Техническая информация
- <SYSTEM32>\taskshell.exe
- [<HKLM>\System\CurrentControlSet\Services\WinInsideSvc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\WinInsideSvc] 'ImagePath' = '%WINDIR%\winisvc.exe'
- %WINDIR%\winisvc.exe
- 'l1######li11li1l1.codns.com':2222
- DNS ASK l1######li11li1l1.codns.com
- '%WINDIR%\winisvc.exe'