daily pastebin goal
27%
SHARE
TWEET

#malwareMustDie! Credential slurp by trojan/PWS/ Fareit

MalwareMustDie Aug 2nd, 2013 298 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. // #MalwareMustDie!
  2. // Credential slurp by trojan/PWS/ Fareit, MD5: e1388381884e7434a0a559caed63b677
  3.  
  4. // PC data...
  5. My Documents
  6. AppData
  7. Local AppData
  8. Cache
  9. Cookies
  10. History
  11. My Documents
  12. Common AppData
  13. My Pictures
  14. Common Documents
  15. Common Administrative Tools
  16. Administrative Tools
  17. Personal
  18. Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  19. explorer.exe
  20. IsWow64Process
  21.  
  22. // Credentials...
  23. Software\Far\Plugins\FTP\Hosts
  24. Software\Far2\Plugins\FTP\Hosts
  25. Software\Far Manager\Plugins\FTP\Hosts
  26. Software\Far\SavedDialogHistory\FTPHost
  27. Software\Far2\SavedDialogHistory\FTPHost
  28. Software\Far Manager\SavedDialogHistory\FTPHost
  29. Password
  30. HostName
  31. User
  32. Line
  33. _cx_ftp.ini
  34. \GHISLER
  35. InstallDir
  36. FtpIniName
  37. Software\_hisler\Windows Commander
  38. Software\_hisler\Total Commander
  39. \Ipswitch
  40. Sites\
  41. \Ipswitch\WS_FTP
  42. \win.ini
  43. .ini
  44. WS_FTP
  45. DIR
  46. DEFDIR
  47. CUTEFTP
  48. QCHistory
  49. Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
  50. Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
  51. Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
  52. Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
  53. Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
  54. Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
  55. Software\GlobalSCAPE\CuteFTP 9\QCToolbar
  56. \GlobalSCAPE\CuteFTP
  57. \GlobalSCAPE\CuteFTP Pro
  58. \GlobalSCAPE\CuteFTP Lite
  59. \CuteFTP
  60. \sm.dat
  61. _oftware\FlashFXP\3
  62. _oftware\FlashFXP
  63. _oftware\FlashFXP\4
  64. InstallerDathPath
  65. path
  66. Install Path
  67. DataFolder
  68. \Sites.dat
  69. \Quick.dat
  70. \_istory.dat
  71. \FlashFXP\3
  72. \FlashFXP\4
  73. \FileZilla
  74. \sitemanager.xml
  75. \recentservers.xml
  76. \filezilla.xml
  77. Software\FileZilla
  78. Software\FileZilla Client
  79. Install_Dir
  80. Host
  81. User
  82. Pass
  83. Port
  84. Remote Dir
  85. Server Type
  86. Server.Host
  87. Server.User
  88. Server.Pass
  89. Server.Port
  90. Path
  91. ServerType
  92. Last Server Host
  93. Last Server User
  94. Last Server Pass
  95. Last Server Port
  96. Last Server Path
  97. Last Server Type
  98. FTP Navigator
  99. FTP Commander
  100. ftplist.txt
  101. \BulletProof Software
  102. .dat
  103. .bps
  104. Software\BPFTP\Bullet Proof FTP\Main
  105. Software\BulletProof Software\BulletProof FTP Client\Main
  106. Software\BPFTP\Bullet Proof FTP\Options
  107. Software\BulletProof Software\BulletProof FTP Client\Options
  108. Software\BPFTP
  109. LastSessionFile
  110. SitesDir
  111. InstallDir1
  112. .xml
  113. \SmartFTP
  114. Favorites.dat
  115. _istory.dat
  116. _ddrbk.dat
  117. quick.dat
  118. \TurboFTP
  119. Software\TurboFTP
  120. installpath
  121. Software\Sota\FFFTP
  122. CredentialSalt
  123. CredentialCheck
  124. Software\Sota\FFFTP\Options
  125. Password
  126. UserName
  127. HostAdrs
  128. RemoteDir
  129. Port
  130. HostName
  131. Port
  132. Username
  133. Password
  134. HostDirName
  135. Software\CoffeeCup Software\Internet\Profiles
  136. Software\FTPWare\COREFTP\Sites
  137. Host
  138. User
  139. Port
  140. PthR
  141. SSH
  142. profiles.xml
  143. \FTP Explorer
  144. Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
  145. Buttons
  146. Software\FTP Explorer\Profiles
  147. Password
  148. PasswordType
  149. Host
  150. Login
  151. Port
  152. InitialPath
  153. FtpSite.xml
  154. \Frigate3
  155. .ini
  156. _VanDyke\Config\Sessions
  157. \Sessions
  158. Software\VanDyke\SecureFX
  159. Config Path
  160. UltraFXP
  161. \sites.xml
  162. \FTPRush
  163. RushSite.xml
  164. Server
  165. Username
  166. Password
  167. FtpPort
  168. Software\Cryer\WebSitePublisher
  169. \BitKinex
  170. bitkinex.ds
  171. Hostname
  172. Username
  173. Password
  174. Port
  175. Software\ExpanDrive\Sessions
  176. \ExpanDrive
  177. \drives.js
  178. "password" : "
  179. Software\ExpanDrive
  180. ExpanDrive_Home
  181. Server
  182. UserName
  183. Password
  184. _Password
  185. Directory
  186. Software\NCH Software\ClassicFTP\FTPAccounts
  187. FtpServer
  188. FtpUserName
  189. FtpPassword
  190. _FtpPassword
  191. FtpDirectory
  192. SOFTWARE\NCH Software\Fling\Accounts
  193. Software\FTPClient\Sites
  194. Software\SoftX.org\FTPClient\Sites
  195. .oxc
  196. .oll
  197. ftplast.osd
  198. \GPSoftware\Directory Opus
  199. \SharedSettings.ccs
  200. \SharedSettings_1_0_5.ccs
  201. \SharedSettings.sqlite
  202. \SharedSettings_1_0_5.sqlite
  203. \CoffeeCup Software
  204. leapftp
  205. unleap.exe
  206. sites.dat
  207. sites.ini
  208. \LeapWare\LeapFTP
  209. SOFTWARE\LeapWare
  210. InstallPath
  211. DataDir
  212. Password
  213. HostName
  214. UserName
  215. RemoteDirectory
  216. PortNumber
  217. FSProtocol
  218. Software\Martin Prikryl
  219. \32BitFtp.ini
  220. NDSites.ini
  221. \NetDrive
  222. PassWord
  223. Url
  224. UserName
  225. RootDirectory
  226. Port
  227. Software\South River Technologies\WebDrive\Connections
  228. ServerType
  229. FTP CONTROL
  230. FTPCON
  231. .prf
  232. \Profiles
  233. http://
  234. https://
  235. ftp://
  236. opera
  237. wand.dat
  238. _Software\Opera Software
  239. Last Directory3
  240. Last Install Path
  241. Opera.HTML\shell\open\command
  242. wiseftpsrvs.bin
  243. \AceBIT
  244. Software\AceBIT
  245. MRU
  246. SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
  247. SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
  248. wiseftpsrvs.ini
  249. wiseftp.ini
  250. FTPVoyager.ftp
  251. FTPVoyager.qc
  252. \RhinoSoft.com
  253. nss3.dll
  254. NSS_Init
  255. NSS_Shutdown
  256. NSSBase64_DecodeBuffer
  257. SECITEM_FreeItem
  258. PK11_GetInternalKeySlot
  259. PK11_Authenticate
  260. PK11SDR_Decrypt
  261. PK11_FreeSlot
  262. sqlite3.dll
  263. sqlite3_open
  264. sqlite3_close
  265. sqlite3_prepare
  266. sqlite3_step
  267. sqlite3_column_bytes
  268. sqlite3_column_blob
  269. mozsqlite3.dll
  270. sqlite3_open
  271. sqlite3_close
  272. sqlite3_prepare
  273. sqlite3_step
  274. sqlite3_column_bytes
  275. sqlite3_column_blob
  276. profiles.ini
  277. Profile
  278. IsRelative
  279. Path
  280. PathToExe
  281. prefs.js
  282. signons.sqlite
  283. signons.txt
  284. signons2.txt
  285. signons3.txt
  286. SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
  287. Firefox
  288. \Mozilla\Firefox\
  289. Software\Mozilla
  290. ftp://
  291. http://
  292. https://
  293. ftp.
  294. fireFTPsites.dat
  295. SeaMonkey
  296. \Mozilla\SeaMonkey\
  297. Flock
  298. \Flock\Browser\
  299. Mozilla
  300. \Mozilla\Profiles\
  301. Software\LeechFTP
  302. AppDir
  303. LocalDir
  304. bookmark.dat
  305. SiteInfo.QFP
  306. Odin
  307. Favorites.dat
  308. WinFTP
  309. sites.db
  310. CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
  311. servers.xml
  312. \FTPGetter
  313. ESTdb2.dat
  314. QData.dat
  315. \Estsoft\ALFTP
  316. Internet Explorer
  317. WininetCacheCredentials
  318. MS IE FTP Passwords
  319. DPAPI:
  320. Software\Microsoft\Internet Explorer\IntelliForms\Storage2
  321. Microsoft_WinInet_*
  322. ftp://
  323. Software\Adobe\Common
  324. SiteServers
  325. SiteServer %d\Host
  326. SiteServer %d\WebUrl
  327. SiteServer %d\Remote Directory
  328. SiteServer %d-User
  329. SiteServer %d-User PW
  330. %s\Keychain
  331. SiteServer %d\SFTP
  332. DeluxeFTP
  333. sites.xml
  334. Web Data
  335. Login Data
  336. SQLite format 3
  337. table
  338. CONSTRAINT
  339. PRIMARY
  340. UNIQUE
  341. CHECK
  342. FOREIGN
  343. logins
  344. origin_url
  345. password_value
  346. username_value
  347. ftp://
  348. http://
  349. https://
  350. \Google\Chrome
  351. \Chromium
  352. \ChromePlus
  353. Software\ChromePlus
  354. Install_Dir
  355. \Bromium
  356. \Nichrome
  357. \Comodo
  358. \RockMelt
  359. K-Meleon
  360. \K-Meleon
  361. \Profiles
  362. Epic
  363. \Epic\Epic
  364. Staff-FTP
  365. sites.ini
  366. \Sites
  367. \Visicom Media
  368. .ftp
  369. \Global Downloader
  370. SM.arch
  371. FreshFTP
  372. .SMF
  373. BlazeFtp
  374. site.dat
  375. LastPassword
  376. LastAddress
  377. LastUser
  378. LastPort
  379. Software\FlashPeak\BlazeFtp\Settings
  380. \BlazeFtp
  381. .fpl
  382. FTP++.Link\shell\open\command
  383. GoFTP
  384. Connections.txt
  385. 3D-FTP
  386. sites.ini
  387. \3D-FTP
  388. \SiteDesigner
  389. SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
  390. EasyFTP
  391. \NetSarang
  392. .xfp
  393. .rdp
  394. TERMSRV/*
  395. password 51:b:
  396. username:s:
  397. full address:s:
  398. TERMSRV/
  399. FTP Now
  400. FTPNow
  401. sites.xml
  402. SOFTWARE\Robo-FTP 3.7\Scripts
  403. SOFTWARE\Robo-FTP 3.7\FTPServers
  404. FTP Count
  405. FTP File%d
  406. Password
  407. ServerName
  408. UserID
  409. InitialDirectory
  410. PortNumber
  411. ServerType
  412. fMY
  413. Software\LinasFTP\Site Manager
  414. Host
  415. User
  416. Pass
  417. Port
  418. Remote Dir
  419. \Cyberduck
  420. .duck
  421. user.config
  422. <setting name="
  423. value="
  424. Software\SimonTatham\PuTTY\Sessions
  425. HostName
  426. UserName
  427. Password
  428. PortNumber
  429. TerminalType
  430. NppFTP.xml
  431. \Notepad++
  432. Software\CoffeeCup Software
  433. FTP destination server
  434. FTP destination user
  435. FTP destination password
  436. FTP destination port
  437. FTP destination catalog
  438. FTP profiles
  439. FTPShell
  440. ftpshell.fsi
  441. Software\MAS-Soft\FTPInfo\Setup
  442. DataDir
  443. \FTPInfo
  444. ServerList.xml
  445. NexusFile
  446. ftpsite.ini
  447. FastStone Browser
  448. FTPList.db
  449. \MapleStudio\ChromePlus
  450. Software\Nico Mak Computing\WinZip\FTP
  451. Software\Nico Mak Computing\WinZip\mru\jobs
  452. Site
  453. UserID
  454. xflags
  455. Port
  456. Folder
  457. .wjf
  458. winex="
  459. \Yandex
  460. My FTP
  461. project.ini
  462. .xml
  463. {74FF1730-B1F2-4D88-926B-1568FAE61DB7}
  464. NovaFTP.db
  465. \INSoftware\NovaFTP
  466. .oeaccount
  467. Salt
  468. <_OP3_Password2
  469. <_MTP_Password2
  470. <IMAP_Password2
  471. <HTTPMail_Password2
  472. \Microsoft\Windows Live Mail
  473. Software\Microsoft\Windows Live Mail
  474. \Microsoft\Windows Mail
  475. Software\Microsoft\Windows Mail
  476. Software\RimArts\B2\Settings
  477. DataDir
  478. DataDirBak
  479. Mailbox.ini
  480. Software\Poco Systems Inc
  481. Path
  482. \PocoSystem.ini
  483. Program
  484. DataPath
  485. accounts.ini
  486. \Pocomail
  487. Software\IncrediMail
  488. EmailAddress
  489. Technology
  490. PopServer
  491. PopPort
  492. PopAccount
  493. PopPassword
  494. _mtpServer
  495. _mtpPort
  496. _mtpAccount
  497. _mtpPassword
  498. account.cfg
  499. account.cfn
  500. \BatMail
  501. \The Bat!
  502. Software\RIT\The Bat!
  503. Software\RIT\The Bat!\Users depot
  504. Working Directory
  505. ProgramDir
  506. Count
  507. Default
  508. Dir #%d
  509. Software\Microsoft\Internet Account Manager\Accounts
  510. Identities
  511. Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
  512. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
  513. Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
  514. Software\Microsoft\Internet Account Manager
  515. Outlook
  516. \Accounts
  517. identification
  518. identitymgr
  519. inetcomm server passwords
  520. outlook account manager passwords
  521. identities
  522. {%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
  523. Thunderbird
  524. \Thunderbird
  525. FastTrack
  526. ftplist.txt
  527.  
  528. ---
  529. malwaremustdie.org
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top