MS-Connect
Copyright © MegaSecurity
By ConnectSwitch
Informations
| From | The Netherlands |
| Author | ConnectSwitch |
| Family | MS-Connect |
| Category | Remote Access |
| Version | MS-Connect |
| Language | Borland Delphi, compressed with UPX |
Additional Information
dropped file:
c:\WINDOWS\system32\%name%.EXE
size: 86,548 bytes
added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MS-Connect"
data: C:\WINDOWS\System32\%name%.EXE
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile\shell\open\command "(Default)"
data: "C:\WINDOWS\System32\%name%.EXE" "%1"
HKEY_CLASSES_ROOT\.cxq
HKEY_CLASSES_ROOT\.mxq
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile\shell
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile\shell\open
HKEY_CLASSES_ROOT\MS-Connect.Scriptfile\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8B22270A-71D9-4AB9-B11A-2EA1E5292F42}
HKEY_LOCAL_MACHINE\SOFTWARE\MS-Connect
tested on Windows XP
February 21, 2005If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.