Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\OssecSvc] 'ImagePath' = '"%ProgramFiles%\ossec-agent\ossec-agent.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\OssecSvc] 'Start' = '00000002'
- '<SYSTEM32>\cmd.exe' /c echo y|cacls . /T /G Administrators:f
- '<SYSTEM32>\cmd.exe' /S /D /c" echo y"
- '<SYSTEM32>\cacls.exe' . /T /G Administrators:f
- '<SYSTEM32>\sc.exe' config OssecSvc start= auto
- '%ProgramFiles%\ossec-agent\ossec-agent.exe' install-service
- '%ProgramFiles%\ossec-agent\setup-windows.exe' "%ProgramFiles%\ossec-agent"
- '<SYSTEM32>\cmd.exe' /c sc config OssecSvc start= auto
- %ProgramFiles%\ossec-agent\help.txt
- %ProgramFiles%\ossec-agent\win_audit_rcl.txt
- %ProgramFiles%\ossec-agent\route-null.cmd
- %ProgramFiles%\ossec-agent\vista_sec.csv
- %ProgramFiles%\ossec-agent\rootcheck.conf
- %ProgramFiles%\ossec-agent\LICENSE.txt
- %ProgramFiles%\ossec-agent\win_malware_rcl.txt
- %ProgramFiles%\ossec-agent\win_applications_rcl.txt
- %ProgramFiles%\ossec-agent\restart-ossec.cmd
- %HOMEPATH%\Start Menu\Programs\ossec\Edit Config.lnk
- %HOMEPATH%\Start Menu\Programs\ossec\Documentation.lnk
- %ProgramFiles%\ossec-agent\ossec.log
- %HOMEPATH%\Start Menu\Programs\ossec\Uninstall.lnk
- %ProgramFiles%\ossec-agent\uninstall.exe
- %ProgramFiles%\ossec-agent\client.keys
- %HOMEPATH%\Start Menu\Programs\ossec\Manage Agent.lnk
- %ProgramFiles%\ossec-agent\VERSION.txt
- %ProgramFiles%\ossec-agent\win32ui.exe
- %ProgramFiles%\ossec-agent\os_win32ui.exe
- %ProgramFiles%\ossec-agent\internal_options.conf
- %ProgramFiles%\ossec-agent\ossec-rootcheck.exe
- %ProgramFiles%\ossec-agent\ossec.conf
- %ProgramFiles%\ossec-agent\ossec-agent.exe
- %ProgramFiles%\ossec-agent\manage_agents.exe
- %ProgramFiles%\ossec-agent\default-ossec.conf
- %ProgramFiles%\ossec-agent\setup-windows.exe
- %ProgramFiles%\ossec-agent\rootkit_trojans.txt
- %ProgramFiles%\ossec-agent\doc.html
- %ProgramFiles%\ossec-agent\add-localfile.exe
- %ProgramFiles%\ossec-agent\rootkit_files.txt
- %ProgramFiles%\ossec-agent\setup-iis.exe
- %ProgramFiles%\ossec-agent\setup-syscheck.exe
- %ProgramFiles%\ossec-agent\service-stop.exe
- %ProgramFiles%\ossec-agent\service-start.exe
- from %ProgramFiles%\ossec-agent\win_applications_rcl.txt to %ProgramFiles%\ossec-agent\shared\win_applications_rcl.txt
- from %ProgramFiles%\ossec-agent\route-null.cmd to %ProgramFiles%\ossec-agent\active-response\bin\route-null.cmd
- from %ProgramFiles%\ossec-agent\restart-ossec.cmd to %ProgramFiles%\ossec-agent\active-response\bin\restart-ossec.cmd
- from %ProgramFiles%\ossec-agent\win_audit_rcl.txt to %ProgramFiles%\ossec-agent\shared\win_audit_rcl.txt
- from %ProgramFiles%\ossec-agent\rootkit_trojans.txt to %ProgramFiles%\ossec-agent\shared\rootkit_trojans.txt
- from %ProgramFiles%\ossec-agent\rootkit_files.txt to %ProgramFiles%\ossec-agent\shared\rootkit_files.txt
- from %ProgramFiles%\ossec-agent\win_malware_rcl.txt to %ProgramFiles%\ossec-agent\shared\win_malware_rcl.txt