Source: a5gvJhukP7.exe, 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: ftp://http://https://ftp.fireFTPsites.datSeaMonkey |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://209.59.219.70/forum/viewtopic.php |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://67.215.225.205:8080/forum/viewtopic.php |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://67.215.225.205:8080/forum/viewtopic.phpcv |
Source: a5gvJhukP7.exe, 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://67.215.225.205:8080/forum/viewtopic.phphttp://209.59.219.70/forum/viewtopic.phphttp://ftp.app |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://atualizacoes.issqn.net/FhPD.exe |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://ftp.approachit.com/jZy.exe |
Source: a5gvJhukP7.exe, 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://https://ftp://operawand.dat_Software |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://tokulances.sitebr.net/jV1.exe |
Source: a5gvJhukP7.exe, a5gvJhukP7.exe, 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp | String found in binary or memory: http://www.ibsensoftware.com/ |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ac.ecosia.org/autocomplete?q= |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q= |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command= |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/ac/?q= |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/chrome_newtab |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q= |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com: |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033 |
Source: a5gvJhukP7.exe, 00000001.00000002.2897820699.0000000001198000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.ecosia.org/newtab/ |
Source: a5gvJhukP7.exe, 00000001.00000003.1710545996.0000000001204000.00000004.00000020.00020000.00000000.sdmp, a5gvJhukP7.exe, 00000001.00000003.1710648038.0000000001204000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico |
Source: 0.2.a5gvJhukP7.exe.ba0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 0.2.a5gvJhukP7.exe.ba0000.0.unpack, type: UNPACKEDPE | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 0.3.a5gvJhukP7.exe.bab604.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 0.3.a5gvJhukP7.exe.bab604.0.raw.unpack, type: UNPACKEDPE | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 1.2.a5gvJhukP7.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 1.2.a5gvJhukP7.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 0.2.a5gvJhukP7.exe.bab604.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 0.2.a5gvJhukP7.exe.bab604.1.raw.unpack, type: UNPACKEDPE | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 1.2.a5gvJhukP7.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 1.2.a5gvJhukP7.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6436, type: MEMORYSTR | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6436, type: MEMORYSTR | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6608, type: MEMORYSTR | Matched rule: Windows_Trojan_Pony_d5516fe8 Author: unknown |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6608, type: MEMORYSTR | Matched rule: Identify Pony Author: Brian Wallace @botnet_hunter |
Source: 0.2.a5gvJhukP7.exe.ba0000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 0.2.a5gvJhukP7.exe.ba0000.0.unpack, type: UNPACKEDPE | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 0.3.a5gvJhukP7.exe.bab604.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 0.3.a5gvJhukP7.exe.bab604.0.raw.unpack, type: UNPACKEDPE | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 1.2.a5gvJhukP7.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 1.2.a5gvJhukP7.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 0.2.a5gvJhukP7.exe.bab604.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 0.2.a5gvJhukP7.exe.bab604.1.raw.unpack, type: UNPACKEDPE | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 1.2.a5gvJhukP7.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 1.2.a5gvJhukP7.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 00000000.00000003.1704992752.0000000000BAB000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 00000001.00000002.2897597682.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: 00000000.00000002.1706428602.0000000000BA9000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6436, type: MEMORYSTR | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6436, type: MEMORYSTR | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6608, type: MEMORYSTR | Matched rule: Windows_Trojan_Pony_d5516fe8 reference_sample = 423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567, os = windows, severity = x86, creation_date = 2021-08-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Pony, fingerprint = 9d4d847f55a693a45179a904efe20afd05a92650ac47fb19ef523d469a33795f, id = d5516fe8-3b25-4c46-9e5b-111ca312a824, last_modified = 2021-10-04 |
Source: Process Memory Space: a5gvJhukP7.exe PID: 6608, type: MEMORYSTR | Matched rule: pony date = 2014-08-16, author = Brian Wallace @botnet_hunter, description = Identify Pony, author_email = bwall@ballastsecurity.net |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\wcx_ftp.ini | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FlashFXP\3\History.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FlashFXP\4\History.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\SharedSettings.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\Frigate3\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FTP Explorer\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\SiteDesigner\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\CoffeeCup Software\SharedSettings.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\INSoftware\NovaFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\SharedSettings_1_0_5.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\SharedSettings_1_0_5.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Home\QCToolbar | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\TurboFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP Pro\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\CuteFTP\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\CoffeeCup Software\SharedSettings.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\SmartFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP Pro\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\BlazeFtp\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\RhinoSoft.com\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Professional\QCToolbar | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\SharedSettings.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\Estsoft\ALFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\TurboFTP | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\CuteFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FTPInfo\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_LOCAL_MACHINE\Software\WOW6432Node\AceBIT | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\ExpanDrive\drives.js | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\NetSarang\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\BitKinex\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FileZilla\filezilla.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\LeapWare\LeapFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\GPSoftware\Directory Opus\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\BitKinex\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\CoffeeCup Software\SharedSettings.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FileZilla\filezilla.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\AceBIT | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\Estsoft\ALFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FlashFXP\3\History.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FTPInfo\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FileZilla\filezilla.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\CoffeeCup Software\SharedSettings.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\BitKinex\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FlashFXP\3\Sites.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\GlobalSCAPE\CuteFTP Lite\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FTPGetter\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\SharedSettings_1_0_5.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Program Files (x86)\CuteFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\SharedSettings.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FlashFXP\4\History.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\SmartFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\GHISLER\wcx_ftp.ini | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FlashFXP\4\Quick.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FileZilla\recentservers.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\ExpanDrive\drives.js | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\BlazeFtp\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FlashFXP\4\Sites.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\INSoftware\NovaFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FTP Explorer\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FTPGetter\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\CoffeeCup Software\SharedSettings.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\SharedSettings.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Program Files (x86)\CuteFTP\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FlashFXP\3\Quick.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FlashFXP\4\Sites.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\NetSarang\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\LeapWare\LeapFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\CuteFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_LOCAL_MACHINE\Software\WOW6432Node\TurboFTP | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\CuteFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\SmartFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\FTP Explorer\FTP Explorer\Workspace\MFCToolBar-224 | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FTPInfo\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FileZilla\recentservers.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\TurboFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\SharedSettings_1_0_5.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\FTP Explorer\Profiles | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\GlobalSCAPE\CuteFTP Pro\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\Frigate3\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\MAS-Soft\FTPInfo\Setup | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\GHISLER\wcx_ftp.ini | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\SharedSettings_1_0_5.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\AceBIT\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FileZilla\sitemanager.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\CoffeeCup Software\SharedSettings.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\TurboFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FlashFXP\3\Sites.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP Pro\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\RhinoSoft.com\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FTP Explorer\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\AceBIT\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\GlobalSCAPE\CuteFTP\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FlashFXP\3\Quick.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FTPRush\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\Estsoft\ALFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\GlobalSCAPE\CuteFTP Pro\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\ExpanDrive\drives.js | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\CuteFTP\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\CoffeeCup Software\SharedSettings_1_0_5.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FlashFXP\4\Quick.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\GPSoftware\Directory Opus\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FlashFXP\3\Sites.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\SharedSettings_1_0_5.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FileZilla\sitemanager.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\BlazeFtp\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\GlobalSCAPE\CuteFTP Lite\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP Lite\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Home\QCToolbar | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 7 Professional\QCToolbar | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\FTPGetter\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\SharedSettings.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\AceBIT\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\GlobalSCAPE\CuteFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FTPRush\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\GHISLER\wcx_ftp.ini | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Windows\32BitFtp.ini | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP Pro\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\LeapWare\LeapFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\INSoftware\NovaFTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FlashFXP\4\Quick.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\GlobalSCAPE\CuteFTP Lite\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FileZilla\sitemanager.xml | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\3D-FTP\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\Frigate3\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\NetSarang\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 6 Home\QCToolbar | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\GPSoftware\Directory Opus\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FTPRush\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_CURRENT_USER\Software\GlobalSCAPE\CuteFTP 8 Professional\QCToolbar | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\GlobalSCAPE\CuteFTP Lite\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Local\SharedSettings.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FlashFXP\3\History.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FlashFXP\4\Sites.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: HKEY_LOCAL_MACHINE\Software\TurboFTP | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\FlashFXP\3\Quick.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\FlashFXP\4\History.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\ProgramData\CoffeeCup Software\SharedSettings_1_0_5.ccs | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Windows\wcx_ftp.ini | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Program Files (x86)\GlobalSCAPE\CuteFTP Lite\sm.dat | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\CoffeeCup Software\SharedSettings_1_0_5.sqlite | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\RhinoSoft.com\ | Jump to behavior |
Source: C:\Users\user\Desktop\a5gvJhukP7.exe | File opened: C:\Users\user\AppData\Roaming\CuteFTP\sm.dat | Jump to behavior |