Technical Information
- [<HKCU>\sOFtWArE\MIcrOsOft\WindOws\CurRentVeRsiOn\run] 'UserSessionWrapper' = '<SYSTEM32>\regsvr32.exe'
- <SYSTEM32>\rdpclip.exe
- 'as#.#####game.0077.x24hr.com':5938
- DNS ASK as#.#####game.0077.x24hr.com
- '<SYSTEM32>\rdpclip.exe' ' (with hidden window)
- '<SYSTEM32>\rdpclip.exe'