Crack Propel Accelerator

Released 19 years, 11 months ago. May 2005

Copyright © MegaSecurity

By Majestic


Crack Propel Accelerator
Informations
Author Majestic
Family Crack Propel Accelerator
Category Remote Access
Version Crack Propel Accelerator
Released Date May 2005, 19 years, 11 months ago.
Additional Information
Server:
dropped files:
c:\WINDOWS\ktd32.atm              Size: 40 bytes 
c:\WINDOWS\services.exe           Size: 609,140 bytes   (Backdoor.Win32.Prorat.19.a)
c:\WINDOWS\system\sservice.exe    Size: 609,140 bytes   (Backdoor.Win32.Prorat.19.a)
c:\WINDOWS\system32\fservice.exe  Size: 609,140 bytes 
c:\WINDOWS\system32\reginv.dll    Size: 20,992 bytes    (Backdoor.Win32.Prorat.19)
c:\WINDOWS\system32\winkey.dll    Size: 16,896 bytes    (Backdoor.Win32.Prorat.19)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: Explorer.exe C:\WINDOWS\system32\fservice.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR"
old data: 00, 00, 00, 00 
new data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows NT Script Host
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STISVC\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\a
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STISVC\0000\Control



tested on Windows XP
June 24, 2005

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.