VMRay Analyzer Report for Sample #17501 VMRay Analyzer 2.2.0 Process 1 2356 winword.exe 1384 winword.exe "C:\Program Files\Microsoft Office\Office15\WINWORD.EXE" C:\Users\aDU0VK IWA5kLS\Desktop\ c:\program files\microsoft office\office15\winword.exe Child_Of Created Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Process 2 2524 svchost.exe 2356 svchost.exe "C:\Windows\SysWOW64\svchost.exe" C:\Users\aDU0VK IWA5kLS\Desktop\ c:\windows\syswow64\svchost.exe Child_Of Child_Of Child_Of Child_Of Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Modified_Properties_Of Modified_Properties_Of Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Read_From Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Connected_To Process 3 1008 svchost.exe 476 svchost.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\ c:\windows\system32\svchost.exe Process 4 2612 cmd.exe 2524 cmd.exe cmd /K C:\Users\aDU0VK IWA5kLS\Desktop\ c:\windows\syswow64\cmd.exe Opened Opened Opened Opened Opened Process 5 2664 svchost.exe 2524 svchost.exe C:\Windows\System32\svchost.exe C:\Users\aDU0VK IWA5kLS\Desktop\ c:\windows\syswow64\svchost.exe Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Opened Read_From Connected_To Connected_To Connected_To Process 6 2684 bn649b.tmp 2524 bn649b.tmp C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp C:\Users\aDU0VK IWA5kLS\Desktop\ c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp Child_Of Created Created Process 7 2692 explorer.exe 2684 explorer.exe explorer.exe C:\Users\aDU0VK IWA5kLS\Desktop\ c:\windows\syswow64\explorer.exe Child_Of Opened Connected_To Connected_To Process 8 1384 explorer.exe 18446744073709551615 explorer.exe C:\Windows\Explorer.EXE C:\Windows\system32\ c:\windows\explorer.exe Child_Of Child_Of Child_Of Child_Of Child_Of Created Deleted Opened Opened Opened Created Created Created Wrote_To Wrote_To Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Created Modified_Properties_Of Modified_Properties_Of Created Created Opened Opened Opened Opened Process 9 716 svchost.exe 476 svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\ c:\windows\system32\svchost.exe Process 10 1296 taskhost.exe 476 taskhost.exe "taskhost.exe" C:\Windows\system32\ c:\windows\system32\taskhost.exe Opened Opened Opened Created Created Process 11 1372 dwm.exe 792 dwm.exe "C:\Windows\system32\Dwm.exe" C:\Windows\system32\ c:\windows\system32\dwm.exe Opened Opened Opened Created Created Process 12 1628 msiexec.exe 1384 msiexec.exe C:\Windows\syswow64\msiexec.exe C:\Windows\system32\ c:\windows\syswow64\msiexec.exe Child_Of Child_Of Created Opened Opened Opened Read_From Read_From Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Created Created Created Created Created Created Created Created Created Created Created Created Created Created Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Modified_Properties_Of Opened Opened Opened Opened Opened Opened Opened Opened Opened Listened_On Listened_On Connected_To Connected_To Connected_To Connected_To Connected_To Process 13 692 taskeng.exe 852 taskeng.exe taskeng.exe {CFDCF914-63AE-4446-B16F-E0A62E2EE661} S-1-5-21-1836691140-625943148-109919340-1000:AUFDDCNTXWT\aDU0VK IWA5kLS:Interactive:LUA[1] C:\Windows\system32\ c:\windows\system32\taskeng.exe Opened Opened Opened Created Created Process 14 2484 tor.exe 1628 tor.exe "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe" C:\Windows\system32\ c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe Wrote_To Wrote_To Wrote_To Wrote_To Wrote_To Opened Opened Opened Opened Opened Opened Opened Created Created Created Created Created Listened_On Listened_On Connected_To Connected_To Process 15 2280 certutil.exe 1628 certutil.exe "C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe" -A -n "yvesl" -t "C,C,C" -i "C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt" -d "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default" C:\Windows\system32\ c:\users\adu0vk~1\appdata\local\temp\certutil.exe Opened Opened Opened Read_From Read_From Read_From Read_From WinRegistryKey Licenses HKEY_CLASSES_ROOT WinRegistryKey CLSID\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\DesignerFeatures HKEY_CLASSES_ROOT WinRegistryKey Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\InprocServer32 HKEY_CLASSES_ROOT ThreadingModel WinRegistryKey TypeLib HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\409 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\9 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{000204EF-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4} HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 HKEY_CLASSES_ROOT WinRegistryKey Licenses\8804558B-B773-11d1-BC3E-0000F87552E7 HKEY_CLASSES_ROOT WinRegistryKey Clsid\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\Instance CLSID HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020905-0000-0000-C000-000000000046}\8.6\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{000204EF-0000-0000-C000-000000000046}\4.2\9\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.7\0\win64 HKEY_CLASSES_ROOT WinRegistryKey TypeLib\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\2.0\0\win64 HKEY_CLASSES_ROOT File users\adu0vk~1\appdata\local\temp\hwid users\adu0vk~1\appdata\local\temp\hwid c:\ c:\users\adu0vk~1\appdata\local\temp\hwid File windows\wcx_ftp.ini windows\wcx_ftp.ini c:\ c:\windows\wcx_ftp.ini ini File users\adu0vk iwa5kls\wcx_ftp.ini users\adu0vk iwa5kls\wcx_ftp.ini c:\ c:\users\adu0vk iwa5kls\wcx_ftp.ini ini File users\adu0vk iwa5kls\appdata\roaming\ghisler\wcx_ftp.ini users\adu0vk iwa5kls\appdata\roaming\ghisler\wcx_ftp.ini c:\ c:\users\adu0vk iwa5kls\appdata\roaming\ghisler\wcx_ftp.ini ini File programdata\ghisler\wcx_ftp.ini programdata\ghisler\wcx_ftp.ini c:\ c:\programdata\ghisler\wcx_ftp.ini ini File users\adu0vk iwa5kls\appdata\local\ghisler\wcx_ftp.ini users\adu0vk iwa5kls\appdata\local\ghisler\wcx_ftp.ini c:\ c:\users\adu0vk iwa5kls\appdata\local\ghisler\wcx_ftp.ini ini File users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp\sm.dat users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp\sm.dat dat File users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp pro\sm.dat users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp pro\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp pro\sm.dat dat File users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp lite\sm.dat users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp lite\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp lite\sm.dat dat File users\adu0vk iwa5kls\appdata\roaming\cuteftp\sm.dat users\adu0vk iwa5kls\appdata\roaming\cuteftp\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\cuteftp\sm.dat dat File programdata\globalscape\cuteftp\sm.dat programdata\globalscape\cuteftp\sm.dat c:\ c:\programdata\globalscape\cuteftp\sm.dat dat File programdata\globalscape\cuteftp pro\sm.dat programdata\globalscape\cuteftp pro\sm.dat c:\ c:\programdata\globalscape\cuteftp pro\sm.dat dat File programdata\globalscape\cuteftp lite\sm.dat programdata\globalscape\cuteftp lite\sm.dat c:\ c:\programdata\globalscape\cuteftp lite\sm.dat dat File programdata\cuteftp\sm.dat programdata\cuteftp\sm.dat c:\ c:\programdata\cuteftp\sm.dat dat File users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp\sm.dat users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp\sm.dat dat File users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp pro\sm.dat users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp pro\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp pro\sm.dat dat File users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp lite\sm.dat users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp lite\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp lite\sm.dat dat File users\adu0vk iwa5kls\appdata\local\cuteftp\sm.dat users\adu0vk iwa5kls\appdata\local\cuteftp\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\cuteftp\sm.dat dat File program files (x86)\globalscape\cuteftp\sm.dat program files (x86)\globalscape\cuteftp\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp\sm.dat dat File program files (x86)\globalscape\cuteftp pro\sm.dat program files (x86)\globalscape\cuteftp pro\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp pro\sm.dat dat File program files (x86)\globalscape\cuteftp lite\sm.dat program files (x86)\globalscape\cuteftp lite\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp lite\sm.dat dat File program files (x86)\cuteftp\sm.dat program files (x86)\cuteftp\sm.dat c:\ c:\program files (x86)\cuteftp\sm.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\sites.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\sites.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\sites.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\sites.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\quick.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\quick.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\quick.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\quick.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\history.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\history.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\history.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\history.dat dat File programdata\flashfxp\3\sites.dat programdata\flashfxp\3\sites.dat c:\ c:\programdata\flashfxp\3\sites.dat dat File programdata\flashfxp\4\sites.dat programdata\flashfxp\4\sites.dat c:\ c:\programdata\flashfxp\4\sites.dat dat File programdata\flashfxp\3\quick.dat programdata\flashfxp\3\quick.dat c:\ c:\programdata\flashfxp\3\quick.dat dat File programdata\flashfxp\4\quick.dat programdata\flashfxp\4\quick.dat c:\ c:\programdata\flashfxp\4\quick.dat dat File programdata\flashfxp\3\history.dat programdata\flashfxp\3\history.dat c:\ c:\programdata\flashfxp\3\history.dat dat File programdata\flashfxp\4\history.dat programdata\flashfxp\4\history.dat c:\ c:\programdata\flashfxp\4\history.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\3\sites.dat users\adu0vk iwa5kls\appdata\local\flashfxp\3\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\3\sites.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\4\sites.dat users\adu0vk iwa5kls\appdata\local\flashfxp\4\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\4\sites.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\3\quick.dat users\adu0vk iwa5kls\appdata\local\flashfxp\3\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\3\quick.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\4\quick.dat users\adu0vk iwa5kls\appdata\local\flashfxp\4\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\4\quick.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\3\history.dat users\adu0vk iwa5kls\appdata\local\flashfxp\3\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\3\history.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\4\history.dat users\adu0vk iwa5kls\appdata\local\flashfxp\4\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\4\history.dat dat File users\adu0vk iwa5kls\appdata\roaming\filezilla\sitemanager.xml users\adu0vk iwa5kls\appdata\roaming\filezilla\sitemanager.xml c:\ c:\users\adu0vk iwa5kls\appdata\roaming\filezilla\sitemanager.xml xml File users\adu0vk iwa5kls\appdata\roaming\filezilla\recentservers.xml users\adu0vk iwa5kls\appdata\roaming\filezilla\recentservers.xml c:\ c:\users\adu0vk iwa5kls\appdata\roaming\filezilla\recentservers.xml xml File users\adu0vk iwa5kls\appdata\roaming\filezilla\filezilla.xml users\adu0vk iwa5kls\appdata\roaming\filezilla\filezilla.xml c:\ c:\users\adu0vk iwa5kls\appdata\roaming\filezilla\filezilla.xml xml File programdata\filezilla\sitemanager.xml programdata\filezilla\sitemanager.xml c:\ c:\programdata\filezilla\sitemanager.xml xml File programdata\filezilla\recentservers.xml programdata\filezilla\recentservers.xml c:\ c:\programdata\filezilla\recentservers.xml xml File programdata\filezilla\filezilla.xml programdata\filezilla\filezilla.xml c:\ c:\programdata\filezilla\filezilla.xml xml File users\adu0vk iwa5kls\appdata\local\filezilla\sitemanager.xml users\adu0vk iwa5kls\appdata\local\filezilla\sitemanager.xml c:\ c:\users\adu0vk iwa5kls\appdata\local\filezilla\sitemanager.xml xml File users\adu0vk iwa5kls\appdata\local\filezilla\recentservers.xml users\adu0vk iwa5kls\appdata\local\filezilla\recentservers.xml c:\ c:\users\adu0vk iwa5kls\appdata\local\filezilla\recentservers.xml xml File users\adu0vk iwa5kls\appdata\local\filezilla\filezilla.xml users\adu0vk iwa5kls\appdata\local\filezilla\filezilla.xml c:\ c:\users\adu0vk iwa5kls\appdata\local\filezilla\filezilla.xml xml File users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles.ini users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles.ini c:\ c:\users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles.ini ini File users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\signons.sqlite users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\signons.sqlite c:\ c:\users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\signons.sqlite sqlite File users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data c:\ c:\users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data File users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data-journal users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data-journal c:\ c:\users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data-journal File users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\login data users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\login data c:\ c:\users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\login data File users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\login data-journal users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\login data-journal c:\ c:\users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\login data-journal File users\adu0vk~1\appdata\local\temp\client hash users\adu0vk~1\appdata\local\temp\client hash c:\ c:\users\adu0vk~1\appdata\local\temp\client hash File users\adu0vk~1\appdata\local\temp\bn649b.tmp users\adu0vk~1\appdata\local\temp\bn649b.tmp c:\ c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp tmp MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Mutex Local\mtxLogMeInIgnition.IgnitionMutex WinRegistryKey Software\WinRAR HKEY_CURRENT_USER HWID WinRegistryKey Software\WinRAR HKEY_CURRENT_USER Client Hash WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 HKEY_LOCAL_MACHINE UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 HKEY_LOCAL_MACHINE WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} HKEY_LOCAL_MACHINE UninstallString UninstallString WinRegistryKey Software\WinRAR HKEY_CURRENT_USER WinRegistryKey Software\WinRAR HKEY_CURRENT_USER HWID HWID WinRegistryKey Software\Ghisler\Windows Commander HKEY_CURRENT_USER WinRegistryKey Software\Ghisler\Windows Commander HKEY_LOCAL_MACHINE WinRegistryKey Software\Ghisler\Total Commander HKEY_CURRENT_USER WinRegistryKey Software\Ghisler\Total Commander HKEY_LOCAL_MACHINE WinRegistryKey Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\GlobalSCAPE\CuteFTP 9\QCToolbar HKEY_CURRENT_USER WinRegistryKey Software\FlashFXP\3 HKEY_CURRENT_USER WinRegistryKey Software\FlashFXP HKEY_CURRENT_USER WinRegistryKey Software\FlashFXP\4 HKEY_CURRENT_USER WinRegistryKey Software\FlashFXP\3 HKEY_LOCAL_MACHINE WinRegistryKey Software\FlashFXP HKEY_LOCAL_MACHINE WinRegistryKey Software\FlashFXP\4 HKEY_LOCAL_MACHINE WinRegistryKey Software\FileZilla HKEY_CURRENT_USER WinRegistryKey Software\FileZilla Client HKEY_CURRENT_USER WinRegistryKey Software\FileZilla HKEY_LOCAL_MACHINE WinRegistryKey Software\FileZilla Client HKEY_LOCAL_MACHINE WinRegistryKey Software\BPFTP\Bullet Proof FTP\Main HKEY_CURRENT_USER WinRegistryKey Software\BulletProof Software\BulletProof FTP Client\Main HKEY_CURRENT_USER WinRegistryKey Software\BPFTP\Bullet Proof FTP\Options HKEY_CURRENT_USER WinRegistryKey Software\BulletProof Software\BulletProof FTP Client\Options HKEY_CURRENT_USER WinRegistryKey Software\BPFTP HKEY_CURRENT_USER WinRegistryKey Software\FTPWare\COREFTP\Sites HKEY_CURRENT_USER WinRegistryKey Software\VanDyke\SecureFX HKEY_CURRENT_USER WinRegistryKey Software\Martin Prikryl HKEY_CURRENT_USER WinRegistryKey Software\Martin Prikryl HKEY_LOCAL_MACHINE WinRegistryKey Software\Opera Software HKEY_CURRENT_USER WinRegistryKey Opera.HTML\shell\open\command HKEY_CLASSES_ROOT WinRegistryKey Software\Mozilla HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla\Firefox\Crash Reporter HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main HKEY_LOCAL_MACHINE PathToExe PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\bin HKEY_LOCAL_MACHINE PathToExe PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla HKEY_CURRENT_USER WinRegistryKey Software\Mozilla HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Microsoft\Internet Explorer\IntelliForms\Storage2 HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData HKEY_CURRENT_USER WinRegistryKey Software\ChromePlus HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Windows Live Mail HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Windows Mail HKEY_CURRENT_USER Salt WinRegistryKey Software\IncrediMail HKEY_CURRENT_USER WinRegistryKey Software\IncrediMail HKEY_LOCAL_MACHINE WinRegistryKey Software\Microsoft\Internet Account Manager\Accounts HKEY_CURRENT_USER WinRegistryKey Identities HKEY_CURRENT_USER WinRegistryKey Identities\{31810C36-5D23-4CCE-A3B4-316DED195C38}\Software\Microsoft\Internet Account Manager\Accounts HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Internet Account Manager HKEY_LOCAL_MACHINE Outlook WinRegistryKey Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\4c81aa8e3cec3747ac89336bb7dabb3d HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\660d890c36162745aa4a6e18387402e2 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8ad20125b268ee4082a7beb234d21c3e HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\91cde86748046c41886c2f5227df24b7 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP Email Address WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP Email Address WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER SMTP Email Address WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a1d7e55f7cf9a243ba916d5f08f9bae8 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a44233f8b7f7d346b14b6c8d0728d9dd HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ee39677bbdea5143a837a52d64001c8f HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook HKEY_CURRENT_USER WinRegistryKey Software\Mozilla HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox\Crash Reporter HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_CURRENT_USER WinRegistryKey Software\Mozilla HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\bin HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE WinRegistryKey Software\WinRAR HKEY_CURRENT_USER Client Hash WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 25.0 (x86 en-US) HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217071FF} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AA0000000001} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} HKEY_LOCAL_MACHINE DisplayName DisplayName WinRegistryKey Software\Microsoft\Internet Account Manager HKEY_LOCAL_MACHINE Outlook Outlook WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER NNTP Email Address WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER NNTP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER NNTP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER Email WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER HTTP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER HTTP Server URL WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER HTTPMail User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER HTTPMail Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER NNTP Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER HTTPMail Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER NNTP Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER HTTP Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER POP3 Port WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER SMTP Port WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001 HKEY_CURRENT_USER IMAP Port WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP Server SMTP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 Server POP3 Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER NNTP Email Address WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER NNTP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER NNTP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER Email Email WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER HTTP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER HTTP Server URL WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 User POP3 User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER HTTPMail User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER HTTPMail Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER NNTP Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER HTTPMail Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP Password2 WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER NNTP Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER HTTP Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP Password WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER POP3 Port WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER SMTP Port WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002 HKEY_CURRENT_USER IMAP Port WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER SMTP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER POP3 Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER POP3 User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER SMTP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER NNTP Email Address WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER NNTP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER NNTP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER IMAP Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER IMAP User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER Email WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER HTTP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER HTTP Server URL WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER POP3 User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER IMAP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER HTTPMail User Name WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER HTTPMail Server WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER SMTP User WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003 HKEY_CURRENT_USER POP3 Password2 DNSRecord butsulacoft.com URI butsulacoft.com SocketAddress 62.109.18.138 80 TCP NetworkSocket 62.109.18.138 80 TCP Contains SocketAddress api.ipify.org 80 NetworkConnection HTTP api.ipify.org 80 SocketAddress butsulacoft.com 80 NetworkConnection HTTP butsulacoft.com 80 SocketAddress supritofuld.ru 80 NetworkConnection HTTP supritofuld.ru 80 SocketAddress tekstheks.nl 80 NetworkConnection HTTP tekstheks.nl 80 URI api.ipify.org/ Contains URI None URI butsulacoft.com/ls5/forum.php Contains URI supritofuld.ru/ls5/forum.php Contains URI tekstheks.nl/wp-admin/includes/1 Contains URI tekstheks.nl/wp-admin/includes/2 Contains URI tekstheks.nl/wp-admin/includes/3 Contains URI butsulacoft.com/mlu/forum.php Contains File STD_OUTPUT_HANDLE File STD_INPUT_HANDLE WinRegistryKey Software\Policies\Microsoft\Windows\System HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Command Processor HKEY_LOCAL_MACHINE DisableUNCCheck EnableExtensions DelayedExpansion DefaultColor CompletionChar PathCompletionChar AutoRun WinRegistryKey Software\Microsoft\Command Processor HKEY_CURRENT_USER DisableUNCCheck EnableExtensions DelayedExpansion DefaultColor CompletionChar PathCompletionChar AutoRun File users\adu0vk iwa5kls\appdata\roaming\filezilla\sitemanager.xml users\adu0vk iwa5kls\appdata\roaming\filezilla\sitemanager.xml c:\ c:\users\adu0vk iwa5kls\appdata\roaming\filezilla\sitemanager.xml xml File users\adu0vk iwa5kls\appdata\roaming\filezilla\recentservers.xml users\adu0vk iwa5kls\appdata\roaming\filezilla\recentservers.xml c:\ c:\users\adu0vk iwa5kls\appdata\roaming\filezilla\recentservers.xml xml File users\adu0vk iwa5kls\appdata\roaming\filezilla\filezilla.xml users\adu0vk iwa5kls\appdata\roaming\filezilla\filezilla.xml c:\ c:\users\adu0vk iwa5kls\appdata\roaming\filezilla\filezilla.xml xml File programdata\filezilla\sitemanager.xml programdata\filezilla\sitemanager.xml c:\ c:\programdata\filezilla\sitemanager.xml xml File programdata\filezilla\recentservers.xml programdata\filezilla\recentservers.xml c:\ c:\programdata\filezilla\recentservers.xml xml File programdata\filezilla\filezilla.xml programdata\filezilla\filezilla.xml c:\ c:\programdata\filezilla\filezilla.xml xml File users\adu0vk iwa5kls\appdata\local\filezilla\sitemanager.xml users\adu0vk iwa5kls\appdata\local\filezilla\sitemanager.xml c:\ c:\users\adu0vk iwa5kls\appdata\local\filezilla\sitemanager.xml xml File users\adu0vk iwa5kls\appdata\local\filezilla\recentservers.xml users\adu0vk iwa5kls\appdata\local\filezilla\recentservers.xml c:\ c:\users\adu0vk iwa5kls\appdata\local\filezilla\recentservers.xml xml File users\adu0vk iwa5kls\appdata\local\filezilla\filezilla.xml users\adu0vk iwa5kls\appdata\local\filezilla\filezilla.xml c:\ c:\users\adu0vk iwa5kls\appdata\local\filezilla\filezilla.xml xml File users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp\sm.dat users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp\sm.dat dat File users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp pro\sm.dat users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp pro\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp pro\sm.dat dat File users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp lite\sm.dat users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp lite\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\globalscape\cuteftp lite\sm.dat dat File users\adu0vk iwa5kls\appdata\roaming\cuteftp\sm.dat users\adu0vk iwa5kls\appdata\roaming\cuteftp\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\cuteftp\sm.dat dat File programdata\globalscape\cuteftp\sm.dat programdata\globalscape\cuteftp\sm.dat c:\ c:\programdata\globalscape\cuteftp\sm.dat dat File programdata\globalscape\cuteftp pro\sm.dat programdata\globalscape\cuteftp pro\sm.dat c:\ c:\programdata\globalscape\cuteftp pro\sm.dat dat File programdata\globalscape\cuteftp lite\sm.dat programdata\globalscape\cuteftp lite\sm.dat c:\ c:\programdata\globalscape\cuteftp lite\sm.dat dat File programdata\cuteftp\sm.dat programdata\cuteftp\sm.dat c:\ c:\programdata\cuteftp\sm.dat dat File users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp\sm.dat users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp\sm.dat dat File users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp pro\sm.dat users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp pro\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp pro\sm.dat dat File users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp lite\sm.dat users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp lite\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\globalscape\cuteftp lite\sm.dat dat File users\adu0vk iwa5kls\appdata\local\cuteftp\sm.dat users\adu0vk iwa5kls\appdata\local\cuteftp\sm.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\cuteftp\sm.dat dat File program files (x86)\globalscape\cuteftp\sm.dat program files (x86)\globalscape\cuteftp\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp\sm.dat dat File program files (x86)\globalscape\cuteftp pro\sm.dat program files (x86)\globalscape\cuteftp pro\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp pro\sm.dat dat File program files (x86)\globalscape\cuteftp lite\sm.dat program files (x86)\globalscape\cuteftp lite\sm.dat c:\ c:\program files (x86)\globalscape\cuteftp lite\sm.dat dat File program files (x86)\cuteftp\sm.dat program files (x86)\cuteftp\sm.dat c:\ c:\program files (x86)\cuteftp\sm.dat dat File windows\wcx_ftp.ini windows\wcx_ftp.ini c:\ c:\windows\wcx_ftp.ini ini File users\adu0vk iwa5kls\wcx_ftp.ini users\adu0vk iwa5kls\wcx_ftp.ini c:\ c:\users\adu0vk iwa5kls\wcx_ftp.ini ini File users\adu0vk iwa5kls\appdata\roaming\ghisler\wcx_ftp.ini users\adu0vk iwa5kls\appdata\roaming\ghisler\wcx_ftp.ini c:\ c:\users\adu0vk iwa5kls\appdata\roaming\ghisler\wcx_ftp.ini ini File programdata\ghisler\wcx_ftp.ini programdata\ghisler\wcx_ftp.ini c:\ c:\programdata\ghisler\wcx_ftp.ini ini File users\adu0vk iwa5kls\appdata\local\ghisler\wcx_ftp.ini users\adu0vk iwa5kls\appdata\local\ghisler\wcx_ftp.ini c:\ c:\users\adu0vk iwa5kls\appdata\local\ghisler\wcx_ftp.ini ini File users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\sites.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\sites.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\sites.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\sites.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\sites.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\sites.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\quick.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\quick.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\quick.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\quick.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\quick.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\quick.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\history.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\3\history.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\history.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\4\history.dat dat File users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\history.dat users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\roaming\flashfxp\5\history.dat dat File programdata\flashfxp\3\sites.dat programdata\flashfxp\3\sites.dat c:\ c:\programdata\flashfxp\3\sites.dat dat File programdata\flashfxp\4\sites.dat programdata\flashfxp\4\sites.dat c:\ c:\programdata\flashfxp\4\sites.dat dat File programdata\flashfxp\5\sites.dat programdata\flashfxp\5\sites.dat c:\ c:\programdata\flashfxp\5\sites.dat dat File programdata\flashfxp\3\quick.dat programdata\flashfxp\3\quick.dat c:\ c:\programdata\flashfxp\3\quick.dat dat File programdata\flashfxp\4\quick.dat programdata\flashfxp\4\quick.dat c:\ c:\programdata\flashfxp\4\quick.dat dat File programdata\flashfxp\5\quick.dat programdata\flashfxp\5\quick.dat c:\ c:\programdata\flashfxp\5\quick.dat dat File programdata\flashfxp\3\history.dat programdata\flashfxp\3\history.dat c:\ c:\programdata\flashfxp\3\history.dat dat File programdata\flashfxp\4\history.dat programdata\flashfxp\4\history.dat c:\ c:\programdata\flashfxp\4\history.dat dat File programdata\flashfxp\5\history.dat programdata\flashfxp\5\history.dat c:\ c:\programdata\flashfxp\5\history.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\3\sites.dat users\adu0vk iwa5kls\appdata\local\flashfxp\3\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\3\sites.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\4\sites.dat users\adu0vk iwa5kls\appdata\local\flashfxp\4\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\4\sites.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\5\sites.dat users\adu0vk iwa5kls\appdata\local\flashfxp\5\sites.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\5\sites.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\3\quick.dat users\adu0vk iwa5kls\appdata\local\flashfxp\3\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\3\quick.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\4\quick.dat users\adu0vk iwa5kls\appdata\local\flashfxp\4\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\4\quick.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\5\quick.dat users\adu0vk iwa5kls\appdata\local\flashfxp\5\quick.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\5\quick.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\3\history.dat users\adu0vk iwa5kls\appdata\local\flashfxp\3\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\3\history.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\4\history.dat users\adu0vk iwa5kls\appdata\local\flashfxp\4\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\4\history.dat dat File users\adu0vk iwa5kls\appdata\local\flashfxp\5\history.dat users\adu0vk iwa5kls\appdata\local\flashfxp\5\history.dat c:\ c:\users\adu0vk iwa5kls\appdata\local\flashfxp\5\history.dat dat File users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data c:\ c:\users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data File users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data-journal users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data-journal c:\ c:\users\adu0vk iwa5kls\appdata\local\google\chrome\user data\default\web data-journal File users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\signons.sqlite users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\signons.sqlite c:\ c:\users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\signons.sqlite sqlite File users\adu0vk iwa5kls\appdata\roaming\jaxx\local storage\file__0.localstorage users\adu0vk iwa5kls\appdata\roaming\jaxx\local storage\file__0.localstorage c:\ c:\users\adu0vk iwa5kls\appdata\roaming\jaxx\local storage\file__0.localstorage localstorage WinRegistryKey Software\WinRAR HKEY_CURRENT_USER HWID HWID WinRegistryKey Software\FlashFXP\5 HKEY_CURRENT_USER WinRegistryKey Software\FlashFXP\5 HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla\Firefox\Crash Reporter HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_CURRENT_USER PathToExe WinRegistryKey Software\Mozilla HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main HKEY_LOCAL_MACHINE PathToExe PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\bin HKEY_LOCAL_MACHINE PathToExe PathToExe WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE PathToExe WinRegistryKey Identities HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\0a0d020000000000c000000000000046 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\3517490d76624c419a828607e2a54604 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\4c81aa8e3cec3747ac89336bb7dabb3d HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\660d890c36162745aa4a6e18387402e2 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8503020000000000c000000000000046 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\8ad20125b268ee4082a7beb234d21c3e HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\91cde86748046c41886c2f5227df24b7 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a1d7e55f7cf9a243ba916d5f08f9bae8 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\a44233f8b7f7d346b14b6c8d0728d9dd HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761 HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ee39677bbdea5143a837a52d64001c8f HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001 HKEY_CURRENT_USER WinRegistryKey Software\Mozilla HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox\Crash Reporter HKEY_CURRENT_USER WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_CURRENT_USER WinRegistryKey Software\Mozilla HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Firefox\TaskBarIDs HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US) HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Main HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox\25.0 (en-US)\Uninstall HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0 HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\bin HKEY_LOCAL_MACHINE WinRegistryKey Software\Mozilla\Mozilla Firefox 25.0\extensions HKEY_LOCAL_MACHINE DNSRecord butsulacoft.com URI butsulacoft.com/d2/about.php Contains Mutex e WinRegistryKey Software\Microsoft\aaf4e053c HKEY_CURRENT_USER SocketAddress fortsiretbab.com 80 NetworkConnection HTTP fortsiretbab.com 80 URI fortsiretbab.com/bdl/gate.php Contains File users\adu0vk~1\appdata\local\temp\bn649b.tmp users\adu0vk~1\appdata\local\temp\bn649b.tmp c:\ c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp tmp File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE File users\adu0vk iwa5kls\appdata\roaming\teetfo users\adu0vk iwa5kls\appdata\roaming\teetfo c:\ c:\users\adu0vk iwa5kls\appdata\roaming\teetfo File users\adu0vk iwa5kls\appdata\roaming\byheq users\adu0vk iwa5kls\appdata\roaming\byheq c:\ c:\users\adu0vk iwa5kls\appdata\roaming\byheq File users\adu0vk iwa5kls\appdata\roaming\utobyg users\adu0vk iwa5kls\appdata\roaming\utobyg c:\ c:\users\adu0vk iwa5kls\appdata\roaming\utobyg File users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi c:\ c:\users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi ifi MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\adu0vk iwa5kls\appdata\roaming\utobyg\aslim.exe users\adu0vk iwa5kls\appdata\roaming\utobyg\aslim.exe c:\ c:\users\adu0vk iwa5kls\appdata\roaming\utobyg\aslim.exe exe MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 File users\adu0vk iwa5kls\appdata\roaming\teetfo\ugav.ocv users\adu0vk iwa5kls\appdata\roaming\teetfo\ugav.ocv c:\ c:\users\adu0vk iwa5kls\appdata\roaming\teetfo\ugav.ocv ocv MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Mutex Global\{AE124E3B-FDD1-1422-65D9-FE61A0417768} Mutex Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} Mutex Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} Mutex Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} Mutex Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} Mutex Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} Mutex Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} Mutex Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} Mutex Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} Mutex Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} Mutex Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} Mutex Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} Mutex Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} Mutex Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} Mutex Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} Mutex Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} Mutex Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} Mutex Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} Mutex Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} Mutex Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} Mutex Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} Mutex Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} Mutex Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} Mutex Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} Mutex Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} Mutex Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} Mutex Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} Mutex Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} Mutex Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} Mutex Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} Mutex Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} Mutex Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} Mutex Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} Mutex Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} Mutex Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} Mutex Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} Mutex Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} Mutex Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} Mutex Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} Mutex Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} Mutex Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} Mutex Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} Mutex Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} Mutex Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} Mutex Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} Mutex Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0} Mutex Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0} Mutex Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0} Mutex Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0} Mutex Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0} Mutex Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0} Mutex Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0} WinRegistryKey Software\Microsoft\aaf4e053c HKEY_CURRENT_USER 1dc1e28ae WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft HKEY_CURRENT_USER WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER WinRegistryKey SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE InstallDate WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey SOFTWARE\Microsoft\Windows NT\CurrentVersion HKEY_LOCAL_MACHINE DigitalProductId DigitalProductId File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE Mutex Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} Mutex Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE Mutex Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} Mutex Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE File users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi c:\ c:\users\adu0vk iwa5kls\appdata\roaming\byheq\hybe.ifi ifi File users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\cert8.db users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\cert8.db c:\ c:\users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\cert8.db db File users\adu0vk iwa5kls\appdata\roaming\libeay32.dll users\adu0vk iwa5kls\appdata\roaming\libeay32.dll c:\ c:\users\adu0vk iwa5kls\appdata\roaming\libeay32.dll dll MD5 2ed6a2a2be88d3a48fa820a6bb15cd25 SHA1 fbbfa096208027cb99174dac08b16818db397521 SHA256 d61532be14bec8dd27477b58cb767579d58900634b0c33b8ade81aec85171b0b File users\adu0vk iwa5kls\appdata\roaming\libevent-2-0-5.dll users\adu0vk iwa5kls\appdata\roaming\libevent-2-0-5.dll c:\ c:\users\adu0vk iwa5kls\appdata\roaming\libevent-2-0-5.dll dll MD5 90f50a285efa5dd9c7fddce786bdef25 SHA1 54213da21542e11d656bb65db724105afe8be688 SHA256 77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f File users\adu0vk iwa5kls\appdata\roaming\libgcc_s_sjlj-1.dll users\adu0vk iwa5kls\appdata\roaming\libgcc_s_sjlj-1.dll c:\ c:\users\adu0vk iwa5kls\appdata\roaming\libgcc_s_sjlj-1.dll dll MD5 73d4823075762ee2837950726baa2af9 SHA1 ebce3532ed94ad1df43696632ab8cf8da8b9e221 SHA256 9aeccf88253d4557a90793e22414868053caaab325842c0d7acb0365e88cd53b File users\adu0vk iwa5kls\appdata\roaming\libssp-0.dll users\adu0vk iwa5kls\appdata\roaming\libssp-0.dll c:\ c:\users\adu0vk iwa5kls\appdata\roaming\libssp-0.dll dll MD5 78581e243e2b41b17452da8d0b5b2a48 SHA1 eaefb59c31cf07e60a98af48c5348759586a61bb SHA256 f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f File users\adu0vk iwa5kls\appdata\roaming\ssleay32.dll users\adu0vk iwa5kls\appdata\roaming\ssleay32.dll c:\ c:\users\adu0vk iwa5kls\appdata\roaming\ssleay32.dll dll MD5 acfdeda45860601f49e4d2b102078981 SHA1 7df7645fc704f955b8762593aac7b2e8535fbe29 SHA256 1c8f8ce21cd0d01c8b302ebe9c4b85a4a18babec0f84c05e56d5fa4b95bcf688 File users\adu0vk iwa5kls\appdata\roaming\tor.exe users\adu0vk iwa5kls\appdata\roaming\tor.exe c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor.exe exe MD5 404242a1b8f01d51ef4789132b784691 SHA1 9059b0dfe5c629ee82c640f41041471104baf343 SHA256 58a4e31a68fb7467a0b56578548487ebd19cc9ce79584fc3fa4864ce87a15f71 File users\adu0vk iwa5kls\appdata\roaming\zlib1.dll users\adu0vk iwa5kls\appdata\roaming\zlib1.dll c:\ c:\users\adu0vk iwa5kls\appdata\roaming\zlib1.dll dll MD5 fb072e9f69afdb57179f59b512f828a4 SHA1 fe71b70173e46ee4e3796db9139f77dc32d2f846 SHA256 66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383 File users\adu0vk~1\appdata\local\temp\okguaxb.crt users\adu0vk~1\appdata\local\temp\okguaxb.crt c:\ c:\users\adu0vk~1\appdata\local\temp\okguaxb.crt crt MD5 a78828838883401dbf1ec05583bc7c8a SHA1 e6a3a437d4b3fbfd5750e5aa962570c1da1ef6fd SHA256 ca3afa28388e5b26ef47402c85adf558d8610d097f67637d8d01456145afb3b9 File users\adu0vk~1\appdata\local\temp\certutil.exe users\adu0vk~1\appdata\local\temp\certutil.exe c:\ c:\users\adu0vk~1\appdata\local\temp\certutil.exe exe MD5 0c6b43c9602f4d5ac9dcf907103447c4 SHA1 7a77c7ae99d400243845cce0e0931f029a73f79a SHA256 5950722034c8505daa9b359127feb707f16c37d2f69e79d16ee6d9ec37690478 File users\adu0vk~1\appdata\local\temp\freebl3.dll users\adu0vk~1\appdata\local\temp\freebl3.dll c:\ c:\users\adu0vk~1\appdata\local\temp\freebl3.dll dll MD5 269beb631b580c6d54db45b5573b1de5 SHA1 64050c1159c2bcfc0e75da407ef0098ad2de17c8 SHA256 ffc7558a61a4e6546cf095bdeabea19f05247a0daa02dca20ea3605e7fc62c77 File users\adu0vk~1\appdata\local\temp\libnspr4.dll users\adu0vk~1\appdata\local\temp\libnspr4.dll c:\ c:\users\adu0vk~1\appdata\local\temp\libnspr4.dll dll MD5 6e84af2875700285309dd29294365c6a SHA1 fc3cb3b2a704250fc36010e2ab495cdc5e7378a9 SHA256 1c158e680749e642e55f721f60a71314e26e03e785cd92e560bf650b83c4c3c8 File users\adu0vk~1\appdata\local\temp\libplc4.dll users\adu0vk~1\appdata\local\temp\libplc4.dll c:\ c:\users\adu0vk~1\appdata\local\temp\libplc4.dll dll MD5 1fae68b740f18290b98b2f9e23313cc2 SHA1 fa3545dc8db38b3b27f1009e1d61dc2949df3878 SHA256 751c2156dc00525668dd990d99f7f61c257951c3fad01c0ee6359fcdff69f933 File users\adu0vk~1\appdata\local\temp\libplds4.dll users\adu0vk~1\appdata\local\temp\libplds4.dll c:\ c:\users\adu0vk~1\appdata\local\temp\libplds4.dll dll MD5 9ae76db13972553a5de5bdd07b1b654d SHA1 0c4508eb6f13b9b178237ccc4da759bff10af658 SHA256 38a906373419501966daf6ec19ca2f8db7b29609128ae5cb424d2aa511652c29 File users\adu0vk~1\appdata\local\temp\msvcr100.dll users\adu0vk~1\appdata\local\temp\msvcr100.dll c:\ c:\users\adu0vk~1\appdata\local\temp\msvcr100.dll dll MD5 0e37fbfa79d349d672456923ec5fbbe3 SHA1 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 SHA256 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 File users\adu0vk~1\appdata\local\temp\nss3.dll users\adu0vk~1\appdata\local\temp\nss3.dll c:\ c:\users\adu0vk~1\appdata\local\temp\nss3.dll dll MD5 a1c4628d184b6ab25550b1ce74f44792 SHA1 c2c447fd2fda68c0ec44b3529a2550d2e2a8c3bc SHA256 3f997d3f1674de9fd119f275638861bc229352f12c70536d8c83a70fcc370847 File users\adu0vk~1\appdata\local\temp\nssdbm3.dll users\adu0vk~1\appdata\local\temp\nssdbm3.dll c:\ c:\users\adu0vk~1\appdata\local\temp\nssdbm3.dll dll MD5 051652ba7ca426846e936bc5aa3f39f3 SHA1 0012007876dde3a2d764249ad86bc428300fe91e SHA256 8eca993570fa55e8fe8f417143eea8128a58472e23074cbd2e6af4d3bb0f0d9a File users\adu0vk~1\appdata\local\temp\nssutil3.dll users\adu0vk~1\appdata\local\temp\nssutil3.dll c:\ c:\users\adu0vk~1\appdata\local\temp\nssutil3.dll dll MD5 c26e940b474728e728cafe5912ba418a SHA1 7256e378a419f8d87de71835e6ad12faadaaaf73 SHA256 1af1ac51a92b36de8d85d1f572369815404912908c3a489a6cd7ca2350c2a93d File users\adu0vk~1\appdata\local\temp\smime3.dll users\adu0vk~1\appdata\local\temp\smime3.dll c:\ c:\users\adu0vk~1\appdata\local\temp\smime3.dll dll MD5 a5c670edf4411bf7f132f4280026137b SHA1 c0e3cbdde7d3cebf41a193eeca96a11ce2b6da58 SHA256 aba2732c7a016730e94e645dd04e8fafcc173fc2e5e2aac01a1c0c66ead1983e File users\adu0vk~1\appdata\local\temp\softokn3.dll users\adu0vk~1\appdata\local\temp\softokn3.dll c:\ c:\users\adu0vk~1\appdata\local\temp\softokn3.dll dll MD5 2ab31c9401870adb4e9d88b5a6837abf SHA1 4f0fdd699e63f614d79ed6e47ef61938117d3b7a SHA256 22ecece561510f77b100cff8109e5ed492c34707b7b14e0774aaa9ca813de4ad File users\adu0vk~1\appdata\local\temp\sqlite3.dll users\adu0vk~1\appdata\local\temp\sqlite3.dll c:\ c:\users\adu0vk~1\appdata\local\temp\sqlite3.dll dll MD5 b58848a28a1efb85677e344db1fd67e6 SHA1 dad48e2b2b3b936efc15ac2c5f9099b7a1749976 SHA256 00db98ab4d50e9b26ecd193bfad6569e1dd395db14246f8c233febba93965f7a File users\adu0vk iwa5kls\appdata\roaming\teetfo\ugav.ocv users\adu0vk iwa5kls\appdata\roaming\teetfo\ugav.ocv c:\ c:\users\adu0vk iwa5kls\appdata\roaming\teetfo\ugav.ocv ocv Mutex Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} Mutex Global\{D773FC21-4FCB-6D43-65D9-FE61A0417768} Mutex Global\{86709C2F-2FC5-3C40-65D9-FE61A0417768} Mutex Global\{E4529D1E-2EF4-5E62-65D9-FE61A0417768} Mutex Global\{E4529D1D-2EF7-5E62-65D9-FE61A0417768} Mutex Global\{E4529D1F-2EF5-5E62-65D9-FE61A0417768} Mutex Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} Mutex Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} Mutex Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} Mutex Global\{1F05FC9E-4F74-A535-65D9-FE61A0417768} Mutex Global\{6E93744F-C7A5-D4A3-65D9-FE61A0417768} Mutex Global\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768} Mutex Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768} WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Xayqzo WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz WinRegistryKey Software\Microsoft\Seto HKEY_CURRENT_USER Yqlozyzuz SocketAddress 32090 TCP NetworkSocket 32090 TCP Contains SocketAddress 38078 TCP NetworkSocket 38078 TCP Contains SocketAddress 127.0.0.1 9050 TCP NetworkSocket 127.0.0.1 9050 TCP Contains SocketAddress checkip.dyndns.org 80 NetworkConnection HTTP checkip.dyndns.org 80 URI checkip.dyndns.org/ Contains File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE Mutex Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768} Mutex Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768} File users\adu0vk iwa5kls\appdata\roaming\tor\state.tmp users\adu0vk iwa5kls\appdata\roaming\tor\state.tmp c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\state.tmp tmp MD5 e4d677c20ca290bcfd1d6b243252d2c5 SHA1 e6b63577a0a80a076ee0fb4e84dc257636930d6a SHA256 268ca275084d97b3e74e9878d76ca73b88d347eb2e773b84bba6fafbf9c91b6b File users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus.tmp users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus.tmp c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus.tmp tmp MD5 119ed7e89f9cb1f141177312c9095c76 SHA1 bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256 d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 File users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs.tmp users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs.tmp c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs.tmp tmp MD5 1c8c962beaa633f2cced63d4c5ad201f SHA1 ef528bb119b2568596840d51498c2d9aa39bfbe2 SHA256 c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467 File users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus.tmp users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus.tmp c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus.tmp tmp MD5 119ed7e89f9cb1f141177312c9095c76 SHA1 bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256 d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 File users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdescs.new users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdescs.new c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdescs.new new File users\adu0vk iwa5kls\appdata\roaming\tor\lock users\adu0vk iwa5kls\appdata\roaming\tor\lock c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\lock File users\adu0vk iwa5kls\appdata\roaming\tor\router-stability users\adu0vk iwa5kls\appdata\roaming\tor\router-stability c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\router-stability File users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-certs MD5 1c8c962beaa633f2cced63d4c5ad201f SHA1 ef528bb119b2568596840d51498c2d9aa39bfbe2 SHA256 c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467 File users\adu0vk iwa5kls\appdata\roaming\tor\cached-consensus users\adu0vk iwa5kls\appdata\roaming\tor\cached-consensus c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-consensus File users\adu0vk iwa5kls\appdata\roaming\tor\unverified-consensus users\adu0vk iwa5kls\appdata\roaming\tor\unverified-consensus c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\unverified-consensus File users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdesc-consensus MD5 119ed7e89f9cb1f141177312c9095c76 SHA1 bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256 d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 File users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\unverified-microdesc-consensus MD5 119ed7e89f9cb1f141177312c9095c76 SHA1 bece3039cc4e6c36d9d0b7151311a2e89393f212 SHA256 d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6 File users\adu0vk iwa5kls\appdata\roaming\tor\geoip users\adu0vk iwa5kls\appdata\roaming\tor\geoip c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\geoip File users\adu0vk iwa5kls\appdata\roaming\tor\geoip6 users\adu0vk iwa5kls\appdata\roaming\tor\geoip6 c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\geoip6 File users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdescs users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdescs c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-microdescs File users\adu0vk iwa5kls\appdata\roaming\tor\cached-descriptors users\adu0vk iwa5kls\appdata\roaming\tor\cached-descriptors c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-descriptors File users\adu0vk iwa5kls\appdata\roaming\tor\cached-extrainfo users\adu0vk iwa5kls\appdata\roaming\tor\cached-extrainfo c:\ c:\users\adu0vk iwa5kls\appdata\roaming\tor\cached-extrainfo SocketAddress 0 TCP NetworkSocket 0 TCP Contains SocketAddress 9050 TCP NetworkSocket 9050 TCP Contains SocketAddress 127.0.0.1 49172 TCP NetworkSocket 127.0.0.1 49172 TCP Contains SocketAddress 82.223.21.74 9001 TCP NetworkSocket 82.223.21.74 9001 TCP Contains File STD_INPUT_HANDLE File STD_OUTPUT_HANDLE File STD_ERROR_HANDLE File users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\secmod.db users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\secmod.db c:\ c:\users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\secmod.db db File users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\cert8.db users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\cert8.db c:\ c:\users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\cert8.db db File users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\key3.db users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\key3.db c:\ c:\users\adu0vk iwa5kls\appdata\roaming\mozilla\firefox\profiles\asmpdd98.default\key3.db db File users\adu0vk~1\appdata\local\temp\okguaxb.crt users\adu0vk~1\appdata\local\temp\okguaxb.crt c:\ c:\users\adu0vk~1\appdata\local\temp\okguaxb.crt crt Analyzed Sample #17501 Malware Artifacts 17501 Sample-ID: #17501 Job-ID: #2012 First_Name This sample was analyzed by VMRay Analyzer 2.2.0 on a Windows 7 system 0 VTI Score based on VTI Database Version 2.6 Metadata of Sample File #17501 Submission-ID: #17523 C:\Users\aDU0VK IWA5kLS\Desktop\UPS_Slip_307086.doc doc MD5 929fb9558479a5c1c33f71a7373c3962 SHA1 fcc0f73d96e660c58dd2e2f9a433a17aabdb7c62 SHA256 ab90ed6cb461f17ce1f901097a045aba7c984898a0425767f01454689698f2e9 Opened_By Metadata of Analysis for Job-ID #2012 Timeout False x86 64-bit 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa) win7_64_sp1-mso2013 True 134.965 Windows 7 This is a property collection for additional information of VMRay analysis VMRay Analyzer Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Windows\SysWOW64\svchost.exe". Create process Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Local\mtxLogMeInIgnition.IgnitionMutex". Create system object Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "cmd /K". Create process Browser VTI rule match with VTI rule score 3/5 vmray_read_browser_credentials Read saved credentials for "Mozilla Firefox". Read data related to saved browser credentials Browser VTI rule match with VTI rule score 3/5 vmray_read_browser_credentials Read saved credentials for "Google Chrome". Read data related to saved browser credentials Network VTI rule match with VTI rule score 3/5 vmray_request_dns_by_name Resolve host name "butsulacoft.com". Perform DNS request User VTI rule match with VTI rule score 5/5 vmray_bruteforce_user_account Possibly trying to bruteforce the "Guest" account. Bruteforce user account Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Windows\System32\svchost.exe". Create process Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Users\ADU0VK~1\AppData\Local\Temp\BN649B.tmp". Create process Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "e". Create system object Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "explorer.exe". Create process Process VTI rule match with VTI rule score 4/5 vmray_read_from_remote_process "c:\users\adu0vk~1\appdata\local\temp\bn649b.tmp" reads from "explorer.exe". Read from memory of another process Anti Analysis VTI rule match with VTI rule score 3/5 vmray_delay_execution_by_sleep One thread sleeps more than 5 minutes. Delay execution Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{AE124E3B-FDD1-1422-65D9-FE61A0417768}". Create system object Information Stealing VTI rule match with VTI rule score 2/5 vmray_read_windows_install_date Read the Windows installation date from registry. Read system data Information Stealing VTI rule match with VTI rule score 3/5 vmray_read_windows_license_by_registry Readout Windows license key. Read system data Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 4416 byte in "HKEY_CURRENT_USER\Software\Microsoft\aaf4e053c\1dc1e28ae". Write large data into the registry Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{85B42B0A-98E0-3F84-65D9-FE61A0417768}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Local\{85B47B09-C8E3-3F84-65D9-FE61A0417768}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{4F600524-B6CE-F550-C27E-E7A907E66EA0}". Create system object Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Windows\syswow64\msiexec.exe". Create process Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768}". Create system object Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 1061 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{4F600524-B6CE-F550-027C-E7A9C7E46EA0}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{4F600524-B6CE-F550-6679-E7A9A3E16EA0}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0}". Create system object Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\tor.exe". Create process Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 1445 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{D773FC21-4FCB-6D43-65D9-FE61A0417768}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{86709C2F-2FC5-3C40-65D9-FE61A0417768}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{E4529D1E-2EF4-5E62-65D9-FE61A0417768}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{E4529D1D-2EF7-5E62-65D9-FE61A0417768}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{E4529D1F-2EF5-5E62-65D9-FE61A0417768}". Create system object Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 1828 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 3220 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 3315 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 6682 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 2123 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Xayqzo". Write large data into the registry Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 7244 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{1F05FC9E-4F74-A535-65D9-FE61A0417768}". Create system object Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{6E93744F-C7A5-D4A3-65D9-FE61A0417768}". Create system object Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 7055 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Process VTI rule match with VTI rule score 1/5 vmray_install_ipc_endpoint Create mutex with name "Global\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768}". Create system object Hide Tracks VTI rule match with VTI rule score 2/5 vmray_hide_data_in_registry Hide 9367 byte in "HKEY_CURRENT_USER\Software\Microsoft\Seto\Yqlozyzuz". Write large data into the registry Process VTI rule match with VTI rule score 4/5 vmray_document_create_process Create process ""C:\Users\ADU0VK~1\AppData\Local\Temp\certutil.exe" -A -n "yvesl" -t "C,C,C" -i "C:\Users\ADU0VK~1\AppData\Local\Temp\okguaxb.crt" -d "C:\Users\aDU0VK IWA5kLS\AppData\Roaming\Mozilla\Firefox\Profiles\asmpdd98.default"". Create process Browser VTI rule match with VTI rule score 3/5 vmray_read_browser_master_key Read the master key for "Mozilla Firefox". Read data related to saved browser credentials