
Credential path steal attempt of Cridex/PWS:Win32/Fareit.

Dec 15th, 2012
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.33 KB | None | 0 0
  1. Software\Far\Plugins\FTP\Hosts
  2. Software\Far2\Plugins\FTP\Hosts
  3. Software\Far Manager\Plugins\FTP\Hosts
  4. Software\Far\SavedDialogHistory\FTPHost
  5. Software\Far2\SavedDialogHistory\FTPHost
  6. Software\Far Manager\SavedDialogHistory\FTPHost
  7. wcx_ftp.ini
  9. InstallDir
  10. FtpIniName
  11. Software\Ghisler\Windows Commander
  12. Software\Ghisler\Total Commander
  13. \Ipswitch
  14. Sites\
  15. \Ipswitch\WS_FTP
  16. \win.ini
  17. .ini
  18. WS_FTP
  19. DEFDIR
  21. QCHistory
  22. Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
  23. Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
  24. Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
  25. Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
  26. Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
  27. Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
  28. \GlobalSCAPE\CuteFTP
  29. \GlobalSCAPE\CuteFTP Pro
  30. \GlobalSCAPE\CuteFTP Lite
  31. \CuteFTP
  32. \sm.dat
  33. Software\FlashFXP\3
  34. Software\FlashFXP
  35. Software\FlashFXP\4
  36. InstallerDathPath
  37. path
  38. Install Path
  39. DataFolder
  40. \Sites.dat
  41. \Quick.dat
  42. \History.dat
  43. \FlashFXP\3
  44. \FlashFXP\4
  45. \FileZilla
  46. \sitemanager.xml
  47. \recentservers.xml
  48. \filezilla.xml
  49. Software\FileZilla
  50. Software\FileZilla Client
  51. Install_Dir
  52. Host
  53. User
  54. Pass
  55. Port
  56. Remote Dir
  57. Server Type
  58. Server.Host
  59. Server.User
  60. Server.Pass
  61. Server.Port
  62. Path
  63. ServerType
  64. Last Server Host
  65. Last Server User
  66. Last Server Pass
  67. Last Server Port
  68. Last Server Path
  69. Last Server Type
  70. FTP Navigator
  71. FTP Commander
  72. ftplist.txt
  73. \BulletProof Software
  74. .dat
  75. .bps
  76. Software\BPFTP\Bullet Proof FTP\Main
  77. Software\BulletProof Software\BulletProof FTP Client\Main
  78. Software\BPFTP\Bullet Proof FTP\Options
  79. Software\BulletProof Software\BulletProof FTP Client\Options
  80. Software\BPFTP
  81. LastSessionFile
  82. SitesDir
  83. InstallDir1
  84. .xml
  85. \SmartFTP
  86. Favorites.dat
  87. History.dat
  88. addrbk.dat
  89. quick.dat
  90. \TurboFTP
  91. Software\TurboFTP
  92. installpath
  93. Software\Sota\FFFTP
  94. CredentialSalt
  95. CredentialCheck
  96. Software\Sota\FFFTP\Options
  97. Password
  98. UserName
  99. HostAdrs
  100. RemoteDir
  101. Port
  102. HostName
  103. Port
  104. Username
  105. Password
  106. HostDirName
  107. Software\CoffeeCup Software\Internet\Profiles
  108. Software\FTPWare\COREFTP\Sites
  109. Host
  110. User
  111. Port
  112. PthR
  113. profiles.xml
  114. \FTP Explorer
  115. Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
  116. Buttons
  117. Software\FTP Explorer\Profiles
  118. Password
  119. PasswordType
  120. Host
  121. Login
  122. Port
  123. InitialPath
  124. FtpSite.xml
  125. \Frigate3
  126. .ini
  127. \VanDyke\Config\Sessions
  128. \Sessions
  129. Software\VanDyke\SecureFX
  130. Config Path
  131. UltraFXP
  132. \sites.xml
  133. \FTPRush
  134. RushSite.xml
  135. Server
  136. Username
  137. Password
  138. FtpPort
  139. Software\Cryer\WebSitePublisher
  140. \BitKinex
  141. bitkinex.ds
  142. Hostname
  143. Username
  144. Password
  145. Port
  146. Software\ExpanDrive\Sessions
  147. \ExpanDrive
  148. \drives.js
  149. "password" : "
  150. Software\ExpanDrive
  151. ExpanDrive_Home
  152. Server
  153. UserName
  154. Password
  155. _Password
  156. Directory
  157. Software\NCH Software\ClassicFTP\FTPAccounts
  158. FtpServer
  159. FtpUserName
  160. FtpPassword
  161. _FtpPassword
  162. FtpDirectory
  163. SOFTWARE\NCH Software\Fling\Accounts
  164. Software\FTPClient\Sites
  165. Software\\FTPClient\Sites
  166. .oxc
  167. .oll
  168. ftplast.osd
  169. \GPSoftware\Directory Opus
  170. \SharedSettings.ccs
  171. \SharedSettings_1_0_5.ccs
  172. \SharedSettings.sqlite
  173. \SharedSettings_1_0_5.sqlite
  174. \CoffeeCup Software
  175. leapftp
  176. unleap.exe
  177. sites.dat
  178. sites.ini
  179. \LeapWare\LeapFTP
  180. SOFTWARE\LeapWare
  181. InstallPath
  182. DataDir
  183. Password
  184. HostName
  185. UserName
  186. RemoteDirectory
  187. PortNumber
  188. FSProtocol
  189. Software\Martin Prikryl
  190. \32BitFtp.ini
  191. NDSites.ini
  192. \NetDrive
  193. PassWord
  194. UserName
  195. RootDirectory
  196. Port
  197. Software\South River Technologies\WebDrive\Connections
  198. ServerType
  200. FTPCON
  201. .prf
  202. \Profiles
  203. ftp://
  204. opera
  205. wand.dat
  206. _Software\Opera Software
  207. Last Directory3
  208. Last Install Path
  209. Opera.HTML\shell\open\command
  210. wiseftpsrvs.bin
  211. \AceBIT
  212. Software\AceBIT
  213. SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
  214. SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
  215. wiseftpsrvs.ini
  216. wiseftp.ini
  217. FTPVoyager.ftp
  218. FTPVoyager.qc
  219. \
  220. SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
  221. Firefox
  222. \Mozilla\Firefox\
  223. Software\Mozilla
  224. ftp://
  225. ftp.
  226. fireFTPsites.dat
  227. SeaMonkey
  228. \Mozilla\SeaMonkey\
  229. Flock
  230. \Flock\Browser\
  231. Mozilla
  232. \Mozilla\Profiles\
  233. Software\LeechFTP
  234. AppDir
  235. LocalDir
  236. bookmark.dat
  237. SiteInfo.QFP
  238. Odin
  239. Favorites.dat
  240. WinFTP
  241. sites.db
  242. CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
  243. servers.xml
  244. \FTPGetter
  245. ESTdb2.dat
  246. QData.dat
  247. \Estsoft\ALFTP
  248. Internet Explorer
  249. WininetCacheCredentials
  250. MS IE FTP Passwords
  251. DPAPI:
  252. @J7<
  253. AJ7<
  254. BJ7<
  255. %02X
  256. Software\Microsoft\Internet Explorer\IntelliForms\Storage2
  257. Microsoft_WinInet_*
  258. ftp://
  259. Software\Adobe\Common
  260. SiteServers
  261. SiteServer %d\Host
  262. SiteServer %d\WebUrl
  263. SiteServer %d\Remote Directory
  264. SiteServer %d-User
  265. SiteServer %d-User PW
  266. %s\Keychain
  267. SiteServer %d\SFTP
  268. DeluxeFTP
  269. sites.xml
  270. Web Data
  271. Login Data
  272. SQLite format 3
  273. table
  275. PRIMARY
  276. UNIQUE
  277. CHECK
  278. FOREIGN
  279. logins
  280. origin_url
  281. password_value
  282. username_value
  283. ftp://
  284. \Google\Chrome
  285. \Chromium
  286. \ChromePlus
  287. Software\ChromePlus
  288. Install_Dir
  289. \Bromium
  290. \Nichrome
  291. \Comodo
  292. \RockMelt
  293. K-Meleon
  294. \K-Meleon
  295. \Profiles
  296. Epic
  297. \Epic\Epic
  298. Staff-FTP
  299. sites.ini
  300. \Sites
  301. \Visicom Media
  302. .ftp
  303. \Global Downloader
  304. SM.arch
  305. FreshFTP
  306. .SMF
  307. BlazeFtp
  308. site.dat
  309. LastPassword
  310. LastAddress
  311. LastUser
  312. LastPort
  313. Software\FlashPeak\BlazeFtp\Settings
  314. \BlazeFtp
  315. .fpl
  316. FTP++.Link\shell\open\command
  317. GoFTP
  318. Connections.txt
  319. 3D-FTP
  320. sites.ini
  321. \3D-FTP
  322. \SiteDesigner
  323. SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
  324. EasyFTP
  325. \NetSarang
  326. .xfp
  327. .rdp
  328. TERMSRV/*
  329. password 51:b:
  330. username:s:
  331. full address:s:
  332. TERMSRV/
  333. FTP Now
  334. FTPNow
  335. sites.xml
  336. SOFTWARE\Robo-FTP 3.7\Scripts
  337. SOFTWARE\Robo-FTP 3.7\FTPServers
  338. FTP Count
  339. FTP File%d
  340. Password
  341. ServerName
  342. UserID
  343. InitialDirectory
  344. PortNumber
  345. ServerType
  347. Software\LinasFTP\Site Manager
  348. Host
  349. User
  350. Pass
  351. Port
  352. Remote Dir
  353. \Cyberduck
  354. .duck
  355. user.config
  356. <setting name="
  357. value="
  358. Software\SimonTatham\PuTTY\Sessions
  359. HostName
  360. UserName
  361. Password
  362. PortNumber
  363. TerminalType
  364. NppFTP.xml
  365. \Notepad++
  366. Software\CoffeeCup Software
  367. FTP destination server
  368. FTP destination user
  369. FTP destination password
  370. FTP destination port
  371. FTP destination catalog
  372. FTP profiles
  373. FTPShell
  374. ftpshell.fsi
  375. Software\MAS-Soft\FTPInfo\Setup
  376. DataDir
  377. \FTPInfo
  378. ServerList.xml
  379. NexusFile
  380. ftpsite.ini
  381. FastStone Browser
  382. FTPList.db
  383. \MapleStudio\ChromePlus
  384. Software\Nico Mak Computing\WinZip\FTP
  385. Software\Nico Mak Computing\WinZip\mru\jobs
  386. Site
  387. UserID
  388. xflags
  389. Port
  390. Folder
  391. .wjf
  392. winex="
  393. \Yandex
  394. My FTP
  395. project.ini
  396. .xml
  397. {74FF1730-B1F2-4D88-926B-1568FAE61DB7}
  398. NovaFTP.db
  399. \INSoftware\NovaFTP
  400. .oeaccount
  401. Salt
  402. <POP3_Password2
  403. <SMTP_Password2
  404. <IMAP_Password2
  405. <HTTPMail_Password2
  406. \Microsoft\Windows Live Mail
  407. Software\Microsoft\Windows Live Mail
  408. \Microsoft\Windows Mail
  409. Software\Microsoft\Windows Mail
  410. Software\RimArts\B2\Settings
  411. DataDir
  412. DataDirBak
  413. Mailbox.ini
  414. Software\Poco Systems Inc
  415. Path
  416. \PocoSystem.ini
  417. Program
  418. DataPath
  419. accounts.ini
  420. \Pocomail
  421. Software\IncrediMail
  422. EmailAddress
  423. Technology
  424. PopServer
  425. PopPort
  426. PopAccount
  427. PopPassword
  428. SmtpServer
  429. SmtpPort
  430. SmtpAccount
  431. SmtpPassword
  432. account.cfg
  433. account.cfn
  434. \BatMail
  435. \The Bat!
  436. Software\RIT\The Bat!
  437. Software\RIT\The Bat!\Users depot
  438. Working Directory
  439. ProgramDir
  440. Count
  441. Default
  442. Dir #%d
  443. SMTP Email Address
  444. SMTP Server
  445. POP3 Server
  446. POP3 User Name
  447. SMTP User Name
  448. NNTP Email Address
  449. NNTP User Name
  450. NNTP Server
  451. IMAP Server
  452. IMAP User Name
  453. Email
  454. HTTP User
  455. HTTP Server URL
  456. POP3 User
  457. IMAP User
  458. HTTPMail User Name
  459. HTTPMail Server
  460. SMTP User
  461. POP3 Port
  462. SMTP Port
  463. IMAP Port
  464. POP3 Password2
  465. IMAP Password2
  466. NNTP Password2
  467. HTTPMail Password2
  468. SMTP Password2
  469. POP3 Password
  470. IMAP Password
  471. NNTP Password
  472. HTTP Password
  473. SMTP Password
  474. Software\Microsoft\Internet Account Manager\Accounts
  475. Identities
  476. Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
  477. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
  478. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
  479. Software\Microsoft\Internet Account Manager
  480. Outlook
  481. \Accounts
  482. identification
  483. identitymgr
  484. inetcomm server passwords
  485. outlook account manager passwords
  486. identities
  487. {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
  488. Thunderbird
  489. \Thunderbird
  490. FastTrack
  491. ftplist.txt
Add Comment
Please, Sign In to add comment