Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SEAProtect] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SEAProtect] 'ImagePath' = '%WINDIR%\SEAProtect.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\SEA] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\SEA] 'ImagePath' = '<SYSTEM32>\SEA.sys'
- %WINDIR%\SEAioctl.dll
- %WINDIR%\SEAProtect.sys
- %WINDIR%\SEAmn.exe
- <SYSTEM32>\SEA.sys
- %WINDIR%\SEAioctl.dll
- %WINDIR%\SEAProtect.sys
- %WINDIR%\SEAmn.exe
- <SYSTEM32>\SEA.sys
- ClassName: 'StatusWindowClass' WindowName: ''
- '<SYSTEM32>\schtasks.exe' /ru "SYSTEM" /create /sc ONLOGON /tn SEAsysusr /tr "%WINDIR%\SEAmn.exe" /rl HIGHEST