Source: a5gvJhukP7.exe, 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: ftp://http://https://ftp.fireFTPsites.datSeaMonkey |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://209.59.219.70/forum/viewtopic.php |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://67.215.225.205:8080/forum/viewtopic.php |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://67.215.225.205:8080/forum/viewtopic.phpcv |
Source: a5gvJhukP7.exe, 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://67.215.225.205:8080/forum/viewtopic.phphttp://209.59.219.70/forum/viewtopic.phphttp://ftp.app |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://atualizacoes.issqn.net/FhPD.exe |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://ftp.approachit.com/jZy.exe |
Source: a5gvJhukP7.exe, 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://https://ftp://operawand.dat_Software |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://tokulances.sitebr.net/jV1.exe |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp |
String found in binary or memory: http://www.ibsensoftware.com/ |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com: |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033 |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: 0.2.a5gvJhukP7.exe.ba0000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 0.2.a5gvJhukP7.exe.ba0000.0.unpack, type: UNPACKEDPE |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 0.3.a5gvJhukP7.exe.bab604.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 0.3.a5gvJhukP7.exe.bab604.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 1.2.a5gvJhukP7.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 1.2.a5gvJhukP7.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 0.2.a5gvJhukP7.exe.bab604.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 0.2.a5gvJhukP7.exe.bab604.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 1.2.a5gvJhukP7.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 1.2.a5gvJhukP7.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6436, type: MEMORYSTR |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6436, type: MEMORYSTR |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6608, type: MEMORYSTR |
Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6608, type: MEMORYSTR |
Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 0.2.a5gvJhukP7.exe.ba0000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 0.2.a5gvJhukP7.exe.ba0000.0.unpack, type: UNPACKEDPE |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 0.3.a5gvJhukP7.exe.bab604.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 0.3.a5gvJhukP7.exe.bab604.0.raw.unpack, type: UNPACKEDPE |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 1.2.a5gvJhukP7.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 1.2.a5gvJhukP7.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 0.2.a5gvJhukP7.exe.bab604.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 0.2.a5gvJhukP7.exe.bab604.1.raw.unpack, type: UNPACKEDPE |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 1.2.a5gvJhukP7.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 1.2.a5gvJhukP7.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6436, type: MEMORYSTR |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6436, type: MEMORYSTR |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6608, type: MEMORYSTR |
Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6608, type: MEMORYSTR |
Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\wcx_ftp.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FlashFXP\3\History.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FlashFXP\4\History.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\SharedSettings.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\Frigate3\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FTP Explorer\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\SiteDesigner\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\INSoftware\NovaFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\SharedSettings_1_0_5.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\SharedSettings_1_0_5.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\TurboFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\CuteFTP\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\SmartFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP Pro\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\BlazeFtp\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\RhinoSoft.com\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\SharedSettings.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\Estsoft\ALFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\TurboFTP |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\CuteFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FTPInfo\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_LOCAL_MACHINE\Software\WOW6432Node\AceBIT |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\ExpanDrive\drives.js |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\NetSarang\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\BitKinex\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FileZilla\filezilla.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\LeapWare\LeapFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\GPSoftware\Directory Opus\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\BitKinex\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\CoffeeCup Software\SharedSettings.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FileZilla\filezilla.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\AceBIT |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\Estsoft\ALFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FlashFXP\3\History.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FTPInfo\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FileZilla\filezilla.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\CoffeeCup Software\SharedSettings.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\BitKinex\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FlashFXP\3\Sites.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\GlobalSCAPE\CuteFTP Lite\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FTPGetter\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\SharedSettings_1_0_5.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Program Files (x86)\CuteFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\SharedSettings.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FlashFXP\4\History.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\SmartFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\GHISLER\wcx_ftp.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FlashFXP\4\Quick.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FileZilla\recentservers.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\ExpanDrive\drives.js |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\BlazeFtp\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FlashFXP\4\Sites.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\INSoftware\NovaFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FTP Explorer\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FTPGetter\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\CoffeeCup Software\SharedSettings.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\SharedSettings.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Program Files (x86)\CuteFTP\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FlashFXP\3\Quick.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FlashFXP\4\Sites.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\NetSarang\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\LeapWare\LeapFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\CuteFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_LOCAL_MACHINE\Software\WOW6432Node\TurboFTP |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\CuteFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\SmartFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224 |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FTPInfo\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FileZilla\recentservers.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\TurboFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\SharedSettings_1_0_5.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\FTP Explorer\Profiles |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\GlobalSCAPE\CuteFTP Pro\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\Frigate3\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\MAS-Soft\FTPInfo\Setup |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\GHISLER\wcx_ftp.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\SharedSettings_1_0_5.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\AceBIT\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FileZilla\sitemanager.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\CoffeeCup Software\SharedSettings.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\TurboFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FlashFXP\3\Sites.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\RhinoSoft.com\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FTP Explorer\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\AceBIT\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FlashFXP\3\Quick.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FTPRush\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\Estsoft\ALFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\ExpanDrive\drives.js |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\CuteFTP\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FlashFXP\4\Quick.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\GPSoftware\Directory Opus\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FlashFXP\3\Sites.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\SharedSettings_1_0_5.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FileZilla\sitemanager.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\BlazeFtp\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\FTPGetter\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\SharedSettings.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\AceBIT\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\GlobalSCAPE\CuteFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FTPRush\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\GHISLER\wcx_ftp.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Windows\32BitFtp.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\LeapWare\LeapFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\INSoftware\NovaFTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FlashFXP\4\Quick.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP Lite\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xml |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\3D-FTP\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\Frigate3\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\NetSarang\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\GPSoftware\Directory Opus\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FTPRush\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Local\SharedSettings.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FlashFXP\3\History.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FlashFXP\4\Sites.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: HKEY_LOCAL_MACHINE\Software\TurboFTP |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\FlashFXP\3\Quick.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\FlashFXP\4\History.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Windows\wcx_ftp.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\RhinoSoft.com\ |
Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe |
File opened: C:\Users\user\AppData\Roaming\CuteFTP\sm.dat |
Jump to behavior |