Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\AtapiDrv] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\AtapiDrv] 'ImagePath' = 'system32\drivers\AtapiDrv.sys'
- <DRIVERS>\beep.sys
- <DRIVERS>\beep.backup
- <DRIVERS>\beep.sys
- '<SYSTEM32>\cmd.exe' /c "file.bat"
- <SYSTEM32>\spoolsv.exe
- NtQueryDirectoryFile, драйвер-обработчик: Beep.SYS
- NtCreateFile, драйвер-обработчик: Beep.SYS
- <Текущая директория>\file.bat
- <SYSTEM32>\dllcache\beep.sys.new
- <SYSTEM32>\spool\prtprocs\w32x86\GRO1.tmp
- <DRIVERS>\AtapiDrv.sys
- <SYSTEM32>\spool\prtprocs\w32x86\GRO1.tmp
- <DRIVERS>\beep.sys в <DRIVERS>\beep.backup
- <DRIVERS>\beep.sys
- '91.##7.7.250':80
- http:///ftp/online.php via 91.##7.7.250