https://pastein.ru/t/Ohh
Загрузка данных
[32m((,.,/((((((((((((((((((((/, */[97m
[32m,/*,..*(((((((((((((((((((((((((((((((((,[97m
[32m,*/((((((((((((((((((/, [92m.*//((//**,[32m .*((((((*[97m
[32m((((((((((((((((* [94m*****[32m,,,/########## [32m.(* ,(((((([97m
[32m(((((((((((/* [94m******************[32m/####### [32m.(. (((((([97m
[32m((((((.[92m.[94m******************[97m/@@@@@/[94m***[92m/######[32m /(((((([97m
[32m,,.[92m.[94m**********************[97m@@@@@@@@@@([94m***[92m,####[32m ../((((([97m
[32m, ,[92m[94m**********************[97m#@@@@@#@@@@[94m*********[92m##[32m((/ /(((([97m
[32m..(([92m(##########[94m*********[97m/#@@@@@@@@@/[94m*************[32m,,..(((([97m
[32m.(([92m(################(/[94m******[97m/@@@@@#[94m****************[32m.. /(([97m
[32m.([92m(########################(/[94m************************[32m..*([97m
[32m.([92m(#############################(/[94m********************[32m.,([97m
[32m.([92m(##################################(/[94m***************[32m..([97m
[32m.([92m(######################################([94m************[32m..([97m
[32m.([92m(######(,.***.,(###################(..***(/[94m*********[32m..([97m
[32m.([92m(######*(#####((##################((######/([94m********[32m..([97m
[32m.([92m(##################(/**********(################([94m**[32m...([97m
[32m.(([92m(####################/*******(###################[32m.(((([97m
[32m.(((([92m(############################################/[32m /(([97m
[32m..(((([92m(#########################################([32m..(((((.[97m
[32m....(((([92m(#####################################([32m .((((((.[97m
[32m......(((([92m(#################################([32m .(((((((.[97m
[32m(((((((((. ,[92m(############################([32m../(((((((((.[97m
[32m(((((((((/, [92m,####################([32m/..((((((((((.[97m
[32m(((((((((/,. [92m,*//////*,.[32m ./(((((((((((.[97m
[32m(((((((((((((((((((((((((((/[97m
by carlospolop
/!\ Advisory: WinPEAS - Windows local Privilege Escalation Awesome Script
[41mWinPEAS should be used for authorized penetration testing and/or educational purposes only.[40;97m
[41mAny misuse of this software will not be the responsibility of the author or of any other collaborator.[40;97m
[41mUse it at your own networks and/or with the network owner's permission.[40;97m
[i] Best Linux PE and hardening course: https://hacktricks-training.com/courses/lhe/
[32m[*][97m BASIC SYSTEM INFO
[33m[+][97m WINDOWS OS
[i] Check for vulnerabilities for the OS version with the applied patches
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#version-exploits
Host Name: DC1
OS Name: Microsoft Windows Server 2016 Standard Evaluation
OS Version: 10.0.14393 N/A Build 14393
OS Manufacturer: Microsoft Corporation
OS Configuration: Primary Domain Controller
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization:
Product ID: 00378-00000-00000-AA739
Original Install Date: 5/2/2026, 8:30:30 AM
System Boot Time: 5/10/2026, 9:53:35 AM
System Manufacturer: VMware, Inc.
System Model: VMware20,1
System Type: x64-based PC
Processor(s): 2 Processor(s) Installed.
[01]: Intel64 Family 6 Model 154 Stepping 3 GenuineIntel ~2112 Mhz
[02]: Intel64 Family 6 Model 154 Stepping 3 GenuineIntel ~2112 Mhz
BIOS Version: VMware, Inc. VMW201.00V.24866131.B64.2507211911, 7/21/2025
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 2,047 MB
Available Physical Memory: 749 MB
Virtual Memory: Max Size: 3,199 MB
Virtual Memory: Available: 1,828 MB
Virtual Memory: In Use: 1,371 MB
Page File Location(s): C:\pagefile.sys
Domain: ivt.local
Logon Server: \\DC1
Hotfix(s): N/A
Network Card(s): 1 NIC(s) Installed.
[01]: Intel(R) 82574L Gigabit Network Connection
Connection Name: Ethernet0
DHCP Enabled: No
IP address(es)
[01]: 192.168.1.10
[02]: fe80::7017:f67:7135:27fd
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
[33m[+][97m DATE and TIME
[i] You may need to adjust your local date/time to exploit some vulnerability
Sun 05/10/2026
10:06 AM
[33m[+][97m Audit Settings
[i] Check what is being logged
[33m[+][97m WEF Settings
[i] Check where are being sent the logs
[33m[+][97m Legacy Microsoft LAPS installed?
[i] Check what is being logged
[33m[+][97m Windows LAPS installed?
[i] Check what is being logged: 0x00 Disabled, 0x01 Backup to Entra, 0x02 Backup to Active Directory
[33m[+][97m LSA protection?
[i] Active if "1"
[33m[+][97m Credential Guard?
[i] Active if "1" or "2"
[33m[+][97m WDigest?
[i] Plain-text creds in memory if "1"
[33m[+][97m Number of cached creds
[i] You need System-rights to extract them
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
CACHEDLOGONSCOUNT REG_SZ 10
[33m[+][97m UAC Settings
[i] If the results read ENABLELUA REG_DWORD 0x1, part or all of the UAC components are on
[?] https://book.hacktricks.wiki/en/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.html#very-basic-uac-bypass-full-file-system-access
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
EnableLUA REG_DWORD 0x1
[33m[+][97m Registered Anti-Virus(AV)
Checking for defender whitelisted PATHS
[33m[+][97m PowerShell settings
PowerShell v2 Version:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine
PowerShellVersion REG_SZ 2.0
PowerShell v5 Version:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\3\PowerShellEngine
PowerShellVersion REG_SZ 5.1.14393.0
Transcriptions Settings:
Module logging settings:
Scriptblog logging settings:
PS default transcript history
Checking PS history file
Volume in drive C has no label.
Volume Serial Number is D853-481C
Directory of C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine
05/10/2026 09:21 AM 926 ConsoleHost_history.txt
1 File(s) 926 bytes
0 Dir(s) 52,569,833,472 bytes free
[33m[+][97m MOUNTED DISKS
[i] Maybe you find something interesting
C a p t i o n
C :
D :
[33m[+][97m ENVIRONMENT
[i] Interesting information?
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Administrator\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
CommonProgramW6432=C:\Program Files\Common Files
COMPUTERNAME=DC1
ComSpec=C:\Windows\system32\cmd.exe
CurrentFolder=C:\Users\Administrator\Desktop\
CurrentLine= [33m[+][97m ENVIRONMENT
E=[
ESC=
expl=no
FPS_BROWSER_APP_PROFILE_STRING=Internet Explorer
FPS_BROWSER_USER_PROFILE_STRING=Default
HOMEDRIVE=C:
HOMEPATH=\Users\Administrator
LOCALAPPDATA=C:\Users\Administrator\AppData\Local
LOGONSERVER=\\DC1
long=false
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
Percentage=1
PercentageTrack=20
PROCESSOR_ARCHITECTURE=AMD64
PROCESSOR_IDENTIFIER=Intel64 Family 6 Model 154 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=9a03
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
ProgramFiles(x86)=C:\Program Files (x86)
ProgramW6432=C:\Program Files
PROMPT=$P$G
PSModulePath=%ProgramFiles%\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ADMINI~1\AppData\Local\Temp
TMP=C:\Users\ADMINI~1\AppData\Local\Temp
USERDNSDOMAIN=IVT.LOCAL
USERDOMAIN=IVT
USERDOMAIN_ROAMINGPROFILE=IVT
USERNAME=Administrator
USERPROFILE=C:\Users\Administrator
windir=C:\Windows
[33m[+][97m INSTALLED SOFTWARE
[i] Some weird software? Check for vulnerabilities in unknow software installed
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#applications
Common Files
Common Files
Internet Explorer
Internet Explorer
Microsoft.NET
Windows Defender
Windows Defender
Windows Mail
Windows Mail
Windows Media Player
Windows Media Player
Windows Multimedia Platform
Windows Multimedia Platform
Windows NT
Windows NT
Windows Photo Viewer
Windows Photo Viewer
Windows Portable Devices
Windows Portable Devices
WindowsPowerShell
WindowsPowerShell
[33m[+][97m Remote Desktop Credentials Manager
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#remote-desktop-credential-manager
[33m[+][97m WSUS
[i] You can inject 'fake' updates into non-SSL WSUS traffic (WSUXploit)
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#wsus
[33m[+][97m RUNNING PROCESSES
[i] Something unexpected is running? Check for vulnerabilities
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#running-processes
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 288 N/A
csrss.exe 396 N/A
wininit.exe 472 N/A
csrss.exe 480 N/A
winlogon.exe 532 N/A
services.exe 608 N/A
lsass.exe 616 Kdc, KeyIso, Netlogon, NTDS, SamSs, VaultSv
svchost.exe 808 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power, SystemEventsBroker
svchost.exe 868 RpcEptMapper, RpcSs
svchost.exe 992 Appinfo, DsmSvc, gpsvc, iphlpsvc, lfsvc,
ProfSvc, Schedule, SENS, ShellHWDetection,
Themes, UserManager, Winmgmt, wlidsvc,
WpnService, wuauserv
svchost.exe 92 CDPSvc, EventSystem, fdPHost, FontCache,
netprofm, nsi, RemoteRegistry, W32Time,
WinHttpAutoProxySvc
svchost.exe 272 Dhcp, EventLog, lmhosts, TimeBrokerSvc
dwm.exe 388 N/A
svchost.exe 676 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, WinRM
svchost.exe 888 NcbService, PcaSvc, UALSVC, wudfsvc
svchost.exe 1136 BFE, CoreMessagingRegistrar, DPS, MpsSvc
svchost.exe 1404 Wcmsvc
svchost.exe 1064 LanmanServer
spoolsv.exe 2180 Spooler
dns.exe 2268 DNS
svchost.exe 2276 DiagTrack
ismserv.exe 2292 IsmServ
svchost.exe 2308 StateRepository, tiledatamodelsvc
Microsoft.ActiveDirectory 2348 ADWS
dfsrs.exe 2356 DFSR
wlms.exe 2364 WLMS
MsMpEng.exe 2460 WinDefend
dfssvc.exe 2500 Dfs
vds.exe 2860 vds
WmiPrvSE.exe 3188 N/A
msdtc.exe 2012 MSDTC
RuntimeBroker.exe 3732 N/A
sihost.exe 3896 N/A
svchost.exe 3876 CDPUserSvc_41d51, OneSyncSvc_41d51
taskhostw.exe 700 N/A
explorer.exe 3668 N/A
ServerManager.exe 2776 N/A
ShellExperienceHost.exe 2524 N/A
SearchUI.exe 1176 N/A
WmiPrvSE.exe 2920 N/A
TrustedInstaller.exe 1372 TrustedInstaller
TiWorker.exe 2328 N/A
svchost.exe 3648 AppXSvc
MpCmdRun.exe 612 N/A
WmiPrvSE.exe 4720 N/A
dllhost.exe 3108 N/A
cmd.exe 2252 N/A
conhost.exe 3452 N/A
tasklist.exe 884 N/A
[i] Checking file permissions of running processes (File backdooring - maybe the same files start automatically when Administrator logs in)
C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe NT SERVICE\TrustedInstaller:(F)
C:\Windows\Explorer.EXE NT SERVICE\TrustedInstaller:(F)
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe NT SERVICE\TrustedInstaller:(F)
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe NT SERVICE\TrustedInstaller:(F)
C:\Windows\servicing\TrustedInstaller.exe NT SERVICE\TrustedInstaller:(F)
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe NT SERVICE\TrustedInstaller:(F)
C:\Program Files\Windows Defender\MpCmdRun.exe NT SERVICE\TrustedInstaller:(F)
[i] Checking directory permissions of running processes (DLL injection)
C:\Windows\ADWS\ NT SERVICE\TrustedInstaller:(I)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
C:\Windows\ NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
C:\Windows\servicing\ NT SERVICE\TrustedInstaller:(F)
C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\ NT SERVICE\TrustedInstaller:(OI)(CI)(F)
C:\Program Files\Windows Defender\ NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
[33m[+][97m RUN AT STARTUP
[i] Check if you can modify any binary that is going to be executed by admin or if you can impersonate a not found binary
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#run-at-startup
BUILTIN\Administrators:(I)(OI)(CI)(F)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
IVT\Administrator:(OI)(CI)(F)
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
IVT\Administrator:(F)
BUILTIN\Administrators:(I)(OI)(CI)(F)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini BUILTIN\Administrators:(F)
BUILTIN\Administrators:(I)(F)
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
IVT\Administrator:(OI)(CI)(F)
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
IVT\Administrator:(F)
Folder: \
CreateExplorerShellUnelevatedTask N/A Running
Folder: \Microsoft
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
EDP Policy Manager N/A Ready
SmartScreenSpecific N/A Ready
Folder: \Microsoft\Windows\Application Experience
Microsoft Compatibility Appraiser 5/11/2026 3:12:50 AM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
appuriverifierdaily 5/11/2026 3:00:00 AM Ready
appuriverifierinstall 5/16/2026 3:00:00 AM Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
Folder: \Microsoft\Windows\Autochk
Proxy N/A Ready
Folder: \Microsoft\Windows\Bluetooth
UninstallDeviceTask N/A Ready
Folder: \Microsoft\Windows\CertificateServicesClient
AikCertEnrollTask N/A Ready
CryptoPolicyTask N/A Ready
KeyPreGenTask N/A Ready
SystemTask N/A Ready
UserTask N/A Ready
UserTask-Roam N/A Ready
Folder: \Microsoft\Windows\Chkdsk
ProactiveScan N/A Ready
Folder: \Microsoft\Windows\Clip
Folder: \Microsoft\Windows\CloudExperienceHost
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
Consolidator 5/10/2026 12:00:00 PM Ready
KernelCeipTask N/A Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
Data Integrity Scan 6/2/2026 7:01:51 PM Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
Device 5/11/2026 4:56:28 AM Ready
Folder: \Microsoft\Windows\Device Setup
Metadata Refresh N/A Ready
Folder: \Microsoft\Windows\Diagnosis
Scheduled N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
Microsoft-Windows-DiskDiagnosticDataColl N/A Ready
Folder: \Microsoft\Windows\DiskFootprint
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\EDP
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
Folder: \Microsoft\Windows\ErrorDetails
EnableErrorDetailsUpdate N/A Ready
Folder: \Microsoft\Windows\LanguageComponentsInstaller
Installation N/A Ready
Uninstallation N/A Ready
Folder: \Microsoft\Windows\License Manager
TempSignedLicenseExchange N/A Ready
Folder: \Microsoft\Windows\Live
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Location
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
WinSAT N/A Ready
Folder: \Microsoft\Windows\Maps
MapsToastTask N/A Ready
Folder: \Microsoft\Windows\MemoryDiagnostic
Folder: \Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
Folder: \Microsoft\Windows\NetTrace
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\Network Controller
Folder: \Microsoft\Windows\Offline Files
Folder: \Microsoft\Windows\PI
Secure-Boot-Update N/A Ready
Sqm-Tasks N/A Ready
Folder: \Microsoft\Windows\PLA
Folder: \Microsoft\Windows\Plug and Play
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Plug and Play Cleanup N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem N/A Ready
Folder: \Microsoft\Windows\Ras
MobilityManager N/A Ready
Folder: \Microsoft\Windows\RecoveryEnvironment
VerifyWinRE N/A Ready
Folder: \Microsoft\Windows\Registry
RegIdleBackup N/A Ready
Folder: \Microsoft\Windows\Server Manager
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
Folder: \Microsoft\Windows\Servicing
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SettingSync
BackgroundUploadTask N/A Ready
BackupTask N/A Ready
NetworkStateChangeTask N/A Ready
Folder: \Microsoft\Windows\Shell
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\Software Inventory Logging
Configuration N/A Ready
Folder: \Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask 5/11/2026 9:55:31 AM Ready
Folder: \Microsoft\Windows\SpacePort
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
SpeechModelDownloadTask 5/11/2026 12:00:00 AM Ready
Folder: \Microsoft\Windows\Storage Tiers Management
Storage Tiers Management Initialization N/A Ready
Folder: \Microsoft\Windows\Task Manager
Interactive N/A Ready
Folder: \Microsoft\Windows\TextServicesFramework
MsCtfMonitor N/A Running
Folder: \Microsoft\Windows\Time Synchronization
ForceSynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\TPM
Tpm-HASCertRetr N/A Ready
Tpm-Maintenance N/A Ready
Folder: \Microsoft\Windows\UpdateOrchestrator
Reboot N/A Ready
Refresh Settings 5/11/2026 2:23:03 AM Ready
Schedule Retry Scan N/A Ready
Schedule Scan 5/11/2026 8:51:04 AM Ready
USO_UxBroker_Display N/A Ready
USO_UxBroker_ReadyToReboot N/A Ready
Folder: \Microsoft\Windows\UPnP
UPnPHostConfig N/A Ready
Folder: \Microsoft\Windows\User Profile Service
Folder: \Microsoft\Windows\WDI
ResolutionHost N/A Ready
Folder: \Microsoft\Windows\Windows Defender
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan N/A Ready
Windows Defender Verification N/A Ready
Folder: \Microsoft\Windows\Windows Error Reporting
QueueReporting 5/10/2026 1:57:33 PM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
Folder: \Microsoft\Windows\WindowsUpdate
Automatic App Update 5/10/2026 2:12:50 PM Ready
Scheduled Start 5/11/2026 7:47:45 AM Ready
sih 5/11/2026 3:36:42 AM Ready
sihboot N/A Ready
Folder: \Microsoft\Windows\Wininet
CacheTask N/A Running
Folder: \Microsoft\Windows\Workplace Join
Automatic-Device-Join N/A Ready
Folder: \Microsoft\XblGameSave
XblGameSaveTask N/A Ready
XblGameSaveTaskLogon N/A Ready
[33m[+][97m AlwaysInstallElevated?
[i] If '1' then you can install a .msi file with admin privileges ;)
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#alwaysinstallelevated-1
[32m[*][97m NETWORK
[33m[+][97m CURRENT SHARES
Share name Resource Remark
-------------------------------------------------------------------------------
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
NETLOGON C:\Windows\SYSVOL\sysvol\ivt.local\SCRIPTS
Logon server share
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
The command completed successfully.
[33m[+][97m INTERFACES
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : ivt.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ivt.local
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-76-21-EE
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7017:f67:7135:27fd%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 33557545
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-31-88-5D-4C-00-0C-29-76-21-EE
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{E72E5FF8-6E3C-483F-B9B7-5FFD4EEB8ACD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
[33m[+][97m USED PORTS
[i] Check for services restricted from the outside
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 868
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 868
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 2348
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 472
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 272
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 992
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING 2180
TCP 0.0.0.0:49675 0.0.0.0:0 LISTENING 608
TCP 0.0.0.0:49686 0.0.0.0:0 LISTENING 2268
TCP 0.0.0.0:49708 0.0.0.0:0 LISTENING 2356
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 2268
TCP 192.168.1.10:53 0.0.0.0:0 LISTENING 2268
TCP 192.168.1.10:139 0.0.0.0:0 LISTENING 4
TCP [::]:88 [::]:0 LISTENING 616
TCP [::]:135 [::]:0 LISTENING 868
TCP [::]:389 [::]:0 LISTENING 616
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 616
TCP [::]:593 [::]:0 LISTENING 868
TCP [::]:636 [::]:0 LISTENING 616
TCP [::]:3268 [::]:0 LISTENING 616
TCP [::]:3269 [::]:0 LISTENING 616
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:9389 [::]:0 LISTENING 2348
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 472
TCP [::]:49665 [::]:0 LISTENING 272
TCP [::]:49666 [::]:0 LISTENING 616
TCP [::]:49668 [::]:0 LISTENING 992
TCP [::]:49669 [::]:0 LISTENING 616
TCP [::]:49670 [::]:0 LISTENING 616
TCP [::]:49672 [::]:0 LISTENING 2180
TCP [::]:49675 [::]:0 LISTENING 608
TCP [::]:49686 [::]:0 LISTENING 2268
TCP [::]:49708 [::]:0 LISTENING 2356
TCP [::1]:53 [::]:0 LISTENING 2268
TCP [fe80::7017:f67:7135:27fd%13]:53 [::]:0 LISTENING 2268
[33m[+][97m FIREWALL
Firewall status:
-------------------------------------------------------------------
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Group policy version = Windows Firewall
Remote admin mode = Disable
Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
No ports are currently open on all network interfaces.
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable Yes Network Discovery
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 8 Allow inbound echo request
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 8 Allow inbound echo request
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .
[33m[+][97m ARP
Interface: 192.168.1.10 --- 0xd
Internet Address Physical Address Type
192.168.1.1 00-0c-29-5c-de-66 dynamic
192.168.1.20 00-0c-29-d3-f8-a7 dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
[33m[+][97m ROUTES
===========================================================================
Interface List
13...00 0c 29 76 21 ee ......Intel(R) 82574L Gigabit Network Connection
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.10 281
192.168.1.10 255.255.255.255 On-link 192.168.1.10 281
192.168.1.255 255.255.255.255 On-link 192.168.1.10 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.10 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.10 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::7017:f67:7135:27fd/128
On-link
1 331 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
[33m[+][97m Hosts file
[33m[+][97m DNS CACHE
Record Name . . . . . : WD1.ivt.local
A (Host) Record . . . : 192.168.1.20
Record Name . . . . . : 93f0135c-83be-40dd-9a26-f51bd64ab180._msdcs.ivt.local
Record Name . . . . . : WIN-269LCCU0THE.ivt.local
A (Host) Record . . . : 192.168.1.10
[33m[+][97m WIFI
[32m[*][97m BASIC USER INFO
[i] Check if you are inside the Administrators group or if you have enabled any token that can be use to escalate privileges like SeImpersonatePrivilege, SeAssignPrimaryPrivilege, SeTcbPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeCreateTokenPrivilege, SeLoadDriverPrivilege, SeTakeOwnershipPrivilege, SeDebugPrivilege
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#users--groups
[33m[+][97m CURRENT USER
User name Administrator
Full Name
Comment Built-in account for administering the computer/domain
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 5/2/2026 8:30:30 AM
Password expires Never
Password changeable 5/3/2026 8:30:30 AM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 5/10/2026 10:00:26 AM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *Schema Admins *Group Policy Creator
*Domain Admins *Enterprise Admins
*Domain Users
The command completed successfully.
User name Administrator
Full Name
Comment Built-in account for administering the computer/domain
User's comment
Country/region code 000 (System Default)
Account active Yes
Account expires Never
Password last set 5/2/2026 8:30:30 AM
Password expires Never
Password changeable 5/3/2026 8:30:30 AM
Password required Yes
User may change password Yes
Workstations allowed All
Logon script
User profile
Home directory
Last logon 5/10/2026 10:00:26 AM
Logon hours allowed All
Local Group Memberships *Administrators
Global Group memberships *Schema Admins *Group Policy Creator
*Domain Admins *Enterprise Admins
*Domain Users
The command completed successfully.
USER INFORMATION
----------------
User Name SID
================= ============================================
ivt\administrator S-1-5-21-2204472844-543932781-3722524442-500
GROUP INFORMATION
-----------------
Group Name Type SID Attributes
========================================== ================ ============================================ ===============================================================
Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators Alias S-1-5-32-544 Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users Alias S-1-5-32-545 Mandatory group, Enabled by default, Enabled group
BUILTIN\Pre-Windows 2000 Compatible Access Alias S-1-5-32-554 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE Well-known group S-1-5-4 Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON Well-known group S-1-2-1 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization Well-known group S-1-5-15 Mandatory group, Enabled by default, Enabled group
LOCAL Well-known group S-1-2-0 Mandatory group, Enabled by default, Enabled group
IVT\Group Policy Creator Owners Group S-1-5-21-2204472844-543932781-3722524442-520 Mandatory group, Enabled by default, Enabled group
IVT\Domain Admins Group S-1-5-21-2204472844-543932781-3722524442-512 Mandatory group, Enabled by default, Enabled group
IVT\Schema Admins Group S-1-5-21-2204472844-543932781-3722524442-518 Mandatory group, Enabled by default, Enabled group
IVT\Enterprise Admins Group S-1-5-21-2204472844-543932781-3722524442-519 Mandatory group, Enabled by default, Enabled group
Authentication authority asserted identity Well-known group S-1-18-1 Mandatory group, Enabled by default, Enabled group
IVT\Denied RODC Password Replication Group Alias S-1-5-21-2204472844-543932781-3722524442-572 Mandatory group, Enabled by default, Enabled group, Local Group
Mandatory Label\High Mandatory Level Label S-1-16-12288
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
========================================= ================================================================== ========
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeMachineAccountPrivilege Add workstations to domain Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeEnableDelegationPrivilege Enable computer and user accounts to be trusted for delegation Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
SeDelegateSessionUserImpersonatePrivilege Obtain an impersonation token for another user in the same session Disabled
USER CLAIMS INFORMATION
-----------------------
User claims unknown.
Kerberos support for Dynamic Access Control on this device has been disabled.
[33m[+][97m USERS
User accounts for \\DC1
-------------------------------------------------------------------------------
admin Administrator agro
DefaultAccount Guest krbtgt
The command completed successfully.
[33m[+][97m GROUPS
Aliases for \\DC1
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Incoming Forest Trust Builders
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*Storage Replica Administrators
*System Managed Accounts Group
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
[33m[+][97m ADMINISTRATORS GROUPS
Alias name Administrators
Comment Administrators have complete and unrestricted access to the computer/domain
Members
-------------------------------------------------------------------------------
Administrator
Domain Admins
Enterprise Admins
The command completed successfully.
[33m[+][97m CURRENT LOGGED USERS
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
>administrator console 1 Active none 5/10/2026 10:00 AM
[33m[+][97m Kerberos Tickets
Current LogonId is 0:0x40659
Cached Tickets: (2)
#0> Client: Administrator @ IVT.LOCAL
Server: krbtgt/IVT.LOCAL @ IVT.LOCAL
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40e10000 -> forwardable renewable initial pre_authent name_canonicalize
Start Time: 5/10/2026 10:00:26 (local)
End Time: 5/10/2026 20:00:26 (local)
Renew Time: 5/17/2026 10:00:26 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Cache Flags: 0x1 -> PRIMARY
Kdc Called: DC1
#1> Client: Administrator @ IVT.LOCAL
Server: cifs/WD1 @ IVT.LOCAL
KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96
Ticket Flags 0x40a10000 -> forwardable renewable pre_authent name_canonicalize
Start Time: 5/10/2026 10:00:40 (local)
End Time: 5/10/2026 20:00:26 (local)
Renew Time: 5/17/2026 10:00:26 (local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Cache Flags: 0
Kdc Called: DC1
[33m[+][97m CURRENT CLIPBOARD
[i] Any passwords inside the clipboard?
[32m[*][97m SERVICE VULNERABILITIES
[33m[+][97m SERVICE BINARY PERMISSIONS WITH WMIC and ICACLS
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#services
C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe NT SERVICE\TrustedInstaller:(F)
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe NT SERVICE\TrustedInstaller:(F)
C:\Windows\SysWow64\perfhost.exe NT SERVICE\TrustedInstaller:(F)
C:\Windows\servicing\TrustedInstaller.exe NT SERVICE\TrustedInstaller:(F)
C:\Program Files\Windows Defender\NisSrv.exe NT SERVICE\TrustedInstaller:(F)
C:\Program Files\Windows Defender\MsMpEng.exe NT SERVICE\TrustedInstaller:(F)
[33m[+][97m CHECK IF YOU CAN MODIFY ANY SERVICE REGISTRY
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#services
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\.NETFramework
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\1394ohci
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\3ware
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ACPI
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AcpiDev
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\acpiex
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\acpipagr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AcpiPmi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\acpitime
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ADOVMPPackage
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ADP80XX
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\adsi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ADWS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AFD
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ahcache
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AJRouter
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ALG
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AmdK8
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AmdPPM
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\amdsata
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\amdsbs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\amdxata
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppID
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppIDSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Appinfo
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\applockerfltr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppMgmt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppReadiness
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppVClient
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppvStrm
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppvVemgr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppvVfs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AppXSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\arcsas
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AsyncMac
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\atapi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AudioEndpointBuilder
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Audiosrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\AxInstSV
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\b06bdrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BasicDisplay
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BasicRender
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BattC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\bcmfn
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\bcmfn2
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Beep
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\bfadfcoei
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\bfadi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BFE
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BITS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\bowser
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BrokerInfrastructure
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Browser
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\BTHPORT
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\bthserv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\buttonconverter
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\bxfcoe
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\bxois
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CapImg
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cdfs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CDPSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CDPUserSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CDPUserSvc_41d51
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cdrom
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CertPropSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cht4iscsi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cht4vbd
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CLFS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ClipSVC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\clreg
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\clr_optimization_v4.0.30319_32
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\clr_optimization_v4.0.30319_64
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CmBatt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CNG
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cnghwassist
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CompositeBus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\COMSysApp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\condrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CoreMessagingRegistrar
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CoreUI
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\crypt32
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CryptSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CSC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\CscService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dam
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DCLocator
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DcpSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\defragsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DeviceAssociationService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DeviceInstall
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DevQueryBroker
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Dfs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Dfsc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DfsDriver
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DFSR
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DfsrRo
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Dhcp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\diagnosticshub.standardcollector.service
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DiagTrack
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DirectoryServices
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Disk
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DmEnrollmentSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dmvsc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dmwappushservice
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DNS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Dnscache
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dot3svc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\drmkaud
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DsmSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DsRoleSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DsSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\DXGKrnl
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\e1iexpress
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Eaphost
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ebdrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\EFS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\EhStorClass
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\EhStorTcgDrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\elxfcoe
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\elxstor
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\embeddedmode
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\EntAppSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ErrDev
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ESENT
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\EventLog
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\EventSystem
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\exfat
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\fastfat
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\fcvsc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\fdc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\fdPHost
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\FDResPub
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\FileCrypt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\FileInfo
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Filetrace
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\flpydisk
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\FltMgr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\FontCache
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\FrameServer
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\FsDepends
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Fs_Rec
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gencounter
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\genericusbfn
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\GPIOClx0101
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\GpuEnergyDrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HdAudAddService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HDAudBus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HidBatt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HidBth
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\hidinterrupt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\hidserv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HidUsb
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HomeGroupListener
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HpSAMD
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HTTP
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\HvHost
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\hvservice
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\hwpolicy
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\hyperkbd
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\i8042prt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iaLPSSi_GPIO
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iaLPSSi_I2C
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iaStorAV
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iaStorV
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ibbus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\icssvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IKEEXT
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IndirectKmd
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\inetaccs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\intelide
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\intelpep
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\intelppm
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iorate
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IpFilterDriver
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iphlpsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IPMIDRV
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IPNAT
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IPsecGW
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\isapnp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\iScsiPrt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\IsmServ
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\kbdclass
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\kbdhid
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Kdc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\kdnic
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\KdsSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\KeyIso
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\KPSSVC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\KSecDD
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\KSecPkg
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ksthunk
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\KtmRm
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\LanmanServer
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\LanmanWorkstation
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ldap
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\lfsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\LicenseManager
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\lltdio
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\lltdsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\lmhosts
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Lsa
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\LSI_SAS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\LSI_SAS2i
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\LSI_SAS3i
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\LSI_SSS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\LSM
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\luafv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MapsBroker
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\megasas
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\megasas2i
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\megasr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mlx4_bus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MMCSS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Modem
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\monitor
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mouclass
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mouhid
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mountmgr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mpsdrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MpsSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mrxsmb
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mrxsmb10
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mrxsmb20
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MsBridge
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MSDTC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MSDTC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Msfs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msgpiowin32
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mshidkmdf
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mshidumdf
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msisadrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MSiSCSI
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msiserver
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MSKSSRV
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MsLbfoProvider
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MsLldp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MSPCLOCK
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MSPQM
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MsRPC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MSSCNTRS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mssmbios
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MSTEE
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\MTConfig
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Mup
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\mvumis
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\napagent
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NcaSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NcbService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndfltr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NDIS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NdisCap
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NdisImPlatform
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NdisTapi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Ndisuio
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NdisVirtualBus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NdisWan
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndiswanlegacy
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ndproxy
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NetBIOS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NetbiosSmb
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NetBT
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Netlogon
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Netman
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netprofm
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NetSetupSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NetTcpPortSharing
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netvscvfpp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NgcCtnrSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NgcSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NlaSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Npfs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\npsvctrig
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\nsi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\nsiproxy
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NTDS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NTFS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Null
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\nvraid
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\nvstor
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\OneSyncSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\OneSyncSvc_41d51
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Parport
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\partmgr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PcaSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pci
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pciide
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pcmcia
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pcw
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pdc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PEAUTH
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\percsas2i
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\percsas3i
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PerfDisk
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PerfHost
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PerfNet
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PerfOS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PerfProc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PhoneSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PimIndexMaintenanceSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PimIndexMaintenanceSvc_41d51
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\pla
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PlugPlay
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PolicyAgent
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PortProxy
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Power
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PptpMiniport
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\PrintNotify
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Processor
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ProfSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Psched
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ql2300i
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ql40xx2i
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\qlfcoei
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\QWAVE
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\QWAVEdrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RasAcd
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RasAgileVpn
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RasAuto
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RasGre
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Rasl2tp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RasMan
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RasPppoe
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RasSstp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rdbss
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RDMANDK
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rdpbus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RDPDR
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RDPNP
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RDPUDD
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RdpVideoMiniport
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ReFS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ReFSv1
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RegFilter
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RemoteAccess
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RemoteRegistry
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RmSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RpcEptMapper
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RpcLocator
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\RSoPProv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rspndr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\s3cap
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sacdrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sacsvr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sbp2port
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SCardSvr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ScDeviceEnum
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\scfilter
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Schedule
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\scmbus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\scmdisk0101
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SCPolicySvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sdbus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sdstor
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\seclogon
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SENS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SensorDataService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SensorService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SensrSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SerCx
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SerCx2
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Serenum
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Serial
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sermouse
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SessionEnv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sfloppy
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SharedAccess
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ShellHWDetection
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SiSRaid2
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SiSRaid4
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\smbdirect
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\smphost
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SNMPTRAP
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\spaceport
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SpbCx
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Spooler
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sppsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\srv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\srv2
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\srvnet
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SSDPSRV
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SstpSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\StateRepository
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\stexstor
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\stisvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\storahci
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\storflt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\stornvme
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\storqosflt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\StorSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\storufs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\storvsc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\svsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\swenum
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\swprv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Synth3dVsc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SysMain
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\SystemEventsBroker
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TabletInputService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TapiSrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Tcpip
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Tcpip6
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TCPIP6TUNNEL
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpipreg
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TCPIPTUNNEL
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tdx
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\terminpt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TermService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Themes
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TieringEngineService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tiledatamodelsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TimeBrokerSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TPM
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TSDDD
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TsUsbFlt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\TsUsbGD
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tsusbhub
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tunnel
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tzautoupdate
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UALSVC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UASPStor
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UcmCx0101
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UcmTcpciCx0101
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UcmUcsi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Ucx01000
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UdeCx
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\udfs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UEFI
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UevAgentDriver
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UevAgentService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Ufx01000
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UfxChipidea
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ufxsynopsys
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UGatherer
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UGTHRSVC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UI0Detect
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\umbus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UmPass
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UmRdpService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UnistoreSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UnistoreSvc_41d51
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\upnphost
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UrsChipidea
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UrsCx01000
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UrsSynopsys
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbccgp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbehci
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbhub
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\USBHUB3
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbohci
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbprint
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbser
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\USBSTOR
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\usbuhci
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\USBXHCI
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UserDataSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UserDataSvc_41d51
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UserManager
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\UsoSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\VaultSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vdrvroot
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vds
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\VerifierExt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vhdmp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vhf
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmbus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\VMBusHID
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmgid
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmicguestinterface
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmicheartbeat
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmickvpexchange
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmicrdv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmicshutdown
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmictimesync
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmicvmsession
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vmicvss
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\volmgr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\volmgrx
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\volsnap
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\volume
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vpci
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vsmraid
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\VSS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\VSTXRAID
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\vwifibus
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\W32Time
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WacomPen
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WalletService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wanarp
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wanarpv6
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WbioSrvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wcifs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Wcmsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wcncsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wcnfs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Wdf01000
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Wecsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WEPHOSTSVC
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wercplsupport
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WerSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WFPLWFS
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WiaRpc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WIMMount
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WindowsTrustedRT
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WindowsTrustedRTProxy
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WinHttpAutoProxySvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WinMad
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Winmgmt
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WinNat
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WinRM
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Winsock
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WinSock2
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WINUSB
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WinVerbs
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wisvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WlanSvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wlidsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WmiAcpi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WmiApRpl
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wmiApSrv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\Wof
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\workerdd
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WPDBusEnum
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WpdUpFltr
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WpnService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WpnUserService
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WpnUserService_41d51
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ws2ifsl
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WSearch
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WSearchIdxPi
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wuauserv
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WudfPf
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\WUDFRd
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\wudfsvc
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\XblAuthManager
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\XblGameSave
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\xboxgip
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\xinputhid
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\xmlprov
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\{0560E04D-055B-408C-95E0-00C864D51B55}
You can modify HKEY_LOCAL_MACHINE\system\currentcontrolset\services\{E72E5FF8-6E3C-483F-B9B7-5FFD4EEB8ACD}
[33m[+][97m UNQUOTED SERVICE PATHS
[i] When the path is not quoted (ex: C:\Program files\soft\new folder\exec.exe) Windows will try to execute first 'C:\Program.exe', then 'C:\Program Files\soft\new.exe' and finally 'C:\Program Files\soft\new folder\exec.exe'. Try to create 'C:\Program Files\soft\new.exe'
[i] The permissions are also checked and filtered using icacls
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#services
ADWS
C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe NT SERVICE\TrustedInstaller:(F)
NetTcpPortSharing
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe NT SERVICE\TrustedInstaller:(F)
PerfHost
C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe NT SERVICE\TrustedInstaller:(F)
TrustedInstaller
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe NT SERVICE\TrustedInstaller:(F)
[32m[*][97m DLL HIJACKING in PATHenv variable
[i] Maybe you can take advantage of modifying/creating some binary in some of the following locations
[i] PATH variable entries permissions - place binary or DLL to execute instead of legitimate
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#dll-hijacking
C:\Windows\system32 NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
C:\Windows NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
C:\Windows\System32\Wbem NT SERVICE\TrustedInstaller:(F)
BUILTIN\Administrators:(M)
BUILTIN\Administrators:(OI)(CI)(IO)(F)
C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps NT AUTHORITY\SYSTEM:(OI)(CI)(F)
BUILTIN\Administrators:(OI)(CI)(F)
IVT\Administrator:(OI)(CI)(F)
[32m[*][97m CREDENTIALS
[33m[+][97m WINDOWS VAULT
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#credentials-manager--windows-vault
Currently stored credentials:
Target: WindowsLive:target=virtualapp/didlogical
Type: Generic
User: 02clguuciclv
Local machine persistence
[33m[+][97m DPAPI MASTER KEYS
[i] Use the Mimikatz 'dpapi::masterkey' module with appropriate arguments (/rpc) to decrypt
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#dpapi
Directory: C:\Users\Administrator\AppData\Roaming\Microsoft\Protect
Mode LastWriteTime Length Name
---- ------------- ------ ----
d---s- 5/2/2026 8:31 AM S-1-5-21-2204472844-543932781-3722524442-500
[33m[+][97m DPAPI MASTER KEYS
[i] Use the Mimikatz 'dpapi::cred' module with appropriate /masterkey to decrypt
[i] You can also extract many DPAPI masterkeys from memory with the Mimikatz 'sekurlsa::dpapi' module
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#dpapi
Looking inside C:\Users\Administrator\AppData\Roaming\Microsoft\Credentials\
Looking inside C:\Users\Administrator\AppData\Local\Microsoft\Credentials\
DFBE70A7E5CC19A398EBF1B96859CE5D
[33m[+][97m Unattended files
[33m[+][97m SAM and SYSTEM backups
C:\Windows\System32\config\RegBack\SAM exists.
C:\Windows\System32\config\SAM exists.
C:\Windows\System32\config\SYSTEM exists.
C:\Windows\System32\config\RegBack\SYSTEM exists.
[33m[+][97m McAffee SiteList.xml
Volume in drive C has no label.
Volume Serial Number is D853-481C
Volume in drive C has no label.
Volume Serial Number is D853-481C
Volume in drive C has no label.
Volume Serial Number is D853-481C
Volume in drive C has no label.
Volume Serial Number is D853-481C
[33m[+][97m GPP Password
[33m[+][97m Cloud Credentials
[33m[+][97m AppCmd
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#appcmdexe
[33m[+][97m Files in registry that may contain credentials
[i] Searching specific files that may contains credentials.
[?] https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html#files-and-registry-credentials
Looking inside HKCU\Software\ORL\WinVNC3\Password
Looking inside HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4/password
Looking inside HKLM\SOFTWARE\Microsoft\Windows NT\Currentversion\WinLogon
DefaultDomainName REG_SZ IVT
DefaultUserName REG_SZ
Looking inside HKLM\SYSTEM\CurrentControlSet\Services\SNMP
Looking inside HKCU\Software\TightVNC\Server
Looking inside HKCU\Software\SimonTatham\PuTTY\Sessions
Looking inside HKCU\Software\OpenSSH\Agent\Keys
C:\Users\Administrator\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_ChangePassword.settingcontent-ms
C:\Users\Administrator\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PicturePassword.settingcontent-ms
C:\Users\Administrator\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_Users_PINPassword.settingcontent-ms
C:\Users\Administrator\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\LocalState\Indexed\Settings\en-US\AAA_SystemSettings_SyncSettings_SyncCredentials_Toggle.settingcontent-ms
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
C:\Windows\NTDS\ntds.dit
C:\Windows\Panther\setupinfo
C:\Windows\System32\ntds.dit
C:\Windows\System32\config\SAM
C:\Windows\System32\config\SYSTEM
C:\Windows\System32\config\RegBack\SAM
C:\Windows\System32\config\RegBack\SYSTEM
C:\Windows\WinSxS\amd64_ipamprov-dcnps_31bf3856ad364e35_10.0.14393.0_none_cdac19dfa8a77ad1\ScheduledTasks.xml
C:\Windows\WinSxS\amd64_ipamprov-dhcp_31bf3856ad364e35_10.0.14393.0_none_a19eacea09ae3f5a\ScheduledTasks.xml
C:\Windows\WinSxS\amd64_ipamprov-dns_31bf3856ad364e35_10.0.14393.0_none_bf00b750ada9b4f8\ScheduledTasks.xml
C:\Windows\WinSxS\amd64_microsoft-windows-d..rvices-domain-files_31bf3856ad364e35_10.0.14393.0_none_c87f79b55a12b273\ntds.dit
C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.0_none_3e5dde3fcb84fbb3\appcmd.exe
C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.206_none_4aedafd7529b7197\appcmd.exe
C:\Windows\WinSxS\amd64_microsoft-windows-webenroll.resources_31bf3856ad364e35_10.0.14393.0_en-us_b0dddd8679392b32\certnew.cer
C:\Windows\WinSxS\wow64_ipamprov-dcnps_31bf3856ad364e35_10.0.14393.0_none_d800c431dd083ccc\ScheduledTasks.xml
C:\Windows\WinSxS\wow64_ipamprov-dhcp_31bf3856ad364e35_10.0.14393.0_none_abf3573c3e0f0155\ScheduledTasks.xml
C:\Windows\WinSxS\wow64_ipamprov-dns_31bf3856ad364e35_10.0.14393.0_none_c95561a2e20a76f3\ScheduledTasks.xml
C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.0_none_48b28891ffe5bdae\appcmd.exe
C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.14393.206_none_55425a2986fc3392\appcmd.exe
---
Scan complete.
