Sample File: MD5 hash: 3ee027e16a993a226110e73e4650358c SHA1 hash: e67faa73f0cd297c497624a027559de477b707e6 SHA256 hash: 8de41ace64ef22a1c4755070befebf33082bee0ab6f3a236654937f6d56bfe11 Filename(s): 3838612080743901967.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: HKEY_CLASSES_ROOT\CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32 HKEY_CLASSES_ROOT\FTP++.Link\shell\open\command HKEY_CLASSES_ROOT\Opera.HTML\shell\open\command HKEY_CURRENT_USER\Identities HKEY_CURRENT_USER\Identities\{74A13782-B361-4204-9DAA-0A3D49DA4337}\Software\Microsoft\Internet Account Manager\Accounts HKEY_CURRENT_USER\SOFTWARE\LeapWare HKEY_CURRENT_USER\SOFTWARE\NCH Software\Fling\Accounts HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\FTPServers HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\Scripts HKEY_CURRENT_USER\Software\AceBIT HKEY_CURRENT_USER\Software\Adobe\Common HKEY_CURRENT_USER\Software\BPFTP HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Main HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Options HKEY_CURRENT_USER\Software\Borland\Delphi\Locales HKEY_CURRENT_USER\Software\Borland\Locales HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Main HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Options HKEY_CURRENT_USER\Software\ChromePlus HKEY_CURRENT_USER\Software\CoffeeCup Software HKEY_CURRENT_USER\Software\CoffeeCup Software\Internet\Profiles HKEY_CURRENT_USER\Software\Cryer\WebSitePublisher HKEY_CURRENT_USER\Software\ExpanDrive HKEY_CURRENT_USER\Software\ExpanDrive\Sessions HKEY_CURRENT_USER\Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224 HKEY_CURRENT_USER\Software\FTP Explorer\Profiles HKEY_CURRENT_USER\Software\FTPClient\Sites HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites HKEY_CURRENT_USER\Software\Far Manager\Plugins\FTP\Hosts HKEY_CURRENT_USER\Software\Far Manager\SavedDialogHistory\FTPHost HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts HKEY_CURRENT_USER\Software\Far2\SavedDialogHistory\FTPHost HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts HKEY_CURRENT_USER\Software\Far\SavedDialogHistory\FTPHost HKEY_CURRENT_USER\Software\FileZilla HKEY_CURRENT_USER\Software\FileZilla Client HKEY_CURRENT_USER\Software\FlashFXP HKEY_CURRENT_USER\Software\FlashFXP\3 HKEY_CURRENT_USER\Software\FlashFXP\4 HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings HKEY_CURRENT_USER\Software\Ghisler\Total Commander HKEY_CURRENT_USER\Software\Ghisler\Windows Commander HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar HKEY_CURRENT_USER\Software\IncrediMail HKEY_CURRENT_USER\Software\LeechFTP HKEY_CURRENT_USER\Software\LinasFTP\Site Manager HKEY_CURRENT_USER\Software\MAS-Soft\FTPInfo\Setup HKEY_CURRENT_USER\Software\Martin Prikryl HKEY_CURRENT_USER\Software\Microsoft\Command Processor HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail HKEY_CURRENT_USER\Software\Microsoft\Windows Mail HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\24f93cf8ea9a9546b93f8dc78abb6a97 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3c51f4951df2d34baef1a05b725728d2 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\42405d6c3502e64caa2aeda354771336 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5e8673e5f416694397a90d6dc37f5694 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\600082486368c34683de3c06ff753b3b HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\6c393c97bf8f52408197f7e63b61e548 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9fd587aab699e24cb035dd8129bd6b5b HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\d9417b97bf6b594d89a41cdbed740112 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\e3233d298149174193c9c78f955de155 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\e50f0eb5db19ee44ba2717941e28e885 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E} HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary HKEY_CURRENT_USER\Software\Mozilla HKEY_CURRENT_USER\Software\Mozilla\Firefox HKEY_CURRENT_USER\Software\Mozilla\Firefox\Crash Reporter HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\FTP HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\mru\jobs HKEY_CURRENT_USER\Software\Opera Software HKEY_CURRENT_USER\Software\Poco Systems Inc HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System HKEY_CURRENT_USER\Software\RIT\The Bat! HKEY_CURRENT_USER\Software\RIT\The Bat!\Users depot HKEY_CURRENT_USER\Software\RimArts\B2\Settings HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions HKEY_CURRENT_USER\Software\SoftX.org\FTPClient\Sites HKEY_CURRENT_USER\Software\Sota\FFFTP HKEY_CURRENT_USER\Software\Sota\FFFTP\Options HKEY_CURRENT_USER\Software\South River Technologies\WebDrive\Connections HKEY_CURRENT_USER\Software\TurboFTP HKEY_CURRENT_USER\Software\VanDyke\SecureFX HKEY_CURRENT_USER\Software\WinRAR HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\LeapWare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217045FF} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{444C5574-6BE0-323E-9BDD-922F6C3C4A04} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} HKEY_LOCAL_MACHINE\SOFTWARE\NCH Software\Fling\Accounts HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\FTPServers HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\Scripts HKEY_LOCAL_MACHINE\Software\AceBIT HKEY_LOCAL_MACHINE\Software\Borland\Locales HKEY_LOCAL_MACHINE\Software\CoffeeCup Software HKEY_LOCAL_MACHINE\Software\FTPClient\Sites HKEY_LOCAL_MACHINE\Software\FileZilla HKEY_LOCAL_MACHINE\Software\FileZilla Client HKEY_LOCAL_MACHINE\Software\FlashFXP HKEY_LOCAL_MACHINE\Software\FlashFXP\3 HKEY_LOCAL_MACHINE\Software\FlashFXP\4 HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander HKEY_LOCAL_MACHINE\Software\IncrediMail HKEY_LOCAL_MACHINE\Software\Martin Prikryl HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager HKEY_LOCAL_MACHINE\Software\Mozilla HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00 HKEY_LOCAL_MACHINE\Software\Mozilla\MaintenanceService\f9b87e891978e3145f0f8f9953eadc00\0 HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\bin HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main HKEY_LOCAL_MACHINE\Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE\Software\NCH Software\ClassicFTP\FTPAccounts HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\FTP HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\mru\jobs HKEY_LOCAL_MACHINE\Software\Poco Systems Inc HKEY_LOCAL_MACHINE\Software\RIT\The Bat! HKEY_LOCAL_MACHINE\Software\RIT\The Bat!\Users depot HKEY_LOCAL_MACHINE\Software\RimArts\B2\Settings HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions HKEY_LOCAL_MACHINE\Software\SoftX.org\FTPClient\Sites HKEY_LOCAL_MACHINE\Software\South River Technologies\WebDrive\Connections HKEY_LOCAL_MACHINE\Software\TurboFTP IP IOCs: 192.95.7.159 URL IOCs: tnaapparels.com/44/panel/gate.php tnaapparels.com/44/panel/44.exe File IOCs: Filenames: "C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat" C:\Program Files\CuteFTP\sm.dat C:\Program Files\GlobalSCAPE\CuteFTP Lite\sm.dat C:\Program Files\GlobalSCAPE\CuteFTP Pro\sm.dat C:\Program Files\GlobalSCAPE\CuteFTP\sm.dat C:\Program Files\Mozilla Firefox C:\ProgramData\CoffeeCup Software\SharedSettings.ccs C:\ProgramData\CoffeeCup Software\SharedSettings.sqlite C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite C:\ProgramData\CuteFTP\sm.dat C:\ProgramData\ExpanDrive\drives.js C:\ProgramData\FileZilla\filezilla.xml C:\ProgramData\FileZilla\recentservers.xml C:\ProgramData\FileZilla\sitemanager.xml C:\ProgramData\FlashFXP\3\History.dat C:\ProgramData\FlashFXP\3\Quick.dat C:\ProgramData\FlashFXP\3\Sites.dat C:\ProgramData\FlashFXP\4\History.dat C:\ProgramData\FlashFXP\4\Quick.dat C:\ProgramData\FlashFXP\4\Sites.dat C:\ProgramData\GHISLER\wcx_ftp.ini C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat C:\ProgramData\SharedSettings.ccs C:\ProgramData\SharedSettings.sqlite C:\ProgramData\SharedSettings_1_0_5.ccs C:\ProgramData\SharedSettings_1_0_5.sqlite C:\Users\EEBsYm5\AppData\Local\CoffeeCup Software\SharedSettings.ccs C:\Users\EEBsYm5\AppData\Local\CoffeeCup Software\SharedSettings.sqlite C:\Users\EEBsYm5\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs C:\Users\EEBsYm5\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.sqlite C:\Users\EEBsYm5\AppData\Local\CuteFTP\sm.dat C:\Users\EEBsYm5\AppData\Local\ExpanDrive\drives.js C:\Users\EEBsYm5\AppData\Local\FileZilla\filezilla.xml C:\Users\EEBsYm5\AppData\Local\FileZilla\recentservers.xml C:\Users\EEBsYm5\AppData\Local\FileZilla\sitemanager.xml C:\Users\EEBsYm5\AppData\Local\FlashFXP\3\History.dat C:\Users\EEBsYm5\AppData\Local\FlashFXP\3\Quick.dat C:\Users\EEBsYm5\AppData\Local\FlashFXP\3\Sites.dat C:\Users\EEBsYm5\AppData\Local\FlashFXP\4\History.dat C:\Users\EEBsYm5\AppData\Local\FlashFXP\4\Quick.dat C:\Users\EEBsYm5\AppData\Local\FlashFXP\4\Sites.dat C:\Users\EEBsYm5\AppData\Local\GHISLER\wcx_ftp.ini C:\Users\EEBsYm5\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat C:\Users\EEBsYm5\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat C:\Users\EEBsYm5\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Login Data C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal C:\Users\EEBsYm5\AppData\Local\Google\Chrome\User Data\Default\Web Data C:\Users\EEBsYm5\AppData\Local\SharedSettings.ccs C:\Users\EEBsYm5\AppData\Local\SharedSettings.sqlite C:\Users\EEBsYm5\AppData\Local\SharedSettings_1_0_5.ccs C:\Users\EEBsYm5\AppData\Local\SharedSettings_1_0_5.sqlite C:\Users\EEBsYm5\AppData\Local\Temp C:\Users\EEBsYm5\AppData\Local\Temp\18144644.bat C:\Users\EEBsYm5\AppData\Local\Temp\Client Hash C:\Users\EEBsYm5\AppData\Local\Temp\HWID C:\Users\EEBsYm5\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs C:\Users\EEBsYm5\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite C:\Users\EEBsYm5\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs C:\Users\EEBsYm5\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite C:\Users\EEBsYm5\AppData\Roaming\CuteFTP\sm.dat C:\Users\EEBsYm5\AppData\Roaming\ExpanDrive\drives.js C:\Users\EEBsYm5\AppData\Roaming\FileZilla\filezilla.xml C:\Users\EEBsYm5\AppData\Roaming\FileZilla\recentservers.xml C:\Users\EEBsYm5\AppData\Roaming\FileZilla\sitemanager.xml C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\3\History.dat C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\3\Quick.dat C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\3\Sites.dat C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\4\History.dat C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\4\Quick.dat C:\Users\EEBsYm5\AppData\Roaming\FlashFXP\4\Sites.dat C:\Users\EEBsYm5\AppData\Roaming\GHISLER\wcx_ftp.ini C:\Users\EEBsYm5\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat C:\Users\EEBsYm5\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat C:\Users\EEBsYm5\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\ C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\Profiles\h231daer.default\signons.sqlite C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Firefox\profiles.ini C:\Users\EEBsYm5\AppData\Roaming\Mozilla\Profiles\ C:\Users\EEBsYm5\AppData\Roaming\SharedSettings.ccs C:\Users\EEBsYm5\AppData\Roaming\SharedSettings.sqlite C:\Users\EEBsYm5\AppData\Roaming\SharedSettings_1_0_5.ccs C:\Users\EEBsYm5\AppData\Roaming\SharedSettings_1_0_5.sqlite C:\Users\EEBsYm5\Desktop C:\Users\EEBsYm5\Desktop\3838612080743901967.exe C:\Users\EEBsYm5\wcx_ftp.ini C:\Windows\32BitFtp.ini C:\Windows\wcx_ftp.ini MD5 hashes: 3880eeb1c736d853eb13b44898b718ab 3ee027e16a993a226110e73e4650358c SHA1 hashes: 4eec9d50360cd815211e3c4e6bdd08271b6ec8e6 e67faa73f0cd297c497624a027559de477b707e6 SHA256 hashes: 8de41ace64ef22a1c4755070befebf33082bee0ab6f3a236654937f6d56bfe11 936d9411d5226b7c5a150ecaf422987590a8870c8e095e1caa072273041a86e7