// #MalwareMustDie - File list clicked by password stealer dropped by Cridex trojan:
// base: https://www.virustotal.com/file/7546e60e2f215585f8102a5a08674b946c2affe478a88b4966695f6009e76a9c/analysis/

//Opened files...

\\.\PIPE\lsarpc (successful)
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\HWID (failed)
C:\WINDOWS\wcx_ftp.ini (failed)
C:\Documents and Settings\<USER>\wcx_ftp.ini (failed)
C:\Documents and Settings\<USER>\Application Data\GHISLER\wcx_ftp.ini (failed)
C:\Documents and Settings\All Users\Application Data\GHISLER\wcx_ftp.ini (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\GHISLER\wcx_ftp.ini (failed)
C:\Documents and Settings\<USER>\Application Data\GlobalSCAPE\CuteFTP\sm.dat (failed)
C:\Documents and Settings\<USER>\Application Data\GlobalSCAPE\CuteFTP Pro\sm.dat (failed)
C:\Documents and Settings\<USER>\Application Data\GlobalSCAPE\CuteFTP Lite\sm.dat (failed)
C:\Documents and Settings\<USER>\Application Data\CuteFTP\sm.dat (failed)
C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP\sm.dat (failed)
C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP Pro\sm.dat (failed)
C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\CuteFTP Lite\sm.dat (failed)
C:\Documents and Settings\All Users\Application Data\CuteFTP\sm.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\GlobalSCAPE\CuteFTP\sm.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\GlobalSCAPE\CuteFTP Pro\sm.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\GlobalSCAPE\CuteFTP Lite\sm.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\CuteFTP\sm.dat (failed)
C:\Program Files\GlobalSCAPE\CuteFTP\sm.dat (failed)
C:\Program Files\GlobalSCAPE\CuteFTP Pro\sm.dat (failed)
C:\Program Files\GlobalSCAPE\CuteFTP Lite\sm.dat (failed)
C:\Program Files\CuteFTP\sm.dat (failed)
C:\Documents and Settings\<USER>\Application Data\FlashFXP\3\Sites.dat (failed)
C:\Documents and Settings\<USER>\Application Data\FlashFXP\4\Sites.dat (failed)
C:\Documents and Settings\<USER>\Application Data\FlashFXP\3\Quick.dat (failed)
C:\Documents and Settings\<USER>\Application Data\FlashFXP\4\Quick.dat (failed)
C:\Documents and Settings\<USER>\Application Data\FlashFXP\3\History.dat (failed)
C:\Documents and Settings\<USER>\Application Data\FlashFXP\4\History.dat (failed)
C:\Documents and Settings\All Users\Application Data\FlashFXP\3\Sites.dat (failed)
C:\Documents and Settings\All Users\Application Data\FlashFXP\4\Sites.dat (failed)
C:\Documents and Settings\All Users\Application Data\FlashFXP\3\Quick.dat (failed)
C:\Documents and Settings\All Users\Application Data\FlashFXP\4\Quick.dat (failed)
C:\Documents and Settings\All Users\Application Data\FlashFXP\3\History.dat (failed)
C:\Documents and Settings\All Users\Application Data\FlashFXP\4\History.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\3\Sites.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\4\Sites.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\3\Quick.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\4\Quick.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\3\History.dat (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FlashFXP\4\History.dat (failed)
C:\Documents and Settings\<USER>\Application Data\FileZilla\sitemanager.xml (failed)
C:\Documents and Settings\<USER>\Application Data\FileZilla\recentservers.xml (failed)
C:\Documents and Settings\<USER>\Application Data\FileZilla\filezilla.xml (failed)
C:\Documents and Settings\All Users\Application Data\FileZilla\sitemanager.xml (failed)
C:\Documents and Settings\All Users\Application Data\FileZilla\recentservers.xml (failed)
C:\Documents and Settings\All Users\Application Data\FileZilla\filezilla.xml (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FileZilla\sitemanager.xml (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FileZilla\recentservers.xml (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\FileZilla\filezilla.xml (failed)
C:\Documents and Settings\<USER>\Application Data\ExpanDrive\drives.js (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\ExpanDrive\drives.js (failed)
C:\Documents and Settings\All Users\Application Data\ExpanDrive\drives.js (failed)
C:\Documents and Settings\<USER>\Application Data\SharedSettings.ccs (failed)
C:\Documents and Settings\<USER>\Application Data\SharedSettings.sqlite (failed)
C:\Documents and Settings\<USER>\Application Data\SharedSettings_1_0_5.ccs (failed)
C:\Documents and Settings\<USER>\Application Data\SharedSettings_1_0_5.sqlite (failed)
C:\Documents and Settings\All Users\Application Data\SharedSettings.ccs (failed)
C:\Documents and Settings\All Users\Application Data\SharedSettings.sqlite (failed)
C:\Documents and Settings\All Users\Application Data\SharedSettings_1_0_5.ccs (failed)
C:\Documents and Settings\All Users\Application Data\SharedSettings_1_0_5.sqlite (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\SharedSettings.ccs (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\SharedSettings.sqlite (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\SharedSettings_1_0_5.ccs (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\SharedSettings_1_0_5.sqlite (failed)
C:\Documents and Settings\<USER>\Application Data\CoffeeCup Software\SharedSettings.ccs (failed)
C:\Documents and Settings\<USER>\Application Data\CoffeeCup Software\SharedSettings.sqlite (failed)
C:\Documents and Settings\<USER>\Application Data\CoffeeCup Software\SharedSettings_1_0_5.ccs (failed)
C:\Documents and Settings\<USER>\Application Data\CoffeeCup Software\SharedSettings_1_0_5.sqlite (failed)
C:\Documents and Settings\All Users\Application Data\CoffeeCup Software\SharedSettings.ccs (failed)
C:\Documents and Settings\All Users\Application Data\CoffeeCup Software\SharedSettings.sqlite (failed)
C:\Documents and Settings\All Users\Application Data\CoffeeCup Software\SharedSettings_1_0_5.ccs (failed)
C:\Documents and Settings\All Users\Application Data\CoffeeCup Software\SharedSettings_1_0_5.sqlite (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\CoffeeCup Software\SharedSettings.ccs (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\CoffeeCup Software\SharedSettings.sqlite (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\CoffeeCup Software\SharedSettings_1_0_5.ccs (failed)
C:\Documents and Settings\<USER>\Local Settings\Application Data\CoffeeCup Software\SharedSettings_1_0_5.sqlite (failed)
C:\WINDOWS\32BitFtp.ini (failed)
c:\autoexec.bat (successful)
C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\Client Hash (failed)