Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #MalwareMustDie - Trojan Parfeit Data
- #2012 Dec 21 | @unixfreaxjp
- !This program cannot be run in DOS mode.
- .text
- `.rdata
- @.data
- aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
- jjj
- jjj
- jjjj
- jjjj
- CEPh
- jjjjjj
- kEP
- jjjj
- JEh
- jjjj
- jjjj
- jjjj
- jjjj
- jjjj
- KWk
- jjjj
- jjjj
- jjjj
- jjjj
- jjjj
- jjjj
- jjjj
- jjjj
- jjjj
- EPEPE
- jjh
- jjjj
- jjjj
- jjjj
- Ejj
- jjjj
- EPE
- jjjj
- jjjj
- EPE
- EPE
- EPEPE
- PEPE
- jjjj
- EPEPE
- EPEPE
- EPEPE
- EPEPE
- Ejj
- Ejj
- EPE
- jjjj
- jjjj
- jjjj
- jjjj
- jjjj
- jjjj
- Ejh
- jjjj
- jjjj
- jjjj
- jjjj
- ]hR"J
- ]hg#J
- ]hD$J
- ]hP%J
- VWSh
- SVW
- PRj
- PWj
- t*PP
- v;PP
- WVj
- VSW
- h:MK
- hjJK
- h*JK
- hhLK
- WVS
- SWV
- Pj R
- VWS
- WSU
- PSQRWV
- ^_ZY[X
- VWPSQR
- ZY[X_^
- tTjZ
- tgjZ
- SWh
- B,Ph
- B,Ph
- R,RP
- SVW+
- SVWh
- SWj
- h:QK
- hZQK
- h>RK
- hIRK
- h>RK
- hIRK
- h>RK
- hlRK
- h>RK
- hlRK
- h*RK
- h*RK
- h*RK
- h3RK
- hIRK
- h>RK
- hIRK
- h3RK
- hlRK
- h>RK
- hlRK
- h3RK
- hIRK
- h>RK
- hIRK
- h3RK
- hlRK
- h>RK
- hlRK
- B,Ph
- B,Ph
- R,RP
- tFh
- B,Ph
- B,Ph
- Ph^TK
- h"TK
- Ph^TK
- h;TK
- Ph^TK
- hUTK
- Ph^TK
- Ph^TK
- hESK
- hsSK
- hfTK
- hzTK
- hfTK
- hfTK
- hfTK
- hzTK
- hfTK
- hfTK
- tch
- h&UK
- h9UK
- hAVK
- h0VK
- hHUK
- huUK
- hHUK
- h[UK
- huUK
- hHUK
- h[UK
- VWj
- tshRVK
- hnVK
- h`VK
- hnVK
- hzVK
- hmWK
- hmWK
- h}WK
- h}WK
- h!WK
- h^WK
- tNh
- PPPh
- hGXK
- hYXK
- hPXK
- hbXK
- PhlXK
- tSh
- h+XK
- hqXK
- hzXK
- tSh
- tYh
- Ph\YK
- h YK
- hdYK
- VWj
- tKh
- h"ZK
- h6ZK
- h-ZK
- hSZK
- hCZK
- hJZK
- Ph\ZK
- tEh
- hdZK
- tlj
- tKh
- hG[K
- tSh
- hQ[K
- hQ[K
- tSh
- tNh1\K
- PPPh
- hL\K
- hz\K
- PPh
- VWj
- PPh
- PPh
- PhL]K
- PhW]K
- hb]K
- hb]K
- w%hz]K
- tgh
- VWj
- tah
- VWS
- PVV
- t)PP
- QSV
- t?h6^K
- B,Ph
- B,Ph
- R,RP
- B,Ph
- B,Ph
- Ph=^K
- hC^K
- he^K
- hM^K
- PhC^K
- hu^K
- hM^K
- PhC^K
- t$PP
- PhC^K
- tcP
- tHh
- hQ_K
- ha_K
- PPh
- hm_K
- DaK
- DaK
- =DaK
- 5DaK
- 5DaK
- DaK
- =DaK
- 5DaK
- DaK
- =DaK
- h(aK
- h(aK
- hI`K
- h6bK
- Ph6bK
- h=bK
- Ph=bK
- h6bK
- Ph6bK
- h=bK
- Ph=bK
- h2bK
- B,Ph
- B,Ph
- R,RP
- uFhwaK
- hHaK
- hUaK
- hhaK
- h]aK
- tWj
- hmaK
- tAPP
- h!bK
- h!bK
- hBbK
- h!bK
- h!bK
- h]bK
- hSbK
- h!bK
- h]bK
- hSbK
- h!bK
- hwbK
- hqbK
- h!bK
- hwbK
- hqbK
- h!bK
- h!bK
- h!bK
- VWj
- tEh
- VWj
- tEh
- h=cK
- hIcK
- hTcK
- hicK
- h_cK
- hicK
- h6dK
- h6dK
- PPP
- VWS
- h-eK
- h9eK
- toh
- VWj
- tEhLeK
- hVeK
- VWh
- uEh
- hteK
- PhD
- h`eK
- hieK
- h`eK
- hieK
- h`eK
- hieK
- h)fK
- h`eK
- hieK
- h5fK
- h>fK
- hHfK
- hPfK
- hcfK
- t|hZfK
- hmfK
- h|fK
- tYhwfK
- tGh
- tGh
- hSgK
- h.gK
- h.gK
- h.gK
- Ph%gK
- h.gK
- hbgK
- h]gK
- h[hK
- ueh]hK
- h]hK
- h&hK
- t5PP
- h?hK
- h0hK
- hKhK
- h!hK
- tQhnhK
- hfhK
- huhK
- tdh
- tkP
- VWj
- h-iK
- h0iK
- h:iK
- hfiK
- hkiK
- hpiK
- huiK
- hziK
- tSh
- hGiK
- tYh
- hEjK
- h\jK
- hqjK
- tYh
- h)jK
- h)jK
- VWj
- tEh
- VWj
- tEh
- h$kK
- VWj
- tEh0kK
- hBkK
- hMkK
- tGh
- hekK
- hekK
- VWj
- tEh
- h/lK
- h:lK
- klK
- hflK
- hhlK
- 5blK
- hNlK
- hNlK
- hNlK
- hblK
- hYlK
- hGmK
- h*mK
- hZmK
- hGmK
- h*mK
- hZmK
- hOmK
- h*mK
- hZmK
- hOmK
- h*mK
- hZmK
- tSh
- PPh
- hfmK
- hfmK
- h'nK
- Ph3nK
- h@nK
- hLnK
- h@nK
- hLnK
- hknK
- hknK
- h@nK
- hXnK
- hLnK
- hXnK
- h@nK
- hanK
- hLnK
- hanK
- WVS+
- tZP
- 7horK
- h(rK
- hBrK
- hdrK
- PPP
- PPh
- huqK
- h!bK
- EPEP
- SEPp
- SEP
- EPG
- VEP
- VEP
- EPo
- EPa
- VEP
- PEPw
- VEPj
- pSettings
- JTJ
- JZJ
- JGJ
- JCJ
- JDJuJ
- JGJ}J
- jwN
- h!bK
- h!bK
- h!bK
- VWj
- tEh
- YtK
- UPh
- 5YtK
- 5YtK
- hutK
- hyIK
- PhitK
- UhVGK
- SWU
- aGK
- PhitK
- 5atK
- atK
- SWU
- atK
- =etK
- 5etK
- etK
- 5etK
- 5etK
- etK
- hVGK
- UVW3
- trS
- tJO@
- ri)D$
- vGSQ
- uFSQ
- +L$PR
- +T$PQ
- L$\RQ
- PSQ
- 9D$(ub
- L$8WQ
- D$ HP
- QBR
- D$LP
- D$DPQ
- D$@RP
- v89l$D|0
- L$(UQ
- D$@RP
- uM9l$D}G
- D$@RP
- L$(UQ
- D$(UP
- D$(UP
- T$0PR
- D$(UP
- T$0PR
- D$(UP
- T$0WR
- D$8WP
- WSP
- L$8WQ
- WRP
- D$8WP
- L$8WQ
- USP
- L$(UQ
- D$(UP
- T$0WR
- D$8WP
- WUP
- L$8WQ
- D$TCH
- T$8WR
- +T$PQ
- +L$PRQW
- SVW
- SVW
- PPS
- SVW
- PPS
- SVW
- SVW
- SVW
- SVW
- PPSV
- aPLib v1.01 - the smaller the better :)
- Copyright (c) 1998-2009 by Joergen Ibsen, All Rights Reserved.
- More information: http://www.ibsensoftware.com/
- HzS
- password
- phpbb
- qwerty
- jesus
- abc123
- letmein
- test
- love
- password1
- hello
- monkey
- dragon
- trustno1
- iloveyou
- shadow
- christ
- sunshine
- master
- computer
- princess
- tigger
- football
- angel
- jesus1
- whatever
- freedom
- killer
- asdf
- soccer
- superman
- michael
- cheese
- internet
- joshua
- fuckyou
- blessed
- baseball
- starwars
- purple
- jordan
- faith
- summer
- ashley
- buster
- heaven
- pepper
- hunter
- lovely
- andrew
- thomas
- angels
- charlie
- daniel
- jennifer
- single
- hannah
- qazwsx
- happy
- matrix
- pass
- aaaaaa
- amanda
- nothing
- ginger
- mother
- snoopy
- jessica
- welcome
- pokemon
- iloveyou1
- mustang
- helpme
- justin
- jasmine
- orange
- testing
- apple
- michelle
- peace
- secret
- grace
- william
- iloveyou2
- nicole
- muffin
- gateway
- fuckyou1
- asshole
- hahaha
- poop
- blessing
- blahblah
- myspace1
- matthew
- canada
- silver
- robert
- forever
- asdfgh
- rachel
- rainbow
- guitar
- peanut
- batman
- cookie
- bailey
- soccer1
- mickey
- biteme
- hello1
- eminem
- dakota
- samantha
- compaq
- diamond
- taylor
- forum
- john316
- richard
- blink182
- peaches
- cool
- flower
- scooter
- banana
- james
- asdfasdf
- victory
- london
- 123qwe
- startrek
- george
- winner
- maggie
- trinity
- online
- 123abc
- chicken
- junior
- chris
- passw0rd
- austin
- sparky
- admin
- merlin
- google
- friends
- hope
- shalom
- nintendo
- looking
- harley
- smokey
- joseph
- lucky
- digital
- thunder
- spirit
- bandit
- enter
- anthony
- corvette
- hockey
- power
- benjamin
- iloveyou!
- 1q2w3e
- viper
- genesis
- knight
- qwerty1
- creative
- foobar
- adidas
- rotimi
- slayer
- wisdom
- praise
- zxcvbnm
- samuel
- mike
- dallas
- green
- testtest
- maverick
- onelove
- david
- mylove
- church
- friend
- god
- destiny
- none
- microsoft
- bubbles
- cocacola
- jordan23
- ilovegod
- football1
- loving
- nathan
- emmanuel
- scooby
- fuckoff
- sammy
- maxwell
- jason
- john
- 1q2w3e4r
- baby
- red123
- blabla
- prince
- qwert
- chelsea
- angel1
- hardcore
- dexter
- saved
- hallo
- jasper
- danielle
- kitten
- cassie
- stella
- prayer
- hotdog
- windows
- mustdie
- gates
- billgates
- ghbdtn
- gfhjkm
- hgTYDOMium
- http://132.248.49.112:8080/asp/intro.php
- http://113.130.65.77:8080/asp/intro.php
- http://203.113.98.131:8080/asp/intro.php
- http://110.164.58.250:8080/asp/intro.php
- http://200.108.18.158:8080/asp/intro.php
- http://207.182.144.115:8080/asp/intro.php
- http://148.208.216.70:8080/asp/intro.php
- http://203.172.252.26:8080/asp/intro.php
- http://202.6.120.103:8080/asp/intro.php
- http://203.146.208.180:8080/asp/intro.php
- http://207.126.57.208:8080/asp/intro.php
- http://203.80.16.81:8080/asp/intro.php
- http://202.180.221.186:8080/asp/intro.php
- YUIPWDFILE0YUIPKDFILE0YUICRYPTED0YUI1.0
- MODU
- SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- UninstallString
- DisplayName
- .exe
- Software\WinRAR
- open
- kernel32.dll
- WTSGetActiveConsoleSessionId
- ProcessIdToSessionId
- netapi32.dll
- NetApiBufferFree
- NetUserEnum
- ole32.dll
- StgOpenStorage
- advapi32.dll
- AllocateAndInitializeSid
- CheckTokenMembership
- FreeSid
- CredEnumerateA
- CredFree
- CryptGetUserKey
- CryptExportKey
- CryptDestroyKey
- CryptReleaseContext
- RevertToSelf
- OpenProcessToken
- ImpersonateLoggedOnUser
- GetTokenInformation
- ConvertSidToStringSidA
- LogonUserA
- LookupPrivilegeValueA
- AdjustTokenPrivileges
- crypt32.dll
- CryptUnprotectData
- CertOpenSystemStoreA
- CertEnumCertificatesInStore
- CertCloseStore
- CryptAcquireCertificatePrivateKey
- msi.dll
- MsiGetComponentPathA
- pstorec.dll
- PStoreCreateInstance
- z%Y]I(Y
- [shell32.dll
- SHGetFolderPathA
- a}vMK
- yNK
- My Documents
- AppData
- Local AppData
- Cache
- Cookies
- History
- My Documents
- Common AppData
- My Pictures
- Common Documents
- Common Administrative Tools
- Administrative Tools
- Personal
- Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
- explorer.exe
- SeImpersonatePrivilege
- SeTcbPrivilege
- SeChangeNotifyPrivilege
- SeCreateTokenPrivilege
- SeBackupPrivilege
- SeRestorePrivilege
- SeIncreaseQuotaPrivilege
- SeAssignPrimaryTokenPrivilege
- POST %s HTTP/1.0
- Host: %s
- Accept: */*
- Accept-Encoding: identity, *;q=0
- Content-Length: %lu
- Connection: close
- Content-Type: application/octet-stream
- Content-Encoding: binary
- User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
- Content-Length:
- Location:
- HWID
- {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
- GetNativeSystemInfo
- kernel32.dll
- IsWow64Process
- Software\Far\Plugins\FTP\Hosts
- Software\Far2\Plugins\FTP\Hosts
- Software\Far Manager\Plugins\FTP\Hosts
- Software\Far\SavedDialogHistory\FTPHost
- Software\Far2\SavedDialogHistory\FTPHost
- Software\Far Manager\SavedDialogHistory\FTPHost
- Password
- HostName
- User
- Line
- wcx_ftp.ini
- \GHISLER
- InstallDir
- FtpIniName
- Software\Ghisler\Windows Commander
- Software\Ghisler\Total Commander
- \Ipswitch
- Sites\
- \Ipswitch\WS_FTP
- \win.ini
- .ini
- WS_FTP
- DIR
- DEFDIR
- CUTEFTP
- QCHistory
- Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
- Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
- Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
- Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
- Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
- Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
- \GlobalSCAPE\CuteFTP
- \GlobalSCAPE\CuteFTP Pro
- \GlobalSCAPE\CuteFTP Lite
- \CuteFTP
- \sm.dat
- Software\FlashFXP\3
- Software\FlashFXP
- Software\FlashFXP\4
- InstallerDathPath
- path
- Install Path
- DataFolder
- \Sites.dat
- \Quick.dat
- \History.dat
- \FlashFXP\3
- \FlashFXP\4
- \FileZilla
- \sitemanager.xml
- \recentservers.xml
- \filezilla.xml
- Software\FileZilla
- Software\FileZilla Client
- Install_Dir
- Host
- User
- Pass
- Port
- Remote Dir
- Server Type
- Server.Host
- Server.User
- Server.Pass
- Server.Port
- Path
- ServerType
- Last Server Host
- Last Server User
- Last Server Pass
- Last Server Port
- Last Server Path
- Last Server Type
- FTP Navigator
- FTP Commander
- ftplist.txt
- \BulletProof Software
- .dat
- .bps
- Software\BPFTP\Bullet Proof FTP\Main
- Software\BulletProof Software\BulletProof FTP Client\Main
- Software\BPFTP\Bullet Proof FTP\Options
- Software\BulletProof Software\BulletProof FTP Client\Options
- Software\BPFTP
- LastSessionFile
- SitesDir
- InstallDir1
- .xml
- \SmartFTP
- Favorites.dat
- History.dat
- addrbk.dat
- quick.dat
- \TurboFTP
- Software\TurboFTP
- installpath
- Software\Sota\FFFTP
- CredentialSalt
- CredentialCheck
- Software\Sota\FFFTP\Options
- Password
- UserName
- HostAdrs
- RemoteDir
- Port
- HostName
- Port
- Username
- Password
- HostDirName
- Software\CoffeeCup Software\Internet\Profiles
- Software\FTPWare\COREFTP\Sites
- Host
- User
- Port
- PthR
- SSH
- profiles.xml
- \FTP Explorer
- Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
- Buttons
- Software\FTP Explorer\Profiles
- Password
- PasswordType
- Host
- Login
- Port
- InitialPath
- FtpSite.xml
- \Frigate3
- .ini
- \VanDyke\Config\Sessions
- \Sessions
- Software\VanDyke\SecureFX
- Config Path
- UltraFXP
- \sites.xml
- \FTPRush
- RushSite.xml
- Server
- Username
- Password
- FtpPort
- Software\Cryer\WebSitePublisher
- \BitKinex
- bitkinex.ds
- Hostname
- Username
- Password
- Port
- Software\ExpanDrive\Sessions
- \ExpanDrive
- \drives.js
- "password" : "
- Software\ExpanDrive
- ExpanDrive_Home
- Server
- UserName
- Password
- _Password
- Directory
- Software\NCH Software\ClassicFTP\FTPAccounts
- FtpServer
- FtpUserName
- FtpPassword
- _FtpPassword
- FtpDirectory
- SOFTWARE\NCH Software\Fling\Accounts
- Software\FTPClient\Sites
- Software\SoftX.org\FTPClient\Sites
- .oxc
- .oll
- ftplast.osd
- \GPSoftware\Directory Opus
- \SharedSettings.ccs
- \SharedSettings_1_0_5.ccs
- \SharedSettings.sqlite
- \SharedSettings_1_0_5.sqlite
- \CoffeeCup Software
- leapftp
- unleap.exe
- sites.dat
- sites.ini
- \LeapWare\LeapFTP
- SOFTWARE\LeapWare
- InstallPath
- DataDir
- Password
- HostName
- UserName
- RemoteDirectory
- PortNumber
- FSProtocol
- Software\Martin Prikryl
- \32BitFtp.ini
- NDSites.ini
- \NetDrive
- PassWord
- Url
- UserName
- RootDirectory
- Port
- Software\South River Technologies\WebDrive\Connections
- ServerType
- FTP CONTROL
- FTPCON
- .prf
- \Profiles
- ftp://
- opera
- wand.dat
- _Software\Opera Software
- Last Directory3
- Last Install Path
- Opera.HTML\shell\open\command
- wiseftpsrvs.bin
- \AceBIT
- Software\AceBIT
- MRU
- SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
- SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
- wiseftpsrvs.ini
- wiseftp.ini
- FTPVoyager.ftp
- FTPVoyager.qc
- \RhinoSoft.com
- nss3.dll
- NSS_Init
- NSS_Shutdown
- NSSBase64_DecodeBuffer
- SECITEM_FreeItem
- PK11_GetInternalKeySlot
- PK11_Authenticate
- PK11SDR_Decrypt
- PK11_FreeSlot
- sqlite3.dll
- sqlite3_open
- sqlite3_close
- sqlite3_prepare
- sqlite3_step
- sqlite3_column_bytes
- sqlite3_column_blob
- mozsqlite3.dll
- sqlite3_open
- sqlite3_close
- sqlite3_prepare
- sqlite3_step
- sqlite3_column_bytes
- sqlite3_column_blob
- profiles.ini
- Profile
- IsRelative
- Path
- PathToExe
- prefs.js
- signons.sqlite
- signons.txt
- signons2.txt
- signons3.txt
- SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
- Firefox
- \Mozilla\Firefox\
- Software\Mozilla
- ftp://
- ftp.
- fireFTPsites.dat
- SeaMonkey
- \Mozilla\SeaMonkey\
- Flock
- \Flock\Browser\
- Mozilla
- \Mozilla\Profiles\
- Software\LeechFTP
- AppDir
- LocalDir
- bookmark.dat
- SiteInfo.QFP
- Odin
- Favorites.dat
- WinFTP
- sites.db
- CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
- servers.xml
- \FTPGetter
- ESTdb2.dat
- QData.dat
- \Estsoft\ALFTP
- Internet Explorer
- WininetCacheCredentials
- MS IE FTP Passwords
- DPAPI:
- Software\Microsoft\Internet Explorer\IntelliForms\Storage2
- Microsoft_WinInet_*
- ftp://
- Software\Adobe\Common
- SiteServers
- SiteServer %d\Host
- SiteServer %d\WebUrl
- SiteServer %d\Remote Directory
- SiteServer %d-User
- SiteServer %d-User PW
- %s\Keychain
- SiteServer %d\SFTP
- DeluxeFTP
- sites.xml
- Web Data
- Login Data
- SQLite format 3
- table
- CONSTRAINT
- PRIMARY
- UNIQUE
- CHECK
- FOREIGN
- logins
- origin_url
- password_value
- username_value
- ftp://
- \Google\Chrome
- \Chromium
- \ChromePlus
- Software\ChromePlus
- Install_Dir
- \Bromium
- \Nichrome
- \Comodo
- \RockMelt
- K-Meleon
- \K-Meleon
- \Profiles
- Epic
- \Epic\Epic
- Staff-FTP
- sites.ini
- \Sites
- \Visicom Media
- .ftp
- \Global Downloader
- SM.arch
- FreshFTP
- .SMF
- BlazeFtp
- site.dat
- LastPassword
- LastAddress
- LastUser
- LastPort
- Software\FlashPeak\BlazeFtp\Settings
- \BlazeFtp
- .fpl
- FTP++.Link\shell\open\command
- GoFTP
- Connections.txt
- 3D-FTP
- sites.ini
- \3D-FTP
- \SiteDesigner
- SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
- EasyFTP
- \NetSarang
- .xfp
- .rdp
- TERMSRV/*
- password 51:b:
- username:s:
- full address:s:
- TERMSRV/
- FTP Now
- FTPNow
- sites.xml
- SOFTWARE\Robo-FTP 3.7\Scripts
- SOFTWARE\Robo-FTP 3.7\FTPServers
- FTP Count
- FTP File%d
- Password
- ServerName
- UserID
- InitialDirectory
- PortNumber
- ServerType
- fMY
- Software\LinasFTP\Site Manager
- Host
- User
- Pass
- Port
- Remote Dir
- \Cyberduck
- .duck
- user.config
- <setting name="
- value="
- Software\SimonTatham\PuTTY\Sessions
- HostName
- UserName
- Password
- PortNumber
- TerminalType
- NppFTP.xml
- \Notepad++
- Software\CoffeeCup Software
- FTP destination server
- FTP destination user
- FTP destination password
- FTP destination port
- FTP destination catalog
- FTP profiles
- FTPShell
- ftpshell.fsi
- Software\MAS-Soft\FTPInfo\Setup
- DataDir
- \FTPInfo
- ServerList.xml
- NexusFile
- ftpsite.ini
- FastStone Browser
- FTPList.db
- \MapleStudio\ChromePlus
- Software\Nico Mak Computing\WinZip\FTP
- Software\Nico Mak Computing\WinZip\mru\jobs
- Site
- UserID
- xflags
- Port
- Folder
- .wjf
- winex="
- \Yandex
- My FTP
- project.ini
- .xml
- {74FF1730-B1F2-4D88-926B-1568FAE61DB7}
- NovaFTP.db
- \INSoftware\NovaFTP
- .oeaccount
- Salt
- <POP3_Password2
- <SMTP_Password2
- <IMAP_Password2
- <HTTPMail_Password2
- \Microsoft\Windows Live Mail
- Software\Microsoft\Windows Live Mail
- \Microsoft\Windows Mail
- Software\Microsoft\Windows Mail
- Software\RimArts\B2\Settings
- DataDir
- DataDirBak
- Mailbox.ini
- Software\Poco Systems Inc
- Path
- \PocoSystem.ini
- Program
- DataPath
- accounts.ini
- \Pocomail
- Software\IncrediMail
- EmailAddress
- Technology
- PopServer
- PopPort
- PopAccount
- PopPassword
- SmtpServer
- SmtpPort
- SmtpAccount
- SmtpPassword
- account.cfg
- account.cfn
- \BatMail
- \The Bat!
- Software\RIT\The Bat!
- Software\RIT\The Bat!\Users depot
- Working Directory
- ProgramDir
- Count
- Default
- Dir #%d
- SMTP Email Address
- SMTP Server
- POP3 Server
- POP3 User Name
- SMTP User Name
- NNTP Email Address
- NNTP User Name
- NNTP Server
- IMAP Server
- IMAP User Name
- Email
- HTTP User
- HTTP Server URL
- POP3 User
- IMAP User
- HTTPMail User Name
- HTTPMail Server
- SMTP User
- POP3 Port
- SMTP Port
- IMAP Port
- POP3 Password2
- IMAP Password2
- NNTP Password2
- HTTPMail Password2
- SMTP Password2
- POP3 Password
- IMAP Password
- NNTP Password
- HTTP Password
- SMTP Password
- Software\Microsoft\Internet Account Manager\Accounts
- Identities
- Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
- Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
- Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
- Software\Microsoft\Internet Account Manager
- Outlook
- \Accounts
- identification
- identitymgr
- inetcomm server passwords
- outlook account manager passwords
- identities
- {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
- Thunderbird
- \Thunderbird
- FastTrack
- ftplist.txt
- YfJ
- NgJ
- XhJ
- ZoJ
- iuJ
- nvJ
- qxJ
- Client Hash
- STATUS-IMPORT-OK
- IugvO%gv
- qUS
- qUj
- KERNEL32.DLL
- advapi32.dll
- ole32.dll
- shlwapi.dll
- user32.dll
- userenv.dll
- wininet.dll
- wsock32.dll
- CreateFileA
- ReadFile
- CloseHandle
- WriteFile
- lstrlenA
- GlobalLock
- GlobalUnlock
- LocalFree
- LocalAlloc
- lstrcpyA
- lstrcatA
- GetFileAttributesA
- ExpandEnvironmentStringsA
- GetFileSize
- CreateFileMappingA
- MapViewOfFile
- UnmapViewOfFile
- LoadLibraryA
- GetProcAddress
- GetTempPathA
- CreateDirectoryA
- DeleteFileA
- GetCurrentProcess
- WideCharToMultiByte
- GetLastError
- lstrcmpA
- CreateToolhelp32Snapshot
- Process32First
- OpenProcess
- Process32Next
- FindFirstFileA
- lstrcmpiA
- FindNextFileA
- FindClose
- GetModuleHandleA
- GetVersionExA
- GetLocaleInfoA
- GetSystemInfo
- GetWindowsDirectoryA
- GetPrivateProfileStringA
- SetCurrentDirectoryA
- GetPrivateProfileSectionNamesA
- GetPrivateProfileIntA
- GetCurrentDirectoryA
- lstrlenW
- MultiByteToWideChar
- GetTickCount
- Sleep
- LCMapStringA
- ExitProcess
- SetUnhandledExceptionFilter
- RegOpenKeyExA
- RegQueryValueExA
- RegCloseKey
- RegOpenKeyA
- RegEnumKeyExA
- RegCreateKeyA
- RegSetValueExA
- IsTextUnicode
- RegOpenCurrentUser
- RegEnumValueA
- GetUserNameA
- CreateStreamOnHGlobal
- GetHGlobalFromStream
- CoCreateGuid
- CoTaskMemFree
- OleInitialize
- StrStrIA
- StrRChrIA
- StrToIntA
- StrStrA
- StrCmpNIA
- wsprintfA
- LoadUserProfileA
- UnloadUserProfile
- InternetCrackUrlA
- InternetCreateUrlA
- inet_addr
- gethostbyname
- socket
- connect
- closesocket
- send
- select
- recv
- setsockopt
- WSAStartup
- jHq
- kdz
- rqg
- LhX
- Qkkbal
- Zjz
- i]Wb
- knv
- owG
- kaE
- MGiI
- wn>Jj
- Invalid filename.
- Failed to open document.
- Failed to save document.
- Save changes to %1? Failed to create empty document.
- The file is too large to open.
- Could not start print job.
- Failed to launch help.
- Internal application error.
- Command failed.)Insufficient memory to perform operation.PSystem registry entries have
- VS_VERSION_INFO
- StringFileInfo
- CompanyName
- Sun Microsystems, Inc.
- FileDescription
- Java(TM) Platform SE binary
- FileVersion
- Full Version
- InternalName
- java
- LegalCopyright
- Copyright
- OriginalFilename
- java.exe
- ProductName
- Java(TM) Platform SE 6 U37
- ProductVersion
- VarFileInfo
- Translation
- wwwwwww
- wwwwwwwwwww
- wwwx
- www
- wwwww
- wwwwwwx
- wwx
- wwwwwww
- wwwwwwwx
- wwwwwx
- wwwx
- wwww
- xww
- wwwww
- wwx
- www
- wwww
- wwww
- www
- -------
- #MalwareMustDie!!!!!
Add Comment
Please, Sign In to add comment