485be06fae50391e6e45b0af6.exe"1⤵
- Looks for VMWare Tools registry key
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory