Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] "RPCSS"=hex(7):52,00,70,00,63,00,45,00,70,00,74,00,4d,00,61,00,70,00,70,00,65,\ 00,72,00,00,00,52,00,70,00,63,00,53,00,73,00,00,00,00,00 "defragsvc"=hex(7):64,00,65,00,66,00,72,00,61,00,67,00,73,00,76,00,63,00,00,00,\ 00,00 "LocalSystemNetworkRestricted"=hex(7):55,00,78,00,53,00,6d,00,73,00,00,00,57,\ 00,64,00,69,00,53,00,79,00,73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,\ 00,00,4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,\ 00,73,00,00,00,41,00,75,00,64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,\ 69,00,6e,00,74,00,42,00,75,00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,\ 00,44,00,46,00,53,00,76,00,63,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,\ 6e,00,75,00,6d,00,00,00,64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,68,\ 00,69,00,64,00,73,00,65,00,72,00,76,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,\ 00,00,73,00,79,00,73,00,6d,00,61,00,69,00,6e,00,00,00,57,00,50,00,44,00,42,\ 00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,68,00,6f,00,6d,00,65,00,67,00,\ 72,00,6f,00,75,00,70,00,6c,00,69,00,73,00,74,00,65,00,6e,00,65,00,72,00,00,\ 00,54,00,61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,00,74,00,53,00,\ 65,00,72,00,76,00,69,00,63,00,65,00,00,00,50,00,63,00,61,00,53,00,76,00,63,\ 00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,00,00,43,00,73,00,63,00,\ 53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,55,00,6d,00,52,00,64,00,70,\ 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,00,00 "LocalService"=hex(7):6e,00,73,00,69,00,00,00,57,00,64,00,69,00,53,00,65,00,72,\ 00,76,00,69,00,63,00,65,00,48,00,6f,00,73,00,74,00,00,00,77,00,33,00,32,00,\ 74,00,69,00,6d,00,65,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,\ 00,74,00,65,00,6d,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,\ 67,00,69,00,73,00,74,00,72,00,79,00,00,00,57,00,69,00,6e,00,48,00,74,00,74,\ 00,70,00,41,00,75,00,74,00,6f,00,50,00,72,00,6f,00,78,00,79,00,53,00,76,00,\ 63,00,00,00,73,00,70,00,70,00,75,00,69,00,6e,00,6f,00,74,00,69,00,66,00,79,\ 00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,00,45,00,52,00,\ 00,00,6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,6c,00,6c,00,74,\ 00,64,00,73,00,76,00,63,00,00,00,66,00,64,00,70,00,68,00,6f,00,73,00,74,00,\ 00,00,53,00,73,00,74,00,70,00,53,00,76,00,63,00,00,00,57,00,65,00,62,00,43,\ 00,6c,00,69,00,65,00,6e,00,74,00,00,00,00,00 "netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\ 63,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,\ 00,00,00,53,00,43,00,50,00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,\ 00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,\ 00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,\ 54,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,\ 00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\ 69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\ 00,69,00,74,00,79,00,00,00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,\ 6e,00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,\ 00,00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\ 69,00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,\ 00,74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,\ 73,00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,\ 00,63,00,65,00,73,00,73,00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,\ 61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,\ 00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,\ 73,00,72,00,76,00,00,00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,\ 00,6d,00,53,00,70,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,\ 69,00,63,00,65,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,\ 00,42,00,49,00,54,00,53,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,\ 44,00,65,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,\ 00,6f,00,6e,00,48,00,6f,00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,\ 64,00,69,00,74,00,00,00,68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,\ 00,70,00,6c,00,6f,00,61,00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,\ 6c,00,70,00,73,00,76,00,63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,\ 00,6e,00,00,00,41,00,70,00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,\ 69,00,73,00,63,00,73,00,69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,77,\ 00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,00,72,00,74,00,\ 00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,50,00,72,00,6f,00,66,\ 00,53,00,76,00,63,00,00,00,73,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,\ 00,00,68,00,6b,00,6d,00,73,00,76,00,63,00,00,00,53,00,65,00,73,00,73,00,69,\ 00,6f,00,6e,00,45,00,6e,00,76,00,00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,\ 74,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,54,00,68,00,65,\ 00,6d,00,65,00,73,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,00,00,41,00,\ 70,00,70,00,4d,00,67,00,6d,00,74,00,00,00,00,00 "WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00 "LocalServiceNoNetwork"=hex(7):44,00,50,00,53,00,00,00,50,00,4c,00,41,00,00,00,\ 42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,57,00,77,\ 00,61,00,6e,00,53,00,76,00,63,00,00,00,00,00 "termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\ 65,00,00,00,00,00 "swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00 "LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\ 00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\ 53,00,72,00,76,00,00,00,42,00,74,00,68,00,48,00,46,00,53,00,72,00,76,00,00,\ 00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,00,73,00,63,00,73,00,\ 76,00,63,00,00,00,68,00,6f,00,6d,00,65,00,67,00,72,00,6f,00,75,00,70,00,70,\ 00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,57,00,50,00,43,00,53,00,\ 76,00,63,00,00,00,00,00 "LocalServicePeerNet"=hex(7):50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,\ 70,00,32,00,70,00,69,00,6d,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,73,\ 00,76,00,63,00,00,00,50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,\ 65,00,67,00,00,00,00,00 "NetworkServiceAndNoImpersonation"=hex(7):4b,00,74,00,6d,00,52,00,6d,00,00,00,\ 00,00 "regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\ 00,74,00,72,00,79,00,00,00,00,00 "LocalServiceAndNoImpersonation"=hex(7):53,00,53,00,44,00,50,00,53,00,52,00,56,\ 00,00,00,75,00,70,00,6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,\ 61,00,72,00,64,00,53,00,76,00,72,00,00,00,54,00,42,00,53,00,00,00,46,00,6f,\ 00,6e,00,74,00,43,00,61,00,63,00,68,00,65,00,00,00,66,00,64,00,72,00,65,00,\ 73,00,70,00,75,00,62,00,00,00,41,00,70,00,70,00,49,00,44,00,53,00,76,00,63,\ 00,00,00,51,00,57,00,41,00,56,00,45,00,00,00,77,00,63,00,6e,00,63,00,73,00,\ 76,00,63,00,00,00,4d,00,63,00,78,00,32,00,53,00,76,00,63,00,00,00,53,00,65,\ 00,6e,00,73,00,72,00,53,00,76,00,63,00,00,00,00,00 "DcomLaunch"=hex(7):50,00,6f,00,77,00,65,00,72,00,00,00,50,00,6c,00,75,00,67,\ 00,50,00,6c,00,61,00,79,00,00,00,44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,\ 6e,00,63,00,68,00,00,00,00,00 "NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\ 41,00,67,00,65,00,6e,00,74,00,00,00,00,00 "NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\ 44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,00,00,44,00,4e,00,53,00,43,00,61,00,63,00,68,00,65,00,\ 00,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,\ 00,61,00,74,00,69,00,6f,00,6e,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,00,\ 6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,6e,\ 00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,00,\ 70,00,69,00,73,00,72,00,76,00,00,00,00,00 "sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00 "WbioSvcGroup"=hex(7):57,00,62,00,69,00,6f,00,53,00,72,00,76,00,63,00,00,00,00,\ 00 "imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00 "wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\ 00,72,00,76,00,69,00,63,00,65,00,00,00,00,00 "AxInstSVGroup"=hex(7):41,00,78,00,49,00,6e,00,73,00,74,00,53,00,56,00,00,00,\ 00,00 "secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\ 00,00 "bthsvcs"=hex(7):62,00,74,00,68,00,73,00,65,00,72,00,76,00,00,00,00,00 "PeerDist"=hex(7):50,00,65,00,65,00,72,00,44,00,69,00,73,00,74,00,53,00,76,00,\ 63,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\AxInstSVGroup] "ImpersonationLevel"=dword:00000003 "CoInitializeSecurityParam"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\defragsvc] "CoInitializeSecurityParam"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalService] "AuthenticationCapabilities"=dword:00002000 "CoInitializeSecurityParam"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceAndNoImpersonation] "AuthenticationCapabilities"=dword:00002000 "CoInitializeSecurityParam"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNetworkRestricted] "CoInitializeSecurityParam"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalServiceNoNetwork] "CoInitializeSecurityParam"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\LocalSystemNetworkRestricted] "CoInitializeSecurityParam"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\netsvcs] "AuthenticationCapabilities"=dword:00003020 "CoInitializeSecurityParam"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkService] "CoInitializeSecurityParam"=dword:00000001 "DefaultRpcStackSize"=dword:0000001c [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopHyperVAgent] "CoInitializeSecurityParam"=dword:00000001 "AuthenticationCapabilities"=dword:00002000 "AuthenticationLevel"=dword:00000006 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\NetworkServiceRemoteDesktopPublishing] "CoInitializeSecurityParam"=dword:00000001 "AuthenticationCapabilities"=dword:00002000 "AuthenticationLevel"=dword:00000006 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\SDRSVC] "CoInitializeSecurityParam"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\swprv] "CoInitializeSecurityParam"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\termsvcs] "CoInitializeSecurityParam"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wcssvc] "CoInitializeSecurityParam"=dword:00000001 "CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\wercplsupport] "AuthenticationCapabilities"=dword:00003020 "CoInitializeSecurityParam"=dword:00000001 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Messenger] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProfSvc] "DisplayName"="@%systemroot%\\system32\\profsvc.dll,-300" "Group"="profsvc_group" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%systemroot%\\system32\\profsvc.dll,-301" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 "RequiredPrivileges"=hex(7):53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,\ 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,\ 65,00,73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,\ 65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,\ 69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,\ 00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,\ 69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProfSvc\Parameters] "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 70,00,72,00,6f,00,66,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceMain"="UserProfileServiceMain" "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc] "PreshutdownTimeout"=dword:000dbba0 "DisplayName"="@gpapi.dll,-112" "Group"="ProfSvc_Group" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@gpapi.dll,-113" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,4d,00,75,00,70,00,\ 00,00,00,00 "RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\ 00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\ 65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,\ 00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,\ 6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\ 00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\ 73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\ 00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\ 50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\ 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\ 65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,\ 00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,\ 4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,50,00,\ 65,00,72,00,6d,00,61,00,6e,00,65,00,6e,00,74,00,50,00,72,00,69,00,76,00,69,\ 00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,\ 6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,\ 50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,\ 00,65,00,73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\ 65,00,67,00,65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,\ 00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 67,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceMain"="GroupPolicyClientServiceMain" "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer] "DisplayName"="@%systemroot%\\system32\\srvsvc.dll,-100" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%systemroot%\\system32\\srvsvc.dll,-101" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):53,00,61,00,6d,00,53,00,53,00,00,00,53,00,72,00,76,00,\ 00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\ 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\ 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,\ 00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,\ 72,00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\ 00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Aliases] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\AutotunedParameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\DefaultSecurity] "SrvsvcConfigInfo"=hex:01,00,04,80,a0,00,00,00,ac,00,00,00,00,00,00,00,14,00,\ 00,00,02,00,8c,00,06,00,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,25,02,00,00,00,00,14,00,17,00,0f,00,01,01,00,00,00,00,00,05,12,\ 00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,\ 00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,00,00,00,00,14,\ 00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,00,00,00,00,05,\ 12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 "SrvsvcTransportEnum"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\ 00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,20,02,00,00,00,00,18,00,17,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,25,02,00,00,00,00,14,00,17,00,0f,00,01,01,00,00,00,00,00,05,\ 12,00,00,00,00,00,18,00,03,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\ 02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 "SrvsvcConnection"=hex:01,00,04,80,7c,00,00,00,88,00,00,00,00,00,00,00,14,00,\ 00,00,02,00,68,00,04,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,25,02,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,\ 00,00,00,26,02,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,05,20,00,\ 00,00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,\ 05,12,00,00,00 "SrvsvcServerDiskEnum"=hex:01,00,04,80,4c,00,00,00,58,00,00,00,00,00,00,00,14,\ 00,00,00,02,00,38,00,02,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,25,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\ 00,00,00,05,12,00,00,00 "SrvsvcFile"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,14,00,00,00,\ 02,00,50,00,03,00,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,\ 00,00,00,20,02,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,00,\ 00,00,25,02,00,00,00,00,18,00,11,00,0f,00,01,02,00,00,00,00,00,05,20,00,00,\ 00,23,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,\ 12,00,00,00 "SrvsvcSessionInfo"=hex:01,00,04,80,78,00,00,00,84,00,00,00,00,00,00,00,14,00,\ 00,00,02,00,64,00,04,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\ 00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,0b,00,\ 00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\ 00 "SrvsvcShareFileInfo"=hex:01,00,04,80,b4,00,00,00,c0,00,00,00,00,00,00,00,14,\ 00,00,00,02,00,a0,00,07,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,\ 00,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,00,00,\ 14,00,02,00,00,00,01,01,00,00,00,00,00,05,14,00,00,00,00,00,14,00,02,00,00,\ 00,01,01,00,00,00,00,00,05,04,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,\ 01,01,00,00,00,00,00,05,12,00,00,00 "SrvsvcSharePrintInfo"=hex:01,00,04,80,cc,00,00,00,d8,00,00,00,00,00,00,00,14,\ 00,00,00,02,00,b8,00,08,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,26,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\ 00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,00,00,14,\ 00,02,00,00,00,01,01,00,00,00,00,00,05,14,00,00,00,00,00,14,00,02,00,00,00,\ 01,01,00,00,00,00,00,05,04,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00 "SrvsvcShareAdminInfo"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,\ 00,00,00,02,00,78,00,05,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,20,02,00,00,00,00,18,00,02,00,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,25,02,00,00,00,00,18,00,02,00,00,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,23,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,\ 00,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 "SrvsvcShareChange"=hex:01,00,04,80,a4,00,00,00,b0,00,00,00,00,00,00,00,14,00,\ 00,00,02,00,90,00,06,00,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,25,02,00,00,00,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,\ 00,00,00,23,02,00,00,01,00,18,00,13,00,0f,00,01,02,00,00,00,00,00,05,20,00,\ 00,00,22,02,00,00,01,00,14,00,13,00,0f,00,01,01,00,00,00,00,00,05,07,00,00,\ 00,00,00,14,00,13,00,0f,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,\ 00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 "SrvsvcShareConnect"=hex:01,00,04,80,8c,00,00,00,98,00,00,00,00,00,00,00,14,00,\ 00,00,02,00,78,00,05,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,05,20,\ 00,00,00,27,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,05,07,00,00,00,01,01,00,\ 00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 "SrvsvcShareAdminConnect"=hex:01,00,04,80,78,00,00,00,84,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,64,00,04,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,27,02,00,00,00,00,14,00,03,00,0f,00,01,01,00,00,00,00,00,05,\ 04,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\ 00,00,00 "SrvsvcStatisticsInfo"=hex:01,00,04,80,60,00,00,00,6c,00,00,00,00,00,00,00,14,\ 00,00,00,02,00,4c,00,03,00,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,20,02,00,00,00,00,18,00,01,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,25,02,00,00,00,00,14,00,01,00,00,00,01,01,00,00,00,00,00,02,\ 00,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\ 00,00,00 "AnonymousDescriptorsUpgraded"=dword:00000001 "PreviousAnonymousRestriction"=dword:00000000 "SessionSecurityDescriptorRegenerated"=dword:00000001 "InteractiveDescriptorsRegenerated"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 73,00,72,00,76,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 "EnableAuthenticateUserSharing"=dword:00000000 "NullSessionPipes"=hex(7):00,00 "autodisconnect"=dword:0000000f "enableforcedlogoff"=dword:00000001 "enablesecuritysignature"=dword:00000000 "requiresecuritysignature"=dword:00000000 "restrictnullsessaccess"=dword:00000001 "Lmannounce"=dword:00000000 "Size"=dword:00000001 "AdjustedNullSessionPipes"=dword:00000003 "Guid"=hex:09,f6,86,a9,ec,e7,1c,47,92,63,42,85,1d,cc,64,09 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\ShareProviders] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Shares] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Shares\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MMCSS] "DisplayName"="@%systemroot%\\system32\\mmcss.dll,-100" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%systemroot%\\system32\\mmcss.dll,-101" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,\ 00,65,00,42,00,61,00,73,00,65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,\ 79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\ 00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MMCSS\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6d,00,6d,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceMain"="ServiceMain" "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MMCSS\Security] "Security"=hex:01,00,14,80,a4,00,00,00,b0,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,74,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,18,00,10,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan] "DisplayName"="@%Systemroot%\\system32\\rasmans.dll,-200" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%Systemroot%\\system32\\rasmans.dll,-201" "ObjectName"="localSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000003 "Type"=dword:00000020 "DependOnService"=hex(7):54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,53,00,\ 73,00,74,00,70,00,53,00,76,00,63,00,00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\ 00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\ 65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,\ 00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\ 65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,\ 00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,\ 4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,\ 6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\ 00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,\ 69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 72,00,61,00,73,00,6d,00,61,00,6e,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "Medias"=hex(7):72,00,61,00,73,00,74,00,61,00,70,00,69,00,00,00,00,00 "CustomDLL"=hex(7):00,00,00,00 "ServiceDllUnloadOnStop"=dword:00000001 "AllowL2TPWeakCrypto"=dword:00000000 "AllowPPTPWeakCrypto"=dword:00000000 "KeepRasConnections"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP] "MaxConfigure"=dword:0000000a "MaxFailure"=dword:0000000a "MaxReject"=dword:00000005 "MaxTerminate"=dword:00000002 "Multilink"=dword:00000000 "NegotiateTime"=dword:00000096 "RestartTimer"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\ControlProtocols] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\ControlProtocols\BuiltIn] "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,70,00,70,00,70,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\ControlProtocols\Chap] "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP] "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,70,00,70,00,70,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13] @="Microsoft" "FriendlyName"="@%SystemRoot%\\system32\\rastls.dll,-2001" "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}" "ConfigUiPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "IdentityPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "InteractiveUIPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "InvokePasswordDialog"=dword:00000000 "InvokeUsernameDialog"=dword:00000000 "MPPEEncryptionSupported"=dword:00000001 "NoRootRevocationCheck"=dword:00000001 "PerPolicyConfig"=dword:00000001 "Properties"=dword:1328d8af "RolesSupported"=dword:00000003 "StandaloneSupported"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\25] @="Microsoft" "FriendlyName"="@%SystemRoot%\\system32\\rastls.dll,-2002" "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "ConfigCLSID"="{58AB2366-D597-11d1-B90E-00C04FC9B263}" "ConfigUiPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "IdentityPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "InteractiveUIPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,61,00,73,00,74,00,6c,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "InvokePasswordDialog"=dword:00000000 "InvokeUsernameDialog"=dword:00000000 "MPPEEncryptionSupported"=dword:00000001 "NoRootRevocationCheck"=dword:00000001 "PerPolicyConfig"=dword:00000001 "Properties"=dword:173ef8bf "RolesSupported"=dword:00000023 "StandaloneSupported"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\26] @="Microsoft" "FriendlyName"="@%SystemRoot%\\system32\\raschap.dll,-2002" "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,\ 61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00 "ConfigCLSID"="{2af6bcaa-f526-4803-aeb8-5777ce386647}" "ConfigUiPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 72,00,61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00 "IdentityPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 72,00,61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,00 "InteractiveUIPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\ 00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\ 5c,00,72,00,61,00,73,00,63,00,68,00,61,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "InvokePasswordDialog"=dword:00000000 "InvokeUsernameDialog"=dword:00000000 "MPPEEncryptionSupported"=dword:00000001 "PerPolicyConfig"=dword:00000001 "Properties"=dword:032c406e "RolesSupported"=dword:00000017 "StandaloneSupported"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Security] "Security"=hex:01,00,04,80,48,00,00,00,54,00,00,00,00,00,00,00,14,00,00,00,02,\ 00,34,00,02,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,0b,00,\ 00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\ 00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule] "AtTaskMaxHours"=dword:00000048 "DisplayName"="@%SystemRoot%\\system32\\schedsvc.dll,-100" "Group"="SchedulerGroup" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%SystemRoot%\\system32\\schedsvc.dll,-101" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,45,00,76,00,65,00,\ 6e,00,74,00,4c,00,6f,00,67,00,00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,\ 00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,\ 65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\ 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,\ 65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,\ 00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,\ 6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,\ 00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\ 54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,53,00,65,00,52,00,65,00,73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,\ 76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule\Parameters] "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 73,00,63,00,68,00,65,00,64,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "ServiceDllUnloadOnStop"=dword:00000001 "ServiceMain"="ServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,dd,01,0e,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,00,\ 00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\seclogon] "DisplayName"="@%SystemRoot%\\system32\\seclogon.dll,-7001" "ImagePath"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,\ 79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,\ 00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,\ 74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%SystemRoot%\\system32\\seclogon.dll,-7000" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000003 "Type"=dword:00000020 "RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\ 00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\ 6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\ 00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,\ 69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,\ 00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,\ 6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\ 00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,\ 61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\ 00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\seclogon\Parameters] "ServiceDll"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,\ 00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,65,00,63,00,6c,00,\ 6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceMain"="SvcEntry_Seclogon" "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\seclogon\Security] "Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,70,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,dd,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ 00,14,00,cd,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,dd,01,\ 02,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS] "DisplayName"="@%SystemRoot%\\system32\\Sens.dll,-200" "Group"="ProfSvc_Group" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%SystemRoot%\\system32\\Sens.dll,-201" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,\ 65,00,6d,00,00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\ 61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\ 61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\ 00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,\ 72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,\ 00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,\ 76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 73,00,65,00,6e,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceMain"="ServiceMain" "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShellHWDetection] "DisplayName"="@%SystemRoot%\\System32\\shsvcs.dll,-12288" "Group"="ShellSvcGroup" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%SystemRoot%\\System32\\shsvcs.dll,-12289" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000000 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\ 00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\ 65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShellHWDetection\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 73,00,68,00,73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceMain"="HardwareDetectionServiceMain" "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Themes] "Start"=dword:00000002 "DisplayName"="@%SystemRoot%\\System32\\themeservice.dll,-8192" "ErrorControl"=dword:00000001 "Group"="ProfSvc_Group" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Type"=dword:00000020 "Description"="@%SystemRoot%\\System32\\themeservice.dll,-8193" "ObjectName"="LocalSystem" "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\ 00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,44,00,65,\ 00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,\ 00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Themes\Parameters] "ServiceDllUnloadOnStop"=dword:00000001 "ServiceMain"="ThemeServiceMain" "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 74,00,68,00,65,00,6d,00,65,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,2e,\ 00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt] "DisplayName"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-205" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-204" "ObjectName"="localSystem" "ErrorControl"=dword:00000000 "Start"=dword:00000002 "Type"=dword:00000020 "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 "ServiceSidType"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters] "ServiceDllUnloadOnStop"=dword:00000000 "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\ 00,6c,00,6c,00,00,00 "ServiceMain"="ServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv] "PreshutdownTimeout"=dword:036ee800 "DisplayName"="@%systemroot%\\system32\\wuaueng.dll,-105" "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%systemroot%\\system32\\wuaueng.dll,-106" "ObjectName"="LocalSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000002 "DelayedAutoStart"=dword:00000001 "Type"=dword:00000020 "DependOnService"=hex(7):72,00,70,00,63,00,73,00,73,00,00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,\ 65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\ 61,00,74,00,65,00,50,00,61,00,67,00,65,00,46,00,69,00,6c,00,65,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,\ 62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\ 00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,\ 79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\ 00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,\ 6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\ 00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,\ 75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\ 00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,\ 72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters] "ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\ 00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00 "ServiceMain"="WUServiceMain" "ServiceDllUnloadOnStop"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,00,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00