PEAS
*evil-winrm* ps c:\tmp> upload winPEASany.exe C:\tmp\winPEASany.exe
info: Uploading winPEASany.exe to C:\tmp\winPEASany.exe
data: 2625536 bytes of 2625536 bytes copied
info: Upload successful!Delivery complete
Executing PEAS
AV
PESA claims that there is no AV
KrbRelayUp
Privileges
The svc-printer user has a lot of privileges.
I will get into this in a separate page
Services
It seems that the membership to the Server Operators group grants the write access to many registries
ÉÍÍÍÍÍÍÍÍÍ͹ Looking if you can modify any service registry
è check if you can modify the registry of a service https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation#services-registry-permissions
HKLM\system\currentcontrolset\services\.NET CLR Data (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\.NET CLR Networking (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\.NET CLR Networking 4.0.0.0 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\.NET Data Provider for Oracle (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\.NET Data Provider for SqlServer (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\.NET Memory Cache 4.0 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\.NETFramework (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\1394ohci (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\3ware (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ACPI (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AcpiDev (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\acpiex (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\acpipagr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AcpiPmi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\acpitime (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ADOVMPPackage (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ADP80XX (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\adsi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ADWS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AFD (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\afunix (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ahcache (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AJRouter (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ALG (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AmdK8 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AmdPPM (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\amdsata (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\amdsbs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\amdxata (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppHostSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppID (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppIDSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Appinfo (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\applockerfltr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppMgmt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppReadiness (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppVClient (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppvStrm (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppvVemgr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppvVfs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AppXSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\arcsas (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AsyncMac (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\atapi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AudioEndpointBuilder (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Audiosrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\AxInstSV (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\b06bdrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bam (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BasicDisplay (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BasicRender (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BattC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bcmfn2 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Beep (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bfadfcoei (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bfadi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BFE (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bindflt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BITS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bowser (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BrokerInfrastructure (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BTAGService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BthAvctpSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BthEnum (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BthLEEnum (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BthMini (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BTHPORT (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bthserv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\BTHUSB (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bttflt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\buttonconverter (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bxfcoe (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\bxois (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\camsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CapImg (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CaptureService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\cbdhsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\cdfs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CDPSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CDPUserSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\cdrom (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CertPropSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\cht4iscsi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\cht4vbd (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CldFlt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CLFS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ClipSVC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\clr_optimization_v4.0.30319_32 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\clr_optimization_v4.0.30319_64 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CmBatt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CNG (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\cnghwassist (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CompositeBus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\COMSysApp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\condrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ConsentUxUserSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CoreMessagingRegistrar (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CoreUI (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\crypt32 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CryptSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CSC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\CscService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\dam (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DCLocator (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\defragsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DeviceAssociationService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DeviceInstall (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DevicePickerUserSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DevicesFlowUserSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DevQueryBroker (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Dfs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Dfsc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DfsDriver (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DFSR (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DfsrRo (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\diagnosticshub.standardcollector.service (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DiagTrack (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Disk (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DmEnrollmentSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\dmvsc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\dmwappushservice (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DNS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Dnscache (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DoSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\dot3svc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\drmkaud (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DsmSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DsRoleSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DsSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\DXGKrnl (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Eaphost (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ebdrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\efifw (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\EFS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\EhStorClass (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\EhStorTcgDrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\elxfcoe (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\elxstor (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\embeddedmode (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\EntAppSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ErrDev (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ESENT (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\EventSystem (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\exfat (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\fastfat (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\fcvsc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\fdc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\fdPHost (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\FDResPub (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\FileCrypt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\FileInfo (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Filetrace (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\flpydisk (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\FltMgr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\FontCache (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\FrameServer (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\FsDepends (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Fs_Rec (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\gencounter (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\genericusbfn (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\GPIOClx0101 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\GraphicsPerfSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HDAudBus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HidBatt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\hidinterrupt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\hidserv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HidUsb (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HomeGroupListener (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HpSAMD (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HTTP (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\hvcrash (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HvHost (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\hvservice (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HwNClx0101 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\hwpolicy (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\hyperkbd (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\HyperVideo (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\iaLPSSi_GPIO (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\iaLPSSi_I2C (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\iaStorAVC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\iaStorV (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ibbus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\icssvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\IKEEXT (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\IndirectKmd (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\inetaccs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\InetInfo (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\InstallService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\intelpep (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\intelppm (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\iorate (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\IpFilterDriver (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\iphlpsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\IPMIDRV (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\IPNAT (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\IPsecGW (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\IPT (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\isapnp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\iScsiPrt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\IsmServ (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ItSas35i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\kbdclass (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\kbdhid (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\kdnic (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\KdsSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\KeyIso (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\KPSSVC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\KSecDD (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\KSecPkg (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ksthunk (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\KtmRm (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\LanmanServer (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\LanmanWorkstation (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ldap (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\lfsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\LicenseManager (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\lltdio (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\lltdsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\lmhosts (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Lsa (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\LSI_SAS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\LSI_SAS2i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\LSI_SAS3i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\LSI_SSS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\LSM (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\luafv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MapsBroker (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mausbhost (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mausbip (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\megasas (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\megasas2i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\megasas35i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\megasr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Microsoft_Bluetooth_AvrcpTransport (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mlx4_bus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MMCSS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Modem (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\monitor (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mouclass (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mouhid (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mountmgr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MpKslceeb2796 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mpsdrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mpssvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mrxsmb (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mrxsmb20 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MsBridge (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MSDTC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MSDTC Bridge 4.0.0.0 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Msfs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\msgpiowin32 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mshidkmdf (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mshidumdf (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\msisadrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MSiSCSI (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\msiserver (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MSKSSRV (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MsLbfoProvider (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MsLldp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MSPCLOCK (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MSPQM (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MsRPC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MSSCNTRS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MsSecFlt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mssmbios (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MSTEE (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\MTConfig (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Mup (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\mvumis (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\napagent (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NcaSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NcbService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ndfltr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NDIS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NdisCap (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NdisImPlatform (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NdisTapi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Ndisuio (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NdisVirtualBus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NdisWan (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ndiswanlegacy (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ndproxy (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NetAdapterCx (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NetBIOS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NetbiosSmb (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Netlogon (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Netman (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\netprofm (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NetSetupSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NetTcpPortSharing (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\netvsc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\netvscvfpp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NgcCtnrSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NgcSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\NlaSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Npfs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\npsvctrig (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\nsi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\nsiproxy (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Ntfs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Null (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\nvdimm (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\nvraid (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\nvstor (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Parport (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\partmgr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PcaSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\pci (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\pciide (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\pcmcia (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\pcw (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\pdc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PEAUTH (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\percsas2i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\percsas3i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PerfDisk (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PerfHost (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PerfNet (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PerfOS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PerfProc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PhoneSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PimIndexMaintenanceSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PktMon (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\pla (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PlugPlay (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\pmem (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PNPMEM (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PolicyAgent (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PortProxy (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Power (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PptpMiniport (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PrintNotify (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PrintWorkflowUserSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Processor (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ProfSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Psched (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\PushToInstall (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\pvscsi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\qebdrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\qefcoe (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\qeois (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ql2300i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ql40xx2i (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\qlfcoei (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\QWAVE (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\QWAVEdrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Ramdisk (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RasAcd (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RasAgileVpn (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RasGre (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Rasl2tp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RasPppoe (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RasSstp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\rdbss (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RDMANDK (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\rdpbus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RDPDR (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RDPNP (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RDPUDD (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RdpVideoMiniport (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ReFS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ReFSv1 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RemoteRegistry (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RFCOMM (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\rhproxy (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RmSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RpcEptMapper (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RpcLocator (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\RSoPProv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\rspndr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\s3cap (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\sacdrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\sacsvr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\sbp2port (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SCardSvr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ScDeviceEnum (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\scfilter (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Schedule (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\scmbus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SCPolicySvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\sdbus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SDFRd (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\sdstor (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\seclogon (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SecurityHealthService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SEMgrSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SENS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Sense (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SensorDataService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SensorService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SensrSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SerCx (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SerCx2 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Serenum (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Serial (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\sermouse (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SessionEnv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\sfloppy (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SgrmAgent (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SgrmBroker (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SharedAccess (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ShellHWDetection (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\shpamsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SiSRaid2 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SiSRaid4 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SmartPqi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SmartSAMD (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\smbdirect (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\smphost (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SMSvcHost 4.0.0.0 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SNMP (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SNMPTRAP (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\spaceport (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SpbCx (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Spooler (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\sppsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\srv2 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\srvnet (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SSDPSRV (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ssh-agent (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SstpSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\StateRepository (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\stexstor (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\stisvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\storahci (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\storflt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\stornvme (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\storqosflt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\StorSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\storufs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\storvsc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\svga_wddm (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\svsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\swenum (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\swprv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Synth3dVsc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SysMain (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\SystemEventsBroker (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TabletInputService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\tapisrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TCPIP6TUNNEL (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\tcpipreg (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TCPIPTUNNEL (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\tdx (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\terminpt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TermService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Themes (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TieringEngineService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TimeBrokerSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TokenBroker (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TPM (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TSDDD (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TsUsbFlt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\TsUsbGD (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\tsusbhub (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\tunnel (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\tzautoupdate (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UALSVC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UASPStor (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UcmCx0101 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UcmTcpciCx0101 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UcmUcsi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UcmUcsiAcpiClient (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UcmUcsiCx0101 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Ucx01000 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UdeCx (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\udfs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UEFI (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UevAgentDriver (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UevAgentService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Ufx01000 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UfxChipidea (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ufxsynopsys (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UGatherer (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UGTHRSVC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\umbus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UmPass (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UmRdpService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UnistoreSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\upnphost (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UrsChipidea (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UrsCx01000 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UrsSynopsys (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\usbccgp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\usbehci (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\usbhub (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\USBHUB3 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\usbohci (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\usbprint (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\usbser (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\USBSTOR (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\usbuhci (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\USBXHCI (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UserDataSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UserManager (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\UsoSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\VaultSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vdrvroot (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vds (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\VerifierExt (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\VGAuthService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vhdmp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vhf (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vm3dmp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vm3dmp-debug (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vm3dmp-stats (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vm3dmp_loader (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vm3dservice (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmbus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\VMBusHID (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmci (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmgid (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmicguestinterface (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmicheartbeat (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmickvpexchange (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmicrdv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmicshutdown (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmictimesync (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmicvmsession (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmicvss (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\VMMemCtl (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmmouse (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\VMTools (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmusbmouse (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmvss (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmwefifw (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmxnet3 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vmxnet3ndis6 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\volmgr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\volmgrx (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\volsnap (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\volume (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vpci (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vsmraid (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vsock (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vsockDll (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vsockSys (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\VSS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\VSTXRAID (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\vwifibus (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\w3logsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\W3SVC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WaaSMedicSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WacomPen (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WalletService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\wanarp (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\wanarpv6 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WarpJITSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WAS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WbioSrvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\wcifs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Wcmsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\wcnfs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WdBoot (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Wdf01000 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WdFilter (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WdmCompanionFilter (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WdNisDrv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WdNisSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Wecsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WEPHOSTSVC (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\wercplsupport (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WerSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WFPLWFS (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WiaRpc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WIMMount (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WinDefend (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Windows Workflow Foundation 4.0.0.0 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WindowsTrustedRT (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WindowsTrustedRTProxy (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WinHttpAutoProxySvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WinMad (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WinNat (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WinQuic (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WinRM (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Winsock (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WinSock2 (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WINUSB (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WinVerbs (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\wisvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WlanSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\wlidsvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WmiAcpi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WMPNetworkSvc (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\Wof (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\workerdd (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WPDBusEnum (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WpdUpFltr (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WpnService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WpnUserService (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\ws2ifsl (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WSearch (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WSearchIdxPi (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\wuauserv (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WudfPf (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\WUDFRd (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\xmlprov (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\{6D282A92-22A5-4DCC-909E-3A11A53D9807} (Server Operators [WriteKey GenericWrite])
HKLM\system\currentcontrolset\services\{70A1C44A-FA0A-4993-8749-0419078CF998} (Server Operators [WriteKey GenericWrite])The list goes on
One of them being this. It likely requires rebooting the system, which isn’t a viable option for me
Spooler
PEAS also detected that spooler service is running; PID of 2792
WSL & AppCmd.exe
AppCmd.exe is present