Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\DisableSED] 'ImagePath' = 'C:\removesed\srvany.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\DisableSED] 'Start' = '00000002'
- 'C:\removesed\instsrv.exe' DisableSED "C:\removesed\srvany.exe"
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DisableSED" /t REG_SZ /d "Service" /f
- '<SYSTEM32>\reg.exe' ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DisableSED\Parameters" /v Application /f /t REG_SZ /d "C:\RemoveSED\startup.bat"
- '<SYSTEM32>\cmd.exe' /c ""C:\removesed\disable.bat" "
- C:\removesed\startup.bat
- C:\removesed\SEDRemove.txt
- C:\removesed\srvany.exe
- C:\removesed\disable.bat
- C:\removesed\instsrv.exe
- ClassName: 'EDIT' WindowName: ''