Category: Vulnerability Notes

phpMyAdmin Multiple Vulnerabilities

Description

Multiple vulnerabilities have been identified in phpMyAdmin, a remote attacker can exploit these vulnerabilities to trigger remote code execution and sensitive information disclosure on the targeted system.

Impact
  • Remote Code Execution
  • Information Disclosure
System / Technologies Affected
  • Versions 4.0 to 4.8.4
Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 4.8.5
Vulnerability Identifier
  • CVE-2019-6798
  • CVE-2019-6799

Cisco Products Multiple Vulnerabilities

Description

Multiple vulnerabilities were identified in Cisco products, a remote attacker can exploit these vulnerabilities to trigger cross site scripting, denial of service condition, elevation of privilege, bypass security restriction and disclose sensitive information on the targeted system.

Impact
  • Cross-Site Scripting
  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
System / Technologies Affected
  • Cisco Firepower Management Center
  • Cisco Identity Services Engine
  • Cisco SD-WAN Solution
  • Cisco Webex

For other Cisco Products, please refer to the link below:
https://tools.cisco.com/security/center/publicationListing.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

PUA.LiteSurf

Updated: January 31, 2019 9:56:35 AM
Type: Potentially Unwanted App
Infection Length: Varies
Name: LiteSurf.com – client
Publisher: Litesurf.com
Risk Impact: Medium
Systems Affected: Windows

Behavior

PUA.LiteSurf is a potentially unwanted application that may be used for online advertising to generate revenue.

Updated: January 31, 2019 9:56:35 AM
Type: Potentially Unwanted App
Infection Length: Varies
Name: LiteSurf.com – client
Publisher: Litesurf.com
Risk Impact: Medium
Systems Affected: Windows

When the application is installed, it creates the following folders:

  • %ProgramFiles%\LiteSurf.com – client\chrome
  • %ProgramFiles%\LiteSurf.com – client\components
  • %ProgramFiles%\LiteSurf.com – client\defaults
  • %ProgramFiles%\LiteSurf.com – client\dictionaries
  • %ProgramFiles%\LiteSurf.com – client\modules
  • %ProgramFiles%\LiteSurf.com – client\plugins
  • %ProgramFiles%\LiteSurf.com – client\res
  • %ProgramFiles%\LiteSurf.com – client\defaults\autoconfig
  • %ProgramFiles%\LiteSurf.com – client\defaults\pref
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\US
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\US\chrome
  • %ProgramFiles%\LiteSurf.com – client\res\download
  • %ProgramFiles%\LiteSurf.com – client\res\dtd
  • %ProgramFiles%\LiteSurf.com – client\res\entityTables
  • %ProgramFiles%\LiteSurf.com – client\res\fonts
  • %ProgramFiles%\LiteSurf.com – client\res\html

The application then creates the following files:

  • %ProgramFiles%\LiteSurf.com – client\AccessibleMarshal.dll
  • %ProgramFiles%\LiteSurf.com – client\freebl3.chk
  • %ProgramFiles%\LiteSurf.com – client\freebl3.dll
  • %ProgramFiles%\LiteSurf.com – client\greprefs
  • %ProgramFiles%\LiteSurf.com – client\IA2Marshal.dll
  • %ProgramFiles%\LiteSurf.com – client\javaxpcom.jar
  • %ProgramFiles%\LiteSurf.com – client\javaxpcomglue.dll
  • %ProgramFiles%\LiteSurf.com – client\js3250.dll
  • %ProgramFiles%\LiteSurf.com – client\LiteSURF.exe
  • %ProgramFiles%\LiteSurf.com – client\mozcrt19.dll
  • %ProgramFiles%\LiteSurf.com – client\mozctl.dll
  • %ProgramFiles%\LiteSurf.com – client\mozctlx.dll
  • %ProgramFiles%\LiteSurf.com – client\msacm32.dll
  • %ProgramFiles%\LiteSurf.com – client\nspr4.dll
  • %ProgramFiles%\LiteSurf.com – client\nss3.dll
  • %ProgramFiles%\LiteSurf.com – client\nssckbi.dll
  • %ProgramFiles%\LiteSurf.com – client\nssdbm3.chk
  • %ProgramFiles%\LiteSurf.com – client\nssdbm3.dll
  • %ProgramFiles%\LiteSurf.com – client\nssutil3.dll
  • %ProgramFiles%\LiteSurf.com – client\plc4.dll
  • %ProgramFiles%\LiteSurf.com – client\plds4.dll
  • %ProgramFiles%\LiteSurf.com – client\smime3.dll
  • %ProgramFiles%\LiteSurf.com – client\softokn3.chk
  • %ProgramFiles%\LiteSurf.com – client\softokn3.dll
  • %ProgramFiles%\LiteSurf.com – client\sqlite3.dll
  • %ProgramFiles%\LiteSurf.com – client\ssl3.dll
  • %ProgramFiles%\LiteSurf.com – client\unins000.dat
  • %ProgramFiles%\LiteSurf.com – client\unins000.exe
  • %ProgramFiles%\LiteSurf.com – client\xpcom.dll
  • %ProgramFiles%\LiteSurf.com – client\xul.dll
  • %ProgramFiles%\LiteSurf.com – client\xum.dll
  • %ProgramFiles%\LiteSurf.com – client\chrome\classic.jar
  • %ProgramFiles%\LiteSurf.com – client\chrome\classic.manifest
  • %ProgramFiles%\LiteSurf.com – client\chrome\comm.jar
  • %ProgramFiles%\LiteSurf.com – client\chrome\comm.manifest
  • %ProgramFiles%\LiteSurf.com – client\chrome\en-US.jar
  • %ProgramFiles%\LiteSurf.com – client\chrome\en-US.manifest
  • %ProgramFiles%\LiteSurf.com – client\chrome\pippki.jar
  • %ProgramFiles%\LiteSurf.com – client\chrome\pippki.manifest
  • %ProgramFiles%\LiteSurf.com – client\chrome\toolkit.jar
  • %ProgramFiles%\LiteSurf.com – client\chrome\toolkit.manifest
  • %ProgramFiles%\LiteSurf.com – client\components\accessibility-msaa.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\accessibility.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\alerts.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\appshell.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\appstartup.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\autocomplete.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\autoconfig.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\caps.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\chardet.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\chrome.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\commandhandler.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\commandlines.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\composer.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\compreg.dat
  • %ProgramFiles%\LiteSurf.com – client\components\contentprefs.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\content_base.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\content_html.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\content_htmldoc.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\content_xmldoc.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\content_xslt.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\content_xtf.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\cookie.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\directory.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\docshell_base.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_base.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_canvas.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_core.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_css.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_events.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_geolocation.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_html.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_json.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_loadsave.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_offline.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_range.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_sidebar.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_storage.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_stylesheets.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_svg.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_threads.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_traversal.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_views.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_xbl.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_xpath.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\dom_xul.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\downloads.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\editor.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\embed_base.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\extensions.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\exthandler.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\exthelper.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\fastfind.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\FeedProcessor.js
  • %ProgramFiles%\LiteSurf.com – client\components\feeds.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\find.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\gfx.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\htmlparser.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\imgicon.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\imglib2.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\inspector.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\intl.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\jar.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\jsconsole-clhandler.js
  • %ProgramFiles%\LiteSurf.com – client\components\jsdservice.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\layout_base.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\layout_printing.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\layout_xul.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\layout_xul_tree.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\locale.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\loginmgr.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\lwbrk.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\mimetype.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\mozbrwsr.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\mozfind.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_about.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_cache.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_cookie.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_dns.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_file.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_ftp.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_http.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_res.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_socket.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_strconv.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_viewsource.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\necko_wifi.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\NetworkGeolocationProvider.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsAddonRepository.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsBadCertHandler.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsBlocklistService.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsContentDispatchChooser.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsContentPrefService.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsDefaultCLH.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsDownloadManagerUI.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsExtensionManager.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsHandlerService.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsHelperAppDlg.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsLivemarkService.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsLoginInfo.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsLoginManager.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsLoginManagerPrompter.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsPlacesDBFlush.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsPostUpdateWin.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsProgressDialog.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsProxyAutoConfig.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsSearchService.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsSearchSuggestions.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsTaggingService.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsTryToClose.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsUpdateService.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsURLFormatter.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsWebHandlerApp.js
  • %ProgramFiles%\LiteSurf.com – client\components\nsXULAppInstall.js
  • %ProgramFiles%\LiteSurf.com – client\components\oji.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\parentalcontrols.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\pipboot.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\pipnss.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\pippki.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\places.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\plugin.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\pluginGlue.js
  • %ProgramFiles%\LiteSurf.com – client\components\pref.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\prefetch.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\profile.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\proxyObject.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\rdf.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\satchel.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\saxparser.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\shistory.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\spellchecker.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\storage-Legacy.js
  • %ProgramFiles%\LiteSurf.com – client\components\storage-mozStorage.js
  • %ProgramFiles%\LiteSurf.com – client\components\storage.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\toolkitprofile.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\toolkitsearch.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\txEXSLTRegExFunctions.js
  • %ProgramFiles%\LiteSurf.com – client\components\txmgr.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\txtsvc.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\uconv.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\unicharutil.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\update.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\uriloader.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\urlformatter.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\webbrowserpersist.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\webBrowser_core.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\webshell_idls.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\widget.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\windowds.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\windowwatcher.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpcom_base.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpcom_components.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpcom_ds.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpcom_io.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpcom_system.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpcom_thread.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpcom_xpti.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpconnect.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpinstall.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xpti.dat
  • %ProgramFiles%\LiteSurf.com – client\components\xulapp.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xulapp_setup.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xuldoc.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\xultmpl.xpt
  • %ProgramFiles%\LiteSurf.com – client\components\zipwriter.xpt
  • %ProgramFiles%\LiteSurf.com – client\defaults\autoconfig\platform.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\autoconfig\prefcalls.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\pref\channel-prefs.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\pref\firefox-branding.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\pref\firefox-l10n.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\pref\firefox.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\pref\reporter.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\pref\xulrunner.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\chrome
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\localstore.rdf
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\prefs.js
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\userContent.css
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\chrome\userChrome-example.css
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\chrome\userContent-example.css
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\US\localstore.rdf
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\US\chrome\userChrome-example.css
  • %ProgramFiles%\LiteSurf.com – client\defaults\profile\US\chrome\userContent-example.css
  • %ProgramFiles%\LiteSurf.com – client\dictionaries\en-US.aff
  • %ProgramFiles%\LiteSurf.com – client\dictionaries\en-US.dic
  • %ProgramFiles%\LiteSurf.com – client\greprefs\all.js
  • %ProgramFiles%\LiteSurf.com – client\greprefs\security-prefs.js
  • %ProgramFiles%\LiteSurf.com – client\greprefs\user-prefs.js
  • %ProgramFiles%\LiteSurf.com – client\greprefs\xpinstall.js
  • %ProgramFiles%\LiteSurf.com – client\modules\debug.js
  • %ProgramFiles%\LiteSurf.com – client\modules\DownloadLastDir.jsm
  • %ProgramFiles%\LiteSurf.com – client\modules\DownloadUtils.jsm
  • %ProgramFiles%\LiteSurf.com – client\modules\ISO8601DateUtils.jsm
  • %ProgramFiles%\LiteSurf.com – client\modules\Microformats.js
  • %ProgramFiles%\LiteSurf.com – client\modules\PlacesDBUtils.jsm
  • %ProgramFiles%\LiteSurf.com – client\modules\PluralForm.jsm
  • %ProgramFiles%\LiteSurf.com – client\modules\SpatialNavigation.js
  • %ProgramFiles%\LiteSurf.com – client\modules\utils.js
  • %ProgramFiles%\LiteSurf.com – client\modules\WindowDraggingUtils.jsm
  • %ProgramFiles%\LiteSurf.com – client\modules\XPCOMUtils.jsm
  • %ProgramFiles%\LiteSurf.com – client\plugins\flashplayer.xpt
  • %ProgramFiles%\LiteSurf.com – client\plugins\npnul32.dll
  • %ProgramFiles%\LiteSurf.com – client\plugins\NPSWF32.dll
  • %ProgramFiles%\LiteSurf.com – client\res\arrow.gif
  • %ProgramFiles%\LiteSurf.com – client\res\arrowd.gif
  • %ProgramFiles%\LiteSurf.com – client\res\broken-image.gif
  • %ProgramFiles%\LiteSurf.com – client\res\charsetalias.properties
  • %ProgramFiles%\LiteSurf.com – client\res\charsetData.properties
  • %ProgramFiles%\LiteSurf.com – client\res\contenteditable.css
  • %ProgramFiles%\LiteSurf.com – client\res\designmode.css
  • %ProgramFiles%\LiteSurf.com – client\res\EditorOverride.css
  • %ProgramFiles%\LiteSurf.com – client\res\forms.css
  • %ProgramFiles%\LiteSurf.com – client\res\grabber.gif
  • %ProgramFiles%\LiteSurf.com – client\res\hiddenWindow.html
  • %ProgramFiles%\LiteSurf.com – client\res\html.css
  • %ProgramFiles%\LiteSurf.com – client\res\index.html
  • %ProgramFiles%\LiteSurf.com – client\res\langGroups.properties
  • %ProgramFiles%\LiteSurf.com – client\res\language.properties
  • %ProgramFiles%\LiteSurf.com – client\res\loading-image.gif
  • %ProgramFiles%\LiteSurf.com – client\res\mathml.css
  • %ProgramFiles%\LiteSurf.com – client\res\quirk.css
  • %ProgramFiles%\LiteSurf.com – client\res\svg.css
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-column-after-active.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-column-after-hover.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-column-after.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-column-before-active.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-column-before-hover.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-column-before.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-row-after-active.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-row-after-hover.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-row-after.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-row-before-active.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-row-before-hover.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-add-row-before.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-remove-column-active.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-remove-column-hover.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-remove-column.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-remove-row-active.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-remove-row-hover.gif
  • %ProgramFiles%\LiteSurf.com – client\res\table-remove-row.gif
  • %ProgramFiles%\LiteSurf.com – client\res\ua.css
  • %ProgramFiles%\LiteSurf.com – client\res\Update.exe
  • %ProgramFiles%\LiteSurf.com – client\res\viewsource.css
  • %ProgramFiles%\LiteSurf.com – client\res\wincharset.properties
  • %ProgramFiles%\LiteSurf.com – client\res\download\update.zip
  • %ProgramFiles%\LiteSurf.com – client\res\dtd\mathml.dtd
  • %ProgramFiles%\LiteSurf.com – client\res\dtd\xhtml11.dtd
  • %ProgramFiles%\LiteSurf.com – client\res\entityTables\html40Latin1.properties
  • %ProgramFiles%\LiteSurf.com – client\res\entityTables\html40Special.properties
  • %ProgramFiles%\LiteSurf.com – client\res\entityTables\html40Symbols.properties
  • %ProgramFiles%\LiteSurf.com – client\res\entityTables\htmlEntityVersions.properties
  • %ProgramFiles%\LiteSurf.com – client\res\entityTables\mathml20.properties
  • %ProgramFiles%\LiteSurf.com – client\res\entityTables\transliterate.properties
  • %ProgramFiles%\LiteSurf.com – client\res\fonts\mathfont.properties
  • %ProgramFiles%\LiteSurf.com – client\res\fonts\mathfontStandardSymbolsL.properties
  • %ProgramFiles%\LiteSurf.com – client\res\fonts\mathfontSTIXNonUnicode.properties
  • %ProgramFiles%\LiteSurf.com – client\res\fonts\mathfontSTIXSize1.properties
  • %ProgramFiles%\LiteSurf.com – client\res\fonts\mathfontSymbol.properties
  • %ProgramFiles%\LiteSurf.com – client\res\fonts\mathfontUnicode.properties
  • %ProgramFiles%\LiteSurf.com – client\res\html\folder.png

Next, the application creates the following registry subkey:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1

The application then creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”Inno Setup: Setup Version” = “5.4.3 (a)”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”Inno Setup: App Path” = “%ProgramFiles%\LiteSurf.com – client”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”InstallLocation” = “%ProgramFiles%\LiteSurf.com – client\”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”Inno Setup: Icon Group” = “LiteSurf.com – client”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”Inno Setup: User” = “test”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\Inno Setup: Language” = “ENG”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”DisplayName” = “LiteSurf.com – client version 3.0”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”UninstallString” = “”%ProgramFiles%\LiteSurf.com – client\unins000.exe””
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”QuietUninstallString” = “”%ProgramFiles%\LiteSurf.com – client\unins000.exe” /SILENT”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”DisplayVersion” = “3.0”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”URLInfoAbout” = “http://litesurf.com/”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”HelpLink” = “http://litesurf.com/”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”URLUpdateInfo” = “http://litesurf.com/”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”NoModify” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”NoRepair” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”InstallDate” “20190128”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”MajorVersion” = “3”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”MinorVersion” = “0”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D2988E41-0ADF-4751-B442-0F18B50FEA11}_is1\”EstimatedSize” = “82E”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\”Scan\ETWLastFailureUpdateTime” = “[HEXADECIMAL VALUE]”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\%AllUsersProfile%\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LiteSurf.com – client\”LiteSurf.com – client.lnk” = “1”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\%ProgramData%\Microsoft\Windows\Start Menu\Programs\LiteSurf.com – client\”LiteSurf.com – client.lnk” = “1”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\grfg\Qrfxgbc\”p1npon1son884763p24158p06pr2s3q77n91o984o9rs58o4sq25r099r510q8so.rkr” = “[HEXADECIMAL VALUE]”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Microsoft\Windows\CurrentVersion\Run\”LiteSurf” = “”%ProgramFiles%\LiteSurf.com – client\LiteSURF.exe” -start”

The application may be used for online advertising to generate revenue.

PUA.IpGoldSurf

Updated: January 30, 2019 6:51:20 AM
Type: Potentially Unwanted App
Infection Length: Varies
Risk Impact: Medium
Systems Affected: Windows

Behavior

PUA.IpGoldSurf is a potentially unwanted application that may be used for online advertising to generate revenue.

When the application is installed, it creates the following files:

  • %ProgramFiles%\IpGoldSurfer\d3dcompiler_43.dll
  • %ProgramFiles%\IpGoldSurfer\d3dcompiler_46.dll
  • %ProgramFiles%\IpGoldSurfer\d3dx9_43.dll
  • %ProgramFiles%\IpGoldSurfer\ffmpegsumo.dll
  • %ProgramFiles%\IpGoldSurfer\icudt.dll
  • %ProgramFiles%\IpGoldSurfer\ipgoldsurfer.cfg
  • %ProgramFiles%\IpGoldSurfer\ipgoldsurfer.exe
  • %ProgramFiles%\IpGoldSurfer\libcef.dll
  • %ProgramFiles%\IpGoldSurfer\libEGL.dll
  • %ProgramFiles%\IpGoldSurfer\libGLESv2.dll
  • %ProgramFiles%\IpGoldSurfer\ru.pak

The application may be used for online advertising to generate revenue. It lets users browse surfing sites, perform tasks for advertisers, and read advertising letters.
The application uses its own browser and is designed to work in the ipGold.ru service.

PUA.RedSurf

Updated: January 31, 2019 11:11:15 AM
Type: Potentially Unwanted App
Infection Length: Varies
Name: RedSurf-client
Version: 2.2.6.0
Publisher: Redsurf.ru
Risk Impact: Medium
Systems Affected: Windows

Behavior

PUA.RedSurf is a potentially unwanted application that may be used for online advertising to generate revenue.

When the application is installed, it creates the following folders:

  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\cache2
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\datareporting
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\gmp
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\tmp
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\cache2\doomed
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\cache2\entries
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\safebrowsing
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\startupCache
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res\update
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\browser
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\chrome.manifest

The application then creates the following files:

  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\cfg.ini
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\redsurf.exe
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\unins000.dat
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\unins000.exe
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\XulFx.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\XulFx.Windows.Forms.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\XulFx.xpi
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\cert8.db
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\key3.db
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\permissions.sqlite
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\places.sqlite
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\places.sqlite-shm
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\places.sqlite-wal
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\pluginreg.dat
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\secmod.db
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\times.json
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\datareporting\aborted-session-ping
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\datareporting\session-state.json
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\datareporting\state.json
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\profile_52\tmp\mozilla-temp-files
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res\alt_red.png
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res\no_connect.html
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res\no_site.html
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res\no_slot.html
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res\no_wait.html
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res\update\ICSharpCode.SharpZipLib.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\res\update\update.exe
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\Accessible.tlb
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\AccessibleMarshal.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-console-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-datetime-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-debug-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-errorhandling-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-file-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-file-l1-2-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-file-l2-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-handle-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-heap-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-interlocked-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-libraryloader-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-localization-l1-2-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-memory-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-namedpipe-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-processenvironment-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-processthreads-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-processthreads-l1-1-1.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-profile-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-rtlsupport-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-string-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-synch-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-synch-l1-2-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-sysinfo-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-timezone-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-core-util-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-conio-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-convert-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-environment-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-filesystem-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-heap-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-locale-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-math-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-multibyte-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-private-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-process-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-runtime-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-stdio-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-string-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-time-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\api-ms-win-crt-utility-l1-1-0.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\application.ini
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\breakpadinjector.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\crashreporter.ini
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\D3DCompiler_43.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\d3dcompiler_47.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\dependentlibs.list
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\firefox.VisualElementsManifest.xml
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\freebl3.chk
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\freebl3.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\gmp-clearkey
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\IA2Marshal.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\lgpllibs.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\libEGL.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\libGLESv2.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\mozavcodec.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\mozavutil.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\mozglue.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\msvcp140.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\nss3.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\nssckbi.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\nssdbm3.chk
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\nssdbm3.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\omni.ja
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\platform.ini
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\qipcap.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\removed-files
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\softokn3.chk
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\softokn3.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\ucrtbase.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\update-settings.ini
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\updater.ini
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\vcruntime140.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\xul.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\gmp-clearkey\0.1
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\gmp-clearkey\0.1\clearkey.dll
  • %AllUsersProfile%\test\AppData\Roaming\RedSurf-client\xulrunner_52\gmp-clearkey\0.1\clearkey.info

Next, the application creates the following registry subkeys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\1
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\100
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\Shell
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\1
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\100
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\Shell

The application then creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”Inno Setup: Setup Version” = “5.5.9 (a)”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”Inno Setup: App Path” = “%AllUsersProfile%\test\AppData\Roaming\RedSurf-client”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”InstallLocation” = “%AllUsersProfile%\test\AppData\Roaming\RedSurf-client\”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”Inno Setup: Icon Group” = “RedSurf-client”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”Inno Setup: User” = “test”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”Inno Setup: Language: “russian”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”DisplayName: “RedSurf-client, âåðñèÿ 2.2.6”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”UninstallString: “”%AllUsersProfile%\test\AppData\Roaming\RedSurf-client\unins000.exe””
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”QuietUninstallString: “”%AllUsersProfile%\test\AppData\Roaming\RedSurf-client\unins000.exe” /SILENT”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”DisplayVersion: “2.2.6”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”URLInfoAbout: “http://redsurf.ru/”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”HelpLink: “http://redsurf.ru/”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”URLUpdateInfo” = “http://redsurf.ru/”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”NoModify” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”NoRepair” = “1”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”InstallDate” = “20190128”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”MajorVersion” = “2”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”MinorVersion” = “2”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”VersionMajor” = “2”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”VersionMinor” = “2”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FC018B2D-6FB2-4E65-9366-425E255435EC}_is1\”EstimatedSize” = “13017”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\%AllUsersProfile%\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RedSurf-client\”RedSurf-client.lnk” = “1”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedSurf-client\”RedSurf-client.lnk” = “1”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\grfg\Qrfxgbc\”erqfhes_frghc_i.2.2.6.rkr” = “[HEXADECIMAL VALUE]”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Microsoft\Windows\CurrentVersion\Run\”redsurf” = “%AllUsersProfile%\test\AppData\Roaming\RedSurf-client\redsurf.exe -up”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Sysinternals\Process Monitor\”FilterDialog” = “[HEXADECIMAL VALUE]”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Sysinternals\Process Monitor\”FilterControlColumns” = “[HEXADECIMAL VALUE]”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\”1″ = “[HEXADECIMAL VALUE]”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\1\”NodeSlot” = “64”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\1\”MRUListEx” = “FF FF FF FF”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\Shell\”KnownFolderDerivedFolderType” = “{57807898-8C4F-4462-BB63-71042380B109}”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\Shell\”SniffedFolderType” = “Generic”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\”1″ = “[HEXADECIMAL VALUE]”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\1\”NodeSlot” = “64”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\1\”MRUListEx” = “FF FF FF FF”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\Shell\”KnownFolderDerivedFolderType” = “{57807898-8C4F-4462-BB63-71042380B109}”
  • HKEY_USERS\S-1-5-21-3087506387-2454565724-164994176-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\100\Shell\”SniffedFolderType” = “Generic”

The application may be used for online advertising to generate revenue.