Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
86 lines (86 sloc) 30.5 KB
[Unicode]
Unicode=yes
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Keys]
"USERS\.DEFAULT\Control Panel\Desktop\Scrnsave.exe" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Environment" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Classes\Exefile\Shell\Runas\Command\IsolatedCommand" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Classes\Mscfile\Shell\Open\Command" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Command Processor\Autorun" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Desktop\Components" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Internet Explorer\UrlSearchHooks\Server\Install\Software\Microsoft\Windows\CurrentVersion\Run" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Run" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\App Paths\Control.exe" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServices" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Winlogon" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Winlogon" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Policies\Microsoft\Windows\Control Panel\Desktop\Scrnsave.exe" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\SOFTWARE\Policies\Microsoft\Windows\Installer“AlwaysInstallElevated”=dword:00000001" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"USERS\.DEFAULT\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Providers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SSI\Providers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ShareProviders" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\WbioSrvc\Service Providers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\Setup Migration\Providers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\WinTrust\TrustProviders" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters\ComInterfaceProviders" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters\VendorSpecificIEProviders" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\SOFTWARE\Policies\Microsoft\Windows\Installer“AlwaysInstallElevated”=dword:00000001" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft NT\CurrentVersion\Winlogon\System" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows Nt\CurrentVersion\Imagefileexecutionoptions" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\GroupPolicy\Scripts\Shutdown" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\GroupPolicy\Scripts\Startup" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\ServiceStartup" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Policies\Microsoft\Windows\System\Scripts\Logoff" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Policies\Microsoft\Windows\System\Scripts\Logon" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Policies\Microsoft\Windows\System\Scripts\Startup" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Wow6432Node\Microsoft\Command\Processor\Autorun" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\System\CurrentControlSet\Control\LSA" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders\WDigest" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\System\CurrentControlSet\Enum\USB" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\System\CurrentControlSet\Enum\USBTor" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
"MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Windows PowerShell" ,0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)(A;CI;KR;;;S-1-15-2-1)S:AR(AU;OICISA;CCDCLCSD;;;WD)"
You can’t perform that action at this time.