Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'bpk' = '<SYSTEM32>\bpk.exe'
- '<SYSTEM32>\bpk.exe'
- '%TEMP%\12Sky2 EliteBot V1.0 [MAYNGAMES] wla keylogger.exe'
- '%TEMP%\RarSFX0\rinst.exe'
- Handler for all processes: <SYSTEM32>\bpkhk.dll
- firefox.exe
- opera.exe
- chrome.exe
- iexplore.exe
- ClassName: 'RegmonClass' WindowName: '(null)'
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- ClassName: 'FilemonClass' WindowName: '(null)'
- <SYSTEM32>\dt\2014-04-22_16-13-13-290687
- <SYSTEM32>\dt\2014-04-22_16-13-15-293078
- <SYSTEM32>\dt\2014-04-22_16-13-11-288703
- <SYSTEM32>\dt\2014-04-22_16-13-07-284625
- <SYSTEM32>\dt\2014-04-22_16-13-09-286625
- <SYSTEM32>\dt\2014-04-22_16-13-18-295718
- <SYSTEM32>\dt\2014-04-22_16-13-26-303593
- <SYSTEM32>\dt\2014-04-22_16-13-28-305546
- <SYSTEM32>\dt\2014-04-22_16-13-24-301593
- <SYSTEM32>\dt\2014-04-22_16-13-20-297734
- <SYSTEM32>\dt\2014-04-22_16-13-22-299593
- <SYSTEM32>\dt\2014-04-22_16-12-57-274625
- <SYSTEM32>\dt\2014-04-22_16-12-58-275593
- <SYSTEM32>\dt\2014-04-22_16-12-55-272671
- <SYSTEM32>\dt\2014-04-22_16-12-53-270593
- <SYSTEM32>\dt\2014-04-22_16-12-54-271593
- <SYSTEM32>\dt\2014-04-22_16-12-59-276625
- <SYSTEM32>\dt\2014-04-22_16-13-04-281562
- <SYSTEM32>\dt\2014-04-22_16-13-05-282562
- <SYSTEM32>\dt\2014-04-22_16-13-03-280562
- <SYSTEM32>\dt\2014-04-22_16-13-00-277609
- <SYSTEM32>\dt\2014-04-22_16-13-01-278640
- <SYSTEM32>\dt\2014-04-22_16-13-58-335640
- <SYSTEM32>\dt\2014-04-22_16-14-00-337609
- <SYSTEM32>\dt\2014-04-22_16-13-56-333640
- <SYSTEM32>\dt\2014-04-22_16-13-52-329640
- <SYSTEM32>\dt\2014-04-22_16-13-54-331796
- <SYSTEM32>\dt\2014-04-22_16-14-02-339703
- <SYSTEM32>\dt\2014-04-22_16-14-10-347765
- <SYSTEM32>\dt\2014-04-22_16-14-12-349718
- <SYSTEM32>\dt\2014-04-22_16-14-08-345718
- <SYSTEM32>\dt\2014-04-22_16-14-04-341687
- <SYSTEM32>\dt\2014-04-22_16-14-06-343703
- <SYSTEM32>\dt\2014-04-22_16-13-36-313671
- <SYSTEM32>\dt\2014-04-22_16-13-38-315656
- <SYSTEM32>\dt\2014-04-22_16-13-34-311640
- <SYSTEM32>\dt\2014-04-22_16-13-30-307640
- <SYSTEM32>\dt\2014-04-22_16-13-32-309765
- <SYSTEM32>\dt\2014-04-22_16-13-40-317625
- <SYSTEM32>\dt\2014-04-22_16-13-48-325687
- <SYSTEM32>\dt\2014-04-22_16-13-50-327609
- <SYSTEM32>\dt\2014-04-22_16-13-46-323937
- <SYSTEM32>\dt\2014-04-22_16-13-42-319875
- <SYSTEM32>\dt\2014-04-22_16-13-44-321765
- <SYSTEM32>\pk.bin_back
- <SYSTEM32>\temporary.bmp
- <SYSTEM32>\rinst.exe
- <SYSTEM32>\bpkwb.dll
- <SYSTEM32>\inst.dat
- <SYSTEM32>\dt\2014-04-22_16-12-16-233531
- <SYSTEM32>\dt\2014-04-22_16-12-23-240640
- <SYSTEM32>\dt\2014-04-22_16-12-24-241562
- <SYSTEM32>\dt\2014-04-22_16-12-22-239671
- <SYSTEM32>\dt\2014-04-22_16-12-18-235656
- <SYSTEM32>\dt\2014-04-22_16-12-20-237718
- %TEMP%\RarSFX0\bpkwb.dll
- %TEMP%\RarSFX0\12Sky2 EliteBot V1.0 [MAYNGAMES] wla keylogger.exe
- %TEMP%\RarSFX0\bpkhk.dll
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\bpk.exe
- <SYSTEM32>\bpk.exe
- <SYSTEM32>\bpkhk.dll
- <SYSTEM32>\pk.bin
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\12Sky2 EliteBot V1.0 [MAYNGAMES] wla keylogger.exe
- <SYSTEM32>\dt\2014-04-22_16-12-43-260593
- <SYSTEM32>\dt\2014-04-22_16-12-44-261562
- <SYSTEM32>\dt\2014-04-22_16-12-41-258703
- <SYSTEM32>\dt\2014-04-22_16-12-39-256546
- <SYSTEM32>\dt\2014-04-22_16-12-40-257593
- <SYSTEM32>\dt\2014-04-22_16-12-45-262562
- <SYSTEM32>\dt\2014-04-22_16-12-50-267796
- <SYSTEM32>\dt\2014-04-22_16-12-52-269593
- <SYSTEM32>\dt\2014-04-22_16-12-49-266593
- <SYSTEM32>\dt\2014-04-22_16-12-46-263625
- <SYSTEM32>\dt\2014-04-22_16-12-47-264593
- <SYSTEM32>\dt\2014-04-22_16-12-28-245468
- <SYSTEM32>\dt\2014-04-22_16-12-29-246531
- <SYSTEM32>\dt\2014-04-22_16-12-27-244531
- <SYSTEM32>\dt\2014-04-22_16-12-25-242562
- <SYSTEM32>\dt\2014-04-22_16-12-26-243515
- <SYSTEM32>\dt\2014-04-22_16-12-30-247703
- <SYSTEM32>\dt\2014-04-22_16-12-35-252812
- <SYSTEM32>\dt\2014-04-22_16-12-37-254593
- <SYSTEM32>\dt\2014-04-22_16-12-34-251500
- <SYSTEM32>\dt\2014-04-22_16-12-32-249484
- <SYSTEM32>\dt\2014-04-22_16-12-33-250531
- %TEMP%\RarSFX0\12Sky2 EliteBot V1.0 [MAYNGAMES] wla keylogger.exe
- %TEMP%\RarSFX0\rinst.exe
- <SYSTEM32>\temporary.bmp
- <SYSTEM32>\pk.bin_back
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\bpk.exe
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\bpkwb.dll
- %TEMP%\RarSFX0\bpkhk.dll
- from <SYSTEM32>\rinst.exe to <SYSTEM32>\bpkr.exe
- 'sm##.mail.com':587
- DNS ASK sm##.mail.com
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'RichEdit20A' WindowName: '(null)'
- ClassName: 'MButtonClass' WindowName: '(null)'
- ClassName: 'Button' WindowName: 'ICQ'
- ClassName: '(null)' WindowName: 'PKL Window'
- ClassName: '(null)' WindowName: 'File Monitor - Sysinternals: www.sysinternals.com'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Process Monitor - Sysinternals: www.sysinternals.com'
- ClassName: '18467-41' WindowName: '(null)'
- ClassName: '(null)' WindowName: 'Registry Monitor - Sysinternals: www.sysinternals.com'