Technical Information
- [<HKLM>\System\CurrentControlSet\Services\TesSafe] 'ImagePath' = '<SYSTEM32>\TesSafe.sys'
- 'TesSafe' <SYSTEM32>\TesSafe.sys
- <SYSTEM32>\tessafe.sys
- %WINDIR%\temp\udd731.tmp
- %WINDIR%\temp\udd731.tmp
- 're####.gamesafe.qq.com':80
- DNS ASK re####.gamesafe.qq.com