Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'twbsikfyfew' = '%APPDATA%\qasdfe\xcsdfewrh\xcdfgewg.exe'
- <SYSTEM32>\cmd.exe
- %APPDATA%\qasdfe\xcsdfewrh\xcdfgewg.exe
- 'co######erver.servegame.com':3082
- DNS ASK co######erver.servegame.com
- '<SYSTEM32>\cmd.exe'