Technical Information
- [<HKLM>\System\CurrentControlSet\Services\mssecretsvc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\mssecretsvc] 'ImagePath' = '%PROGRAMDATA%\SecureVault\mssecretsvc.exe'
- [<HKLM>\System\CurrentControlSet\Services\msiphelpersvc] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\msiphelpersvc] 'ImagePath' = '%PROGRAMDATA%\SecureVault\msiphelpersvc.exe'
- 'mssecretsvc' %PROGRAMDATA%\SecureVault\mssecretsvc.exe
- 'msiphelpersvc' %PROGRAMDATA%\SecureVault\msiphelpersvc.exe
- %PROGRAMDATA%\securevault\mssecretsvc.exe
- unc\wvqjlkh*\mailslot\net\netlogon
- %PROGRAMDATA%\securevault\msiphelpersvc.exe
- '%PROGRAMDATA%\securevault\mssecretsvc.exe'
- '%PROGRAMDATA%\securevault\msiphelpersvc.exe'