Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\GbUpdater] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\GbPlugin] 'Start' = '00000002'
- Registry Editor (RegEdit)
- C:\squid\sbin\app2srv.exe SERVICE /SN="GbUpdater" /PM="C:\squid\sbin\GbUpdater.exe" /WD="C:\squid\sbin" /SWH
- C:\squid\sbin\GbUpdater.exe
- C:\squid\sbin\IECache.exe /DELETE
- C:\squid\sbin\app2srv.exe INSTALL /SN="GbUpdater" /PM="C:\squid\sbin\GbUpdater.exe" /WD="C:\squid\sbin" /SWH /DISP="Gbuster Plugin Updater" DES="Service for G-Buster Browser Defense" /STTA
- C:\squid\sbin\squid.exe -k reconfigure -n GbPlugin
- C:\squid\bin\GbWait.exe 1200
- %WINDIR%\Temp\5.tmp\b2e.exe %WINDIR%\TEMP\5.tmp\b2e.exe C:\squid\sbin "C:\squid\sbin\GbUpdater.exe"
- C:\squid\bin\GbUpdator.exe http://gb####in.linkpc.net/data32.conf -O c:\squid\etc\data32.conf
- %TEMP%\inst136921\GbCleaner-xp.exe
- %TEMP%\1.tmp\b2e.exe %TEMP%\1.tmp\b2e.exe <Current directory> "%TEMP%\inst136921\GbService.exe"
- %TEMP%\inst136921\installer\GbPlugin.exe_tmp.exe
- %TEMP%\inst136921\GbService.exe
- C:\squid\sbin\squid.exe --ntservice:GbPlugin
- C:\squid\libexec\unlinkd.exe
- %TEMP%\2.tmp\b2e.exe %TEMP%\2.tmp\b2e.exe <Current directory> "%TEMP%\inst136921\GbCleaner-xp.exe"
- C:\squid\sbin\squid.exe -i -n GbPlugin
- <SYSTEM32>\net1.exe start GbUpdater
- <SYSTEM32>\cmd.exe /c ""%TEMP%\selfdel0.bat" "
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\TEMP\6.tmp\batfile.bat" "
- <SYSTEM32>\attrib.exe +s +h c:\squid
- <SYSTEM32>\cmd.exe /c ""%TEMP%\4.tmp\batfile.bat" "
- <SYSTEM32>\cmd.exe /c ""%TEMP%\3.tmp\batfile.bat" "
- <SYSTEM32>\net1.exe start GbPlugin
- <SYSTEM32>\taskkill.exe /f /im iexplore.exe
- iexplore.exe
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyOverride' = '<local>'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http://127.0.0.1:56656'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- C:\squid\share\errors\English\ERR_FTP_FAILURE
- C:\squid\share\errors\English\ERR_FTP_FORBIDDEN
- C:\squid\share\errors\English\ERR_FTP_DISABLED
- C:\squid\share\errors\English\ERR_DNS_FAIL
- C:\squid\share\errors\English\ERR_FORWARDING_DENIED
- C:\squid\share\errors\English\ERR_FTP_NOT_FOUND
- C:\squid\share\errors\English\ERR_FTP_UNAVAILABLE
- C:\squid\share\errors\English\ERR_INVALID_REQ
- C:\squid\share\errors\English\ERR_FTP_PUT_MODIFIED
- C:\squid\share\errors\English\ERR_FTP_PUT_CREATED
- C:\squid\share\errors\English\ERR_FTP_PUT_ERROR
- C:\squid\share\errors\English\ERR_CONNECT_FAIL
- C:\squid\share\icons\anthony-text.gif
- C:\squid\share\icons\anthony-unknown.gif
- C:\squid\share\icons\anthony-tex.gif
- C:\squid\share\icons\anthony-sound.gif
- C:\squid\share\icons\anthony-tar.gif
- C:\squid\share\icons\anthony-xbm.gif
- C:\squid\share\errors\English\ERR_CACHE_MGR_ACCESS_DENIED
- C:\squid\share\errors\English\ERR_CANNOT_FORWARD
- C:\squid\share\errors\English\ERR_CACHE_ACCESS_DENIED
- C:\squid\share\icons\anthony-xpm.gif
- C:\squid\share\errors\English\ERR_ACCESS_DENIED
- %TEMP%\2.tmp\b2e.exe
- %TEMP%\3.tmp\batfile.bat
- %TEMP%\1.tmp\b2e.exe
- C:\squid\share\errors\English\ERR_WRITE_ERROR
- C:\squid\share\errors\English\ERR_ZERO_SIZE_OBJECT
- %TEMP%\4.tmp\batfile.bat
- %WINDIR%\Temp\5.tmp\b2e.exe
- %WINDIR%\Temp\6.tmp\batfile.bat
- %ALLUSERSPROFILE%\Application Data\TEMP:3F0EA0B5
- C:\squid\etc\squid.pid
- %TEMP%\selfdel0.bat
- C:\squid\share\errors\English\ERR_URN_RESOLVE
- C:\squid\share\errors\English\ERR_NO_RELAY
- C:\squid\share\errors\English\ERR_ONLY_IF_CACHED_MISS
- C:\squid\share\errors\English\ERR_LIFETIME_EXP
- C:\squid\share\errors\English\ERR_INVALID_RESP
- C:\squid\share\errors\English\ERR_INVALID_URL
- C:\squid\share\errors\English\ERR_READ_ERROR
- C:\squid\share\errors\English\ERR_TOO_BIG
- C:\squid\share\errors\English\ERR_UNSUP_REQ
- C:\squid\share\errors\English\ERR_SOCKET_FAILURE
- C:\squid\share\errors\English\ERR_READ_TIMEOUT
- C:\squid\share\errors\English\ERR_SHUTTING_DOWN
- C:\squid\share\icons\anthony-script.gif
- C:\squid\etc\data32.conf
- C:\squid\etc\mime.conf
- C:\squid\etc\cachemgr.conf
- C:\squid\bin\GbWait.exe
- C:\squid\bin\squidclient.exe
- C:\squid\etc\squid.conf
- C:\squid\sbin\GbUpdater.exe
- C:\squid\sbin\IECache.exe
- C:\squid\sbin\app2srv.exe
- C:\squid\libexec\logfile-daemon.exe
- C:\squid\libexec\unlinkd.exe
- C:\squid\bin\GbUpdator.exe
- %TEMP%\inst136921\GbCleaner-xp.exe
- %TEMP%\inst136921\installer\GbPlugin.exe_tmp.exe
- %TEMP%\inst136921\GbCleaner-7.exe
- %TEMP%\aiw136968.bmp
- %TEMP%\aiw137015.bmp
- %TEMP%\inst136921\GbService.exe
- %TEMP%\aiw141093.bmp
- %TEMP%\aiw141140.bmp
- %TEMP%\aiw141031.bmp
- %TEMP%\aiw140906.bmp
- %TEMP%\aiw140984.bmp
- C:\squid\share\icons\anthony-image2.gif
- C:\squid\share\icons\anthony-layout.gif
- C:\squid\share\icons\anthony-image.gif
- C:\squid\share\icons\anthony-dvi.gif
- C:\squid\share\icons\anthony-f.gif
- C:\squid\share\icons\anthony-link.gif
- C:\squid\share\icons\anthony-ps.gif
- C:\squid\share\icons\anthony-quill.gif
- C:\squid\share\icons\anthony-portal.gif
- C:\squid\share\icons\anthony-movie.gif
- C:\squid\share\icons\anthony-pdf.gif
- C:\squid\share\icons\anthony-dirup.gif
- C:\squid\system32\psapi.dll
- C:\squid\share\icons\anthony-binhex.gif
- C:\squid\share\mib.txt
- C:\squid\sbin\none
- C:\squid\sbin\squid.exe
- C:\squid\share\icons\anthony-bomb.gif
- C:\squid\share\icons\anthony-compressed.gif
- C:\squid\share\icons\anthony-dir.gif
- C:\squid\share\icons\anthony-c.gif
- C:\squid\share\icons\anthony-box.gif
- C:\squid\share\icons\anthony-box2.gif
- %TEMP%\3.tmp\batfile.bat
- %TEMP%\1.tmp\b2e.exe
- %TEMP%\4.tmp\batfile.bat
- %TEMP%\2.tmp\b2e.exe
- 'gb####in.linkpc.net':80
- 'localhost':1038
- gb####in.linkpc.net/data32.conf
- DNS ASK gb####in.linkpc.net
- DNS ASK ne###ape.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''