Sample File: MD5 hash: ba9f2b64df4bd9cb44c6be4f03c780fc SHA1 hash: 918322331409a83f3c4df4698ac194813001cdd3 SHA256 hash: c71c3662a7ebba5fdd0d804fe9ff864789fa08e8286352c21b339b9db2c3db81 SSDEEP hash: 1536:w6/W/jqTJldK7DjWN5YvAbnoD72egkjOp/EFCkzmPA:JYkgWN5YHzOp/EFaPA Filename(s): p.exe Filetype: Windows Exe (x86-32) Mutex IOCs: - None - Registry Key IOCs: HKEY_CLASSES_ROOT\CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32 HKEY_CLASSES_ROOT\FTP++.Link\shell\open\command HKEY_CLASSES_ROOT\Opera.HTML\shell\open\command HKEY_CURRENT_USER\Identities HKEY_CURRENT_USER\SOFTWARE\LeapWare HKEY_CURRENT_USER\SOFTWARE\NCH Software\Fling\Accounts HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\FTPServers HKEY_CURRENT_USER\SOFTWARE\Robo-FTP 3.7\Scripts HKEY_CURRENT_USER\Software\AceBIT HKEY_CURRENT_USER\Software\Adobe\Common HKEY_CURRENT_USER\Software\BPFTP HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Main HKEY_CURRENT_USER\Software\BPFTP\Bullet Proof FTP\Options HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Main HKEY_CURRENT_USER\Software\BulletProof Software\BulletProof FTP Client\Options HKEY_CURRENT_USER\Software\ChromePlus HKEY_CURRENT_USER\Software\CoffeeCup Software HKEY_CURRENT_USER\Software\CoffeeCup Software\Internet\Profiles HKEY_CURRENT_USER\Software\Cryer\WebSitePublisher HKEY_CURRENT_USER\Software\ExpanDrive HKEY_CURRENT_USER\Software\ExpanDrive\Sessions HKEY_CURRENT_USER\Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224 HKEY_CURRENT_USER\Software\FTP Explorer\Profiles HKEY_CURRENT_USER\Software\FTPClient\Sites HKEY_CURRENT_USER\Software\FTPWare\COREFTP\Sites HKEY_CURRENT_USER\Software\Far Manager\Plugins\FTP\Hosts HKEY_CURRENT_USER\Software\Far Manager\SavedDialogHistory\FTPHost HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts HKEY_CURRENT_USER\Software\Far2\SavedDialogHistory\FTPHost HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts HKEY_CURRENT_USER\Software\Far\SavedDialogHistory\FTPHost HKEY_CURRENT_USER\Software\FileZilla HKEY_CURRENT_USER\Software\FileZilla Client HKEY_CURRENT_USER\Software\FlashFXP HKEY_CURRENT_USER\Software\FlashFXP\3 HKEY_CURRENT_USER\Software\FlashFXP\4 HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings HKEY_CURRENT_USER\Software\Ghisler\Total Commander HKEY_CURRENT_USER\Software\Ghisler\Windows Commander HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar HKEY_CURRENT_USER\Software\IncrediMail HKEY_CURRENT_USER\Software\LeechFTP HKEY_CURRENT_USER\Software\LinasFTP\Site Manager HKEY_CURRENT_USER\Software\MAS-Soft\FTPInfo\Setup HKEY_CURRENT_USER\Software\Martin Prikryl HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2 HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail HKEY_CURRENT_USER\Software\Microsoft\Windows Mail HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook HKEY_CURRENT_USER\Software\Mozilla HKEY_CURRENT_USER\Software\Mozilla\Firefox HKEY_CURRENT_USER\Software\Mozilla\Firefox\PathToExe HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs HKEY_CURRENT_USER\Software\Mozilla\Firefox\TaskBarIDs\PathToExe HKEY_CURRENT_USER\Software\Mozilla\PathToExe HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\FTP HKEY_CURRENT_USER\Software\Nico Mak Computing\WinZip\mru\jobs HKEY_CURRENT_USER\Software\Opera Software HKEY_CURRENT_USER\Software\Poco Systems Inc HKEY_CURRENT_USER\Software\RIT\The Bat! HKEY_CURRENT_USER\Software\RIT\The Bat!\Users depot HKEY_CURRENT_USER\Software\RimArts\B2\Settings HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions HKEY_CURRENT_USER\Software\SoftX.org\FTPClient\Sites HKEY_CURRENT_USER\Software\Sota\FFFTP HKEY_CURRENT_USER\Software\Sota\FFFTP\Options HKEY_CURRENT_USER\Software\South River Technologies\WebDrive\Connections HKEY_CURRENT_USER\Software\TurboFTP HKEY_CURRENT_USER\Software\VanDyke\SecureFX HKEY_CURRENT_USER\Software\WinRAR HKEY_CURRENT_USER\Software\WinRAR\HWID HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32 HKEY_LOCAL_MACHINE\SOFTWARE\LeapWare HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D82C954-2957-418B-908F-FE78BF3A8BEB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D82C954-2957-418B-908F-FE78BF3A8BEB}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D82C954-2957-418B-908F-FE78BF3A8BEB}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3c3aafc8-d898-43ec-998f-965ffdae065a}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{582EA838-9199-3518-A05C-DB09462F68EC}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68306422-7C57-373F-8860-D26CE4BA2A15}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824214663} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824214663}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824237067}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e52a6842-b0ac-476e-b48f-378a97a67346}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f}\DisplayName HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f325f05b-f963-4640-a43b-c8a494cdda0f}\UninstallString HKEY_LOCAL_MACHINE\SOFTWARE\NCH Software\Fling\Accounts HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\FTPServers HKEY_LOCAL_MACHINE\SOFTWARE\Robo-FTP 3.7\Scripts HKEY_LOCAL_MACHINE\Software\AceBIT HKEY_LOCAL_MACHINE\Software\CoffeeCup Software HKEY_LOCAL_MACHINE\Software\FTPClient\Sites HKEY_LOCAL_MACHINE\Software\FileZilla HKEY_LOCAL_MACHINE\Software\FileZilla Client HKEY_LOCAL_MACHINE\Software\FlashFXP HKEY_LOCAL_MACHINE\Software\FlashFXP\3 HKEY_LOCAL_MACHINE\Software\FlashFXP\4 HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander HKEY_LOCAL_MACHINE\Software\Ghisler\Windows Commander HKEY_LOCAL_MACHINE\Software\IncrediMail HKEY_LOCAL_MACHINE\Software\Martin Prikryl HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Account Manager\Outlook HKEY_LOCAL_MACHINE\Software\Mozilla HKEY_LOCAL_MACHINE\Software\Mozilla\PathToExe HKEY_LOCAL_MACHINE\Software\NCH Software\ClassicFTP\FTPAccounts HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\FTP HKEY_LOCAL_MACHINE\Software\Nico Mak Computing\WinZip\mru\jobs HKEY_LOCAL_MACHINE\Software\Poco Systems Inc HKEY_LOCAL_MACHINE\Software\RIT\The Bat! HKEY_LOCAL_MACHINE\Software\RIT\The Bat!\Users depot HKEY_LOCAL_MACHINE\Software\RimArts\B2\Settings HKEY_LOCAL_MACHINE\Software\SimonTatham\PuTTY\Sessions HKEY_LOCAL_MACHINE\Software\SoftX.org\FTPClient\Sites HKEY_LOCAL_MACHINE\Software\South River Technologies\WebDrive\Connections HKEY_LOCAL_MACHINE\Software\TurboFTP Domain IOCs: ipv4only.arpa IP IOCs: 192.0.0.170 URL IOCs: - None - File IOCs: Filenames: C:\Program Files (x86)\CuteFTP\sm.dat C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat C:\ProgramData\CoffeeCup Software\SharedSettings.ccs C:\ProgramData\CoffeeCup Software\SharedSettings.sqlite C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite C:\ProgramData\CuteFTP\sm.dat C:\ProgramData\ExpanDrive\drives.js C:\ProgramData\FileZilla\filezilla.xml C:\ProgramData\FileZilla\recentservers.xml C:\ProgramData\FileZilla\sitemanager.xml C:\ProgramData\FlashFXP\3\History.dat C:\ProgramData\FlashFXP\3\Quick.dat C:\ProgramData\FlashFXP\3\Sites.dat C:\ProgramData\FlashFXP\4\History.dat C:\ProgramData\FlashFXP\4\Quick.dat C:\ProgramData\FlashFXP\4\Sites.dat C:\ProgramData\GHISLER\wcx_ftp.ini C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat C:\ProgramData\SharedSettings.ccs C:\ProgramData\SharedSettings.sqlite C:\ProgramData\SharedSettings_1_0_5.ccs C:\ProgramData\SharedSettings_1_0_5.sqlite C:\Users\Nd9E1FYi\AppData\Local\CoffeeCup Software\SharedSettings.ccs C:\Users\Nd9E1FYi\AppData\Local\CoffeeCup Software\SharedSettings.sqlite C:\Users\Nd9E1FYi\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs C:\Users\Nd9E1FYi\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.sqlite C:\Users\Nd9E1FYi\AppData\Local\CuteFTP\sm.dat C:\Users\Nd9E1FYi\AppData\Local\ExpanDrive\drives.js C:\Users\Nd9E1FYi\AppData\Local\FileZilla\filezilla.xml C:\Users\Nd9E1FYi\AppData\Local\FileZilla\recentservers.xml C:\Users\Nd9E1FYi\AppData\Local\FileZilla\sitemanager.xml C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\3\History.dat C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\3\Quick.dat C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\3\Sites.dat C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\4\History.dat C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\4\Quick.dat C:\Users\Nd9E1FYi\AppData\Local\FlashFXP\4\Sites.dat C:\Users\Nd9E1FYi\AppData\Local\GHISLER\wcx_ftp.ini C:\Users\Nd9E1FYi\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat C:\Users\Nd9E1FYi\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat C:\Users\Nd9E1FYi\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Login Data C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Web Data C:\Users\Nd9E1FYi\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal C:\Users\Nd9E1FYi\AppData\Local\SharedSettings.ccs C:\Users\Nd9E1FYi\AppData\Local\SharedSettings.sqlite C:\Users\Nd9E1FYi\AppData\Local\SharedSettings_1_0_5.ccs C:\Users\Nd9E1FYi\AppData\Local\SharedSettings_1_0_5.sqlite C:\Users\Nd9E1FYi\AppData\Local\Temp\HWID C:\Users\Nd9E1FYi\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs C:\Users\Nd9E1FYi\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite C:\Users\Nd9E1FYi\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs C:\Users\Nd9E1FYi\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite C:\Users\Nd9E1FYi\AppData\Roaming\CuteFTP\sm.dat C:\Users\Nd9E1FYi\AppData\Roaming\ExpanDrive\drives.js C:\Users\Nd9E1FYi\AppData\Roaming\FileZilla\filezilla.xml C:\Users\Nd9E1FYi\AppData\Roaming\FileZilla\recentservers.xml C:\Users\Nd9E1FYi\AppData\Roaming\FileZilla\sitemanager.xml C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\3\History.dat C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\3\Quick.dat C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\3\Sites.dat C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\4\History.dat C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\4\Quick.dat C:\Users\Nd9E1FYi\AppData\Roaming\FlashFXP\4\Sites.dat C:\Users\Nd9E1FYi\AppData\Roaming\GHISLER\wcx_ftp.ini C:\Users\Nd9E1FYi\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat C:\Users\Nd9E1FYi\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat C:\Users\Nd9E1FYi\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat C:\Users\Nd9E1FYi\AppData\Roaming\SharedSettings.ccs C:\Users\Nd9E1FYi\AppData\Roaming\SharedSettings.sqlite C:\Users\Nd9E1FYi\AppData\Roaming\SharedSettings_1_0_5.ccs C:\Users\Nd9E1FYi\AppData\Roaming\SharedSettings_1_0_5.sqlite C:\Users\Nd9E1FYi\wcx_ftp.ini C:\Windows\32BitFtp.ini C:\Windows\wcx_ftp.ini MD5 hashes: SHA1 hashes: SHA256 hashes: SSDEEP hashes: