Crack Propel Accelerator
Released 19 years, 6 months ago. May 2005
Copyright © MegaSecurity
By Majestic
Informations
| Author | Majestic |
| Family | Crack Propel Accelerator |
| Category | Remote Access |
| Version | Crack Propel Accelerator |
| Released Date | May 2005, 19 years, 6 months ago. |
Additional Information
Server:
dropped files:
c:\WINDOWS\ktd32.atm Size: 40 bytes
c:\WINDOWS\services.exe Size: 609,140 bytes (Backdoor.Win32.Prorat.19.a)
c:\WINDOWS\system\sservice.exe Size: 609,140 bytes (Backdoor.Win32.Prorat.19.a)
c:\WINDOWS\system32\fservice.exe Size: 609,140 bytes
c:\WINDOWS\system32\reginv.dll Size: 20,992 bytes (Backdoor.Win32.Prorat.19)
c:\WINDOWS\system32\winkey.dll Size: 16,896 bytes (Backdoor.Win32.Prorat.19)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe
new data: Explorer.exe C:\WINDOWS\system32\fservice.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR"
old data: 00, 00, 00, 00
new data: 01, 00, 00, 00
HKEY_CURRENT_USER\Software\Microsoft\Windows NT Script Host
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STISVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control
tested on Windows XP
June 24, 2005If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.