API tools faq
paste
Advertisement
MeKLiN2

CopticScriptEgyptianWindowsSamHiveDecoded

MeKLiN2
May 21st, 2024
43
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.58 KB | None | 0 0
raw download clone embed print report
  1. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-80-956008885-3418522649-1831038044-1853292631]
  2. @=""
  3.  
  4. 876402C0(2271478464) = Ƞ
  5. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-80-956008885-3418522649-1831038044-1853292631\876402C0]
  6. @="Ƞ"
  7.  
  8. TrustedInstaller RID (LUID)
  9. CLEARLY THE -PART(501,1000,ETC)
  10. S-1-5-80-956008885-3418522649-1831038044-1853292631
  11. FULL DOMAIN (THE SID HAS THE ENDING SUFFIX 2271478464
  12. S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
  13. *********** FULL TRUSTED INSTALLER SID *************
  14.  
  15. **** ROOT UNICODE DESTROYS THE DOMAIN ****
  16.  
  17. **** DATA IN '.REG' FORMAT AS ORIGINAL IN NOTEPAD LINE BREAKS/SPACING ***
  18.  
  19. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5]
  20. @=hex:
  21.  
  22. 00000004] SZ
  23. @="ȡ"
  24.  
  25. 0000000B] SZ
  26. @="ȡ"
  27.  
  28. 00000011] SZ
  29. @="ȸ"
  30. Windows Registry Editor Version 5.00
  31.  
  32. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5\000003E7]
  33. @="ϩ"
  34.  
  35. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-3947544656-2014248660-3822616995\000003E7]
  36. @="ϩ"
  37. -----------------------------------------------
  38. \S-1-5-21-3857256076-1075314236-4170261994]
  39. @=hex(5):
  40.  
  41. 000001F4(500) = Ƞ REG_SZ, LIKE TRUSTEDINSTALLER
  42. \000001F4] WHICH IT CREATED ITSELF
  43. @="Ƞ" ALONG WITH S1580 DOMAIN
  44.  
  45. 000001F5(501) = Ƞ REG_SZ
  46. \000001F5]
  47. @="Ƞ"
  48.  
  49. 000001F7(503) = Ʌ REG_SZ
  50. \000001F7]
  51. @="Ʌ"
  52.  
  53. 000003EB(1003) = ȡ , REG_EXPAND_SZ
  54. 000003EB]
  55. @=hex(2):21,02,00,00,20,02,00,00
  56.  
  57. 000003EC(1004) = ȡ , REG_SZ, LIKE THE S1580
  58. \000003EC] DOMAIN ALIAS ONE, AUTO-
  59. @="ȡ" CREATED, AND ALSO A SZ
  60. THIS WAS WHERE TRUSTED-
  61. INSTALLER WENT FIRST,
  62. SIMULTANEOUSLY CLONED
  63. INTO THE S1580 DOMAIN
  64.  
  65. *** REMOVES INSTANTLY 'TRUSTEDINSTALLER' *** BY LUSRMGR AUTOMATICALLY
  66. REPLACING IN ITS HEX/RID/LUID STATE INTO THE S1580 DOMAIN ALIAS BELOW
  67. Registry Key Change Type Value Name Value Data Value Type Data Length Value Data Changed To Value Type Changed To Data Length Changed To Key Modified Time 1 Key Modified Time 2
  68. HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003EC Removed Key 3/31/2024 11:18:47 PM
  69. HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\TRUSTEDINSTALLER Removed Key 3/31/2024 11:18:47 PM
  70.  
  71.  
  72. A REVERSE HEXIDECIMAL STRING
  73. FROM ITS DOMAIN (NT SERVICE)
  74. S-1-5-80-956, MEANING IT USES
  75. ITS DOMAIN NEVER ITS RID
  76. AS WE DO AS GUEST/"SYSTEM"
  77. TAKEOWN = DESKTOP-12384
  78. 876402C0
  79. WHICH IS 2271478464, THE LAST
  80. STRING IN ITS DOMAIN SID
  81. THAT MEANS THE RID OF TRUSTED IS
  82. HIDDEN WITHIN THE DOMAIN SID ITSELF
  83. SO REFERENCES TO IT MAY BE SHORTER
  84. TO ACCOUNT FOR THAT SIGNIFICANT DIFF
  85. IN SID LENGTH.
  86. C0026487 IN DECI:
  87. 3221382279
  88. S-1-5- 80 = 50
  89.  
  90. 21 02 00 00 00 00 00 00 00 01 00 00 03 00 01 00 00 01 00 00 0A 00 00 00 00 00 00 00 0C 01 00 00 D6 00 00 00 00 00 00 00 E4 01 00 00 34 00 00 00 03 00 00 00 01 00 14 80 E0 00 00 00 F0 00 00 00 14 00 00 00 44 00 00 00 02 00 30 00 02 00 00 00 02 C0 14 00 13 00 05 01 01 01 00 00 00 00 00 01 00 00 00 00 02 C0 14 00 FF FF 1F 00 01 01 00 00 00 00 00 05 07 00 00 00 02 00 9C 00 05 00 00 00 00 00 14 00 0C 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 18 00 1F 00 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 1F 00 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 24 02 00 00 00 00 18 00 1F 00 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 38 00 0C 00 02 00 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 DE A2 28 67 21 3E D2 AF 19 AD 5D 79 B0 C1 07 29 27 56 FC 20 D8 AD 66 F6 10 F2 68 FA DF 2A F8 0F 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 55 00 73 00 65 00 72 00 73 00 00 00 55 00 73 00 65 00 72 00 73 00 20 00 61 00 72 00 65 00 20 00 70 00 72 00 65 00 76 00 65 00 6E 00 74 00 65 00 64 00 20 00 66 00 72 00 6F 00 6D 00 20 00 6D 00 61 00 6B 00 69 00 6E 00 67 00 20 00 61 00 63 00 63 00 69 00 64 00 65 00 6E 00 74 00 61 00 6C 00 20 00 6F 00 72 00 20 00 69 00 6E 00 74 00 65 00 6E 00 74 00 69 00 6F 00 6E 00 61 00 6C 00 20 00 73 00 79 00 73 00 74 00 65 00 6D 00 2D 00 77 00 69 00 64 00 65 00 20 00 63 00 68 00 61 00 6E 00 67 00 65 00 73 00 20 00 61 00 6E 00 64 00 20 00 63 00 61 00 6E 00 20 00 72 00 75 00 6E 00 20 00 6D 00 6F 00 73 00 74 00 20 00 61 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 73 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 01 01 00 00 00 00 00 05 0B 00 00 00 01 05 00 00 00 00 00 05 15 00 00 00 8C 0E E9 E5 3C FE 17 40 EA 25 91 F8 EB 03 00 00
  91.  
  92. TRUSTEDINSTALLER IN USERS ONLY
  93. NOTE QUITE "NT SERVICE" YET
  94. DESPITE THE DOMAIN THERE
  95. IT HAS NO "ALIAS"
  96.  
  97. NOW TO ADD A GENERIC GROUP, AND GET THE
  98. BINARY IT ASSOCIATES WITH THE DOMAIN
  99. SID INSTEAD OF THE NEW ONE IT WILL CREATE *
  100.  
  101. ----------------------
  102.  
  103.  
  104. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-80-956008885-3418522649-1831038044-1853292631]
  105. @=""
  106.  
  107. 876402C0(2271478464) = Ƞ
  108. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-80-956008885-3418522649-1831038044-1853292631\876402C0]
  109. @="Ƞ"
  110.  
  111. TrustedInstaller RID (LUID)
  112. CLEARLY THE -PART(501,1000,ETC)
  113. S-1-5-80-956008885-3418522649-1831038044-1853292631
  114. FULL DOMAIN (THE SID HAS THE ENDING SUFFIX 2271478464
  115. S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464
  116. *********** FULL TRUSTED INSTALLER SID *************
  117.  
  118. **** ROOT UNICODE DESTROYS THE DOMAIN ****
  119.  
  120. **** DATA IN '.REG' FORMAT AS ORIGINAL IN NOTEPAD LINE BREAKS/SPACING ***
  121.  
  122. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5]
  123. @=hex:
  124.  
  125. 00000004] SZ
  126. @="ȡ"
  127.  
  128. 0000000B] SZ
  129. @="ȡ"
  130.  
  131. 00000011] SZ
  132. @="ȸ"
  133.  
  134. -----------------------------------------------
  135. \S-1-5-21-3857256076-1075314236-4170261994]
  136. @=hex(5):
  137.  
  138. 000001F4(500) = Ƞ REG_SZ, LIKE TRUSTEDINSTALLER
  139. \000001F4] WHICH IT CREATED ITSELF
  140. @="Ƞ" ALONG WITH S1580 DOMAIN
  141.  
  142. 000001F5(501) = Ƞ REG_SZ
  143. \000001F5]
  144. @="Ƞ"
  145.  
  146. 000001F7(503) = Ʌ REG_SZ
  147. \000001F7]
  148. @="Ʌ"
  149.  
  150. 000003EB(1003) = ȡ , REG_EXPAND_SZ
  151. 000003EB]
  152. @=hex(2):21,02,00,00,20,02,00,00
  153.  
  154. 000003EC(1004) = ȡ , REG_SZ, LIKE THE S1580
  155. \000003EC] DOMAIN ALIAS ONE, AUTO-
  156. @="ȡ" CREATED, AND ALSO A SZ
  157. THIS WAS WHERE TRUSTED-
  158. INSTALLER WENT FIRST,
  159. SIMULTANEOUSLY CLONED
  160. INTO THE S1580 DOMAIN
  161.  
  162. *** REMOVES INSTANTLY 'TRUSTEDINSTALLER' *** BY LUSRMGR AUTOMATICALLY
  163. REPLACING IN ITS HEX/RID/LUID STATE INTO THE S1580 DOMAIN ALIAS BELOW
  164. Registry Key Change Type Value Name Value Data Value Type Data Length Value Data Changed To Value Type Changed To Data Length Changed To Key Modified Time 1 Key Modified Time 2
  165. HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000003EC Removed Key 3/31/2024 11:18:47 PM
  166. HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\Names\TRUSTEDINSTALLER Removed Key 3/31/2024 11:18:47 PM
  167.  
  168.  
  169. A REVERSE HEXIDECIMAL STRING
  170. FROM ITS DOMAIN (NT SERVICE)
  171. S-1-5-80-956, MEANING IT USES
  172. ITS DOMAIN NEVER ITS RID
  173. AS WE DO AS GUEST/"SYSTEM"
  174. TAKEOWN = DESKTOP-12384
  175. 876402C0
  176. WHICH IS 2271478464, THE LAST
  177. STRING IN ITS DOMAIN SID
  178. THAT MEANS THE RID OF TRUSTED IS
  179. HIDDEN WITHIN THE DOMAIN SID ITSELF
  180. SO REFERENCES TO IT MAY BE SHORTER
  181. TO ACCOUNT FOR THAT SIGNIFICANT DIFF
  182. IN SID LENGTH.
  183. C0026487 IN DECI:
  184. 3221382279
  185. S-1-5- 80 = 50
  186.  
  187. 21 02 00 00 00 00 00 00 00 01 00 00 03 00 01 00 00 01 00 00 0A 00 00 00 00 00 00 00 0C 01 00 00 D6 00 00 00 00 00 00 00 E4 01 00 00 34 00 00 00 03 00 00 00 01 00 14 80 E0 00 00 00 F0 00 00 00 14 00 00 00 44 00 00 00 02 00 30 00 02 00 00 00 02 C0 14 00 13 00 05 01 01 01 00 00 00 00 00 01 00 00 00 00 02 C0 14 00 FF FF 1F 00 01 01 00 00 00 00 00 05 07 00 00 00 02 00 9C 00 05 00 00 00 00 00 14 00 0C 00 02 00 01 01 00 00 00 00 00 01 00 00 00 00 00 00 18 00 1F 00 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 18 00 1F 00 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 24 02 00 00 00 00 18 00 1F 00 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 00 00 38 00 0C 00 02 00 01 0A 00 00 00 00 00 0F 03 00 00 00 00 04 00 00 DE A2 28 67 21 3E D2 AF 19 AD 5D 79 B0 C1 07 29 27 56 FC 20 D8 AD 66 F6 10 F2 68 FA DF 2A F8 0F 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 55 00 73 00 65 00 72 00 73 00 00 00 55 00 73 00 65 00 72 00 73 00 20 00 61 00 72 00 65 00 20 00 70 00 72 00 65 00 76 00 65 00 6E 00 74 00 65 00 64 00 20 00 66 00 72 00 6F 00 6D 00 20 00 6D 00 61 00 6B 00 69 00 6E 00 67 00 20 00 61 00 63 00 63 00 69 00 64 00 65 00 6E 00 74 00 61 00 6C 00 20 00 6F 00 72 00 20 00 69 00 6E 00 74 00 65 00 6E 00 74 00 69 00 6F 00 6E 00 61 00 6C 00 20 00 73 00 79 00 73 00 74 00 65 00 6D 00 2D 00 77 00 69 00 64 00 65 00 20 00 63 00 68 00 61 00 6E 00 67 00 65 00 73 00 20 00 61 00 6E 00 64 00 20 00 63 00 61 00 6E 00 20 00 72 00 75 00 6E 00 20 00 6D 00 6F 00 73 00 74 00 20 00 61 00 70 00 70 00 6C 00 69 00 63 00 61 00 74 00 69 00 6F 00 6E 00 73 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 01 01 00 00 00 00 00 05 0B 00 00 00 01 05 00 00 00 00 00 05 15 00 00 00 8C 0E E9 E5 3C FE 17 40 EA 25 91 F8 EB 03 00 00
  188.  
  189. TRUSTEDINSTALLER IN USERS ONLY
  190. NOTE QUITE "NT SERVICE" YET
  191. DESPITE THE DOMAIN THERE
  192. IT HAS NO "ALIAS"
  193.  
  194. NOW TO ADD A GENERIC GROUP, AND GET THE
  195. BINARY IT ASSOCIATES WITH THE DOMAIN
  196. SID INSTEAD OF THE NEW ONE IT WILL CREATE *
  197.  
  198. ----------------------
  199.  
  200.  
  201.  
  202.  
  203. Windows Registry Editor Version 5.00
  204.  
  205. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Account\Aliases\Members\S-1-5\00000012]
  206. @=hex(2):e9,03,00,00,ea,03,00,00
  207.  
  208. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Account\Users\00000012]
  209. "F"=hex:03,00,01,00,00,00,00,00,d7,de,9d,7a,ba,8c,da,01,00,00,00,00,00,00,00,\
  210. 00,c6,5c,ed,99,01,8c,da,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  211. f4,01,00,00,01,02,00,00,10,02,00,00,00,00,00,00,00,00,01,00,01,00,00,00,00,\
  212. 00,00,00,00,00,04,00
  213. "V"=hex:00,00,00,00,f4,00,00,00,03,00,01,00,f4,00,00,00,1a,00,00,00,00,00,00,\
  214. 00,10,01,00,00,00,00,00,00,00,00,00,00,10,01,00,00,6c,00,00,00,00,00,00,00,\
  215. 7c,01,00,00,00,00,00,00,00,00,00,00,7c,01,00,00,00,00,00,00,00,00,00,00,7c,\
  216. 01,00,00,00,00,00,00,00,00,00,00,7c,01,00,00,00,00,00,00,00,00,00,00,7c,01,\
  217. 00,00,00,00,00,00,00,00,00,00,7c,01,00,00,00,00,00,00,00,00,00,00,7c,01,00,\
  218. 00,00,00,00,00,00,00,00,00,7c,01,00,00,15,00,00,00,a8,00,00,00,94,01,00,00,\
  219. 08,00,00,00,01,00,00,00,9c,01,00,00,18,00,00,00,00,00,00,00,b4,01,00,00,38,\
  220. 00,00,00,00,00,00,00,ec,01,00,00,18,00,00,00,00,00,00,00,04,02,00,00,18,00,\
  221. 00,00,00,00,00,00,01,00,14,80,d4,00,00,00,e4,00,00,00,14,00,00,00,44,00,00,\
  222. 00,02,00,30,00,02,00,00,00,02,c0,14,00,44,00,05,01,01,01,00,00,00,00,00,01,\
  223. 00,00,00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,\
  224. 00,90,00,04,00,00,00,00,00,14,00,5b,03,02,00,01,01,00,00,00,00,00,01,00,00,\
  225. 00,00,00,00,18,00,ff,07,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\
  226. 00,00,00,38,00,1b,03,02,00,01,0a,00,00,00,00,00,0f,03,00,00,00,00,04,00,00,\
  227. de,a2,28,67,21,3e,d2,af,19,ad,5d,79,b0,c1,07,29,27,56,fc,20,d8,ad,66,f6,10,\
  228. f2,68,fa,df,2a,f8,0f,00,00,24,00,44,00,02,00,01,05,00,00,00,00,00,05,15,00,\
  229. 00,00,50,c0,4a,eb,d4,fe,0e,78,a3,81,d8,e3,f4,01,00,00,01,02,00,00,00,00,00,\
  230. 05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,\
  231. 41,00,64,00,6d,00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,6f,00,72,\
  232. 00,64,00,42,00,75,00,69,00,6c,00,74,00,2d,00,69,00,6e,00,20,00,61,00,63,00,\
  233. 63,00,6f,00,75,00,6e,00,74,00,20,00,66,00,6f,00,72,00,20,00,61,00,64,00,6d,\
  234. 00,69,00,6e,00,69,00,73,00,74,00,65,00,72,00,69,00,6e,00,67,00,20,00,74,00,\
  235. 68,00,65,00,20,00,63,00,6f,00,6d,00,70,00,75,00,74,00,65,00,72,00,2f,00,64,\
  236. 00,6f,00,6d,00,61,00,69,00,6e,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
  237. ff,ff,ff,ff,ff,ff,ff,d4,bb,97,01,02,00,00,07,00,00,00,02,00,02,00,00,00,00,\
  238. 00,39,dd,25,26,fa,83,d5,38,47,2b,34,b6,43,41,20,02,02,00,02,00,10,00,00,00,\
  239. ac,c3,5a,2a,57,88,cb,34,c2,b2,29,61,94,26,ea,0d,62,b9,e2,c3,a7,ec,1d,2a,5a,\
  240. a6,4f,2a,b2,34,c5,27,23,29,46,df,8b,1f,d3,e7,74,c8,72,fd,30,08,f1,bf,02,00,\
  241. 02,00,00,00,00,00,7b,57,8e,72,f4,b8,0a,dd,1f,44,da,db,4d,90,ae,71,02,00,02,\
  242. 00,00,00,00,00,9b,45,aa,10,82,b6,15,e8,f3,d2,6b,49,68,80,83,a3
  243. "SupplementalCredentials"=hex:00,00,00,00,34,04,00,00,02,00,02,00,40,04,00,00,\
  244. e9,24,6c,60,54,cb,1e,67,b5,a5,5c,cf,ed,79,af,db,a5,42,97,ae,c7,07,b5,81,52,\
  245. 37,d8,b6,f9,f7,87,99,ef,70,d2,e0,12,2d,82,76,60,ed,6a,db,3a,b6,a4,38,91,63,\
  246. 36,f7,a0,92,54,b8,e5,3a,a7,d6,53,06,99,27,10,62,ef,05,ac,41,45,78,91,18,58,\
  247. b1,aa,a4,3c,90,7a,6a,dd,2d,00,17,0e,86,80,99,be,44,2a,a7,73,ed,c0,e8,21,8c,\
  248. ca,d0,0b,a4,1b,c1,3c,32,12,d1,eb,6e,5b,8d,ec,db,7f,31,f6,64,f5,a1,bd,60,4e,\
  249. a1,b8,f2,40,10,d8,94,63,ba,65,be,db,f1,ee,25,51,59,60,36,04,17,bb,d3,e0,e5,\
  250. 92,a4,bb,71,96,46,4b,3d,9b,7d,b1,0d,b5,d3,3a,ff,ea,08,27,e7,22,a5,ee,c2,ab,\
  251. f2,e2,b6,a4,d1,d2,7e,d8,79,cf,9f,4c,61,96,de,3b,51,6d,67,c4,51,2d,ec,c7,89,\
  252. 4a,ff,f0,60,d7,1d,c9,00,f9,8f,13,06,ee,6d,5a,51,20,12,3d,66,fc,6c,47,2b,8a,\
  253. de,da,ad,3d,ec,44,94,b7,10,c2,ca,6d,ce,d0,84,b5,9d,19,91,cc,b3,26,ab,df,bb,\
  254. c1,25,e9,a2,b0,1b,6e,95,e5,0e,da,18,11,26,0f,4a,51,55,93,4c,11,cb,de,d6,bc,\
  255. 10,73,2e,e2,75,e2,cc,8e,90,34,4d,c4,ee,ed,2a,fb,50,86,cd,f1,70,cc,7f,34,25,\
  256. 17,aa,a0,87,f7,a4,51,11,44,28,c4,9c,71,4d,78,86,44,38,1d,49,0a,01,3c,54,45,\
  257. 6d,3d,f5,4c,4d,48,06,f1,e5,f6,e6,82,76,3f,c8,2c,f6,68,31,82,df,c0,bc,66,87,\
  258. 2e,34,0f,d8,96,38,67,fb,30,f0,5b,de,7e,d6,f4,8a,c8,76,89,db,76,03,21,d0,99,\
  259. ca,11,9c,d1,e2,fc,fb,73,fe,e5,1d,c9,10,2d,d5,af,3d,8f,c1,a2,26,e0,e0,26,b9,\
  260. f9,36,0d,a2,6d,65,95,56,8a,60,0a,81,c4,34,90,1a,d2,1f,1a,4c,3f,1c,68,b7,f2,\
  261. f0,6a,fa,3f,c1,e0,ae,89,39,3f,94,87,70,fa,88,43,03,ac,6e,7d,69,d3,97,a4,43,\
  262. 4d,c6,68,b7,1c,6b,ec,15,3b,53,85,04,40,b8,a0,69,e4,a2,ef,b7,10,dd,2a,b5,f3,\
  263. 79,24,d1,8d,ba,f7,05,83,08,ba,79,08,18,e2,48,53,90,3f,33,4b,1e,e2,81,49,17,\
  264. 51,46,3f,6d,c0,6f,50,1a,52,cb,18,01,99,9f,38,93,19,17,fb,ee,60,70,f4,8d,a0,\
  265. e9,65,72,99,bf,87,d8,e4,77,91,fb,b2,06,b9,6b,b2,72,fa,16,bd,a5,b8,c8,db,5c,\
  266. 8f,bd,cd,e0,0c,ac,6c,6f,b6,d5,a6,3c,53,d9,2c,05,92,e9,cc,e1,86,11,86,ab,21,\
  267. b9,7c,68,96,1c,df,97,bb,74,78,f6,b3,31,19,fe,e5,81,9c,81,11,9c,a6,d6,21,2e,\
  268. c7,e9,5f,d8,62,fb,e2,82,67,75,6c,e5,d9,92,12,3e,af,b4,d7,dd,4f,16,c4,1e,ca,\
  269. 37,1f,9b,a7,0f,fc,c6,3b,b1,68,75,2f,03,fc,51,67,ae,20,f7,93,8d,39,8d,47,73,\
  270. e9,d1,f3,08,47,89,6a,c5,bd,92,bc,72,5e,c2,0e,de,68,3b,56,17,93,5e,e4,10,7f,\
  271. b8,2b,29,b1,42,d8,88,85,cd,12,fa,a9,36,b9,78,0f,d9,48,a3,45,a5,47,ab,db,47,\
  272. fb,dc,1d,bc,c5,0e,f6,7b,49,82,01,ef,9f,c5,d5,e2,e3,69,15,f5,60,6c,c4,dd,bb,\
  273. 5c,68,ec,cf,7e,43,1f,f4,de,a1,e7,bc,f9,2c,c9,4c,a6,07,6b,dc,10,fc,8a,51,f2,\
  274. 4e,e0,cf,40,20,e0,13,0d,15,87,fc,a3,b8,e4,66,bb,61,37,8e,b0,27,37,3c,0f,ac,\
  275. 48,bd,64,5c,cd,18,f1,42,fc,11,55,59,b6,cc,05,98,f2,3d,fe,61,2a,cf,17,3f,68,\
  276. 20,15,45,9c,27,15,1f,1a,2e,05,2b,c0,69,67,1e,6a,35,1f,a2,68,d6,18,ab,24,d0,\
  277. a1,aa,70,a8,07,e2,a1,61,35,ea,9a,04,96,27,46,33,d7,e5,2c,57,66,99,4c,0c,e8,\
  278. fe,6e,32,a5,42,3a,85,9d,85,1d,42,fc,59,94,ce,d9,00,a8,6f,75,cf,57,7a,61,34,\
  279. 90,3e,d9,16,ee,94,5a,4b,f8,a1,c8,74,2c,92,46,59,47,c8,cd,d6,3f,38,42,d4,0b,\
  280. 9d,fa,e0,b5,63,48,22,5f,9a,e8,07,c2,10,80,75,a2,dc,0f,21,fd,28,a9,bd,2f,44,\
  281. 14,c9,5e,27,c8,3c,39,3f,6b,a8,2c,32,3a,18,9d,73,f3,02,00,09,37,e1,f4,b5,b0,\
  282. 60,3e,f8,06,22,d2,14,8f,62,51,85,b2,6d,c3,7a,8a,18,51,1b,10,3d,e0,ee,6a,40,\
  283. c4,94,43,37,c7,4a,fa,a2,85,ae,56,e6,14,e8,59,d4,0b,ca,03,d4,e1,99,2d,27,bc,\
  284. 0f,62,91,82,63,2b,51,5a,21,d0,1e,c0,1d,03,49,98,bc,63,e8,cd,37,22,90,18,10,\
  285. f4,ae,22,74,73,65,b3,6d,f9,6d,d9,39,1e,98,92,00,f1,f1,a5,3f,2c,4e,ca,74,d1,\
  286. a1,a4,60,fc,d1,77,44,03,54,72,80,96,7c,f3,59,87,e4,3e,51,33,13,8f,68,19,c2,\
  287. c3,3b,3f,74,32,78,05,72,7b,b8,3d,47,83,b8,2d,ba,b8,08,63,6f,9c,a1,61,34,5a,\
  288. 67,d8,60,c9,b1,ce,d4,b4,4d,94,e8,8f,ca,8a,14,b2,2d,a3,6c,e8
  289.  
  290. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Account\Users\Names\SYSTEM]
  291. @=hex(012):
  292.  
  293. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5\00000004]
  294. @="ϩ"
  295.  
  296. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5\0000000B]
  297. @="ϩ"
  298.  
  299. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5\00000011]
  300. @="ϩ"
  301.  
  302. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5\000001F4]
  303. @="ϩ"
  304.  
  305. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5\000001F5]
  306. @="ϩ"
  307.  
  308. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5\000001F7]
  309. @="ϩ"
  310.  
  311. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5\000001F8]
  312. @="ϩ"
  313.  
  314. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5\00000012]
  315. @="ϩ"
  316.  
  317. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-1273946008-2210384159-1861864491\000001F4]
  318. @="ϩ"
  319.  
  320. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-1273946008-2210384159-1861864491\000001F5]
  321. @="ϩ"
  322.  
  323. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-1273946008-2210384159-1861864491\000001F7]
  324. @="ϩ"
  325.  
  326. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-1273946008-2210384159-1861864491\000001F8]
  327. @="ϩ"
  328.  
  329. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-1273946008-2210384159-1861864491\00000012]
  330. @="ϩ"
  331.  
  332. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-1273946008-2210384159-1861864491\00000004]
  333. @="ϩ"
  334.  
  335. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-1273946008-2210384159-1861864491\0000000B]
  336. @="ϩ"
  337.  
  338. [HKEY_LOCAL_MACHINE\0\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-1273946008-2210384159-1861864491\00000011]
  339. @="ϩ"
  340.  
  341.  
  342.  
  343. Windows Registry Editor Version 5.00
  344.  
  345. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5\00000012]
  346. @="ϩ"
  347.  
  348. [HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Members\S-1-5-21-3947544656-2014248660-3822616995\00000012]
  349. @="ϩ"
  350.  
  351.  
  352.  
  353.  
  354.  
  355.  
  356.  
  357.  
  358.  
  359.  
  360.  
  361.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!