Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'bpk' = '<SYSTEM32>\bpk.exe'
- '%TEMP%\is-DGGC3.tmp\is-FAVVU.tmp' /SL4 $200EA "%TEMP%\RarSFX0\EmailRev2[1].0-2005.exe" 1030355 52224
- '<SYSTEM32>\bpkr.exe' u
- '%TEMP%\uninst.tmp' u2
- '%TEMP%\RarSFX0\rinst.exe'
- '%TEMP%\RarSFX0\EmailRev2[1].0-2005.exe'
- '<SYSTEM32>\bpk.exe'
- <SYSTEM32>\rinst.exe
- %TEMP%\is-DGGC3.tmp\is-FAVVU.tmp
- <SYSTEM32>\bpkwb.dll
- <SYSTEM32>\inst.dat
- %TEMP%\is-7E3QU.tmp\_isetup\_shfoldr.dll
- %TEMP%\inst.dat
- %TEMP%\uninst.tmp
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\gbound.com[1]
- <SYSTEM32>\www.gbound.com.br
- <SYSTEM32>\bpkhk.dll
- %TEMP%\RarSFX0\bpkhk.dll
- %TEMP%\RarSFX0\bpkwb.dll
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\bpk.exe
- <SYSTEM32>\pk.bin
- <SYSTEM32>\bpk.exe
- %TEMP%\RarSFX0\EmailRev2[1].0-2005.exe
- %TEMP%\RarSFX0\rinst.exe
- <SYSTEM32>\bpkhk.dll
- <SYSTEM32>\bpk.exe
- <SYSTEM32>\pk.bin
- <SYSTEM32>\bpkwb.dll
- <SYSTEM32>\bpkr.exe
- <SYSTEM32>\inst.dat
- %TEMP%\RarSFX0\EmailRev2[1].0-2005.exe
- %TEMP%\RarSFX0\bpkhk.dll
- %TEMP%\RarSFX0\bpk.exe
- %TEMP%\RarSFX0\pk.bin
- %TEMP%\RarSFX0\rinst.exe
- %TEMP%\RarSFX0\inst.dat
- %TEMP%\RarSFX0\bpkwb.dll
- <SYSTEM32>\rinst.exe в <SYSTEM32>\bpkr.exe
- 'www.gb###d.com.br':80
- 'localhost':1036
- www.gb###d.com.br/
- DNS ASK www.gb###d.com.br
- ClassName: '' WindowName: 'PKL Window'
- ClassName: 'Shell_TrayWnd' WindowName: ''