UDS:DangerousObject.Multi.Generic (Kaspersky), Trojan.Generic.12107030 (B) (Emsisoft), Trojan.Generic.12107030 (AdAware), GenericInjector.YR, BackdoorCaphaw_QKKBAL.YR (Lavasoft MAS)Behaviour: Trojan, Backdoor
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: ee47246c5026d4afe8e92f2aec0cb60f
SHA1: 1e90fb87e797abc82535184a1422a29ed8c89aa8
SHA256: 170a8407b6c9f92e4ecec4f3798ff56453de10e274abf129074c13c60d3a4ac9
SSDeep: 6144:Y2iNJHNAOaCPW0xp2paUd5tPNmG/1nbcoNVTf0t7OH50QQCqJ:YDmmlp24K/1bcgVu7OZ0QQCqJ
Size: 356352 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2000-06-12 15:20:29
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Trojan creates the following process(es):
%original file name%.exe:668
The Trojan injects its code into the following process(es):
vmacthlp.exe:924
wmiprvse.exe:628
Explorer.EXE:888
spoolsv.exe:1436
jqs.exe:1592
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process %original file name%.exe:668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\CehdaGrafu\VoddAlaj.dat (266 bytes)
Registry activity
The process %original file name%.exe:668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 DC 2D A1 97 00 0E D6 8D 39 E6 50 92 21 DC 4D"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Classes\CLSID\{7BD47FDD-1028-4944-A268-024C76A61BA9}]
"#sd" = "63 3A 5C 65 65 34 37 32 34 36 63 35 30 32 36 64"
To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"VoddAlaj" = "regsvr32.exe %Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat"
The process vmacthlp.exe:924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKU\.DEFAULT\Software\Classes\CLSID\{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}]
"{4E153850-602D-4819-B83D-3CCD0A1E7351}" = "DE B7 A4 9F"
Dropped PE files
MD5 | File path |
---|---|
d2fff8c6b58b7e5bd6c0c4fdaf6b5b3d | c:\Documents and Settings\All Users\Application Data\VoddAlaj\VoddAlaj.dat |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
The Trojan installs the following user-mode hooks in CRYPT32.dll:
PFXImportCertStore
The Trojan installs the following user-mode hooks in ADVAPI32.dll:
CreateProcessAsUserA
CreateProcessAsUserW
The Trojan installs the following user-mode hooks in kernel32.dll:
CreateProcessA
CreateProcessW
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:668
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%Documents and Settings%\%current user%\Local Settings\Temp\CehdaGrafu\VoddAlaj.dat (266 bytes)
- Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"VoddAlaj" = "regsvr32.exe %Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat" - Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 306892 | 307200 | 5.26182 | 54d9d2f38f303c7785f14c183a0c45ea |
.rdata | 311296 | 4400 | 8192 | 2.64502 | 39af15acc65098d32a24596c11ba5961 |
.data | 319488 | 35680 | 36864 | 0.514299 | 4b4f2d93202e1fafb9eed6b8ecb1558c |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
wmiprvse.exe_628_rwx_00DD0000_00054000:
%Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat
%Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
HHt.HHt
HHt.HHt
More information: hXXp://VVV.ibsensoftware.com/
More information: hXXp://VVV.ibsensoftware.com/
8HttpAddRequestHeadersA
8HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
wininet.dll
wininet.dll
rapport
rapport
ieframe.dll
ieframe.dll
NSPR4.DLL
NSPR4.DLL
nss3.dll
nss3.dll
KERNEL32.DLL
KERNEL32.DLL
\Google\Chrome\User Data\Default\
\Google\Chrome\User Data\Default\
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\
sol_chrome/
sol_chrome/
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
.rdata
.rdata
@http
@http
SELECT url FROM moz_places
SELECT url FROM moz_places
places.sqlite
places.sqlite
ie/history.txt
ie/history.txt
ff/history.txt
ff/history.txt
ff/%u/places.sqlite
ff/%u/places.sqlite
framework_key%
framework_key%
eval('var %s '
eval('var %s '
%s.Key = '%s';
%s.Key = '%s';
%s.Hide('%0.8X%0.8X');
%s.Hide('%0.8X%0.8X');
CertificateAuthority
CertificateAuthority
%s.pfx
%s.pfx
cookies.sqlite
cookies.sqlite
cookies.sqlite-journal
cookies.sqlite-journal
ff/%u/cookies.sqlite
ff/%u/cookies.sqlite
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
[%s - X32 EQ PID: %u TID: %u]
[%s - X32 EQ PID: %u TID: %u]
X-Firefox-Spdy
X-Firefox-Spdy
X-WebKit-CSP
X-WebKit-CSP
hXXps://
hXXps://
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Length: %u
Content-Length: %u
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.0
GET /favicon.ico HTTP/1.0
login=%s&pass=%s
login=%s&pass=%s
chrome.dll
chrome.dll
127.0.0.1
127.0.0.1
DrWeb
DrWeb
McAfee.com
McAfee.com
Doctor Web
Doctor Web
Common Files\Doctor Web
Common Files\Doctor Web
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
regsvr32.exe "%s"
regsvr32.exe "%s"
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
[VNC] Parse param error: %s
[VNC] Parse param error: %s
\regsvr32.exe
\regsvr32.exe
[VNC] Fail create process: %u
[VNC] Fail create process: %u
[VNC] Fail inject to process: %u
[VNC] Fail inject to process: %u
fv_%u.avi
fv_%u.avi
#FV_%u
#FV_%u
#FV_%s
#FV_%s
pass.txt
pass.txt
cert.pfx
cert.pfx
PFXImportCertStore
PFXImportCertStore
Crypt32.dll
Crypt32.dll
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3-1", false);
prefs.js
prefs.js
csrss.exe
csrss.exe
smss.exe
smss.exe
wininit.exe
wininit.exe
services.exe
services.exe
svchost.exe
svchost.exe
lsas.exe
lsas.exe
lsm.exe
lsm.exe
winlogon.exe
winlogon.exe
taskhost.exe
taskhost.exe
HttpEndRequestA
HttpEndRequestA
HttpEndRequestW
HttpEndRequestW
ADVAPI32.DLL
ADVAPI32.DLL
Init in Browser = %u
Init in Browser = %u
Init in Shell = %u
Init in Shell = %u
[Socks] Failt connect BC [%s:%u]
[Socks] Failt connect BC [%s:%u]
[Socks] Fail parse param: %s
[Socks] Fail parse param: %s
Shell Update Exists %s = %s
Shell Update Exists %s = %s
Shell Reload status = %u = %u
Shell Reload status = %u = %u
#cert
#cert
Del Old = %s
Del Old = %s
Del Reg = %s
Del Reg = %s
Fail Save New = %u
Fail Save New = %u
Reg Autorun = %u = %u = %ws = %ws
Reg Autorun = %u = %u = %ws = %ws
Updated fail size %u != %u
Updated fail size %u != %u
Updated RSA Init fail = %u
Updated RSA Init fail = %u
Sign Bad = %u
Sign Bad = %u
Save New File = %u = %u
Save New File = %u = %u
Update_InstallNew = %u = %u
Update_InstallNew = %u = %u
[Pony] Fail Get Pass
[Pony] Fail Get Pass
Start Update: %s = %u
Start Update: %s = %u
download status = %u =%u
download status = %u =%u
Updated status = %u
Updated status = %u
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status[Local]: %u = %u
DL_EXEC Status[Local]: %u = %u
Start Socks addr: %s
Start Socks addr: %s
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Local]: %u
Start Socks Status[Local]: %u
Start VNC addr: %s
Start VNC addr: %s
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Local]: %u
Start VNC Status[Local]: %u
msvcrt.dll
msvcrt.dll
%0.8X%0.8X%c
%0.8X%0.8X%c
firefox.exe
firefox.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
%Program Files%\Mozilla Firefox\
%Program Files%\Mozilla Firefox\
mozsqlite3.dll
mozsqlite3.dll
sqlite3_open
sqlite3_open
sqlite3_exec
sqlite3_exec
sqlite3_close
sqlite3_close
sqlite3_free
sqlite3_free
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
hXXp://
hXXp://
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
\\.\pipe\
\\.\pipe\
PID: %u [%0.2u:%0.2u:%0.2u]
PID: %u [%0.2u:%0.2u:%0.2u]
[BC] Cmd Ver Error
[BC] Cmd Ver Error
[BC] Wait Ping error %u[%u]
[BC] Wait Ping error %u[%u]
[BC] Fail Connect: %u
[BC] Fail Connect: %u
[BC] Fail read cmd
[BC] Fail read cmd
[BC] Cmd need reauth
[BC] Cmd need reauth
[BC] cmd error: %u
[BC] cmd error: %u
[BC] Cmd need disconnect
[BC] Cmd need disconnect
ntdll.dll
ntdll.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
account.cfg
account.cfg
account.cfn
account.cfn
Dir #%u
Dir #%u
.oeaccount
.oeaccount
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Mail
\Microsoft\Windows Mail
\Microsoft\Windows Mail
PopPort
PopPort
PopPassword
PopPassword
SmtpServer
SmtpServer
SmtpPort
SmtpPort
SmtpAccount
SmtpAccount
SmtpPassword
SmtpPassword
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
MS IE FTP Passwords
MS IE FTP Passwords
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
bitkinex.ds
bitkinex.ds
NDSites.ini
NDSites.ini
Software\LeechFTP
Software\LeechFTP
bookmark.dat
bookmark.dat
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
sites.db
sites.db
servers.xml
servers.xml
\FTPGetter
\FTPGetter
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
QData.dat
QData.dat
SM.arch
SM.arch
FTP .Link\shell\open\command
FTP .Link\shell\open\command
NppFTP.xml
NppFTP.xml
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
\sites.xml
\sites.xml
ftplast.osd
ftplast.osd
\SharedSettings.ccs
\SharedSettings.ccs
\SharedSettings.sqlite
\SharedSettings.sqlite
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.sqlite
\SharedSettings_1_0_5.sqlite
\32BitFtp.ini
\32BitFtp.ini
FTPCON
FTPCON
FTP CONTROL
FTP CONTROL
FTPVoyager.ftp
FTPVoyager.ftp
\RhinoSoft.com
\RhinoSoft.com
FTPVoyager.qc
FTPVoyager.qc
FTPVoyager.Archive
FTPVoyager.Archive
SiteInfo.QFP
SiteInfo.QFP
WinFTP
WinFTP
DeluxeFTP
DeluxeFTP
sites.xml
sites.xml
Staff-FTP
Staff-FTP
sites.ini
sites.ini
FreshFTP
FreshFTP
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
GoFTP
GoFTP
Connections.txt
Connections.txt
3D-FTP
3D-FTP
\3D-FTP
\3D-FTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
EasyFTP
EasyFTP
FTPNow
FTPNow
FTP Now
FTP Now
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
ftpsite.ini
ftpsite.ini
FTPList.db
FTPList.db
My FTP
My FTP
project.ini
project.ini
Mailbox.ini
Mailbox.ini
FTP Navigator
FTP Navigator
FTP Commander
FTP Commander
ftplist.txt
ftplist.txt
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
FtpPort
FtpPort
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
_Password
_Password
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpDirectory
FtpDirectory
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
PortNumber
PortNumber
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
FTP destination password
FTP destination password
FTP destination server
FTP destination server
FTP destination port
FTP destination port
FTP destination user
FTP destination user
FTP destination catalog
FTP destination catalog
FTP profiles
FTP profiles
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\PocoSystem.ini
\PocoSystem.ini
accounts.ini
accounts.ini
sites.dat
sites.dat
\LeapWare\LeapFTP
\LeapWare\LeapFTP
unleap.exe
unleap.exe
leapftp
leapftp
FtpIniName
FtpIniName
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
wcx_PTF.ini
wcx_PTF.ini
Server.Pass
Server.Pass
Server.Host
Server.Host
Server.User
Server.User
Server.Port
Server.Port
Last Server Pass
Last Server Pass
Last Server Port
Last Server Port
\sitemanager.xml
\sitemanager.xml
\recentservers.xml
\recentservers.xml
\filezilla.xml
\filezilla.xml
"password" : "
"password" : "
"password":"
"password":"
\drives.js
\drives.js
\ExpanDrive\favorites.js
\ExpanDrive\favorites.js
\ExpanDrive\drives.js
\ExpanDrive\drives.js
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
wiseftpsrvs.bin
wiseftpsrvs.bin
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
FTP Count
FTP Count
FTP File%u
FTP File%u
Robo-FTP
Robo-FTP
SOFTWARE\%s\FTPServers
SOFTWARE\%s\FTPServers
user.config
user.config
.duck
.duck
SiteServer %u\Host
SiteServer %u\Host
SiteServer %u\WebUrl
SiteServer %u\WebUrl
SiteServer %u\Remote Directory
SiteServer %u\Remote Directory
SiteServer %u-User
SiteServer %u-User
SiteServer %u-User PW
SiteServer %u-User PW
SiteServer %u\SFTP
SiteServer %u\SFTP
Keychain
Keychain
Software\Nico Mak Computing\WinZip\FTP
Software\Nico Mak Computing\WinZip\FTP
Password
Password
Software\Far\Plugins\FTP\Hosts
Software\Far\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far\SavedDialogHistory\FTPHost
Software\Far\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
\win.ini
\win.ini
WS_FTP
WS_FTP
\Ipswitch\WS_FTP
\Ipswitch\WS_FTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
\Sites.dat
\Sites.dat
\Quick.dat
\Quick.dat
\History.dat
\History.dat
Software\BPFTP\Bullet Proof FTP\Main
Software\BPFTP\Bullet Proof FTP\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BPFTP\Bullet Proof FTP\Options
Software\BPFTP\Bullet Proof FTP\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BPFTP
Software\BPFTP
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
History.dat
History.dat
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
Port
Port
Login
Login
PasswordType
PasswordType
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
FtpSite.xml
FtpSite.xml
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3.dll
sqlite3.dll
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_blob
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
PTF://
PTF://
signons.sqlite
signons.sqlite
\profiles.ini
\profiles.ini
PathToExe
PathToExe
\Mozilla\Firefox\
\Mozilla\Firefox\
Firefox
Firefox
Software\Mozilla
Software\Mozilla
fireFTPsites.dat
fireFTPsites.dat
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SeaMonkey
SeaMonkey
\Mozilla\Profiles\
\Mozilla\Profiles\
Mozilla
Mozilla
password 51:b:
password 51:b:
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
SMTP User Name
SMTP User Name
HTTP User
HTTP User
HTTP Server URL
HTTP Server URL
HTTPMail User Name
HTTPMail User Name
HTTPMail Server
HTTPMail Server
SMTP User
SMTP User
POP3 Port
POP3 Port
SMTP Port
SMTP Port
IMAP Port
IMAP Port
POP3 Password2
POP3 Password2
IMAP Password2
IMAP Password2
NNTP Password2
NNTP Password2
HTTPMail Password2
HTTPMail Password2
SMTP Password2
SMTP Password2
POP3 Password
POP3 Password
IMAP Password
IMAP Password
NNTP Password
NNTP Password
HTTPMail Password
HTTPMail Password
SMTP Password
SMTP Password
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
inetcomm server passwords
inetcomm server passwords
outlook account manager passwords
outlook account manager passwords
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Pstorec.dll
Pstorec.dll
[VNC] EXEC: %s
[VNC] EXEC: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[VDESK] Read CMD %u[%u]
[VDESK] Read CMD %u[%u]
[VDESK] NOT AUTH CMD %u
[VDESK] NOT AUTH CMD %u
GetAsyncKeyState
GetAsyncKeyState
USER32.DLL
USER32.DLL
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
?WINMM.DLL
?WINMM.DLL
?DSOUND.DLL
?DSOUND.DLL
ZwConnectPort
ZwConnectPort
NTDLL.DLL
NTDLL.DLL
[VNC] PROCESS=%s
[VNC] PROCESS=%s
\explorer.exe
\explorer.exe
[VNC] SearchApp Status = %u
[VNC] SearchApp Status = %u
[VNC] FileName = %s
[VNC] FileName = %s
[VNC] CmdLine = %s
[VNC] CmdLine = %s
[VNC] W64 Redir OLD=%u
[VNC] W64 Redir OLD=%u
[VNC] CreateProcess Status = %u (%u)
[VNC] CreateProcess Status = %u (%u)
SysShadow
SysShadow
Chrome_WidgetWin_1
Chrome_WidgetWin_1
Chrome_WidgetWin_0
Chrome_WidgetWin_0
d3d10_1.dll
d3d10_1.dll
d3d10_1core.dll
d3d10_1core.dll
d3d10.dll
d3d10.dll
d3d10core.dll
d3d10core.dll
d2d1.dll
d2d1.dll
OPENGL32.dll
OPENGL32.dll
d3d9.dll
d3d9.dll
d3d11.dll
d3d11.dll
Dxtrans.dll
Dxtrans.dll
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyA
SHDeleteKeyA
SHLWAPI.dll
SHLWAPI.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
MSVCRT.dll
MSVCRT.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
AVIFIL32.dll
AVIFIL32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CallNamedPipeA
CallNamedPipeA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
SetViewportOrgEx
SetViewportOrgEx
RegEnumKeyExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegOpenKeyA
RegOpenKeyA
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CertOpenSystemStoreA
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
PFXExportCertStoreEx
PFXExportCertStoreEx
CRYPT32.dll
CRYPT32.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
COMDLG32.dll
COMDLG32.dll
WININET.DLL
WININET.DLL
=)=2===~=
=)=2===~=
3 343=3_3
3 343=3_3
= =,=`=}=
= =,=`=}=
.pdata
.pdata
@.reloc
@.reloc
[%s - X64 EQ PID: %u TID: %u]
[%s - X64 EQ PID: %u TID: %u]
\SysWOW64\regsvr32.exe
\SysWOW64\regsvr32.exe
[Pony] Fail create process: %u
[Pony] Fail create process: %u
[PONY] Fail inject to process: %u
[PONY] Fail inject to process: %u
echrome.dll
echrome.dll
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
\System32\KERNEL32.DLL
\System32\KERNEL32.DLL
\System32\kernelbase.dll
\System32\kernelbase.dll
\ThemeApiPort
\ThemeApiPort
wmiprvse.exe_628_rwx_01140000_0007C000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
HHt.HHt
HHt.HHt
More information: hXXp://VVV.ibsensoftware.com/
More information: hXXp://VVV.ibsensoftware.com/
8HttpAddRequestHeadersA
8HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
wininet.dll
wininet.dll
rapport
rapport
ieframe.dll
ieframe.dll
NSPR4.DLL
NSPR4.DLL
nss3.dll
nss3.dll
KERNEL32.DLL
KERNEL32.DLL
\Google\Chrome\User Data\Default\
\Google\Chrome\User Data\Default\
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\
sol_chrome/
sol_chrome/
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
.rdata
.rdata
@http
@http
SELECT url FROM moz_places
SELECT url FROM moz_places
places.sqlite
places.sqlite
ie/history.txt
ie/history.txt
ff/history.txt
ff/history.txt
ff/%u/places.sqlite
ff/%u/places.sqlite
framework_key%
framework_key%
eval('var %s '
eval('var %s '
%s.Key = '%s';
%s.Key = '%s';
%s.Hide('%0.8X%0.8X');
%s.Hide('%0.8X%0.8X');
CertificateAuthority
CertificateAuthority
%s.pfx
%s.pfx
cookies.sqlite
cookies.sqlite
cookies.sqlite-journal
cookies.sqlite-journal
ff/%u/cookies.sqlite
ff/%u/cookies.sqlite
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
[%s - X32 EQ PID: %u TID: %u]
[%s - X32 EQ PID: %u TID: %u]
X-Firefox-Spdy
X-Firefox-Spdy
X-WebKit-CSP
X-WebKit-CSP
hXXps://
hXXps://
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Length: %u
Content-Length: %u
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.0
GET /favicon.ico HTTP/1.0
login=%s&pass=%s
login=%s&pass=%s
chrome.dll
chrome.dll
127.0.0.1
127.0.0.1
DrWeb
DrWeb
McAfee.com
McAfee.com
Doctor Web
Doctor Web
Common Files\Doctor Web
Common Files\Doctor Web
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
regsvr32.exe "%s"
regsvr32.exe "%s"
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
[VNC] Parse param error: %s
[VNC] Parse param error: %s
\regsvr32.exe
\regsvr32.exe
[VNC] Fail create process: %u
[VNC] Fail create process: %u
[VNC] Fail inject to process: %u
[VNC] Fail inject to process: %u
fv_%u.avi
fv_%u.avi
#FV_%u
#FV_%u
#FV_%s
#FV_%s
pass.txt
pass.txt
cert.pfx
cert.pfx
PFXImportCertStore
PFXImportCertStore
Crypt32.dll
Crypt32.dll
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3-1", false);
prefs.js
prefs.js
csrss.exe
csrss.exe
smss.exe
smss.exe
wininit.exe
wininit.exe
services.exe
services.exe
svchost.exe
svchost.exe
lsas.exe
lsas.exe
lsm.exe
lsm.exe
winlogon.exe
winlogon.exe
taskhost.exe
taskhost.exe
HttpEndRequestA
HttpEndRequestA
HttpEndRequestW
HttpEndRequestW
ADVAPI32.DLL
ADVAPI32.DLL
Init in Browser = %u
Init in Browser = %u
Init in Shell = %u
Init in Shell = %u
[Socks] Failt connect BC [%s:%u]
[Socks] Failt connect BC [%s:%u]
[Socks] Fail parse param: %s
[Socks] Fail parse param: %s
Shell Update Exists %s = %s
Shell Update Exists %s = %s
Shell Reload status = %u = %u
Shell Reload status = %u = %u
#cert
#cert
Del Old = %s
Del Old = %s
Del Reg = %s
Del Reg = %s
Fail Save New = %u
Fail Save New = %u
Reg Autorun = %u = %u = %ws = %ws
Reg Autorun = %u = %u = %ws = %ws
Updated fail size %u != %u
Updated fail size %u != %u
Updated RSA Init fail = %u
Updated RSA Init fail = %u
Sign Bad = %u
Sign Bad = %u
Save New File = %u = %u
Save New File = %u = %u
Update_InstallNew = %u = %u
Update_InstallNew = %u = %u
[Pony] Fail Get Pass
[Pony] Fail Get Pass
Start Update: %s = %u
Start Update: %s = %u
download status = %u =%u
download status = %u =%u
Updated status = %u
Updated status = %u
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status[Local]: %u = %u
DL_EXEC Status[Local]: %u = %u
Start Socks addr: %s
Start Socks addr: %s
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Local]: %u
Start Socks Status[Local]: %u
Start VNC addr: %s
Start VNC addr: %s
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Local]: %u
Start VNC Status[Local]: %u
msvcrt.dll
msvcrt.dll
%0.8X%0.8X%c
%0.8X%0.8X%c
firefox.exe
firefox.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
%Program Files%\Mozilla Firefox\
%Program Files%\Mozilla Firefox\
mozsqlite3.dll
mozsqlite3.dll
sqlite3_open
sqlite3_open
sqlite3_exec
sqlite3_exec
sqlite3_close
sqlite3_close
sqlite3_free
sqlite3_free
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
hXXp://
hXXp://
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
\\.\pipe\
\\.\pipe\
PID: %u [%0.2u:%0.2u:%0.2u]
PID: %u [%0.2u:%0.2u:%0.2u]
[BC] Cmd Ver Error
[BC] Cmd Ver Error
[BC] Wait Ping error %u[%u]
[BC] Wait Ping error %u[%u]
[BC] Fail Connect: %u
[BC] Fail Connect: %u
[BC] Fail read cmd
[BC] Fail read cmd
[BC] Cmd need reauth
[BC] Cmd need reauth
[BC] cmd error: %u
[BC] cmd error: %u
[BC] Cmd need disconnect
[BC] Cmd need disconnect
ntdll.dll
ntdll.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
account.cfg
account.cfg
account.cfn
account.cfn
Dir #%u
Dir #%u
.oeaccount
.oeaccount
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Mail
\Microsoft\Windows Mail
\Microsoft\Windows Mail
PopPort
PopPort
PopPassword
PopPassword
SmtpServer
SmtpServer
SmtpPort
SmtpPort
SmtpAccount
SmtpAccount
SmtpPassword
SmtpPassword
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
MS IE FTP Passwords
MS IE FTP Passwords
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
bitkinex.ds
bitkinex.ds
NDSites.ini
NDSites.ini
Software\LeechFTP
Software\LeechFTP
bookmark.dat
bookmark.dat
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
sites.db
sites.db
servers.xml
servers.xml
\FTPGetter
\FTPGetter
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
QData.dat
QData.dat
SM.arch
SM.arch
FTP .Link\shell\open\command
FTP .Link\shell\open\command
NppFTP.xml
NppFTP.xml
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
\sites.xml
\sites.xml
ftplast.osd
ftplast.osd
\SharedSettings.ccs
\SharedSettings.ccs
\SharedSettings.sqlite
\SharedSettings.sqlite
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.sqlite
\SharedSettings_1_0_5.sqlite
\32BitFtp.ini
\32BitFtp.ini
FTPCON
FTPCON
FTP CONTROL
FTP CONTROL
FTPVoyager.ftp
FTPVoyager.ftp
\RhinoSoft.com
\RhinoSoft.com
FTPVoyager.qc
FTPVoyager.qc
FTPVoyager.Archive
FTPVoyager.Archive
SiteInfo.QFP
SiteInfo.QFP
WinFTP
WinFTP
DeluxeFTP
DeluxeFTP
sites.xml
sites.xml
Staff-FTP
Staff-FTP
sites.ini
sites.ini
FreshFTP
FreshFTP
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
GoFTP
GoFTP
Connections.txt
Connections.txt
3D-FTP
3D-FTP
\3D-FTP
\3D-FTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
EasyFTP
EasyFTP
FTPNow
FTPNow
FTP Now
FTP Now
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
ftpsite.ini
ftpsite.ini
FTPList.db
FTPList.db
My FTP
My FTP
project.ini
project.ini
Mailbox.ini
Mailbox.ini
FTP Navigator
FTP Navigator
FTP Commander
FTP Commander
ftplist.txt
ftplist.txt
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
FtpPort
FtpPort
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
_Password
_Password
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpDirectory
FtpDirectory
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
PortNumber
PortNumber
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
FTP destination password
FTP destination password
FTP destination server
FTP destination server
FTP destination port
FTP destination port
FTP destination user
FTP destination user
FTP destination catalog
FTP destination catalog
FTP profiles
FTP profiles
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\PocoSystem.ini
\PocoSystem.ini
accounts.ini
accounts.ini
sites.dat
sites.dat
\LeapWare\LeapFTP
\LeapWare\LeapFTP
unleap.exe
unleap.exe
leapftp
leapftp
FtpIniName
FtpIniName
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
wcx_PTF.ini
wcx_PTF.ini
Server.Pass
Server.Pass
Server.Host
Server.Host
Server.User
Server.User
Server.Port
Server.Port
Last Server Pass
Last Server Pass
Last Server Port
Last Server Port
\sitemanager.xml
\sitemanager.xml
\recentservers.xml
\recentservers.xml
\filezilla.xml
\filezilla.xml
"password" : "
"password" : "
"password":"
"password":"
\drives.js
\drives.js
\ExpanDrive\favorites.js
\ExpanDrive\favorites.js
\ExpanDrive\drives.js
\ExpanDrive\drives.js
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
wiseftpsrvs.bin
wiseftpsrvs.bin
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
FTP Count
FTP Count
FTP File%u
FTP File%u
Robo-FTP
Robo-FTP
SOFTWARE\%s\FTPServers
SOFTWARE\%s\FTPServers
user.config
user.config
.duck
.duck
SiteServer %u\Host
SiteServer %u\Host
SiteServer %u\WebUrl
SiteServer %u\WebUrl
SiteServer %u\Remote Directory
SiteServer %u\Remote Directory
SiteServer %u-User
SiteServer %u-User
SiteServer %u-User PW
SiteServer %u-User PW
SiteServer %u\SFTP
SiteServer %u\SFTP
Keychain
Keychain
Software\Nico Mak Computing\WinZip\FTP
Software\Nico Mak Computing\WinZip\FTP
Password
Password
Software\Far\Plugins\FTP\Hosts
Software\Far\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far\SavedDialogHistory\FTPHost
Software\Far\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
\win.ini
\win.ini
WS_FTP
WS_FTP
\Ipswitch\WS_FTP
\Ipswitch\WS_FTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
\Sites.dat
\Sites.dat
\Quick.dat
\Quick.dat
\History.dat
\History.dat
Software\BPFTP\Bullet Proof FTP\Main
Software\BPFTP\Bullet Proof FTP\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BPFTP\Bullet Proof FTP\Options
Software\BPFTP\Bullet Proof FTP\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BPFTP
Software\BPFTP
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
History.dat
History.dat
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
Port
Port
Login
Login
PasswordType
PasswordType
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
FtpSite.xml
FtpSite.xml
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3.dll
sqlite3.dll
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_blob
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
PTF://
PTF://
signons.sqlite
signons.sqlite
\profiles.ini
\profiles.ini
PathToExe
PathToExe
\Mozilla\Firefox\
\Mozilla\Firefox\
Firefox
Firefox
Software\Mozilla
Software\Mozilla
fireFTPsites.dat
fireFTPsites.dat
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SeaMonkey
SeaMonkey
\Mozilla\Profiles\
\Mozilla\Profiles\
Mozilla
Mozilla
password 51:b:
password 51:b:
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
SMTP User Name
SMTP User Name
HTTP User
HTTP User
HTTP Server URL
HTTP Server URL
HTTPMail User Name
HTTPMail User Name
HTTPMail Server
HTTPMail Server
SMTP User
SMTP User
POP3 Port
POP3 Port
SMTP Port
SMTP Port
IMAP Port
IMAP Port
POP3 Password2
POP3 Password2
IMAP Password2
IMAP Password2
NNTP Password2
NNTP Password2
HTTPMail Password2
HTTPMail Password2
SMTP Password2
SMTP Password2
POP3 Password
POP3 Password
IMAP Password
IMAP Password
NNTP Password
NNTP Password
HTTPMail Password
HTTPMail Password
SMTP Password
SMTP Password
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
inetcomm server passwords
inetcomm server passwords
outlook account manager passwords
outlook account manager passwords
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Pstorec.dll
Pstorec.dll
[VNC] EXEC: %s
[VNC] EXEC: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[VDESK] Read CMD %u[%u]
[VDESK] Read CMD %u[%u]
[VDESK] NOT AUTH CMD %u
[VDESK] NOT AUTH CMD %u
GetAsyncKeyState
GetAsyncKeyState
USER32.DLL
USER32.DLL
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
?WINMM.DLL
?WINMM.DLL
?DSOUND.DLL
?DSOUND.DLL
ZwConnectPort
ZwConnectPort
NTDLL.DLL
NTDLL.DLL
[VNC] PROCESS=%s
[VNC] PROCESS=%s
\explorer.exe
\explorer.exe
[VNC] SearchApp Status = %u
[VNC] SearchApp Status = %u
[VNC] FileName = %s
[VNC] FileName = %s
[VNC] CmdLine = %s
[VNC] CmdLine = %s
[VNC] W64 Redir OLD=%u
[VNC] W64 Redir OLD=%u
[VNC] CreateProcess Status = %u (%u)
[VNC] CreateProcess Status = %u (%u)
SysShadow
SysShadow
Chrome_WidgetWin_1
Chrome_WidgetWin_1
Chrome_WidgetWin_0
Chrome_WidgetWin_0
d3d10_1.dll
d3d10_1.dll
d3d10_1core.dll
d3d10_1core.dll
d3d10.dll
d3d10.dll
d3d10core.dll
d3d10core.dll
d2d1.dll
d2d1.dll
OPENGL32.dll
OPENGL32.dll
d3d9.dll
d3d9.dll
d3d11.dll
d3d11.dll
Dxtrans.dll
Dxtrans.dll
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyA
SHDeleteKeyA
SHLWAPI.dll
SHLWAPI.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
MSVCRT.dll
MSVCRT.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
AVIFIL32.dll
AVIFIL32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CallNamedPipeA
CallNamedPipeA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
SetViewportOrgEx
SetViewportOrgEx
RegEnumKeyExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegOpenKeyA
RegOpenKeyA
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CertOpenSystemStoreA
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
PFXExportCertStoreEx
PFXExportCertStoreEx
CRYPT32.dll
CRYPT32.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
COMDLG32.dll
COMDLG32.dll
WININET.DLL
WININET.DLL
{7BD47FDD-1028-4944-A268-024C76A61BA9}
{7BD47FDD-1028-4944-A268-024C76A61BA9}
{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{4E153850-602D-4819-B83D-3CCD0A1E7351}
{4E153850-602D-4819-B83D-3CCD0A1E7351}
{1DB12055-380D-432E-9763-74AF5EF609C7}
{1DB12055-380D-432E-9763-74AF5EF609C7}
{1DB54A51-7DD5-412D-BFAE-04066B1F7E58}
{1DB54A51-7DD5-412D-BFAE-04066B1F7E58}
{6BDA2D4D-43CE-4CEF-B412-5DC94F387B59}
{6BDA2D4D-43CE-4CEF-B412-5DC94F387B59}
{11166F2F-6DE1-4205-8360-3AB2448931C2}
{11166F2F-6DE1-4205-8360-3AB2448931C2}
{7B4F16B2-1959-4C21-97FE-6A7768C974CF}
{7B4F16B2-1959-4C21-97FE-6A7768C974CF}
{433D2A25-41C1-4D21-8ED6-4EEC2CFE2DF1}
{433D2A25-41C1-4D21-8ED6-4EEC2CFE2DF1}
{77101F80-23B8-43A9-AE7B-5CC95982109D}
{77101F80-23B8-43A9-AE7B-5CC95982109D}
\\.\pipe\{615F04F4-5F33-42AB-BE17-250A447B0979}
\\.\pipe\{615F04F4-5F33-42AB-BE17-250A447B0979}
D{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
D{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{56E926DB-5D71-499E-8BBB-2E28568040CB}
{56E926DB-5D71-499E-8BBB-2E28568040CB}
U{4E153850-602D-4819-B83D-3CCD0A1E7351}
U{4E153850-602D-4819-B83D-3CCD0A1E7351}
2FFC7DAE-2BDA-4ABF-A443-1DD264C72327
2FFC7DAE-2BDA-4ABF-A443-1DD264C72327
=)=2===~=
=)=2===~=
3 343=3_3
3 343=3_3
= =,=`=}=
= =,=`=}=
echrome.dll
echrome.dll
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
\System32\KERNEL32.DLL
\System32\KERNEL32.DLL
\System32\kernelbase.dll
\System32\kernelbase.dll
\ThemeApiPort
\ThemeApiPort
%System%\wbem\wmiprvse.exe
%System%\wbem\wmiprvse.exe
Explorer.EXE_888_rwx_01EA0000_00054000:
%Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat
%Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
HHt.HHt
HHt.HHt
More information: hXXp://VVV.ibsensoftware.com/
More information: hXXp://VVV.ibsensoftware.com/
8HttpAddRequestHeadersA
8HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
wininet.dll
wininet.dll
rapport
rapport
ieframe.dll
ieframe.dll
NSPR4.DLL
NSPR4.DLL
nss3.dll
nss3.dll
KERNEL32.DLL
KERNEL32.DLL
\Google\Chrome\User Data\Default\
\Google\Chrome\User Data\Default\
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\
sol_chrome/
sol_chrome/
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
.rdata
.rdata
@http
@http
SELECT url FROM moz_places
SELECT url FROM moz_places
places.sqlite
places.sqlite
ie/history.txt
ie/history.txt
ff/history.txt
ff/history.txt
ff/%u/places.sqlite
ff/%u/places.sqlite
framework_key%
framework_key%
eval('var %s '
eval('var %s '
%s.Key = '%s';
%s.Key = '%s';
%s.Hide('%0.8X%0.8X');
%s.Hide('%0.8X%0.8X');
CertificateAuthority
CertificateAuthority
%s.pfx
%s.pfx
cookies.sqlite
cookies.sqlite
cookies.sqlite-journal
cookies.sqlite-journal
ff/%u/cookies.sqlite
ff/%u/cookies.sqlite
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
[%s - X32 EQ PID: %u TID: %u]
[%s - X32 EQ PID: %u TID: %u]
X-Firefox-Spdy
X-Firefox-Spdy
X-WebKit-CSP
X-WebKit-CSP
hXXps://
hXXps://
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Length: %u
Content-Length: %u
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.0
GET /favicon.ico HTTP/1.0
login=%s&pass=%s
login=%s&pass=%s
chrome.dll
chrome.dll
127.0.0.1
127.0.0.1
DrWeb
DrWeb
McAfee.com
McAfee.com
Doctor Web
Doctor Web
Common Files\Doctor Web
Common Files\Doctor Web
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
regsvr32.exe "%s"
regsvr32.exe "%s"
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
[VNC] Parse param error: %s
[VNC] Parse param error: %s
\regsvr32.exe
\regsvr32.exe
[VNC] Fail create process: %u
[VNC] Fail create process: %u
[VNC] Fail inject to process: %u
[VNC] Fail inject to process: %u
fv_%u.avi
fv_%u.avi
#FV_%u
#FV_%u
#FV_%s
#FV_%s
pass.txt
pass.txt
cert.pfx
cert.pfx
PFXImportCertStore
PFXImportCertStore
Crypt32.dll
Crypt32.dll
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3-1", false);
prefs.js
prefs.js
csrss.exe
csrss.exe
smss.exe
smss.exe
wininit.exe
wininit.exe
services.exe
services.exe
svchost.exe
svchost.exe
lsas.exe
lsas.exe
lsm.exe
lsm.exe
winlogon.exe
winlogon.exe
taskhost.exe
taskhost.exe
HttpEndRequestA
HttpEndRequestA
HttpEndRequestW
HttpEndRequestW
ADVAPI32.DLL
ADVAPI32.DLL
Init in Browser = %u
Init in Browser = %u
Init in Shell = %u
Init in Shell = %u
[Socks] Failt connect BC [%s:%u]
[Socks] Failt connect BC [%s:%u]
[Socks] Fail parse param: %s
[Socks] Fail parse param: %s
Shell Update Exists %s = %s
Shell Update Exists %s = %s
Shell Reload status = %u = %u
Shell Reload status = %u = %u
#cert
#cert
Del Old = %s
Del Old = %s
Del Reg = %s
Del Reg = %s
Fail Save New = %u
Fail Save New = %u
Reg Autorun = %u = %u = %ws = %ws
Reg Autorun = %u = %u = %ws = %ws
Updated fail size %u != %u
Updated fail size %u != %u
Updated RSA Init fail = %u
Updated RSA Init fail = %u
Sign Bad = %u
Sign Bad = %u
Save New File = %u = %u
Save New File = %u = %u
Update_InstallNew = %u = %u
Update_InstallNew = %u = %u
[Pony] Fail Get Pass
[Pony] Fail Get Pass
Start Update: %s = %u
Start Update: %s = %u
download status = %u =%u
download status = %u =%u
Updated status = %u
Updated status = %u
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status[Local]: %u = %u
DL_EXEC Status[Local]: %u = %u
Start Socks addr: %s
Start Socks addr: %s
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Local]: %u
Start Socks Status[Local]: %u
Start VNC addr: %s
Start VNC addr: %s
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Local]: %u
Start VNC Status[Local]: %u
msvcrt.dll
msvcrt.dll
%0.8X%0.8X%c
%0.8X%0.8X%c
firefox.exe
firefox.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
%Program Files%\Mozilla Firefox\
%Program Files%\Mozilla Firefox\
mozsqlite3.dll
mozsqlite3.dll
sqlite3_open
sqlite3_open
sqlite3_exec
sqlite3_exec
sqlite3_close
sqlite3_close
sqlite3_free
sqlite3_free
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
hXXp://
hXXp://
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
\\.\pipe\
\\.\pipe\
PID: %u [%0.2u:%0.2u:%0.2u]
PID: %u [%0.2u:%0.2u:%0.2u]
[BC] Cmd Ver Error
[BC] Cmd Ver Error
[BC] Wait Ping error %u[%u]
[BC] Wait Ping error %u[%u]
[BC] Fail Connect: %u
[BC] Fail Connect: %u
[BC] Fail read cmd
[BC] Fail read cmd
[BC] Cmd need reauth
[BC] Cmd need reauth
[BC] cmd error: %u
[BC] cmd error: %u
[BC] Cmd need disconnect
[BC] Cmd need disconnect
ntdll.dll
ntdll.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
account.cfg
account.cfg
account.cfn
account.cfn
Dir #%u
Dir #%u
.oeaccount
.oeaccount
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Mail
\Microsoft\Windows Mail
\Microsoft\Windows Mail
PopPort
PopPort
PopPassword
PopPassword
SmtpServer
SmtpServer
SmtpPort
SmtpPort
SmtpAccount
SmtpAccount
SmtpPassword
SmtpPassword
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
MS IE FTP Passwords
MS IE FTP Passwords
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
bitkinex.ds
bitkinex.ds
NDSites.ini
NDSites.ini
Software\LeechFTP
Software\LeechFTP
bookmark.dat
bookmark.dat
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
sites.db
sites.db
servers.xml
servers.xml
\FTPGetter
\FTPGetter
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
QData.dat
QData.dat
SM.arch
SM.arch
FTP .Link\shell\open\command
FTP .Link\shell\open\command
NppFTP.xml
NppFTP.xml
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
\sites.xml
\sites.xml
ftplast.osd
ftplast.osd
\SharedSettings.ccs
\SharedSettings.ccs
\SharedSettings.sqlite
\SharedSettings.sqlite
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.sqlite
\SharedSettings_1_0_5.sqlite
\32BitFtp.ini
\32BitFtp.ini
FTPCON
FTPCON
FTP CONTROL
FTP CONTROL
FTPVoyager.ftp
FTPVoyager.ftp
\RhinoSoft.com
\RhinoSoft.com
FTPVoyager.qc
FTPVoyager.qc
FTPVoyager.Archive
FTPVoyager.Archive
SiteInfo.QFP
SiteInfo.QFP
WinFTP
WinFTP
DeluxeFTP
DeluxeFTP
sites.xml
sites.xml
Staff-FTP
Staff-FTP
sites.ini
sites.ini
FreshFTP
FreshFTP
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
GoFTP
GoFTP
Connections.txt
Connections.txt
3D-FTP
3D-FTP
\3D-FTP
\3D-FTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
EasyFTP
EasyFTP
FTPNow
FTPNow
FTP Now
FTP Now
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
ftpsite.ini
ftpsite.ini
FTPList.db
FTPList.db
My FTP
My FTP
project.ini
project.ini
Mailbox.ini
Mailbox.ini
FTP Navigator
FTP Navigator
FTP Commander
FTP Commander
ftplist.txt
ftplist.txt
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
FtpPort
FtpPort
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
_Password
_Password
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpDirectory
FtpDirectory
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
PortNumber
PortNumber
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
FTP destination password
FTP destination password
FTP destination server
FTP destination server
FTP destination port
FTP destination port
FTP destination user
FTP destination user
FTP destination catalog
FTP destination catalog
FTP profiles
FTP profiles
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\PocoSystem.ini
\PocoSystem.ini
accounts.ini
accounts.ini
sites.dat
sites.dat
\LeapWare\LeapFTP
\LeapWare\LeapFTP
unleap.exe
unleap.exe
leapftp
leapftp
FtpIniName
FtpIniName
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
wcx_PTF.ini
wcx_PTF.ini
Server.Pass
Server.Pass
Server.Host
Server.Host
Server.User
Server.User
Server.Port
Server.Port
Last Server Pass
Last Server Pass
Last Server Port
Last Server Port
\sitemanager.xml
\sitemanager.xml
\recentservers.xml
\recentservers.xml
\filezilla.xml
\filezilla.xml
"password" : "
"password" : "
"password":"
"password":"
\drives.js
\drives.js
\ExpanDrive\favorites.js
\ExpanDrive\favorites.js
\ExpanDrive\drives.js
\ExpanDrive\drives.js
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
wiseftpsrvs.bin
wiseftpsrvs.bin
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
FTP Count
FTP Count
FTP File%u
FTP File%u
Robo-FTP
Robo-FTP
SOFTWARE\%s\FTPServers
SOFTWARE\%s\FTPServers
user.config
user.config
.duck
.duck
SiteServer %u\Host
SiteServer %u\Host
SiteServer %u\WebUrl
SiteServer %u\WebUrl
SiteServer %u\Remote Directory
SiteServer %u\Remote Directory
SiteServer %u-User
SiteServer %u-User
SiteServer %u-User PW
SiteServer %u-User PW
SiteServer %u\SFTP
SiteServer %u\SFTP
Keychain
Keychain
Software\Nico Mak Computing\WinZip\FTP
Software\Nico Mak Computing\WinZip\FTP
Password
Password
Software\Far\Plugins\FTP\Hosts
Software\Far\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far\SavedDialogHistory\FTPHost
Software\Far\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
\win.ini
\win.ini
WS_FTP
WS_FTP
\Ipswitch\WS_FTP
\Ipswitch\WS_FTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
\Sites.dat
\Sites.dat
\Quick.dat
\Quick.dat
\History.dat
\History.dat
Software\BPFTP\Bullet Proof FTP\Main
Software\BPFTP\Bullet Proof FTP\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BPFTP\Bullet Proof FTP\Options
Software\BPFTP\Bullet Proof FTP\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BPFTP
Software\BPFTP
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
History.dat
History.dat
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
Port
Port
Login
Login
PasswordType
PasswordType
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
FtpSite.xml
FtpSite.xml
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3.dll
sqlite3.dll
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_blob
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
PTF://
PTF://
signons.sqlite
signons.sqlite
\profiles.ini
\profiles.ini
PathToExe
PathToExe
\Mozilla\Firefox\
\Mozilla\Firefox\
Firefox
Firefox
Software\Mozilla
Software\Mozilla
fireFTPsites.dat
fireFTPsites.dat
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SeaMonkey
SeaMonkey
\Mozilla\Profiles\
\Mozilla\Profiles\
Mozilla
Mozilla
password 51:b:
password 51:b:
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
SMTP User Name
SMTP User Name
HTTP User
HTTP User
HTTP Server URL
HTTP Server URL
HTTPMail User Name
HTTPMail User Name
HTTPMail Server
HTTPMail Server
SMTP User
SMTP User
POP3 Port
POP3 Port
SMTP Port
SMTP Port
IMAP Port
IMAP Port
POP3 Password2
POP3 Password2
IMAP Password2
IMAP Password2
NNTP Password2
NNTP Password2
HTTPMail Password2
HTTPMail Password2
SMTP Password2
SMTP Password2
POP3 Password
POP3 Password
IMAP Password
IMAP Password
NNTP Password
NNTP Password
HTTPMail Password
HTTPMail Password
SMTP Password
SMTP Password
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
inetcomm server passwords
inetcomm server passwords
outlook account manager passwords
outlook account manager passwords
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Pstorec.dll
Pstorec.dll
[VNC] EXEC: %s
[VNC] EXEC: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[VDESK] Read CMD %u[%u]
[VDESK] Read CMD %u[%u]
[VDESK] NOT AUTH CMD %u
[VDESK] NOT AUTH CMD %u
GetAsyncKeyState
GetAsyncKeyState
USER32.DLL
USER32.DLL
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
?WINMM.DLL
?WINMM.DLL
?DSOUND.DLL
?DSOUND.DLL
ZwConnectPort
ZwConnectPort
NTDLL.DLL
NTDLL.DLL
[VNC] PROCESS=%s
[VNC] PROCESS=%s
\explorer.exe
\explorer.exe
[VNC] SearchApp Status = %u
[VNC] SearchApp Status = %u
[VNC] FileName = %s
[VNC] FileName = %s
[VNC] CmdLine = %s
[VNC] CmdLine = %s
[VNC] W64 Redir OLD=%u
[VNC] W64 Redir OLD=%u
[VNC] CreateProcess Status = %u (%u)
[VNC] CreateProcess Status = %u (%u)
SysShadow
SysShadow
Chrome_WidgetWin_1
Chrome_WidgetWin_1
Chrome_WidgetWin_0
Chrome_WidgetWin_0
d3d10_1.dll
d3d10_1.dll
d3d10_1core.dll
d3d10_1core.dll
d3d10.dll
d3d10.dll
d3d10core.dll
d3d10core.dll
d2d1.dll
d2d1.dll
OPENGL32.dll
OPENGL32.dll
d3d9.dll
d3d9.dll
d3d11.dll
d3d11.dll
Dxtrans.dll
Dxtrans.dll
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyA
SHDeleteKeyA
SHLWAPI.dll
SHLWAPI.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
MSVCRT.dll
MSVCRT.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
AVIFIL32.dll
AVIFIL32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CallNamedPipeA
CallNamedPipeA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
SetViewportOrgEx
SetViewportOrgEx
RegEnumKeyExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegOpenKeyA
RegOpenKeyA
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CertOpenSystemStoreA
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
PFXExportCertStoreEx
PFXExportCertStoreEx
CRYPT32.dll
CRYPT32.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
COMDLG32.dll
COMDLG32.dll
WININET.DLL
WININET.DLL
=)=2===~=
=)=2===~=
3 343=3_3
3 343=3_3
= =,=`=}=
= =,=`=}=
.pdata
.pdata
@.reloc
@.reloc
[%s - X64 EQ PID: %u TID: %u]
[%s - X64 EQ PID: %u TID: %u]
\SysWOW64\regsvr32.exe
\SysWOW64\regsvr32.exe
[Pony] Fail create process: %u
[Pony] Fail create process: %u
[PONY] Fail inject to process: %u
[PONY] Fail inject to process: %u
echrome.dll
echrome.dll
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
\System32\KERNEL32.DLL
\System32\KERNEL32.DLL
\System32\kernelbase.dll
\System32\kernelbase.dll
\ThemeApiPort
\ThemeApiPort
Explorer.EXE_888_rwx_02000000_0007C000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
HHt.HHt
HHt.HHt
More information: hXXp://VVV.ibsensoftware.com/
More information: hXXp://VVV.ibsensoftware.com/
8HttpAddRequestHeadersA
8HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
wininet.dll
wininet.dll
rapport
rapport
ieframe.dll
ieframe.dll
NSPR4.DLL
NSPR4.DLL
nss3.dll
nss3.dll
KERNEL32.DLL
KERNEL32.DLL
\Google\Chrome\User Data\Default\
\Google\Chrome\User Data\Default\
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\
sol_chrome/
sol_chrome/
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
.rdata
.rdata
@http
@http
SELECT url FROM moz_places
SELECT url FROM moz_places
places.sqlite
places.sqlite
ie/history.txt
ie/history.txt
ff/history.txt
ff/history.txt
ff/%u/places.sqlite
ff/%u/places.sqlite
framework_key%
framework_key%
eval('var %s '
eval('var %s '
%s.Key = '%s';
%s.Key = '%s';
%s.Hide('%0.8X%0.8X');
%s.Hide('%0.8X%0.8X');
CertificateAuthority
CertificateAuthority
%s.pfx
%s.pfx
cookies.sqlite
cookies.sqlite
cookies.sqlite-journal
cookies.sqlite-journal
ff/%u/cookies.sqlite
ff/%u/cookies.sqlite
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
[%s - X32 EQ PID: %u TID: %u]
[%s - X32 EQ PID: %u TID: %u]
X-Firefox-Spdy
X-Firefox-Spdy
X-WebKit-CSP
X-WebKit-CSP
hXXps://
hXXps://
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Length: %u
Content-Length: %u
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.0
GET /favicon.ico HTTP/1.0
login=%s&pass=%s
login=%s&pass=%s
chrome.dll
chrome.dll
127.0.0.1
127.0.0.1
DrWeb
DrWeb
McAfee.com
McAfee.com
Doctor Web
Doctor Web
Common Files\Doctor Web
Common Files\Doctor Web
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
regsvr32.exe "%s"
regsvr32.exe "%s"
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
[VNC] Parse param error: %s
[VNC] Parse param error: %s
\regsvr32.exe
\regsvr32.exe
[VNC] Fail create process: %u
[VNC] Fail create process: %u
[VNC] Fail inject to process: %u
[VNC] Fail inject to process: %u
fv_%u.avi
fv_%u.avi
#FV_%u
#FV_%u
#FV_%s
#FV_%s
pass.txt
pass.txt
cert.pfx
cert.pfx
PFXImportCertStore
PFXImportCertStore
Crypt32.dll
Crypt32.dll
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3-1", false);
prefs.js
prefs.js
csrss.exe
csrss.exe
smss.exe
smss.exe
wininit.exe
wininit.exe
services.exe
services.exe
svchost.exe
svchost.exe
lsas.exe
lsas.exe
lsm.exe
lsm.exe
winlogon.exe
winlogon.exe
taskhost.exe
taskhost.exe
HttpEndRequestA
HttpEndRequestA
HttpEndRequestW
HttpEndRequestW
ADVAPI32.DLL
ADVAPI32.DLL
Init in Browser = %u
Init in Browser = %u
Init in Shell = %u
Init in Shell = %u
[Socks] Failt connect BC [%s:%u]
[Socks] Failt connect BC [%s:%u]
[Socks] Fail parse param: %s
[Socks] Fail parse param: %s
Shell Update Exists %s = %s
Shell Update Exists %s = %s
Shell Reload status = %u = %u
Shell Reload status = %u = %u
#cert
#cert
Del Old = %s
Del Old = %s
Del Reg = %s
Del Reg = %s
Fail Save New = %u
Fail Save New = %u
Reg Autorun = %u = %u = %ws = %ws
Reg Autorun = %u = %u = %ws = %ws
Updated fail size %u != %u
Updated fail size %u != %u
Updated RSA Init fail = %u
Updated RSA Init fail = %u
Sign Bad = %u
Sign Bad = %u
Save New File = %u = %u
Save New File = %u = %u
Update_InstallNew = %u = %u
Update_InstallNew = %u = %u
[Pony] Fail Get Pass
[Pony] Fail Get Pass
Start Update: %s = %u
Start Update: %s = %u
download status = %u =%u
download status = %u =%u
Updated status = %u
Updated status = %u
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status[Local]: %u = %u
DL_EXEC Status[Local]: %u = %u
Start Socks addr: %s
Start Socks addr: %s
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Local]: %u
Start Socks Status[Local]: %u
Start VNC addr: %s
Start VNC addr: %s
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Local]: %u
Start VNC Status[Local]: %u
msvcrt.dll
msvcrt.dll
%0.8X%0.8X%c
%0.8X%0.8X%c
firefox.exe
firefox.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
%Program Files%\Mozilla Firefox\
%Program Files%\Mozilla Firefox\
mozsqlite3.dll
mozsqlite3.dll
sqlite3_open
sqlite3_open
sqlite3_exec
sqlite3_exec
sqlite3_close
sqlite3_close
sqlite3_free
sqlite3_free
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
hXXp://
hXXp://
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
\\.\pipe\
\\.\pipe\
PID: %u [%0.2u:%0.2u:%0.2u]
PID: %u [%0.2u:%0.2u:%0.2u]
[BC] Cmd Ver Error
[BC] Cmd Ver Error
[BC] Wait Ping error %u[%u]
[BC] Wait Ping error %u[%u]
[BC] Fail Connect: %u
[BC] Fail Connect: %u
[BC] Fail read cmd
[BC] Fail read cmd
[BC] Cmd need reauth
[BC] Cmd need reauth
[BC] cmd error: %u
[BC] cmd error: %u
[BC] Cmd need disconnect
[BC] Cmd need disconnect
ntdll.dll
ntdll.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
account.cfg
account.cfg
account.cfn
account.cfn
Dir #%u
Dir #%u
.oeaccount
.oeaccount
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Mail
\Microsoft\Windows Mail
\Microsoft\Windows Mail
PopPort
PopPort
PopPassword
PopPassword
SmtpServer
SmtpServer
SmtpPort
SmtpPort
SmtpAccount
SmtpAccount
SmtpPassword
SmtpPassword
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
MS IE FTP Passwords
MS IE FTP Passwords
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
bitkinex.ds
bitkinex.ds
NDSites.ini
NDSites.ini
Software\LeechFTP
Software\LeechFTP
bookmark.dat
bookmark.dat
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
sites.db
sites.db
servers.xml
servers.xml
\FTPGetter
\FTPGetter
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
QData.dat
QData.dat
SM.arch
SM.arch
FTP .Link\shell\open\command
FTP .Link\shell\open\command
NppFTP.xml
NppFTP.xml
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
\sites.xml
\sites.xml
ftplast.osd
ftplast.osd
\SharedSettings.ccs
\SharedSettings.ccs
\SharedSettings.sqlite
\SharedSettings.sqlite
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.sqlite
\SharedSettings_1_0_5.sqlite
\32BitFtp.ini
\32BitFtp.ini
FTPCON
FTPCON
FTP CONTROL
FTP CONTROL
FTPVoyager.ftp
FTPVoyager.ftp
\RhinoSoft.com
\RhinoSoft.com
FTPVoyager.qc
FTPVoyager.qc
FTPVoyager.Archive
FTPVoyager.Archive
SiteInfo.QFP
SiteInfo.QFP
WinFTP
WinFTP
DeluxeFTP
DeluxeFTP
sites.xml
sites.xml
Staff-FTP
Staff-FTP
sites.ini
sites.ini
FreshFTP
FreshFTP
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
GoFTP
GoFTP
Connections.txt
Connections.txt
3D-FTP
3D-FTP
\3D-FTP
\3D-FTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
EasyFTP
EasyFTP
FTPNow
FTPNow
FTP Now
FTP Now
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
ftpsite.ini
ftpsite.ini
FTPList.db
FTPList.db
My FTP
My FTP
project.ini
project.ini
Mailbox.ini
Mailbox.ini
FTP Navigator
FTP Navigator
FTP Commander
FTP Commander
ftplist.txt
ftplist.txt
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
FtpPort
FtpPort
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
_Password
_Password
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpDirectory
FtpDirectory
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
PortNumber
PortNumber
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
FTP destination password
FTP destination password
FTP destination server
FTP destination server
FTP destination port
FTP destination port
FTP destination user
FTP destination user
FTP destination catalog
FTP destination catalog
FTP profiles
FTP profiles
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\PocoSystem.ini
\PocoSystem.ini
accounts.ini
accounts.ini
sites.dat
sites.dat
\LeapWare\LeapFTP
\LeapWare\LeapFTP
unleap.exe
unleap.exe
leapftp
leapftp
FtpIniName
FtpIniName
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
wcx_PTF.ini
wcx_PTF.ini
Server.Pass
Server.Pass
Server.Host
Server.Host
Server.User
Server.User
Server.Port
Server.Port
Last Server Pass
Last Server Pass
Last Server Port
Last Server Port
\sitemanager.xml
\sitemanager.xml
\recentservers.xml
\recentservers.xml
\filezilla.xml
\filezilla.xml
"password" : "
"password" : "
"password":"
"password":"
\drives.js
\drives.js
\ExpanDrive\favorites.js
\ExpanDrive\favorites.js
\ExpanDrive\drives.js
\ExpanDrive\drives.js
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
wiseftpsrvs.bin
wiseftpsrvs.bin
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
FTP Count
FTP Count
FTP File%u
FTP File%u
Robo-FTP
Robo-FTP
SOFTWARE\%s\FTPServers
SOFTWARE\%s\FTPServers
user.config
user.config
.duck
.duck
SiteServer %u\Host
SiteServer %u\Host
SiteServer %u\WebUrl
SiteServer %u\WebUrl
SiteServer %u\Remote Directory
SiteServer %u\Remote Directory
SiteServer %u-User
SiteServer %u-User
SiteServer %u-User PW
SiteServer %u-User PW
SiteServer %u\SFTP
SiteServer %u\SFTP
Keychain
Keychain
Software\Nico Mak Computing\WinZip\FTP
Software\Nico Mak Computing\WinZip\FTP
Password
Password
Software\Far\Plugins\FTP\Hosts
Software\Far\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far\SavedDialogHistory\FTPHost
Software\Far\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
\win.ini
\win.ini
WS_FTP
WS_FTP
\Ipswitch\WS_FTP
\Ipswitch\WS_FTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
\Sites.dat
\Sites.dat
\Quick.dat
\Quick.dat
\History.dat
\History.dat
Software\BPFTP\Bullet Proof FTP\Main
Software\BPFTP\Bullet Proof FTP\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BPFTP\Bullet Proof FTP\Options
Software\BPFTP\Bullet Proof FTP\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BPFTP
Software\BPFTP
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
History.dat
History.dat
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
Port
Port
Login
Login
PasswordType
PasswordType
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
FtpSite.xml
FtpSite.xml
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3.dll
sqlite3.dll
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_blob
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
PTF://
PTF://
signons.sqlite
signons.sqlite
\profiles.ini
\profiles.ini
PathToExe
PathToExe
\Mozilla\Firefox\
\Mozilla\Firefox\
Firefox
Firefox
Software\Mozilla
Software\Mozilla
fireFTPsites.dat
fireFTPsites.dat
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SeaMonkey
SeaMonkey
\Mozilla\Profiles\
\Mozilla\Profiles\
Mozilla
Mozilla
password 51:b:
password 51:b:
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
SMTP User Name
SMTP User Name
HTTP User
HTTP User
HTTP Server URL
HTTP Server URL
HTTPMail User Name
HTTPMail User Name
HTTPMail Server
HTTPMail Server
SMTP User
SMTP User
POP3 Port
POP3 Port
SMTP Port
SMTP Port
IMAP Port
IMAP Port
POP3 Password2
POP3 Password2
IMAP Password2
IMAP Password2
NNTP Password2
NNTP Password2
HTTPMail Password2
HTTPMail Password2
SMTP Password2
SMTP Password2
POP3 Password
POP3 Password
IMAP Password
IMAP Password
NNTP Password
NNTP Password
HTTPMail Password
HTTPMail Password
SMTP Password
SMTP Password
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
inetcomm server passwords
inetcomm server passwords
outlook account manager passwords
outlook account manager passwords
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Pstorec.dll
Pstorec.dll
[VNC] EXEC: %s
[VNC] EXEC: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[VDESK] Read CMD %u[%u]
[VDESK] Read CMD %u[%u]
[VDESK] NOT AUTH CMD %u
[VDESK] NOT AUTH CMD %u
GetAsyncKeyState
GetAsyncKeyState
USER32.DLL
USER32.DLL
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
?WINMM.DLL
?WINMM.DLL
?DSOUND.DLL
?DSOUND.DLL
ZwConnectPort
ZwConnectPort
NTDLL.DLL
NTDLL.DLL
[VNC] PROCESS=%s
[VNC] PROCESS=%s
\explorer.exe
\explorer.exe
[VNC] SearchApp Status = %u
[VNC] SearchApp Status = %u
[VNC] FileName = %s
[VNC] FileName = %s
[VNC] CmdLine = %s
[VNC] CmdLine = %s
[VNC] W64 Redir OLD=%u
[VNC] W64 Redir OLD=%u
[VNC] CreateProcess Status = %u (%u)
[VNC] CreateProcess Status = %u (%u)
SysShadow
SysShadow
Chrome_WidgetWin_1
Chrome_WidgetWin_1
Chrome_WidgetWin_0
Chrome_WidgetWin_0
d3d10_1.dll
d3d10_1.dll
d3d10_1core.dll
d3d10_1core.dll
d3d10.dll
d3d10.dll
d3d10core.dll
d3d10core.dll
d2d1.dll
d2d1.dll
OPENGL32.dll
OPENGL32.dll
d3d9.dll
d3d9.dll
d3d11.dll
d3d11.dll
Dxtrans.dll
Dxtrans.dll
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyA
SHDeleteKeyA
SHLWAPI.dll
SHLWAPI.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
MSVCRT.dll
MSVCRT.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
AVIFIL32.dll
AVIFIL32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CallNamedPipeA
CallNamedPipeA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
SetViewportOrgEx
SetViewportOrgEx
RegEnumKeyExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegOpenKeyA
RegOpenKeyA
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CertOpenSystemStoreA
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
PFXExportCertStoreEx
PFXExportCertStoreEx
CRYPT32.dll
CRYPT32.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
COMDLG32.dll
COMDLG32.dll
WININET.DLL
WININET.DLL
{7BD47FDD-1028-4944-A268-024C76A61BA9}
{7BD47FDD-1028-4944-A268-024C76A61BA9}
{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{4E153850-602D-4819-B83D-3CCD0A1E7351}
{4E153850-602D-4819-B83D-3CCD0A1E7351}
{1DB12055-380D-432E-9763-74AF5EF609C7}
{1DB12055-380D-432E-9763-74AF5EF609C7}
{1DB54A51-7DD5-412D-BFAE-04066B1F7E58}
{1DB54A51-7DD5-412D-BFAE-04066B1F7E58}
{6BDA2D4D-43CE-4CEF-B412-5DC94F387B59}
{6BDA2D4D-43CE-4CEF-B412-5DC94F387B59}
{11166F2F-6DE1-4205-8360-3AB2448931C2}
{11166F2F-6DE1-4205-8360-3AB2448931C2}
{7B4F16B2-1959-4C21-97FE-6A7768C974CF}
{7B4F16B2-1959-4C21-97FE-6A7768C974CF}
{433D2A25-41C1-4D21-8ED6-4EEC2CFE2DF1}
{433D2A25-41C1-4D21-8ED6-4EEC2CFE2DF1}
{77101F80-23B8-43A9-AE7B-5CC95982109D}
{77101F80-23B8-43A9-AE7B-5CC95982109D}
\\.\pipe\{615F04F4-5F33-42AB-BE17-250A447B0979}
\\.\pipe\{615F04F4-5F33-42AB-BE17-250A447B0979}
D{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
D{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{56E926DB-5D71-499E-8BBB-2E28568040CB}
{56E926DB-5D71-499E-8BBB-2E28568040CB}
U{4E153850-602D-4819-B83D-3CCD0A1E7351}
U{4E153850-602D-4819-B83D-3CCD0A1E7351}
2FFC7DAE-2BDA-4ABF-A443-1DD264C72327
2FFC7DAE-2BDA-4ABF-A443-1DD264C72327
=)=2===~=
=)=2===~=
3 343=3_3
3 343=3_3
= =,=`=}=
= =,=`=}=
echrome.dll
echrome.dll
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
\System32\KERNEL32.DLL
\System32\KERNEL32.DLL
\System32\kernelbase.dll
\System32\kernelbase.dll
\ThemeApiPort
\ThemeApiPort
%WinDir%\Explorer.EXE
%WinDir%\Explorer.EXE
spoolsv.exe_1436_rwx_00F50000_00054000:
%Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat
%Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
HHt.HHt
HHt.HHt
More information: hXXp://VVV.ibsensoftware.com/
More information: hXXp://VVV.ibsensoftware.com/
8HttpAddRequestHeadersA
8HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
wininet.dll
wininet.dll
rapport
rapport
ieframe.dll
ieframe.dll
NSPR4.DLL
NSPR4.DLL
nss3.dll
nss3.dll
KERNEL32.DLL
KERNEL32.DLL
\Google\Chrome\User Data\Default\
\Google\Chrome\User Data\Default\
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\
sol_chrome/
sol_chrome/
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
.rdata
.rdata
@http
@http
SELECT url FROM moz_places
SELECT url FROM moz_places
places.sqlite
places.sqlite
ie/history.txt
ie/history.txt
ff/history.txt
ff/history.txt
ff/%u/places.sqlite
ff/%u/places.sqlite
framework_key%
framework_key%
eval('var %s '
eval('var %s '
%s.Key = '%s';
%s.Key = '%s';
%s.Hide('%0.8X%0.8X');
%s.Hide('%0.8X%0.8X');
CertificateAuthority
CertificateAuthority
%s.pfx
%s.pfx
cookies.sqlite
cookies.sqlite
cookies.sqlite-journal
cookies.sqlite-journal
ff/%u/cookies.sqlite
ff/%u/cookies.sqlite
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
[%s - X32 EQ PID: %u TID: %u]
[%s - X32 EQ PID: %u TID: %u]
X-Firefox-Spdy
X-Firefox-Spdy
X-WebKit-CSP
X-WebKit-CSP
hXXps://
hXXps://
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Length: %u
Content-Length: %u
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.0
GET /favicon.ico HTTP/1.0
login=%s&pass=%s
login=%s&pass=%s
chrome.dll
chrome.dll
127.0.0.1
127.0.0.1
DrWeb
DrWeb
McAfee.com
McAfee.com
Doctor Web
Doctor Web
Common Files\Doctor Web
Common Files\Doctor Web
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
regsvr32.exe "%s"
regsvr32.exe "%s"
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
[VNC] Parse param error: %s
[VNC] Parse param error: %s
\regsvr32.exe
\regsvr32.exe
[VNC] Fail create process: %u
[VNC] Fail create process: %u
[VNC] Fail inject to process: %u
[VNC] Fail inject to process: %u
fv_%u.avi
fv_%u.avi
#FV_%u
#FV_%u
#FV_%s
#FV_%s
pass.txt
pass.txt
cert.pfx
cert.pfx
PFXImportCertStore
PFXImportCertStore
Crypt32.dll
Crypt32.dll
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3-1", false);
prefs.js
prefs.js
csrss.exe
csrss.exe
smss.exe
smss.exe
wininit.exe
wininit.exe
services.exe
services.exe
svchost.exe
svchost.exe
lsas.exe
lsas.exe
lsm.exe
lsm.exe
winlogon.exe
winlogon.exe
taskhost.exe
taskhost.exe
HttpEndRequestA
HttpEndRequestA
HttpEndRequestW
HttpEndRequestW
ADVAPI32.DLL
ADVAPI32.DLL
Init in Browser = %u
Init in Browser = %u
Init in Shell = %u
Init in Shell = %u
[Socks] Failt connect BC [%s:%u]
[Socks] Failt connect BC [%s:%u]
[Socks] Fail parse param: %s
[Socks] Fail parse param: %s
Shell Update Exists %s = %s
Shell Update Exists %s = %s
Shell Reload status = %u = %u
Shell Reload status = %u = %u
#cert
#cert
Del Old = %s
Del Old = %s
Del Reg = %s
Del Reg = %s
Fail Save New = %u
Fail Save New = %u
Reg Autorun = %u = %u = %ws = %ws
Reg Autorun = %u = %u = %ws = %ws
Updated fail size %u != %u
Updated fail size %u != %u
Updated RSA Init fail = %u
Updated RSA Init fail = %u
Sign Bad = %u
Sign Bad = %u
Save New File = %u = %u
Save New File = %u = %u
Update_InstallNew = %u = %u
Update_InstallNew = %u = %u
[Pony] Fail Get Pass
[Pony] Fail Get Pass
Start Update: %s = %u
Start Update: %s = %u
download status = %u =%u
download status = %u =%u
Updated status = %u
Updated status = %u
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status[Local]: %u = %u
DL_EXEC Status[Local]: %u = %u
Start Socks addr: %s
Start Socks addr: %s
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Local]: %u
Start Socks Status[Local]: %u
Start VNC addr: %s
Start VNC addr: %s
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Local]: %u
Start VNC Status[Local]: %u
msvcrt.dll
msvcrt.dll
%0.8X%0.8X%c
%0.8X%0.8X%c
firefox.exe
firefox.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
%Program Files%\Mozilla Firefox\
%Program Files%\Mozilla Firefox\
mozsqlite3.dll
mozsqlite3.dll
sqlite3_open
sqlite3_open
sqlite3_exec
sqlite3_exec
sqlite3_close
sqlite3_close
sqlite3_free
sqlite3_free
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
hXXp://
hXXp://
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
\\.\pipe\
\\.\pipe\
PID: %u [%0.2u:%0.2u:%0.2u]
PID: %u [%0.2u:%0.2u:%0.2u]
[BC] Cmd Ver Error
[BC] Cmd Ver Error
[BC] Wait Ping error %u[%u]
[BC] Wait Ping error %u[%u]
[BC] Fail Connect: %u
[BC] Fail Connect: %u
[BC] Fail read cmd
[BC] Fail read cmd
[BC] Cmd need reauth
[BC] Cmd need reauth
[BC] cmd error: %u
[BC] cmd error: %u
[BC] Cmd need disconnect
[BC] Cmd need disconnect
ntdll.dll
ntdll.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
account.cfg
account.cfg
account.cfn
account.cfn
Dir #%u
Dir #%u
.oeaccount
.oeaccount
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Mail
\Microsoft\Windows Mail
\Microsoft\Windows Mail
PopPort
PopPort
PopPassword
PopPassword
SmtpServer
SmtpServer
SmtpPort
SmtpPort
SmtpAccount
SmtpAccount
SmtpPassword
SmtpPassword
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
MS IE FTP Passwords
MS IE FTP Passwords
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
bitkinex.ds
bitkinex.ds
NDSites.ini
NDSites.ini
Software\LeechFTP
Software\LeechFTP
bookmark.dat
bookmark.dat
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
sites.db
sites.db
servers.xml
servers.xml
\FTPGetter
\FTPGetter
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
QData.dat
QData.dat
SM.arch
SM.arch
FTP .Link\shell\open\command
FTP .Link\shell\open\command
NppFTP.xml
NppFTP.xml
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
\sites.xml
\sites.xml
ftplast.osd
ftplast.osd
\SharedSettings.ccs
\SharedSettings.ccs
\SharedSettings.sqlite
\SharedSettings.sqlite
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.sqlite
\SharedSettings_1_0_5.sqlite
\32BitFtp.ini
\32BitFtp.ini
FTPCON
FTPCON
FTP CONTROL
FTP CONTROL
FTPVoyager.ftp
FTPVoyager.ftp
\RhinoSoft.com
\RhinoSoft.com
FTPVoyager.qc
FTPVoyager.qc
FTPVoyager.Archive
FTPVoyager.Archive
SiteInfo.QFP
SiteInfo.QFP
WinFTP
WinFTP
DeluxeFTP
DeluxeFTP
sites.xml
sites.xml
Staff-FTP
Staff-FTP
sites.ini
sites.ini
FreshFTP
FreshFTP
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
GoFTP
GoFTP
Connections.txt
Connections.txt
3D-FTP
3D-FTP
\3D-FTP
\3D-FTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
EasyFTP
EasyFTP
FTPNow
FTPNow
FTP Now
FTP Now
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
ftpsite.ini
ftpsite.ini
FTPList.db
FTPList.db
My FTP
My FTP
project.ini
project.ini
Mailbox.ini
Mailbox.ini
FTP Navigator
FTP Navigator
FTP Commander
FTP Commander
ftplist.txt
ftplist.txt
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
FtpPort
FtpPort
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
_Password
_Password
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpDirectory
FtpDirectory
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
PortNumber
PortNumber
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
FTP destination password
FTP destination password
FTP destination server
FTP destination server
FTP destination port
FTP destination port
FTP destination user
FTP destination user
FTP destination catalog
FTP destination catalog
FTP profiles
FTP profiles
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\PocoSystem.ini
\PocoSystem.ini
accounts.ini
accounts.ini
sites.dat
sites.dat
\LeapWare\LeapFTP
\LeapWare\LeapFTP
unleap.exe
unleap.exe
leapftp
leapftp
FtpIniName
FtpIniName
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
wcx_PTF.ini
wcx_PTF.ini
Server.Pass
Server.Pass
Server.Host
Server.Host
Server.User
Server.User
Server.Port
Server.Port
Last Server Pass
Last Server Pass
Last Server Port
Last Server Port
\sitemanager.xml
\sitemanager.xml
\recentservers.xml
\recentservers.xml
\filezilla.xml
\filezilla.xml
"password" : "
"password" : "
"password":"
"password":"
\drives.js
\drives.js
\ExpanDrive\favorites.js
\ExpanDrive\favorites.js
\ExpanDrive\drives.js
\ExpanDrive\drives.js
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
wiseftpsrvs.bin
wiseftpsrvs.bin
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
FTP Count
FTP Count
FTP File%u
FTP File%u
Robo-FTP
Robo-FTP
SOFTWARE\%s\FTPServers
SOFTWARE\%s\FTPServers
user.config
user.config
.duck
.duck
SiteServer %u\Host
SiteServer %u\Host
SiteServer %u\WebUrl
SiteServer %u\WebUrl
SiteServer %u\Remote Directory
SiteServer %u\Remote Directory
SiteServer %u-User
SiteServer %u-User
SiteServer %u-User PW
SiteServer %u-User PW
SiteServer %u\SFTP
SiteServer %u\SFTP
Keychain
Keychain
Software\Nico Mak Computing\WinZip\FTP
Software\Nico Mak Computing\WinZip\FTP
Password
Password
Software\Far\Plugins\FTP\Hosts
Software\Far\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far\SavedDialogHistory\FTPHost
Software\Far\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
\win.ini
\win.ini
WS_FTP
WS_FTP
\Ipswitch\WS_FTP
\Ipswitch\WS_FTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
\Sites.dat
\Sites.dat
\Quick.dat
\Quick.dat
\History.dat
\History.dat
Software\BPFTP\Bullet Proof FTP\Main
Software\BPFTP\Bullet Proof FTP\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BPFTP\Bullet Proof FTP\Options
Software\BPFTP\Bullet Proof FTP\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BPFTP
Software\BPFTP
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
History.dat
History.dat
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
Port
Port
Login
Login
PasswordType
PasswordType
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
FtpSite.xml
FtpSite.xml
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3.dll
sqlite3.dll
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_blob
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
PTF://
PTF://
signons.sqlite
signons.sqlite
\profiles.ini
\profiles.ini
PathToExe
PathToExe
\Mozilla\Firefox\
\Mozilla\Firefox\
Firefox
Firefox
Software\Mozilla
Software\Mozilla
fireFTPsites.dat
fireFTPsites.dat
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SeaMonkey
SeaMonkey
\Mozilla\Profiles\
\Mozilla\Profiles\
Mozilla
Mozilla
password 51:b:
password 51:b:
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
SMTP User Name
SMTP User Name
HTTP User
HTTP User
HTTP Server URL
HTTP Server URL
HTTPMail User Name
HTTPMail User Name
HTTPMail Server
HTTPMail Server
SMTP User
SMTP User
POP3 Port
POP3 Port
SMTP Port
SMTP Port
IMAP Port
IMAP Port
POP3 Password2
POP3 Password2
IMAP Password2
IMAP Password2
NNTP Password2
NNTP Password2
HTTPMail Password2
HTTPMail Password2
SMTP Password2
SMTP Password2
POP3 Password
POP3 Password
IMAP Password
IMAP Password
NNTP Password
NNTP Password
HTTPMail Password
HTTPMail Password
SMTP Password
SMTP Password
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
inetcomm server passwords
inetcomm server passwords
outlook account manager passwords
outlook account manager passwords
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Pstorec.dll
Pstorec.dll
[VNC] EXEC: %s
[VNC] EXEC: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[VDESK] Read CMD %u[%u]
[VDESK] Read CMD %u[%u]
[VDESK] NOT AUTH CMD %u
[VDESK] NOT AUTH CMD %u
GetAsyncKeyState
GetAsyncKeyState
USER32.DLL
USER32.DLL
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
?WINMM.DLL
?WINMM.DLL
?DSOUND.DLL
?DSOUND.DLL
ZwConnectPort
ZwConnectPort
NTDLL.DLL
NTDLL.DLL
[VNC] PROCESS=%s
[VNC] PROCESS=%s
\explorer.exe
\explorer.exe
[VNC] SearchApp Status = %u
[VNC] SearchApp Status = %u
[VNC] FileName = %s
[VNC] FileName = %s
[VNC] CmdLine = %s
[VNC] CmdLine = %s
[VNC] W64 Redir OLD=%u
[VNC] W64 Redir OLD=%u
[VNC] CreateProcess Status = %u (%u)
[VNC] CreateProcess Status = %u (%u)
SysShadow
SysShadow
Chrome_WidgetWin_1
Chrome_WidgetWin_1
Chrome_WidgetWin_0
Chrome_WidgetWin_0
d3d10_1.dll
d3d10_1.dll
d3d10_1core.dll
d3d10_1core.dll
d3d10.dll
d3d10.dll
d3d10core.dll
d3d10core.dll
d2d1.dll
d2d1.dll
OPENGL32.dll
OPENGL32.dll
d3d9.dll
d3d9.dll
d3d11.dll
d3d11.dll
Dxtrans.dll
Dxtrans.dll
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyA
SHDeleteKeyA
SHLWAPI.dll
SHLWAPI.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
MSVCRT.dll
MSVCRT.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
AVIFIL32.dll
AVIFIL32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CallNamedPipeA
CallNamedPipeA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
SetViewportOrgEx
SetViewportOrgEx
RegEnumKeyExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegOpenKeyA
RegOpenKeyA
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CertOpenSystemStoreA
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
PFXExportCertStoreEx
PFXExportCertStoreEx
CRYPT32.dll
CRYPT32.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
COMDLG32.dll
COMDLG32.dll
WININET.DLL
WININET.DLL
=)=2===~=
=)=2===~=
3 343=3_3
3 343=3_3
= =,=`=}=
= =,=`=}=
.pdata
.pdata
@.reloc
@.reloc
[%s - X64 EQ PID: %u TID: %u]
[%s - X64 EQ PID: %u TID: %u]
\SysWOW64\regsvr32.exe
\SysWOW64\regsvr32.exe
[Pony] Fail create process: %u
[Pony] Fail create process: %u
[PONY] Fail inject to process: %u
[PONY] Fail inject to process: %u
echrome.dll
echrome.dll
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
\System32\KERNEL32.DLL
\System32\KERNEL32.DLL
\System32\kernelbase.dll
\System32\kernelbase.dll
\ThemeApiPort
\ThemeApiPort
spoolsv.exe_1436_rwx_01460000_0007C000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
HHt.HHt
HHt.HHt
More information: hXXp://VVV.ibsensoftware.com/
More information: hXXp://VVV.ibsensoftware.com/
8HttpAddRequestHeadersA
8HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
wininet.dll
wininet.dll
rapport
rapport
ieframe.dll
ieframe.dll
NSPR4.DLL
NSPR4.DLL
nss3.dll
nss3.dll
KERNEL32.DLL
KERNEL32.DLL
\Google\Chrome\User Data\Default\
\Google\Chrome\User Data\Default\
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\
sol_chrome/
sol_chrome/
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
.rdata
.rdata
@http
@http
SELECT url FROM moz_places
SELECT url FROM moz_places
places.sqlite
places.sqlite
ie/history.txt
ie/history.txt
ff/history.txt
ff/history.txt
ff/%u/places.sqlite
ff/%u/places.sqlite
framework_key%
framework_key%
eval('var %s '
eval('var %s '
%s.Key = '%s';
%s.Key = '%s';
%s.Hide('%0.8X%0.8X');
%s.Hide('%0.8X%0.8X');
CertificateAuthority
CertificateAuthority
%s.pfx
%s.pfx
cookies.sqlite
cookies.sqlite
cookies.sqlite-journal
cookies.sqlite-journal
ff/%u/cookies.sqlite
ff/%u/cookies.sqlite
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
[%s - X32 EQ PID: %u TID: %u]
[%s - X32 EQ PID: %u TID: %u]
X-Firefox-Spdy
X-Firefox-Spdy
X-WebKit-CSP
X-WebKit-CSP
hXXps://
hXXps://
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Length: %u
Content-Length: %u
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.0
GET /favicon.ico HTTP/1.0
login=%s&pass=%s
login=%s&pass=%s
chrome.dll
chrome.dll
127.0.0.1
127.0.0.1
DrWeb
DrWeb
McAfee.com
McAfee.com
Doctor Web
Doctor Web
Common Files\Doctor Web
Common Files\Doctor Web
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
regsvr32.exe "%s"
regsvr32.exe "%s"
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
[VNC] Parse param error: %s
[VNC] Parse param error: %s
\regsvr32.exe
\regsvr32.exe
[VNC] Fail create process: %u
[VNC] Fail create process: %u
[VNC] Fail inject to process: %u
[VNC] Fail inject to process: %u
fv_%u.avi
fv_%u.avi
#FV_%u
#FV_%u
#FV_%s
#FV_%s
pass.txt
pass.txt
cert.pfx
cert.pfx
PFXImportCertStore
PFXImportCertStore
Crypt32.dll
Crypt32.dll
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3-1", false);
prefs.js
prefs.js
csrss.exe
csrss.exe
smss.exe
smss.exe
wininit.exe
wininit.exe
services.exe
services.exe
svchost.exe
svchost.exe
lsas.exe
lsas.exe
lsm.exe
lsm.exe
winlogon.exe
winlogon.exe
taskhost.exe
taskhost.exe
HttpEndRequestA
HttpEndRequestA
HttpEndRequestW
HttpEndRequestW
ADVAPI32.DLL
ADVAPI32.DLL
Init in Browser = %u
Init in Browser = %u
Init in Shell = %u
Init in Shell = %u
[Socks] Failt connect BC [%s:%u]
[Socks] Failt connect BC [%s:%u]
[Socks] Fail parse param: %s
[Socks] Fail parse param: %s
Shell Update Exists %s = %s
Shell Update Exists %s = %s
Shell Reload status = %u = %u
Shell Reload status = %u = %u
#cert
#cert
Del Old = %s
Del Old = %s
Del Reg = %s
Del Reg = %s
Fail Save New = %u
Fail Save New = %u
Reg Autorun = %u = %u = %ws = %ws
Reg Autorun = %u = %u = %ws = %ws
Updated fail size %u != %u
Updated fail size %u != %u
Updated RSA Init fail = %u
Updated RSA Init fail = %u
Sign Bad = %u
Sign Bad = %u
Save New File = %u = %u
Save New File = %u = %u
Update_InstallNew = %u = %u
Update_InstallNew = %u = %u
[Pony] Fail Get Pass
[Pony] Fail Get Pass
Start Update: %s = %u
Start Update: %s = %u
download status = %u =%u
download status = %u =%u
Updated status = %u
Updated status = %u
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status[Local]: %u = %u
DL_EXEC Status[Local]: %u = %u
Start Socks addr: %s
Start Socks addr: %s
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Local]: %u
Start Socks Status[Local]: %u
Start VNC addr: %s
Start VNC addr: %s
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Local]: %u
Start VNC Status[Local]: %u
msvcrt.dll
msvcrt.dll
%0.8X%0.8X%c
%0.8X%0.8X%c
firefox.exe
firefox.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
%Program Files%\Mozilla Firefox\
%Program Files%\Mozilla Firefox\
mozsqlite3.dll
mozsqlite3.dll
sqlite3_open
sqlite3_open
sqlite3_exec
sqlite3_exec
sqlite3_close
sqlite3_close
sqlite3_free
sqlite3_free
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
hXXp://
hXXp://
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
\\.\pipe\
\\.\pipe\
PID: %u [%0.2u:%0.2u:%0.2u]
PID: %u [%0.2u:%0.2u:%0.2u]
[BC] Cmd Ver Error
[BC] Cmd Ver Error
[BC] Wait Ping error %u[%u]
[BC] Wait Ping error %u[%u]
[BC] Fail Connect: %u
[BC] Fail Connect: %u
[BC] Fail read cmd
[BC] Fail read cmd
[BC] Cmd need reauth
[BC] Cmd need reauth
[BC] cmd error: %u
[BC] cmd error: %u
[BC] Cmd need disconnect
[BC] Cmd need disconnect
ntdll.dll
ntdll.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
account.cfg
account.cfg
account.cfn
account.cfn
Dir #%u
Dir #%u
.oeaccount
.oeaccount
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Mail
\Microsoft\Windows Mail
\Microsoft\Windows Mail
PopPort
PopPort
PopPassword
PopPassword
SmtpServer
SmtpServer
SmtpPort
SmtpPort
SmtpAccount
SmtpAccount
SmtpPassword
SmtpPassword
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
MS IE FTP Passwords
MS IE FTP Passwords
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
bitkinex.ds
bitkinex.ds
NDSites.ini
NDSites.ini
Software\LeechFTP
Software\LeechFTP
bookmark.dat
bookmark.dat
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
sites.db
sites.db
servers.xml
servers.xml
\FTPGetter
\FTPGetter
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
QData.dat
QData.dat
SM.arch
SM.arch
FTP .Link\shell\open\command
FTP .Link\shell\open\command
NppFTP.xml
NppFTP.xml
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
\sites.xml
\sites.xml
ftplast.osd
ftplast.osd
\SharedSettings.ccs
\SharedSettings.ccs
\SharedSettings.sqlite
\SharedSettings.sqlite
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.sqlite
\SharedSettings_1_0_5.sqlite
\32BitFtp.ini
\32BitFtp.ini
FTPCON
FTPCON
FTP CONTROL
FTP CONTROL
FTPVoyager.ftp
FTPVoyager.ftp
\RhinoSoft.com
\RhinoSoft.com
FTPVoyager.qc
FTPVoyager.qc
FTPVoyager.Archive
FTPVoyager.Archive
SiteInfo.QFP
SiteInfo.QFP
WinFTP
WinFTP
DeluxeFTP
DeluxeFTP
sites.xml
sites.xml
Staff-FTP
Staff-FTP
sites.ini
sites.ini
FreshFTP
FreshFTP
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
GoFTP
GoFTP
Connections.txt
Connections.txt
3D-FTP
3D-FTP
\3D-FTP
\3D-FTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
EasyFTP
EasyFTP
FTPNow
FTPNow
FTP Now
FTP Now
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
ftpsite.ini
ftpsite.ini
FTPList.db
FTPList.db
My FTP
My FTP
project.ini
project.ini
Mailbox.ini
Mailbox.ini
FTP Navigator
FTP Navigator
FTP Commander
FTP Commander
ftplist.txt
ftplist.txt
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
FtpPort
FtpPort
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
_Password
_Password
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpDirectory
FtpDirectory
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
PortNumber
PortNumber
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
FTP destination password
FTP destination password
FTP destination server
FTP destination server
FTP destination port
FTP destination port
FTP destination user
FTP destination user
FTP destination catalog
FTP destination catalog
FTP profiles
FTP profiles
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\PocoSystem.ini
\PocoSystem.ini
accounts.ini
accounts.ini
sites.dat
sites.dat
\LeapWare\LeapFTP
\LeapWare\LeapFTP
unleap.exe
unleap.exe
leapftp
leapftp
FtpIniName
FtpIniName
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
wcx_PTF.ini
wcx_PTF.ini
Server.Pass
Server.Pass
Server.Host
Server.Host
Server.User
Server.User
Server.Port
Server.Port
Last Server Pass
Last Server Pass
Last Server Port
Last Server Port
\sitemanager.xml
\sitemanager.xml
\recentservers.xml
\recentservers.xml
\filezilla.xml
\filezilla.xml
"password" : "
"password" : "
"password":"
"password":"
\drives.js
\drives.js
\ExpanDrive\favorites.js
\ExpanDrive\favorites.js
\ExpanDrive\drives.js
\ExpanDrive\drives.js
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
wiseftpsrvs.bin
wiseftpsrvs.bin
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
FTP Count
FTP Count
FTP File%u
FTP File%u
Robo-FTP
Robo-FTP
SOFTWARE\%s\FTPServers
SOFTWARE\%s\FTPServers
user.config
user.config
.duck
.duck
SiteServer %u\Host
SiteServer %u\Host
SiteServer %u\WebUrl
SiteServer %u\WebUrl
SiteServer %u\Remote Directory
SiteServer %u\Remote Directory
SiteServer %u-User
SiteServer %u-User
SiteServer %u-User PW
SiteServer %u-User PW
SiteServer %u\SFTP
SiteServer %u\SFTP
Keychain
Keychain
Software\Nico Mak Computing\WinZip\FTP
Software\Nico Mak Computing\WinZip\FTP
Password
Password
Software\Far\Plugins\FTP\Hosts
Software\Far\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far\SavedDialogHistory\FTPHost
Software\Far\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
\win.ini
\win.ini
WS_FTP
WS_FTP
\Ipswitch\WS_FTP
\Ipswitch\WS_FTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
\Sites.dat
\Sites.dat
\Quick.dat
\Quick.dat
\History.dat
\History.dat
Software\BPFTP\Bullet Proof FTP\Main
Software\BPFTP\Bullet Proof FTP\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BPFTP\Bullet Proof FTP\Options
Software\BPFTP\Bullet Proof FTP\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BPFTP
Software\BPFTP
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
History.dat
History.dat
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
Port
Port
Login
Login
PasswordType
PasswordType
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
FtpSite.xml
FtpSite.xml
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3.dll
sqlite3.dll
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_blob
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
PTF://
PTF://
signons.sqlite
signons.sqlite
\profiles.ini
\profiles.ini
PathToExe
PathToExe
\Mozilla\Firefox\
\Mozilla\Firefox\
Firefox
Firefox
Software\Mozilla
Software\Mozilla
fireFTPsites.dat
fireFTPsites.dat
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SeaMonkey
SeaMonkey
\Mozilla\Profiles\
\Mozilla\Profiles\
Mozilla
Mozilla
password 51:b:
password 51:b:
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
SMTP User Name
SMTP User Name
HTTP User
HTTP User
HTTP Server URL
HTTP Server URL
HTTPMail User Name
HTTPMail User Name
HTTPMail Server
HTTPMail Server
SMTP User
SMTP User
POP3 Port
POP3 Port
SMTP Port
SMTP Port
IMAP Port
IMAP Port
POP3 Password2
POP3 Password2
IMAP Password2
IMAP Password2
NNTP Password2
NNTP Password2
HTTPMail Password2
HTTPMail Password2
SMTP Password2
SMTP Password2
POP3 Password
POP3 Password
IMAP Password
IMAP Password
NNTP Password
NNTP Password
HTTPMail Password
HTTPMail Password
SMTP Password
SMTP Password
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
inetcomm server passwords
inetcomm server passwords
outlook account manager passwords
outlook account manager passwords
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Pstorec.dll
Pstorec.dll
[VNC] EXEC: %s
[VNC] EXEC: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[VDESK] Read CMD %u[%u]
[VDESK] Read CMD %u[%u]
[VDESK] NOT AUTH CMD %u
[VDESK] NOT AUTH CMD %u
GetAsyncKeyState
GetAsyncKeyState
USER32.DLL
USER32.DLL
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
?WINMM.DLL
?WINMM.DLL
?DSOUND.DLL
?DSOUND.DLL
ZwConnectPort
ZwConnectPort
NTDLL.DLL
NTDLL.DLL
[VNC] PROCESS=%s
[VNC] PROCESS=%s
\explorer.exe
\explorer.exe
[VNC] SearchApp Status = %u
[VNC] SearchApp Status = %u
[VNC] FileName = %s
[VNC] FileName = %s
[VNC] CmdLine = %s
[VNC] CmdLine = %s
[VNC] W64 Redir OLD=%u
[VNC] W64 Redir OLD=%u
[VNC] CreateProcess Status = %u (%u)
[VNC] CreateProcess Status = %u (%u)
SysShadow
SysShadow
Chrome_WidgetWin_1
Chrome_WidgetWin_1
Chrome_WidgetWin_0
Chrome_WidgetWin_0
d3d10_1.dll
d3d10_1.dll
d3d10_1core.dll
d3d10_1core.dll
d3d10.dll
d3d10.dll
d3d10core.dll
d3d10core.dll
d2d1.dll
d2d1.dll
OPENGL32.dll
OPENGL32.dll
d3d9.dll
d3d9.dll
d3d11.dll
d3d11.dll
Dxtrans.dll
Dxtrans.dll
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyA
SHDeleteKeyA
SHLWAPI.dll
SHLWAPI.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
MSVCRT.dll
MSVCRT.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
AVIFIL32.dll
AVIFIL32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CallNamedPipeA
CallNamedPipeA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
SetViewportOrgEx
SetViewportOrgEx
RegEnumKeyExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegOpenKeyA
RegOpenKeyA
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CertOpenSystemStoreA
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
PFXExportCertStoreEx
PFXExportCertStoreEx
CRYPT32.dll
CRYPT32.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
COMDLG32.dll
COMDLG32.dll
WININET.DLL
WININET.DLL
{7BD47FDD-1028-4944-A268-024C76A61BA9}
{7BD47FDD-1028-4944-A268-024C76A61BA9}
{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{4E153850-602D-4819-B83D-3CCD0A1E7351}
{4E153850-602D-4819-B83D-3CCD0A1E7351}
{1DB12055-380D-432E-9763-74AF5EF609C7}
{1DB12055-380D-432E-9763-74AF5EF609C7}
{1DB54A51-7DD5-412D-BFAE-04066B1F7E58}
{1DB54A51-7DD5-412D-BFAE-04066B1F7E58}
{6BDA2D4D-43CE-4CEF-B412-5DC94F387B59}
{6BDA2D4D-43CE-4CEF-B412-5DC94F387B59}
{11166F2F-6DE1-4205-8360-3AB2448931C2}
{11166F2F-6DE1-4205-8360-3AB2448931C2}
{7B4F16B2-1959-4C21-97FE-6A7768C974CF}
{7B4F16B2-1959-4C21-97FE-6A7768C974CF}
{433D2A25-41C1-4D21-8ED6-4EEC2CFE2DF1}
{433D2A25-41C1-4D21-8ED6-4EEC2CFE2DF1}
{77101F80-23B8-43A9-AE7B-5CC95982109D}
{77101F80-23B8-43A9-AE7B-5CC95982109D}
\\.\pipe\{615F04F4-5F33-42AB-BE17-250A447B0979}
\\.\pipe\{615F04F4-5F33-42AB-BE17-250A447B0979}
D{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
D{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{56E926DB-5D71-499E-8BBB-2E28568040CB}
{56E926DB-5D71-499E-8BBB-2E28568040CB}
U{4E153850-602D-4819-B83D-3CCD0A1E7351}
U{4E153850-602D-4819-B83D-3CCD0A1E7351}
2FFC7DAE-2BDA-4ABF-A443-1DD264C72327
2FFC7DAE-2BDA-4ABF-A443-1DD264C72327
=)=2===~=
=)=2===~=
3 343=3_3
3 343=3_3
= =,=`=}=
= =,=`=}=
echrome.dll
echrome.dll
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
\System32\KERNEL32.DLL
\System32\KERNEL32.DLL
\System32\kernelbase.dll
\System32\kernelbase.dll
\ThemeApiPort
\ThemeApiPort
%System%\spoolsv.exe
%System%\spoolsv.exe
jqs.exe_1592_rwx_010B0000_00054000:
%Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat
%Documents and Settings%\All Users\Application Data\VoddAlaj\VoddAlaj.dat
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
HHt.HHt
HHt.HHt
More information: hXXp://VVV.ibsensoftware.com/
More information: hXXp://VVV.ibsensoftware.com/
8HttpAddRequestHeadersA
8HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
wininet.dll
wininet.dll
rapport
rapport
ieframe.dll
ieframe.dll
NSPR4.DLL
NSPR4.DLL
nss3.dll
nss3.dll
KERNEL32.DLL
KERNEL32.DLL
\Google\Chrome\User Data\Default\
\Google\Chrome\User Data\Default\
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\
sol_chrome/
sol_chrome/
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
.rdata
.rdata
@http
@http
SELECT url FROM moz_places
SELECT url FROM moz_places
places.sqlite
places.sqlite
ie/history.txt
ie/history.txt
ff/history.txt
ff/history.txt
ff/%u/places.sqlite
ff/%u/places.sqlite
framework_key%
framework_key%
eval('var %s '
eval('var %s '
%s.Key = '%s';
%s.Key = '%s';
%s.Hide('%0.8X%0.8X');
%s.Hide('%0.8X%0.8X');
CertificateAuthority
CertificateAuthority
%s.pfx
%s.pfx
cookies.sqlite
cookies.sqlite
cookies.sqlite-journal
cookies.sqlite-journal
ff/%u/cookies.sqlite
ff/%u/cookies.sqlite
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
[%s - X32 EQ PID: %u TID: %u]
[%s - X32 EQ PID: %u TID: %u]
X-Firefox-Spdy
X-Firefox-Spdy
X-WebKit-CSP
X-WebKit-CSP
hXXps://
hXXps://
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Length: %u
Content-Length: %u
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.0
GET /favicon.ico HTTP/1.0
login=%s&pass=%s
login=%s&pass=%s
chrome.dll
chrome.dll
127.0.0.1
127.0.0.1
DrWeb
DrWeb
McAfee.com
McAfee.com
Doctor Web
Doctor Web
Common Files\Doctor Web
Common Files\Doctor Web
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
regsvr32.exe "%s"
regsvr32.exe "%s"
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
[VNC] Parse param error: %s
[VNC] Parse param error: %s
\regsvr32.exe
\regsvr32.exe
[VNC] Fail create process: %u
[VNC] Fail create process: %u
[VNC] Fail inject to process: %u
[VNC] Fail inject to process: %u
fv_%u.avi
fv_%u.avi
#FV_%u
#FV_%u
#FV_%s
#FV_%s
pass.txt
pass.txt
cert.pfx
cert.pfx
PFXImportCertStore
PFXImportCertStore
Crypt32.dll
Crypt32.dll
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3-1", false);
prefs.js
prefs.js
csrss.exe
csrss.exe
smss.exe
smss.exe
wininit.exe
wininit.exe
services.exe
services.exe
svchost.exe
svchost.exe
lsas.exe
lsas.exe
lsm.exe
lsm.exe
winlogon.exe
winlogon.exe
taskhost.exe
taskhost.exe
HttpEndRequestA
HttpEndRequestA
HttpEndRequestW
HttpEndRequestW
ADVAPI32.DLL
ADVAPI32.DLL
Init in Browser = %u
Init in Browser = %u
Init in Shell = %u
Init in Shell = %u
[Socks] Failt connect BC [%s:%u]
[Socks] Failt connect BC [%s:%u]
[Socks] Fail parse param: %s
[Socks] Fail parse param: %s
Shell Update Exists %s = %s
Shell Update Exists %s = %s
Shell Reload status = %u = %u
Shell Reload status = %u = %u
#cert
#cert
Del Old = %s
Del Old = %s
Del Reg = %s
Del Reg = %s
Fail Save New = %u
Fail Save New = %u
Reg Autorun = %u = %u = %ws = %ws
Reg Autorun = %u = %u = %ws = %ws
Updated fail size %u != %u
Updated fail size %u != %u
Updated RSA Init fail = %u
Updated RSA Init fail = %u
Sign Bad = %u
Sign Bad = %u
Save New File = %u = %u
Save New File = %u = %u
Update_InstallNew = %u = %u
Update_InstallNew = %u = %u
[Pony] Fail Get Pass
[Pony] Fail Get Pass
Start Update: %s = %u
Start Update: %s = %u
download status = %u =%u
download status = %u =%u
Updated status = %u
Updated status = %u
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status[Local]: %u = %u
DL_EXEC Status[Local]: %u = %u
Start Socks addr: %s
Start Socks addr: %s
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Local]: %u
Start Socks Status[Local]: %u
Start VNC addr: %s
Start VNC addr: %s
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Local]: %u
Start VNC Status[Local]: %u
msvcrt.dll
msvcrt.dll
%0.8X%0.8X%c
%0.8X%0.8X%c
firefox.exe
firefox.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
%Program Files%\Mozilla Firefox\
%Program Files%\Mozilla Firefox\
mozsqlite3.dll
mozsqlite3.dll
sqlite3_open
sqlite3_open
sqlite3_exec
sqlite3_exec
sqlite3_close
sqlite3_close
sqlite3_free
sqlite3_free
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
hXXp://
hXXp://
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
\\.\pipe\
\\.\pipe\
PID: %u [%0.2u:%0.2u:%0.2u]
PID: %u [%0.2u:%0.2u:%0.2u]
[BC] Cmd Ver Error
[BC] Cmd Ver Error
[BC] Wait Ping error %u[%u]
[BC] Wait Ping error %u[%u]
[BC] Fail Connect: %u
[BC] Fail Connect: %u
[BC] Fail read cmd
[BC] Fail read cmd
[BC] Cmd need reauth
[BC] Cmd need reauth
[BC] cmd error: %u
[BC] cmd error: %u
[BC] Cmd need disconnect
[BC] Cmd need disconnect
ntdll.dll
ntdll.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
account.cfg
account.cfg
account.cfn
account.cfn
Dir #%u
Dir #%u
.oeaccount
.oeaccount
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Mail
\Microsoft\Windows Mail
\Microsoft\Windows Mail
PopPort
PopPort
PopPassword
PopPassword
SmtpServer
SmtpServer
SmtpPort
SmtpPort
SmtpAccount
SmtpAccount
SmtpPassword
SmtpPassword
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
MS IE FTP Passwords
MS IE FTP Passwords
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
bitkinex.ds
bitkinex.ds
NDSites.ini
NDSites.ini
Software\LeechFTP
Software\LeechFTP
bookmark.dat
bookmark.dat
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
sites.db
sites.db
servers.xml
servers.xml
\FTPGetter
\FTPGetter
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
QData.dat
QData.dat
SM.arch
SM.arch
FTP .Link\shell\open\command
FTP .Link\shell\open\command
NppFTP.xml
NppFTP.xml
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
\sites.xml
\sites.xml
ftplast.osd
ftplast.osd
\SharedSettings.ccs
\SharedSettings.ccs
\SharedSettings.sqlite
\SharedSettings.sqlite
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.sqlite
\SharedSettings_1_0_5.sqlite
\32BitFtp.ini
\32BitFtp.ini
FTPCON
FTPCON
FTP CONTROL
FTP CONTROL
FTPVoyager.ftp
FTPVoyager.ftp
\RhinoSoft.com
\RhinoSoft.com
FTPVoyager.qc
FTPVoyager.qc
FTPVoyager.Archive
FTPVoyager.Archive
SiteInfo.QFP
SiteInfo.QFP
WinFTP
WinFTP
DeluxeFTP
DeluxeFTP
sites.xml
sites.xml
Staff-FTP
Staff-FTP
sites.ini
sites.ini
FreshFTP
FreshFTP
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
GoFTP
GoFTP
Connections.txt
Connections.txt
3D-FTP
3D-FTP
\3D-FTP
\3D-FTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
EasyFTP
EasyFTP
FTPNow
FTPNow
FTP Now
FTP Now
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
ftpsite.ini
ftpsite.ini
FTPList.db
FTPList.db
My FTP
My FTP
project.ini
project.ini
Mailbox.ini
Mailbox.ini
FTP Navigator
FTP Navigator
FTP Commander
FTP Commander
ftplist.txt
ftplist.txt
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
FtpPort
FtpPort
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
_Password
_Password
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpDirectory
FtpDirectory
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
PortNumber
PortNumber
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
FTP destination password
FTP destination password
FTP destination server
FTP destination server
FTP destination port
FTP destination port
FTP destination user
FTP destination user
FTP destination catalog
FTP destination catalog
FTP profiles
FTP profiles
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\PocoSystem.ini
\PocoSystem.ini
accounts.ini
accounts.ini
sites.dat
sites.dat
\LeapWare\LeapFTP
\LeapWare\LeapFTP
unleap.exe
unleap.exe
leapftp
leapftp
FtpIniName
FtpIniName
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
wcx_PTF.ini
wcx_PTF.ini
Server.Pass
Server.Pass
Server.Host
Server.Host
Server.User
Server.User
Server.Port
Server.Port
Last Server Pass
Last Server Pass
Last Server Port
Last Server Port
\sitemanager.xml
\sitemanager.xml
\recentservers.xml
\recentservers.xml
\filezilla.xml
\filezilla.xml
"password" : "
"password" : "
"password":"
"password":"
\drives.js
\drives.js
\ExpanDrive\favorites.js
\ExpanDrive\favorites.js
\ExpanDrive\drives.js
\ExpanDrive\drives.js
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
wiseftpsrvs.bin
wiseftpsrvs.bin
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
FTP Count
FTP Count
FTP File%u
FTP File%u
Robo-FTP
Robo-FTP
SOFTWARE\%s\FTPServers
SOFTWARE\%s\FTPServers
user.config
user.config
.duck
.duck
SiteServer %u\Host
SiteServer %u\Host
SiteServer %u\WebUrl
SiteServer %u\WebUrl
SiteServer %u\Remote Directory
SiteServer %u\Remote Directory
SiteServer %u-User
SiteServer %u-User
SiteServer %u-User PW
SiteServer %u-User PW
SiteServer %u\SFTP
SiteServer %u\SFTP
Keychain
Keychain
Software\Nico Mak Computing\WinZip\FTP
Software\Nico Mak Computing\WinZip\FTP
Password
Password
Software\Far\Plugins\FTP\Hosts
Software\Far\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far\SavedDialogHistory\FTPHost
Software\Far\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
\win.ini
\win.ini
WS_FTP
WS_FTP
\Ipswitch\WS_FTP
\Ipswitch\WS_FTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
\Sites.dat
\Sites.dat
\Quick.dat
\Quick.dat
\History.dat
\History.dat
Software\BPFTP\Bullet Proof FTP\Main
Software\BPFTP\Bullet Proof FTP\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BPFTP\Bullet Proof FTP\Options
Software\BPFTP\Bullet Proof FTP\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BPFTP
Software\BPFTP
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
History.dat
History.dat
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
Port
Port
Login
Login
PasswordType
PasswordType
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
FtpSite.xml
FtpSite.xml
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3.dll
sqlite3.dll
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_blob
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
PTF://
PTF://
signons.sqlite
signons.sqlite
\profiles.ini
\profiles.ini
PathToExe
PathToExe
\Mozilla\Firefox\
\Mozilla\Firefox\
Firefox
Firefox
Software\Mozilla
Software\Mozilla
fireFTPsites.dat
fireFTPsites.dat
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SeaMonkey
SeaMonkey
\Mozilla\Profiles\
\Mozilla\Profiles\
Mozilla
Mozilla
password 51:b:
password 51:b:
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
SMTP User Name
SMTP User Name
HTTP User
HTTP User
HTTP Server URL
HTTP Server URL
HTTPMail User Name
HTTPMail User Name
HTTPMail Server
HTTPMail Server
SMTP User
SMTP User
POP3 Port
POP3 Port
SMTP Port
SMTP Port
IMAP Port
IMAP Port
POP3 Password2
POP3 Password2
IMAP Password2
IMAP Password2
NNTP Password2
NNTP Password2
HTTPMail Password2
HTTPMail Password2
SMTP Password2
SMTP Password2
POP3 Password
POP3 Password
IMAP Password
IMAP Password
NNTP Password
NNTP Password
HTTPMail Password
HTTPMail Password
SMTP Password
SMTP Password
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
inetcomm server passwords
inetcomm server passwords
outlook account manager passwords
outlook account manager passwords
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Pstorec.dll
Pstorec.dll
[VNC] EXEC: %s
[VNC] EXEC: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[VDESK] Read CMD %u[%u]
[VDESK] Read CMD %u[%u]
[VDESK] NOT AUTH CMD %u
[VDESK] NOT AUTH CMD %u
GetAsyncKeyState
GetAsyncKeyState
USER32.DLL
USER32.DLL
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
?WINMM.DLL
?WINMM.DLL
?DSOUND.DLL
?DSOUND.DLL
ZwConnectPort
ZwConnectPort
NTDLL.DLL
NTDLL.DLL
[VNC] PROCESS=%s
[VNC] PROCESS=%s
\explorer.exe
\explorer.exe
[VNC] SearchApp Status = %u
[VNC] SearchApp Status = %u
[VNC] FileName = %s
[VNC] FileName = %s
[VNC] CmdLine = %s
[VNC] CmdLine = %s
[VNC] W64 Redir OLD=%u
[VNC] W64 Redir OLD=%u
[VNC] CreateProcess Status = %u (%u)
[VNC] CreateProcess Status = %u (%u)
SysShadow
SysShadow
Chrome_WidgetWin_1
Chrome_WidgetWin_1
Chrome_WidgetWin_0
Chrome_WidgetWin_0
d3d10_1.dll
d3d10_1.dll
d3d10_1core.dll
d3d10_1core.dll
d3d10.dll
d3d10.dll
d3d10core.dll
d3d10core.dll
d2d1.dll
d2d1.dll
OPENGL32.dll
OPENGL32.dll
d3d9.dll
d3d9.dll
d3d11.dll
d3d11.dll
Dxtrans.dll
Dxtrans.dll
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyA
SHDeleteKeyA
SHLWAPI.dll
SHLWAPI.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
MSVCRT.dll
MSVCRT.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
AVIFIL32.dll
AVIFIL32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CallNamedPipeA
CallNamedPipeA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
SetViewportOrgEx
SetViewportOrgEx
RegEnumKeyExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegOpenKeyA
RegOpenKeyA
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CertOpenSystemStoreA
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
PFXExportCertStoreEx
PFXExportCertStoreEx
CRYPT32.dll
CRYPT32.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
COMDLG32.dll
COMDLG32.dll
WININET.DLL
WININET.DLL
=)=2===~=
=)=2===~=
3 343=3_3
3 343=3_3
= =,=`=}=
= =,=`=}=
.pdata
.pdata
@.reloc
@.reloc
[%s - X64 EQ PID: %u TID: %u]
[%s - X64 EQ PID: %u TID: %u]
\SysWOW64\regsvr32.exe
\SysWOW64\regsvr32.exe
[Pony] Fail create process: %u
[Pony] Fail create process: %u
[PONY] Fail inject to process: %u
[PONY] Fail inject to process: %u
echrome.dll
echrome.dll
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
\System32\KERNEL32.DLL
\System32\KERNEL32.DLL
\System32\kernelbase.dll
\System32\kernelbase.dll
\ThemeApiPort
\ThemeApiPort
jqs.exe_1592_rwx_01210000_0007C000:
.text
.text
`.rdata
`.rdata
@.data
@.data
.reloc
.reloc
HHt.HHt
HHt.HHt
More information: hXXp://VVV.ibsensoftware.com/
More information: hXXp://VVV.ibsensoftware.com/
8HttpAddRequestHeadersA
8HttpAddRequestHeadersA
HttpOpenRequestA
HttpOpenRequestA
HttpOpenRequestW
HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestA
HttpSendRequestExA
HttpSendRequestExA
HttpSendRequestExW
HttpSendRequestExW
HttpSendRequestW
HttpSendRequestW
wininet.dll
wininet.dll
rapport
rapport
ieframe.dll
ieframe.dll
NSPR4.DLL
NSPR4.DLL
nss3.dll
nss3.dll
KERNEL32.DLL
KERNEL32.DLL
\Google\Chrome\User Data\Default\
\Google\Chrome\User Data\Default\
\Mozilla\Firefox\Profiles\
\Mozilla\Firefox\Profiles\
sol_chrome/
sol_chrome/
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\
.rdata
.rdata
@http
@http
SELECT url FROM moz_places
SELECT url FROM moz_places
places.sqlite
places.sqlite
ie/history.txt
ie/history.txt
ff/history.txt
ff/history.txt
ff/%u/places.sqlite
ff/%u/places.sqlite
framework_key%
framework_key%
eval('var %s '
eval('var %s '
%s.Key = '%s';
%s.Key = '%s';
%s.Hide('%0.8X%0.8X');
%s.Hide('%0.8X%0.8X');
CertificateAuthority
CertificateAuthority
%s.pfx
%s.pfx
cookies.sqlite
cookies.sqlite
cookies.sqlite-journal
cookies.sqlite-journal
ff/%u/cookies.sqlite
ff/%u/cookies.sqlite
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
Software\df5a3418-685e-4e1f-a26a-aabf17af39b8
[%s - X32 EQ PID: %u TID: %u]
[%s - X32 EQ PID: %u TID: %u]
X-Firefox-Spdy
X-Firefox-Spdy
X-WebKit-CSP
X-WebKit-CSP
hXXps://
hXXps://
HTTP/1.1 200 OK
HTTP/1.1 200 OK
Content-Length: %u
Content-Length: %u
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /favicon.ico HTTP/1.0
GET /favicon.ico HTTP/1.0
login=%s&pass=%s
login=%s&pass=%s
chrome.dll
chrome.dll
127.0.0.1
127.0.0.1
DrWeb
DrWeb
McAfee.com
McAfee.com
Doctor Web
Doctor Web
Common Files\Doctor Web
Common Files\Doctor Web
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
regsvr32.exe "%s"
regsvr32.exe "%s"
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
id=%0.8X%0.8X%0.8X%0.4X%0.4X%0.4X&iv=%0.8X&av=%0.8X&uptime=%u
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
&info=%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X%0.4X%0.2X%0.4X&proxy=%s&name=%ws&domain=%ws
[VNC] Parse param error: %s
[VNC] Parse param error: %s
\regsvr32.exe
\regsvr32.exe
[VNC] Fail create process: %u
[VNC] Fail create process: %u
[VNC] Fail inject to process: %u
[VNC] Fail inject to process: %u
fv_%u.avi
fv_%u.avi
#FV_%u
#FV_%u
#FV_%s
#FV_%s
pass.txt
pass.txt
cert.pfx
cert.pfx
PFXImportCertStore
PFXImportCertStore
Crypt32.dll
Crypt32.dll
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3", false);
user_pref("network.http.spdy.enabled.v3-1", false);
user_pref("network.http.spdy.enabled.v3-1", false);
prefs.js
prefs.js
csrss.exe
csrss.exe
smss.exe
smss.exe
wininit.exe
wininit.exe
services.exe
services.exe
svchost.exe
svchost.exe
lsas.exe
lsas.exe
lsm.exe
lsm.exe
winlogon.exe
winlogon.exe
taskhost.exe
taskhost.exe
HttpEndRequestA
HttpEndRequestA
HttpEndRequestW
HttpEndRequestW
ADVAPI32.DLL
ADVAPI32.DLL
Init in Browser = %u
Init in Browser = %u
Init in Shell = %u
Init in Shell = %u
[Socks] Failt connect BC [%s:%u]
[Socks] Failt connect BC [%s:%u]
[Socks] Fail parse param: %s
[Socks] Fail parse param: %s
Shell Update Exists %s = %s
Shell Update Exists %s = %s
Shell Reload status = %u = %u
Shell Reload status = %u = %u
#cert
#cert
Del Old = %s
Del Old = %s
Del Reg = %s
Del Reg = %s
Fail Save New = %u
Fail Save New = %u
Reg Autorun = %u = %u = %ws = %ws
Reg Autorun = %u = %u = %ws = %ws
Updated fail size %u != %u
Updated fail size %u != %u
Updated RSA Init fail = %u
Updated RSA Init fail = %u
Sign Bad = %u
Sign Bad = %u
Save New File = %u = %u
Save New File = %u = %u
Update_InstallNew = %u = %u
Update_InstallNew = %u = %u
[Pony] Fail Get Pass
[Pony] Fail Get Pass
Start Update: %s = %u
Start Update: %s = %u
download status = %u =%u
download status = %u =%u
Updated status = %u
Updated status = %u
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC LOAD ERROR: %u = %s
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status [Pipe]: %u-%u-%u-%u
DL_EXEC Status[Local]: %u = %u
DL_EXEC Status[Local]: %u = %u
Start Socks addr: %s
Start Socks addr: %s
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Pipe]: %u-%u-%u
Start Socks Status[Local]: %u
Start Socks Status[Local]: %u
Start VNC addr: %s
Start VNC addr: %s
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Pipe]: %u-%u-%u
Start VNC Status[Local]: %u
Start VNC Status[Local]: %u
msvcrt.dll
msvcrt.dll
%0.8X%0.8X%c
%0.8X%0.8X%c
firefox.exe
firefox.exe
explorer.exe
explorer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
%Program Files%\Mozilla Firefox\
%Program Files%\Mozilla Firefox\
mozsqlite3.dll
mozsqlite3.dll
sqlite3_open
sqlite3_open
sqlite3_exec
sqlite3_exec
sqlite3_close
sqlite3_close
sqlite3_free
sqlite3_free
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
hXXp://
hXXp://
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
\\.\pipe\
\\.\pipe\
PID: %u [%0.2u:%0.2u:%0.2u]
PID: %u [%0.2u:%0.2u:%0.2u]
[BC] Cmd Ver Error
[BC] Cmd Ver Error
[BC] Wait Ping error %u[%u]
[BC] Wait Ping error %u[%u]
[BC] Fail Connect: %u
[BC] Fail Connect: %u
[BC] Fail read cmd
[BC] Fail read cmd
[BC] Cmd need reauth
[BC] Cmd need reauth
[BC] cmd error: %u
[BC] cmd error: %u
[BC] Cmd need disconnect
[BC] Cmd need disconnect
ntdll.dll
ntdll.dll
gdiplus.dll
gdiplus.dll
GdiplusShutdown
GdiplusShutdown
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
account.cfg
account.cfg
account.cfn
account.cfn
Dir #%u
Dir #%u
.oeaccount
.oeaccount
Software\Microsoft\Windows Live Mail
Software\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
\Microsoft\Windows Live Mail
Software\Microsoft\Windows Mail
Software\Microsoft\Windows Mail
\Microsoft\Windows Mail
\Microsoft\Windows Mail
PopPort
PopPort
PopPassword
PopPassword
SmtpServer
SmtpServer
SmtpPort
SmtpPort
SmtpAccount
SmtpAccount
SmtpPassword
SmtpPassword
abe2869f-9b47-4cd9-a358-c22904dba7f7
abe2869f-9b47-4cd9-a358-c22904dba7f7
MS IE FTP Passwords
MS IE FTP Passwords
RushSite.xml
RushSite.xml
\FTPRush
\FTPRush
bitkinex.ds
bitkinex.ds
NDSites.ini
NDSites.ini
Software\LeechFTP
Software\LeechFTP
bookmark.dat
bookmark.dat
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
CLSID\{11C1D741-A95B-11d2-8A80-0080ADB32FF4}\InProcServer32
sites.db
sites.db
servers.xml
servers.xml
\FTPGetter
\FTPGetter
ESTdb2.dat
ESTdb2.dat
\Estsoft\ALFTP
\Estsoft\ALFTP
QData.dat
QData.dat
SM.arch
SM.arch
FTP .Link\shell\open\command
FTP .Link\shell\open\command
NppFTP.xml
NppFTP.xml
Software\MAS-Soft\FTPInfo\Setup
Software\MAS-Soft\FTPInfo\Setup
ServerList.xml
ServerList.xml
\FTPInfo
\FTPInfo
NovaFTP.db
NovaFTP.db
\INSoftware\NovaFTP
\INSoftware\NovaFTP
\sites.xml
\sites.xml
ftplast.osd
ftplast.osd
\SharedSettings.ccs
\SharedSettings.ccs
\SharedSettings.sqlite
\SharedSettings.sqlite
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.ccs
\SharedSettings_1_0_5.sqlite
\SharedSettings_1_0_5.sqlite
\32BitFtp.ini
\32BitFtp.ini
FTPCON
FTPCON
FTP CONTROL
FTP CONTROL
FTPVoyager.ftp
FTPVoyager.ftp
\RhinoSoft.com
\RhinoSoft.com
FTPVoyager.qc
FTPVoyager.qc
FTPVoyager.Archive
FTPVoyager.Archive
SiteInfo.QFP
SiteInfo.QFP
WinFTP
WinFTP
DeluxeFTP
DeluxeFTP
sites.xml
sites.xml
Staff-FTP
Staff-FTP
sites.ini
sites.ini
FreshFTP
FreshFTP
Software\FlashPeak\BlazeFtp\Settings
Software\FlashPeak\BlazeFtp\Settings
LastPassword
LastPassword
LastPort
LastPort
BlazeFtp
BlazeFtp
site.dat
site.dat
\BlazeFtp
\BlazeFtp
GoFTP
GoFTP
Connections.txt
Connections.txt
3D-FTP
3D-FTP
\3D-FTP
\3D-FTP
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32
EasyFTP
EasyFTP
FTPNow
FTPNow
FTP Now
FTP Now
FTPShell
FTPShell
ftpshell.fsi
ftpshell.fsi
ftpsite.ini
ftpsite.ini
FTPList.db
FTPList.db
My FTP
My FTP
project.ini
project.ini
Mailbox.ini
Mailbox.ini
FTP Navigator
FTP Navigator
FTP Commander
FTP Commander
ftplist.txt
ftplist.txt
Software\Sota\FFFTP
Software\Sota\FFFTP
Software\Sota\FFFTP\Options
Software\Sota\FFFTP\Options
Software\FTPWare\COREFTP\Sites
Software\FTPWare\COREFTP\Sites
FtpPort
FtpPort
Software\Cryer\WebSitePublisher
Software\Cryer\WebSitePublisher
_Password
_Password
Software\NCH Software\ClassicFTP\FTPAccounts
Software\NCH Software\ClassicFTP\FTPAccounts
FtpPassword
FtpPassword
_FtpPassword
_FtpPassword
FtpServer
FtpServer
FtpUserName
FtpUserName
FtpDirectory
FtpDirectory
Software\FTPClient\Sites
Software\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
Software\SoftX.org\FTPClient\Sites
PortNumber
PortNumber
PassWord
PassWord
Software\South River Technologies\WebDrive\Connections
Software\South River Technologies\WebDrive\Connections
Software\LinasFTP\Site Manager
Software\LinasFTP\Site Manager
FTP destination password
FTP destination password
FTP destination server
FTP destination server
FTP destination port
FTP destination port
FTP destination user
FTP destination user
FTP destination catalog
FTP destination catalog
FTP profiles
FTP profiles
Msi.dll
Msi.dll
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
{74FF1730-B1F2-4D88-926B-1568FAE61DB7}
\PocoSystem.ini
\PocoSystem.ini
accounts.ini
accounts.ini
sites.dat
sites.dat
\LeapWare\LeapFTP
\LeapWare\LeapFTP
unleap.exe
unleap.exe
leapftp
leapftp
FtpIniName
FtpIniName
Software\Ghisler\Windows Commander
Software\Ghisler\Windows Commander
wcx_PTF.ini
wcx_PTF.ini
Server.Pass
Server.Pass
Server.Host
Server.Host
Server.User
Server.User
Server.Port
Server.Port
Last Server Pass
Last Server Pass
Last Server Port
Last Server Port
\sitemanager.xml
\sitemanager.xml
\recentservers.xml
\recentservers.xml
\filezilla.xml
\filezilla.xml
"password" : "
"password" : "
"password":"
"password":"
\drives.js
\drives.js
\ExpanDrive\favorites.js
\ExpanDrive\favorites.js
\ExpanDrive\drives.js
\ExpanDrive\drives.js
wiseftpsrvs.ini
wiseftpsrvs.ini
wisePTF.ini
wisePTF.ini
wiseftpsrvs.bin
wiseftpsrvs.bin
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{CB1F2C0F-8094-4AAC-BCF5-41A64E27F777}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
SOFTWARE\Classes\TypeLib\{9EA55529-E122-4757-BC79-E4825F80732C}
FTP Count
FTP Count
FTP File%u
FTP File%u
Robo-FTP
Robo-FTP
SOFTWARE\%s\FTPServers
SOFTWARE\%s\FTPServers
user.config
user.config
.duck
.duck
SiteServer %u\Host
SiteServer %u\Host
SiteServer %u\WebUrl
SiteServer %u\WebUrl
SiteServer %u\Remote Directory
SiteServer %u\Remote Directory
SiteServer %u-User
SiteServer %u-User
SiteServer %u-User PW
SiteServer %u-User PW
SiteServer %u\SFTP
SiteServer %u\SFTP
Keychain
Keychain
Software\Nico Mak Computing\WinZip\FTP
Software\Nico Mak Computing\WinZip\FTP
Password
Password
Software\Far\Plugins\FTP\Hosts
Software\Far\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far2\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far Manager\Plugins\FTP\Hosts
Software\Far\SavedDialogHistory\FTPHost
Software\Far\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far2\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
Software\Far Manager\SavedDialogHistory\FTPHost
\win.ini
\win.ini
WS_FTP
WS_FTP
\Ipswitch\WS_FTP
\Ipswitch\WS_FTP
\GlobalSCAPE\CuteFTP
\GlobalSCAPE\CuteFTP
sm.dat
sm.dat
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Pro
\GlobalSCAPE\CuteFTP Lite
\GlobalSCAPE\CuteFTP Lite
\CuteFTP
\CuteFTP
CUTEFTP
CUTEFTP
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar
\Sites.dat
\Sites.dat
\Quick.dat
\Quick.dat
\History.dat
\History.dat
Software\BPFTP\Bullet Proof FTP\Main
Software\BPFTP\Bullet Proof FTP\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BulletProof Software\BulletProof FTP Client\Main
Software\BPFTP\Bullet Proof FTP\Options
Software\BPFTP\Bullet Proof FTP\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BulletProof Software\BulletProof FTP Client\Options
Software\BPFTP
Software\BPFTP
\SmartFTP
\SmartFTP
Favorites.dat
Favorites.dat
History.dat
History.dat
Software\TurboFTP
Software\TurboFTP
\TurboFTP
\TurboFTP
addrbk.dat
addrbk.dat
quick.dat
quick.dat
Port
Port
Login
Login
PasswordType
PasswordType
profiles.xml
profiles.xml
\FTP Explorer
\FTP Explorer
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224
Software\FTP Explorer\Profiles
Software\FTP Explorer\Profiles
FtpSite.xml
FtpSite.xml
PK11_GetInternalKeySlot
PK11_GetInternalKeySlot
sqlite3.dll
sqlite3.dll
sqlite3_prepare
sqlite3_prepare
sqlite3_step
sqlite3_step
sqlite3_column_bytes
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_column_blob
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
SELECT hostname, encryptedUsername, encryptedPassword FROM moz_logins
PTF://
PTF://
signons.sqlite
signons.sqlite
\profiles.ini
\profiles.ini
PathToExe
PathToExe
\Mozilla\Firefox\
\Mozilla\Firefox\
Firefox
Firefox
Software\Mozilla
Software\Mozilla
fireFTPsites.dat
fireFTPsites.dat
\Mozilla\SeaMonkey\
\Mozilla\SeaMonkey\
SeaMonkey
SeaMonkey
\Mozilla\Profiles\
\Mozilla\Profiles\
Mozilla
Mozilla
password 51:b:
password 51:b:
SMTP Email Address
SMTP Email Address
SMTP Server
SMTP Server
SMTP User Name
SMTP User Name
HTTP User
HTTP User
HTTP Server URL
HTTP Server URL
HTTPMail User Name
HTTPMail User Name
HTTPMail Server
HTTPMail Server
SMTP User
SMTP User
POP3 Port
POP3 Port
SMTP Port
SMTP Port
IMAP Port
IMAP Port
POP3 Password2
POP3 Password2
IMAP Password2
IMAP Password2
NNTP Password2
NNTP Password2
HTTPMail Password2
HTTPMail Password2
SMTP Password2
SMTP Password2
POP3 Password
POP3 Password
IMAP Password
IMAP Password
NNTP Password
NNTP Password
HTTPMail Password
HTTPMail Password
SMTP Password
SMTP Password
{X-X-X-XX-XXXXXX}
{X-X-X-XX-XXXXXX}
inetcomm server passwords
inetcomm server passwords
outlook account manager passwords
outlook account manager passwords
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Pstorec.dll
Pstorec.dll
[VNC] EXEC: %s
[VNC] EXEC: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
IE WND [%0.8X] ENABLED: %s VISIBLED: %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[%u] {%u, %u} {%u, %u} {%0.8X, %0.8X} = %s
[VDESK] Read CMD %u[%u]
[VDESK] Read CMD %u[%u]
[VDESK] NOT AUTH CMD %u
[VDESK] NOT AUTH CMD %u
GetAsyncKeyState
GetAsyncKeyState
USER32.DLL
USER32.DLL
GetKeyboardState
GetKeyboardState
GetKeyState
GetKeyState
?WINMM.DLL
?WINMM.DLL
?DSOUND.DLL
?DSOUND.DLL
ZwConnectPort
ZwConnectPort
NTDLL.DLL
NTDLL.DLL
[VNC] PROCESS=%s
[VNC] PROCESS=%s
\explorer.exe
\explorer.exe
[VNC] SearchApp Status = %u
[VNC] SearchApp Status = %u
[VNC] FileName = %s
[VNC] FileName = %s
[VNC] CmdLine = %s
[VNC] CmdLine = %s
[VNC] W64 Redir OLD=%u
[VNC] W64 Redir OLD=%u
[VNC] CreateProcess Status = %u (%u)
[VNC] CreateProcess Status = %u (%u)
SysShadow
SysShadow
Chrome_WidgetWin_1
Chrome_WidgetWin_1
Chrome_WidgetWin_0
Chrome_WidgetWin_0
d3d10_1.dll
d3d10_1.dll
d3d10_1core.dll
d3d10_1core.dll
d3d10.dll
d3d10.dll
d3d10core.dll
d3d10core.dll
d2d1.dll
d2d1.dll
OPENGL32.dll
OPENGL32.dll
d3d9.dll
d3d9.dll
d3d11.dll
d3d11.dll
Dxtrans.dll
Dxtrans.dll
WinExec
WinExec
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
RegCloseKey
RegCloseKey
RegNotifyChangeKeyValue
RegNotifyChangeKeyValue
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
NETAPI32.dll
NETAPI32.dll
SHDeleteKeyA
SHDeleteKeyA
SHLWAPI.dll
SHLWAPI.dll
DeleteUrlCacheEntry
DeleteUrlCacheEntry
WININET.dll
WININET.dll
WS2_32.dll
WS2_32.dll
MSVCRT.dll
MSVCRT.dll
IPHLPAPI.DLL
IPHLPAPI.DLL
AVIFIL32.dll
AVIFIL32.dll
GetWindowsDirectoryW
GetWindowsDirectoryW
CallNamedPipeA
CallNamedPipeA
ConnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
CreateNamedPipeA
GetWindowsDirectoryA
GetWindowsDirectoryA
EnumWindows
EnumWindows
ActivateKeyboardLayout
ActivateKeyboardLayout
SetViewportOrgEx
SetViewportOrgEx
RegEnumKeyExA
RegEnumKeyExA
RegCreateKeyA
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyExA
CryptImportKey
CryptImportKey
CryptDestroyKey
CryptDestroyKey
RegOpenKeyA
RegOpenKeyA
ole32.dll
ole32.dll
OLEAUT32.dll
OLEAUT32.dll
CertOpenSystemStoreA
CertOpenSystemStoreA
CertDeleteCertificateFromStore
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertAddCertificateContextToStore
CertCloseStore
CertCloseStore
CertEnumCertificatesInStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertDuplicateCertificateContext
PFXExportCertStoreEx
PFXExportCertStoreEx
CRYPT32.dll
CRYPT32.dll
FindFirstUrlCacheEntryA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersA
FindCloseUrlCache
FindCloseUrlCache
FindNextUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryW
COMDLG32.dll
COMDLG32.dll
WININET.DLL
WININET.DLL
{7BD47FDD-1028-4944-A268-024C76A61BA9}
{7BD47FDD-1028-4944-A268-024C76A61BA9}
{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{4E153850-602D-4819-B83D-3CCD0A1E7351}
{4E153850-602D-4819-B83D-3CCD0A1E7351}
{1DB12055-380D-432E-9763-74AF5EF609C7}
{1DB12055-380D-432E-9763-74AF5EF609C7}
{1DB54A51-7DD5-412D-BFAE-04066B1F7E58}
{1DB54A51-7DD5-412D-BFAE-04066B1F7E58}
{6BDA2D4D-43CE-4CEF-B412-5DC94F387B59}
{6BDA2D4D-43CE-4CEF-B412-5DC94F387B59}
{11166F2F-6DE1-4205-8360-3AB2448931C2}
{11166F2F-6DE1-4205-8360-3AB2448931C2}
{7B4F16B2-1959-4C21-97FE-6A7768C974CF}
{7B4F16B2-1959-4C21-97FE-6A7768C974CF}
{433D2A25-41C1-4D21-8ED6-4EEC2CFE2DF1}
{433D2A25-41C1-4D21-8ED6-4EEC2CFE2DF1}
{77101F80-23B8-43A9-AE7B-5CC95982109D}
{77101F80-23B8-43A9-AE7B-5CC95982109D}
\\.\pipe\{615F04F4-5F33-42AB-BE17-250A447B0979}
\\.\pipe\{615F04F4-5F33-42AB-BE17-250A447B0979}
D{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
D{2D14570C-0C4D-4838-A1E1-4B5F4F6A55E5}
{56E926DB-5D71-499E-8BBB-2E28568040CB}
{56E926DB-5D71-499E-8BBB-2E28568040CB}
U{4E153850-602D-4819-B83D-3CCD0A1E7351}
U{4E153850-602D-4819-B83D-3CCD0A1E7351}
2FFC7DAE-2BDA-4ABF-A443-1DD264C72327
2FFC7DAE-2BDA-4ABF-A443-1DD264C72327
=)=2===~=
=)=2===~=
3 343=3_3
3 343=3_3
= =,=`=}=
= =,=`=}=
echrome.dll
echrome.dll
iexplore.exe
iexplore.exe
chrome.exe
chrome.exe
\System32\KERNEL32.DLL
\System32\KERNEL32.DLL
\System32\kernelbase.dll
\System32\kernelbase.dll
\ThemeApiPort
\ThemeApiPort
%Program Files%\Java\jre6\bin\jqs.exe
%Program Files%\Java\jre6\bin\jqs.exe