Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'bpk' = '<SYSTEM32>\bpk.exe'
- <SYSTEM32>\bpk.exe
- %TEMP%\Conquer CPs Hack.exe
- %TEMP%\RarSFX0\rinst.exe
- Handler for all processes: <SYSTEM32>\bpkhk.dll
- ClassName: '' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'RegmonClass' WindowName: ''
- ClassName: '' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'FilemonClass' WindowName: ''
- ClassName: '' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- <SYSTEM32>\dt\2012-10-11_23-49-42-305843
- <SYSTEM32>\dt\2012-10-11_23-49-45-308406
- <SYSTEM32>\dt\2012-10-11_23-49-39-303203
- <SYSTEM32>\dt\2012-10-11_23-49-34-297328
- <SYSTEM32>\dt\2012-10-11_23-49-36-299343
- <SYSTEM32>\dt\2012-10-11_23-49-47-310218
- <SYSTEM32>\dt\2012-10-11_23-49-54-317171
- <SYSTEM32>\dt\2012-10-11_23-49-56-319578
- <SYSTEM32>\dt\2012-10-11_23-49-52-315468
- <SYSTEM32>\dt\2012-10-11_23-49-48-311234
- <SYSTEM32>\dt\2012-10-11_23-49-50-313359
- <SYSTEM32>\dt\2012-10-11_23-49-19-282296
- <SYSTEM32>\dt\2012-10-11_23-49-21-284343
- <SYSTEM32>\dt\2012-10-11_23-49-18-281328
- <SYSTEM32>\dt\2012-10-11_23-49-15-278218
- <SYSTEM32>\dt\2012-10-11_23-49-16-279296
- <SYSTEM32>\dt\2012-10-11_23-49-23-286359
- <SYSTEM32>\dt\2012-10-11_23-49-30-293343
- <SYSTEM32>\dt\2012-10-11_23-49-32-295359
- <SYSTEM32>\dt\2012-10-11_23-49-28-291343
- <SYSTEM32>\dt\2012-10-11_23-49-25-288359
- <SYSTEM32>\dt\2012-10-11_23-49-27-290343
- <SYSTEM32>\dt\2012-10-11_23-49-58-321328
- <SYSTEM32>\dt\2012-10-11_23-50-27-350390
- <SYSTEM32>\dt\2012-10-11_23-50-29-352343
- <SYSTEM32>\dt\2012-10-11_23-50-26-349234
- <SYSTEM32>\dt\2012-10-11_23-50-22-345343
- <SYSTEM32>\dt\2012-10-11_23-50-24-347390
- <SYSTEM32>\dt\2012-10-11_23-50-31-354296
- <SYSTEM32>\dt\2012-10-11_23-50-36-359203
- <SYSTEM32>\dt\2012-10-11_23-50-37-360281
- <SYSTEM32>\dt\2012-10-11_23-50-35-358296
- <SYSTEM32>\dt\2012-10-11_23-50-32-355328
- <SYSTEM32>\dt\2012-10-11_23-50-34-357312
- <SYSTEM32>\dt\2012-10-11_23-50-06-329312
- <SYSTEM32>\dt\2012-10-11_23-50-08-331296
- <SYSTEM32>\dt\2012-10-11_23-50-04-327265
- <SYSTEM32>\dt\2012-10-11_23-50-00-323343
- <SYSTEM32>\dt\2012-10-11_23-50-02-325250
- <SYSTEM32>\dt\2012-10-11_23-50-10-333375
- <SYSTEM32>\dt\2012-10-11_23-50-18-341328
- <SYSTEM32>\dt\2012-10-11_23-50-20-343343
- <SYSTEM32>\dt\2012-10-11_23-50-16-339359
- <SYSTEM32>\dt\2012-10-11_23-50-12-335312
- <SYSTEM32>\dt\2012-10-11_23-50-14-337343
- <SYSTEM32>\dt\2012-10-11_23-49-14-277265
- <SYSTEM32>\pk.bin_back
- <SYSTEM32>\temporary.bmp
- <SYSTEM32>\rinst.exe
- <SYSTEM32>\bpkwb.dll
- <SYSTEM32>\inst.dat
- <SYSTEM32>\dt\2012-10-11_23-48-40-243421
- <SYSTEM32>\dt\2012-10-11_23-48-44-247265
- <SYSTEM32>\dt\2012-10-11_23-48-45-248265
- <SYSTEM32>\dt\2012-10-11_23-48-43-246265
- <SYSTEM32>\dt\2012-10-11_23-48-41-244171
- <SYSTEM32>\dt\2012-10-11_23-48-42-245234
- %TEMP%\RarSFX0\bpkwb.dll
- %TEMP%\RarSFX0\bpk.exe
- %TEMP%\RarSFX0\bpkhk.dll
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\Conquer CPs Hack.exe
- <SYSTEM32>\bpk.exe
- <SYSTEM32>\bpkhk.dll
- <SYSTEM32>\pk.bin
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\Conquer CPs Hack.exe
- <SYSTEM32>\dt\2012-10-11_23-48-47-250281
- <SYSTEM32>\dt\2012-10-11_23-49-03-266218
- <SYSTEM32>\dt\2012-10-11_23-49-04-267265
- <SYSTEM32>\dt\2012-10-11_23-49-02-265140
- <SYSTEM32>\dt\2012-10-11_23-49-00-263234
- <SYSTEM32>\dt\2012-10-11_23-49-01-264250
- <SYSTEM32>\dt\2012-10-11_23-49-05-268281
- <SYSTEM32>\dt\2012-10-11_23-49-12-275250
- <SYSTEM32>\dt\2012-10-11_23-49-13-276234
- <SYSTEM32>\dt\2012-10-11_23-49-10-273328
- <SYSTEM32>\dt\2012-10-11_23-49-07-270312
- <SYSTEM32>\dt\2012-10-11_23-49-08-271328
- <SYSTEM32>\dt\2012-10-11_23-48-52-255171
- <SYSTEM32>\dt\2012-10-11_23-48-53-256265
- <SYSTEM32>\dt\2012-10-11_23-48-50-253265
- <SYSTEM32>\dt\2012-10-11_23-48-48-251171
- <SYSTEM32>\dt\2012-10-11_23-48-49-252234
- <SYSTEM32>\dt\2012-10-11_23-48-54-257218
- <SYSTEM32>\dt\2012-10-11_23-48-58-261171
- <SYSTEM32>\dt\2012-10-11_23-48-59-262234
- <SYSTEM32>\dt\2012-10-11_23-48-57-260125
- <SYSTEM32>\dt\2012-10-11_23-48-55-258281
- <SYSTEM32>\dt\2012-10-11_23-48-56-259281
- %TEMP%\RarSFX0\Conquer CPs Hack.exe
- %TEMP%\RarSFX0\rinst.exe
- <SYSTEM32>\temporary.bmp
- <SYSTEM32>\pk.bin_back
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\bpk.exe
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\bpkwb.dll
- %TEMP%\RarSFX0\bpkhk.dll
- from <SYSTEM32>\rinst.exe to <SYSTEM32>\bpkr.exe
- '67.##5.160.76':587
- DNS ASK sm##.#ail.yahoo.com
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'WindowsForms10.Window.8.app.0.378734a' WindowName: ''
- ClassName: 'Shell Embedding' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- ClassName: '' WindowName: 'PKL Window'