#malwareMustDie! Credential slurp by trojan/PWS/ Fareit

1. // #MalwareMustDie!
2. // Credential slurp by trojan/PWS/ Fareit, MD5: e1388381884e7434a0a559caed63b677
3.  
4. // PC data...
5. My Documents
6. AppData
7. Local AppData
8. Cache
9. Cookies
10. History
11. My Documents
12. Common AppData
13. My Pictures
14. Common Documents
15. Common Administrative Tools
16. Administrative Tools
17. Personal
18. Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
19. explorer.exe
20. IsWow64Process
21.  
22. // Credentials...
23. Software\Far\Plugins\FTP\Hosts
24. Software\Far2\Plugins\FTP\Hosts
25. Software\Far Manager\Plugins\FTP\Hosts
26. Software\Far\SavedDialogHistory\FTPHost
27. Software\Far2\SavedDialogHistory\FTPHost
28. Software\Far Manager\SavedDialogHistory\FTPHost
29. Password
30. HostName
31. User
32. Line
33. _cx_ftp.ini
34. \GHISLER
35. InstallDir
36. FtpIniName
37. Software\_hisler\Windows Commander
38. Software\_hisler\Total Commander
39. \Ipswitch
40. Sites\
41. \Ipswitch\WS_FTP
42. \win.ini
43. .ini
44. WS_FTP
45. DIR
46. DEFDIR
47. CUTEFTP
48. QCHistory
49. Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
50. Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
51. Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
52. Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
53. Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
54. Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
55. Software\GlobalSCAPE\CuteFTP 9\QCToolbar
56. \GlobalSCAPE\CuteFTP
57. \GlobalSCAPE\CuteFTP Pro
58. \GlobalSCAPE\CuteFTP Lite
59. \CuteFTP
60. \sm.dat
61. _oftware\FlashFXP\3
62. _oftware\FlashFXP
63. _oftware\FlashFXP\4
64. InstallerDathPath
65. path
66. Install Path
67. DataFolder
68. \Sites.dat
69. \Quick.dat
70. \_istory.dat
71. \FlashFXP\3
72. \FlashFXP\4
73. \FileZilla
74. \sitemanager.xml
75. \recentservers.xml
76. \filezilla.xml
77. Software\FileZilla
78. Software\FileZilla Client
79. Install_Dir
80. Host
81. User
82. Pass
83. Port
84. Remote Dir
85. Server Type
86. Server.Host
87. Server.User
88. Server.Pass
89. Server.Port
90. Path
91. ServerType
92. Last Server Host
93. Last Server User
94. Last Server Pass
95. Last Server Port
96. Last Server Path
97. Last Server Type
98. FTP Navigator
99. FTP Commander
100. ftplist.txt
101. \BulletProof Software
102. .dat
103. .bps
104. Software\BPFTP\Bullet Proof FTP\Main
105. Software\BulletProof Software\BulletProof FTP Client\Main
106. Software\BPFTP\Bullet Proof FTP\Options
107. Software\BulletProof Software\BulletProof FTP Client\Options
108. Software\BPFTP
109. LastSessionFile
110. SitesDir
111. InstallDir1
112. .xml
113. \SmartFTP
114. Favorites.dat
115. _istory.dat
116. _ddrbk.dat
117. quick.dat
118. \TurboFTP
119. Software\TurboFTP
120. installpath
121. Software\Sota\FFFTP
122. CredentialSalt
123. CredentialCheck
124. Software\Sota\FFFTP\Options
125. Password
126. UserName
127. HostAdrs
128. RemoteDir
129. Port
130. HostName
131. Port
132. Username
133. Password
134. HostDirName
135. Software\CoffeeCup Software\Internet\Profiles
136. Software\FTPWare\COREFTP\Sites
137. Host
138. User
139. Port
140. PthR
141. SSH
142. profiles.xml
143. \FTP Explorer
144. Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
145. Buttons
146. Software\FTP Explorer\Profiles
147. Password
148. PasswordType
149. Host
150. Login
151. Port
152. InitialPath
153. FtpSite.xml
154. \Frigate3
155. .ini
156. _VanDyke\Config\Sessions
157. \Sessions
158. Software\VanDyke\SecureFX
159. Config Path
160. UltraFXP
161. \sites.xml
162. \FTPRush
163. RushSite.xml
164. Server
165. Username
166. Password
167. FtpPort
168. Software\Cryer\WebSitePublisher
169. \BitKinex
170. bitkinex.ds
171. Hostname
172. Username
173. Password
174. Port
175. Software\ExpanDrive\Sessions
176. \ExpanDrive
177. \drives.js
178. "password" : "
179. Software\ExpanDrive
180. ExpanDrive_Home
181. Server
182. UserName
183. Password
184. _Password
185. Directory
186. Software\NCH Software\ClassicFTP\FTPAccounts
187. FtpServer
188. FtpUserName
189. FtpPassword
190. _FtpPassword
191. FtpDirectory
192. SOFTWARE\NCH Software\Fling\Accounts
193. Software\FTPClient\Sites
194. Software\SoftX.org\FTPClient\Sites
195. .oxc
196. .oll
197. ftplast.osd
198. \GPSoftware\Directory Opus
199. \SharedSettings.ccs
200. \SharedSettings_1_0_5.ccs
201. \SharedSettings.sqlite
202. \SharedSettings_1_0_5.sqlite
203. \CoffeeCup Software
204. leapftp
205. unleap.exe
206. sites.dat
207. sites.ini
208. \LeapWare\LeapFTP
209. SOFTWARE\LeapWare
210. InstallPath
211. DataDir
212. Password
213. HostName
214. UserName
215. RemoteDirectory
216. PortNumber
217. FSProtocol
218. Software\Martin Prikryl
219. \32BitFtp.ini
220. NDSites.ini
221. \NetDrive
222. PassWord
223. Url
224. UserName
225. RootDirectory
226. Port
227. Software\South River Technologies\WebDrive\Connections
228. ServerType
229. FTP CONTROL
230. FTPCON
231. .prf
232. \Profiles
233. http://
234. https://
235. ftp://
236. opera
237. wand.dat
238. _Software\Opera Software
239. Last Directory3
240. Last Install Path
241. Opera.HTML\shell\open\command
242. wiseftpsrvs.bin
243. \AceBIT
244. Software\AceBIT
245. MRU
246. SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
247. SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
248. wiseftpsrvs.ini
249. wiseftp.ini
250. FTPVoyager.ftp
251. FTPVoyager.qc
252. \RhinoSoft.com
253. nss3.dll
254. NSS_Init
255. NSS_Shutdown
256. NSSBase64_DecodeBuffer
257. SECITEM_FreeItem
258. PK11_GetInternalKeySlot
259. PK11_Authenticate
260. PK11SDR_Decrypt
261. PK11_FreeSlot
262. sqlite3.dll
263. sqlite3_open
264. sqlite3_close
265. sqlite3_prepare
266. sqlite3_step
267. sqlite3_column_bytes
268. sqlite3_column_blob
269. mozsqlite3.dll
270. sqlite3_open
271. sqlite3_close
272. sqlite3_prepare
273. sqlite3_step
274. sqlite3_column_bytes
275. sqlite3_column_blob
276. profiles.ini
277. Profile
278. IsRelative
279. Path
280. PathToExe
281. prefs.js
282. signons.sqlite
283. signons.txt
284. signons2.txt
285. signons3.txt
286. SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
287. Firefox
288. \Mozilla\Firefox\
289. Software\Mozilla
290. ftp://
291. http://
292. https://
293. ftp.
294. fireFTPsites.dat
295. SeaMonkey
296. \Mozilla\SeaMonkey\
297. Flock
298. \Flock\Browser\
299. Mozilla
300. \Mozilla\Profiles\
301. Software\LeechFTP
302. AppDir
303. LocalDir
304. bookmark.dat
305. SiteInfo.QFP
306. Odin
307. Favorites.dat
308. WinFTP
309. sites.db
310. CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
311. servers.xml
312. \FTPGetter
313. ESTdb2.dat
314. QData.dat
315. \Estsoft\ALFTP
316. Internet Explorer
317. WininetCacheCredentials
318. MS IE FTP Passwords
319. DPAPI:
320. Software\Microsoft\Internet Explorer\IntelliForms\Storage2
321. Microsoft_WinInet_*
322. ftp://
323. Software\Adobe\Common
324. SiteServers
325. SiteServer %d\Host
326. SiteServer %d\WebUrl
327. SiteServer %d\Remote Directory
328. SiteServer %d-User
329. SiteServer %d-User PW
330. %s\Keychain
331. SiteServer %d\SFTP
332. DeluxeFTP
333. sites.xml
334. Web Data
335. Login Data
336. SQLite format 3
337. table
338. CONSTRAINT
339. PRIMARY
340. UNIQUE
341. CHECK
342. FOREIGN
343. logins
344. origin_url
345. password_value
346. username_value
347. ftp://
348. http://
349. https://
350. \Google\Chrome
351. \Chromium
352. \ChromePlus
353. Software\ChromePlus
354. Install_Dir
355. \Bromium
356. \Nichrome
357. \Comodo
358. \RockMelt
359. K-Meleon
360. \K-Meleon
361. \Profiles
362. Epic
363. \Epic\Epic
364. Staff-FTP
365. sites.ini
366. \Sites
367. \Visicom Media
368. .ftp
369. \Global Downloader
370. SM.arch
371. FreshFTP
372. .SMF
373. BlazeFtp
374. site.dat
375. LastPassword
376. LastAddress
377. LastUser
378. LastPort
379. Software\FlashPeak\BlazeFtp\Settings
380. \BlazeFtp
381. .fpl
382. FTP++.Link\shell\open\command
383. GoFTP
384. Connections.txt
385. 3D-FTP
386. sites.ini
387. \3D-FTP
388. \SiteDesigner
389. SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
390. EasyFTP
391. \NetSarang
392. .xfp
393. .rdp
394. TERMSRV/*
395. password 51:b:
396. username:s:
397. full address:s:
398. TERMSRV/
399. FTP Now
400. FTPNow
401. sites.xml
402. SOFTWARE\Robo-FTP 3.7\Scripts
403. SOFTWARE\Robo-FTP 3.7\FTPServers
404. FTP Count
405. FTP File%d
406. Password
407. ServerName
408. UserID
409. InitialDirectory
410. PortNumber
411. ServerType
412. fMY
413. Software\LinasFTP\Site Manager
414. Host
415. User
416. Pass
417. Port
418. Remote Dir
419. \Cyberduck
420. .duck
421. user.config
422. <setting name="
423. value="
424. Software\SimonTatham\PuTTY\Sessions
425. HostName
426. UserName
427. Password
428. PortNumber
429. TerminalType
430. NppFTP.xml
431. \Notepad++
432. Software\CoffeeCup Software
433. FTP destination server
434. FTP destination user
435. FTP destination password
436. FTP destination port
437. FTP destination catalog
438. FTP profiles
439. FTPShell
440. ftpshell.fsi
441. Software\MAS-Soft\FTPInfo\Setup
442. DataDir
443. \FTPInfo
444. ServerList.xml
445. NexusFile
446. ftpsite.ini
447. FastStone Browser
448. FTPList.db
449. \MapleStudio\ChromePlus
450. Software\Nico Mak Computing\WinZip\FTP
451. Software\Nico Mak Computing\WinZip\mru\jobs
452. Site
453. UserID
454. xflags
455. Port
456. Folder
457. .wjf
458. winex="
459. \Yandex
460. My FTP
461. project.ini
462. .xml
463. {74FF1730-B1F2-4D88-926B-1568FAE61DB7}
464. NovaFTP.db
465. \INSoftware\NovaFTP
466. .oeaccount
467. Salt
468. <_OP3_Password2
469. <_MTP_Password2
470. <IMAP_Password2
471. <HTTPMail_Password2
472. \Microsoft\Windows Live Mail
473. Software\Microsoft\Windows Live Mail
474. \Microsoft\Windows Mail
475. Software\Microsoft\Windows Mail
476. Software\RimArts\B2\Settings
477. DataDir
478. DataDirBak
479. Mailbox.ini
480. Software\Poco Systems Inc
481. Path
482. \PocoSystem.ini
483. Program
484. DataPath
485. accounts.ini
486. \Pocomail
487. Software\IncrediMail
488. EmailAddress
489. Technology
490. PopServer
491. PopPort
492. PopAccount
493. PopPassword
494. _mtpServer
495. _mtpPort
496. _mtpAccount
497. _mtpPassword
498. account.cfg
499. account.cfn
500. \BatMail
501. \The Bat!
502. Software\RIT\The Bat!
503. Software\RIT\The Bat!\Users depot
504. Working Directory
505. ProgramDir
506. Count
507. Default
508. Dir #%d
509. Software\Microsoft\Internet Account Manager\Accounts
510. Identities
511. Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
512. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
513. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
514. Software\Microsoft\Internet Account Manager
515. Outlook
516. \Accounts
517. identification
518. identitymgr
519. inetcomm server passwords
520. outlook account manager passwords
521. identities
522. {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
523. Thunderbird
524. \Thunderbird
525. FastTrack
526. ftplist.txt
527.  
528. ---
529. malwaremustdie.org