Executes dropped EXE

Reads data files stored by FTP clients

Tries to access configuration files associated with programs like FileZilla.

Unsecured Credentials: Credentials In Files

Steal credentials from unsecured files.

Checks installed software on the system

Looks up Uninstall key entries in the registry to enumerate software on the system.

Enumerates processes with tasklist