Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Safey' = '"c:\Users\Public\Safey\svchost.exe"'
- C:\users\public\safey\index
- C:\users\public\safey\safeengin.dll
- C:\users\public\safey\svchost.exe
- %TEMP%\hz$d.475.1015\sfx.reg
- %TEMP%\hz$d.475.1015\sfx.reg
- C:\users\public\desktop\google chrome.lnk
- %APPDATA%\microsoft\internet explorer\quick launch\google chrome.lnk
- 'do#####d.blankos.vip':3000
- http://do######.blankos.vip:3000/machine/push/mheolxjra via do#####d.blankos.vip
- DNS ASK do#####d.blankos.vip
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- 'C:\users\public\safey\svchost.exe'
- '%WINDIR%\regedit.exe' /s "%TEMP%\HZ$D.475.1015\sfx.reg"