Technical Information
- <SYSTEM32>\taskshell.exe
- [<HKLM>\System\CurrentControlSet\Services\WinInsideSvc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\WinInsideSvc] 'ImagePath' = '%WINDIR%\winisvc.exe'
- %WINDIR%\winisvc.exe
- 'us####EN.codns.com':2222
- DNS ASK us####EN.codns.com
- '%WINDIR%\winisvc.exe'