Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'jsafesurf' = '<DRIVERS>\safesurf.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '' = ':\\windows\\system32\\drivers\\safesurf.exe:*:Enabled:Updater Service'
- <SYSTEM32>\Help64.exe
- <DRIVERS>\safesurf.exe
- <SYSTEM32>\Help64.exe
- <DRIVERS>\safesurf.exe
- <DRIVERS>\log.txt
- <DRIVERS>\up.new.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\4.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\7.tmp
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\5.tmp
- %TEMP%\$inst\7.tmp
- <DRIVERS>\up.new.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\4.tmp
- 'dl.##tswap.net':80
- 'je##wap.com':80
- dl.##tswap.net/j/sf/h.txt
- dl.##tswap.net/j/sf/up.exe
- je##wap.com/
- dl.##tswap.net/j/sf/v.txt
- DNS ASK dl.##tswap.net
- DNS ASK je##wap.com
- '<IP-адрес в локальной сети>':1035
- ClassName: '' WindowName: 'JetSwap SafeSurf'
- ClassName: 'Shell_TrayWnd' WindowName: ''