Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im fiddler.exe
- '<SYSTEM32>\taskkill.exe' /f /im proxifier.exe
- '<SYSTEM32>\taskkill.exe' /f /im delete.exe
- %TEMP%\$inst\2.tmp
- C:\BubbleBot\Fiddler\Scripts\QWhale.Editor.dll
- C:\BubbleBot\Fiddler\Scripts\QWhale.Common.dll
- C:\BubbleBot\Fiddler\Scripts\netstandard.dll
- C:\BubbleBot\Fiddler\Scripts\FiddlerOrchestra.Utilities.dll
- C:\BubbleBot\Fiddler\Scripts\FiddlerOrchestra.Protocol.dll
- C:\BubbleBot\Fiddler\Scripts\FiddlerOrchestra.Connection.dll
- C:\BubbleBot\Fiddler\Scripts\FiddlerOrchestra.Addon.pdb
- C:\BubbleBot\Fiddler\Scripts\FiddlerOrchestra.Addon.dll
- C:\BubbleBot\Fiddler\ScriptEditor\QWhale.Syntax.Parsers.dll
- C:\BubbleBot\Fiddler\ScriptEditor\QWhale.Syntax.dll
- C:\BubbleBot\Fiddler\ScriptEditor\QWhale.Editor.dll
- C:\BubbleBot\Fiddler\ScriptEditor\QWhale.Common.dll
- C:\BubbleBot\Fiddler\Scripts\QWhale.Syntax.dll
- C:\BubbleBot\Fiddler\ScriptEditor\GA.Analytics.Monitor.pdb
- C:\BubbleBot\Fiddler\ScriptEditor\FSE2.exe.config
- C:\BubbleBot\Fiddler\ScriptEditor\FSE2.exe
- C:\BubbleBot\Fiddler\ScriptEditor\EQATEC.Analytics.Monitor.dll
- C:\BubbleBot\Fiddler\ScriptEditor\Analytics.pdb
- C:\BubbleBot\Fiddler\ScriptEditor\Analytics.dll
- C:\BubbleBot\Fiddler\Screenshot.wav
- C:\BubbleBot\Fiddler\saz.ico
- C:\BubbleBot\Fiddler\ResponseTemplates\502_Unreachable.dat
- C:\BubbleBot\Fiddler\ResponseTemplates\407_ProxyAuthBasic.dat
- C:\BubbleBot\Fiddler\ResponseTemplates\404_Plain.dat
- C:\BubbleBot\Fiddler\ResponseTemplates\403_AuthDeny.dat
- C:\BubbleBot\Fiddler\ResponseTemplates\401_AuthDigest.dat
- C:\BubbleBot\Fiddler\ScriptEditor\GA.Analytics.Monitor.dll
- C:\BubbleBot\Fiddler\Tools\PngDistill.exe
- %TEMP%\1.tmp\BB.bat
- %TEMP%\$inst\0002.tmp
- C:\BubbleBot\Uninstall.ini
- %HOMEPATH%\Desktop\BubbleBot.lnk
- C:\BubbleBot\Uninstall.exe
- C:\Users\Default\AppData\del\delete.exe
- C:\BubbleBot\Fiddler\Xceed.Zip.v5.4.dll
- C:\BubbleBot\Fiddler\Xceed.FileSystem.v5.4.dll
- C:\BubbleBot\Fiddler\Xceed.Compression.v5.4.dll
- C:\BubbleBot\Fiddler\Xceed.Compression.Formats.v5.4.dll
- C:\BubbleBot\Fiddler\uninst.exe
- C:\BubbleBot\Fiddler\TrustCert.pdb
- C:\BubbleBot\Fiddler\TrustCert.exe
- C:\BubbleBot\Fiddler\Tools\Zopfli.exe
- C:\BubbleBot\Fiddler\ResponseTemplates\401_AuthBasic.dat
- C:\BubbleBot\Fiddler\Tools\PngDistill.pdb
- C:\BubbleBot\Fiddler\Tools\JXR2PNG.exe.config
- C:\BubbleBot\Fiddler\Tools\JXR2PNG.exe
- C:\BubbleBot\Fiddler\Tools\dwebp.exe
- C:\BubbleBot\Fiddler\Tools\Brotli.exe
- C:\BubbleBot\Fiddler\Telerik.Analytics.dll
- C:\BubbleBot\Fiddler\SetupHelper
- C:\BubbleBot\Fiddler\Scripts\Timeline.pdb
- C:\BubbleBot\Fiddler\Scripts\Timeline.dll
- C:\BubbleBot\Fiddler\Scripts\SimpleFilter.pdb
- C:\BubbleBot\Fiddler\Scripts\SimpleFilter.dll
- C:\BubbleBot\Fiddler\Scripts\SampleRules.js
- C:\BubbleBot\Fiddler\Scripts\SampleRules.cs
- C:\BubbleBot\Fiddler\Scripts\QWhale.Syntax.Parsers.dll
- C:\BubbleBot\Fiddler\Scripts\RulesTab2.dll
- C:\BubbleBot\Fiddler\ResponseTemplates\307_RedirectWithMethod.dat
- C:\BubbleBot\Fiddler\Countdown.wav
- C:\BubbleBot\Fiddler\Analytics.pdb
- C:\BubbleBot\Fiddler\Analytics.dll
- %HOMEPATH%\Documents\Fiddler2\Scripts\BrowserPAC.js
- %HOMEPATH%\Documents\Fiddler2\CustomMimeMappings.xml
- %HOMEPATH%\Documents\Fiddler2\Banners\3.1\KendoUI\styles.css
- %HOMEPATH%\Documents\Fiddler2\Banners\3.1\KendoUI\index.html
- %HOMEPATH%\Documents\Fiddler2\Banners\3.1\Devcraft\styles.css
- %HOMEPATH%\Documents\Fiddler2\Banners\3.1\Devcraft\index.html
- %HOMEPATH%\Documents\Fiddler2\AutoResponder.xml
- C:\BubbleBot\Skype4COM.dll
- C:\BubbleBot\versionbub.txt
- C:\BubbleBot\verdictus.txt
- C:\BubbleBot\Fiddler\App.ico
- C:\BubbleBot\verdict.txt
- C:\BubbleBot\Proxifier\Settings.ini
- C:\BubbleBot\Proxifier\PrxDrvPE64.dll
- C:\BubbleBot\Proxifier\PrxDrvPE.dll
- C:\BubbleBot\Proxifier\ProxyChecker.exe
- C:\BubbleBot\Proxifier\Proxifier.exe
- C:\BubbleBot\Proxifier\Profiles\Bubblebot.ppx
- C:\BubbleBot\Proxifier\Helper64.exe
- C:\BubbleBot\paymentSuperNew.txt
- %TEMP%\$inst\0001.tmp
- C:\BubbleBot\BubbleBot.exe
- C:\BubbleBot\bb.exe
- %TEMP%\$inst\temp_0.tmp
- C:\BubbleBot\skypus.txt
- C:\BubbleBot\Fiddler\Inspectors\QWhale.Editor.dll
- C:\BubbleBot\Fiddler\ResponseTemplates\303_RedirectWithGet.dat
- C:\BubbleBot\Fiddler\credits.txt
- C:\BubbleBot\Fiddler\ResponseTemplates\302_Redirect.dat
- C:\BubbleBot\Fiddler\ResponseTemplates\204_NoContent.dat
- C:\BubbleBot\Fiddler\ResponseTemplates\200_TransPixel.dat
- C:\BubbleBot\Fiddler\ResponseTemplates\200_SimpleHTML.dat
- C:\BubbleBot\Fiddler\ResponseTemplates\200_FiddlerGif.dat
- C:\BubbleBot\Fiddler\makecert.exe
- C:\BubbleBot\Fiddler\LoadScriptError.wav
- C:\BubbleBot\Fiddler\LoadScript.wav
- C:\BubbleBot\Fiddler\license.txt
- C:\BubbleBot\Fiddler\Inspectors\SyntaxView.dll
- C:\BubbleBot\Fiddler\Inspectors\Standard.dll
- C:\BubbleBot\Fiddler\Inspectors\QWhale.Syntax.Schemes.dll
- C:\BubbleBot\Fiddler\ResponseTemplates\304_NotModified.dat
- C:\BubbleBot\Fiddler\Inspectors\QWhale.Syntax.dll
- C:\BubbleBot\Fiddler\Inspectors\QWhale.Common.dll
- C:\BubbleBot\Fiddler\ImportExport\VSWebTestExport.pdb
- C:\BubbleBot\Fiddler\ImportExport\VSWebTestExport.dll
- C:\BubbleBot\Fiddler\ImportExport\BasicFormats.pdb
- C:\BubbleBot\Fiddler\ImportExport\BasicFormats.dll
- C:\BubbleBot\Fiddler\GA.Analytics.Monitor.pdb
- C:\BubbleBot\Fiddler\GA.Analytics.Monitor.dll
- C:\BubbleBot\Fiddler\ForceCPU.exe
- C:\BubbleBot\Fiddler\Fiddler.pdb
- C:\BubbleBot\Fiddler\Fiddler.exe.config
- C:\BubbleBot\Fiddler\Fiddler.exe
- C:\BubbleBot\Fiddler\ExecAction.exe
- C:\BubbleBot\Fiddler\Be.Windows.Forms.HexBox.dll
- %TEMP%\2.tmp\delete.bat
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\0001.tmp
- %TEMP%\$inst\0002.tmp
- %TEMP%\$inst\2.tmp
- ClassName: '' WindowName: ''
- 'C:\BubbleBot\bb.exe'
- 'C:\Users\Default\AppData\del\delete.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\BB.bat" "
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\2.tmp\delete.bat" "
- '<SYSTEM32>\ping.exe' -n 1800 localhost