Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Images] 'Start' = '00000002'
- '<SYSTEM32>\Decider\DeciderSvc.exe'
- NtQuerySystemInformation, драйвер-обработчик: SKSDrv.sys
- NtOpenProcess, драйвер-обработчик: SKSDrv.sys
- <SYSTEM32>\Decider\DeciderSvc.exe
- C:\SKSDrv.sys
- <SYSTEM32>\Decider\DeciderSvc.exe
- C:\SKSDrv.sys
- 'sk####r.3322.org':80
- '25#.#55.255.255':3398
- 'sk###d.3322.org':3398
- sk####r.3322.org/backdoor/updata.txt
- DNS ASK sk####r.3322.org
- DNS ASK sk###d.3322.org