Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SecAgent] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SecAgent] 'ImagePath' = '"%ProgramFiles% (x86)\SecAgent\SecAgent.exe"'
- %TEMP%\Install.bat
- %TEMP%\invis.vbs
- %TEMP%\SecAgent.exe
- %TEMP%\Clear.bat
- %ProgramFiles% (x86)\SecAgent\SecAgent.exe
- %TEMP%\InstallUtil.InstallLog
- %ProgramFiles% (x86)\SecAgent\SecAgent.InstallLog
- %ProgramFiles% (x86)\SecAgent\SecAgent.InstallState
- ClassName: 'EDIT' WindowName: ''
- '<SYSTEM32>\wscript.exe' C:\\DOCUME~1\\%USERNAME%\\LOCALS~1\\Temp\\invis.vbs Install.bat
- '<SYSTEM32>\cmd.exe' /c \"\"C:\\DOCUME~1\\%USERNAME%\\LOCALS~1\\Temp\\Install.bat\" \"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe' -u \"c:\\Program Files (x86)\\SecAgent\\SecAgent.exe\"
- '%WINDIR%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe' \"c:\\Program Files (x86)\\SecAgent\\SecAgent.exe\"
- '<SYSTEM32>\net.exe' start SecAgent
- '<SYSTEM32>\net1.exe' start SecAgent