АррИ!└Т№╫AАА%&*x┌ъ╘Zb /  ■  @tzres.dll,-572@tzres.dll,-571─   [┼ ╫щ╘]8╨╟█щ╘SCMC:\Windows\system32\LogFiles\Scm\SCM.EVM└<B╫A9600.16404.amd64fre.winblue_gdr.130913-2141    └.@╫Ay╛o№EМvбв535qscext.pdb  └1@╫AдЦ1СvJЧ█║йЭ%p▄services.pdb                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               А°PАвb ° 8Шр  ░М√р  (Р кf╢CiTзХ~v4╨щг╥D№^Р кf╢CiTзХ~v4╨щг╪D№А%<NULL><NULL><NULL>DР кf╢CiTзХ~v4╨щг▌D№т $нHРкf╢CiTзХ~v4╨щгE№WIN-3PIMCL4OH3L,Р кШxb2═╤s┼lаS!¤,sБ №0РSкШxb2═╤s┼lаS!¤,s▓ №,РQк;СY╦╝и╪Е╪╬3АР( №HР к}da╬{%:lт%М╚╨┘/J №WIN-3PIMCL4OH3L(Рк▄МР кк|т╞(zu░┤ю+кozХ&Д №SCSI ClassJР кк|т╞(zu░┤ю+кozХ&Е №SCSI CDROM ClassXР кк|т╞(zu░┤ю+кozХ&З №FSFilter InfrastructureHР кк|т╞(zu░┤ю+кozХ&И №FSFilter SystemHР кк|т╞(zu░┤ю+кozХ&Й №FSFilter BottomZР кк|т╞(zu░┤ю+кozХ&К №FSFilter Copy Protection^Р кк|т╞(zu░┤ю+кozХ&Л №FSFilter Security EnhancerNР кк|т╞(zu░┤ю+кozХ&М №FSFilter Open FilenР кк|т╞(zu░┤ю+кozХ&Н №FSFilter Physical Quota ManagementXР кк|т╞(zu░┤ю+кozХ&П №FSFilter VirtualizationPР кк|т╞(zu░┤ю+кozХ&Р №FSFilter EncryptionRР кк|т╞(zu░┤ю+кozХ&С №FSFilter CompressionJР кк|т╞(zu░┤ю+кozХ&Т №FSFilter ImagingBР кк|т╞(zu░┤ю+кozХ&У №FSFilter HSMbР кк|т╞(zu░┤ю+кozХ&Ф №FSFilter Cluster File SystemZР кк|т╞(zu░┤ю+кozХ&Х №FSFilter System Recovery\Р кк|т╞(zu░┤ю+кozХ&Ч №FSFilter Quota Management\Р кк|т╞(zu░┤ю+кozХ&Ш №FSFilter Content Screener^Р кк|т╞(zu░┤ю+кozХ&Щ №FSFilter Continuous BackupRР кк|т╞(zu░┤ю+кozХ&Ъ №FSFilter ReplicationPР кк|т╞(zu░┤ю+кozХ&Ы №FSFilter Anti-VirusLР кк|т╞(zu░┤ю+кozХ&Ь №FSFilter Undelete\Р кк|т╞(zu░┤ю+кozХ&Э №FSFilter Activity MonitorBР кк|т╞(zu░┤ю+кozХ&Ю №FSFilter Top6Р кк|т╞(zu░┤ю+кozХ&Я №FilterJР кк|т╞(zu░┤ю+кozХ&й №Boot File System2Р кк|т╞(zu░┤ю+кozХ&к №BaseBР кк|т╞(zu░┤ю+кozХ&л №Pointer PortDР кк|т╞(zu░┤ю+кozХ&м №Keyboard PortDР кк|т╞(zu░┤ю+кozХ&н №Pointer ClassFР кк|т╞(zu░┤ю+кozХ&о №Keyboard Class>Р кк|т╞(zu░┤ю+кozХ&░ №Video Init4Р кк|т╞(zu░┤ю+кozХ&▒ №Video>Р кк|т╞(zu░┤ю+кozХ&▓ №Video Save@Р кк|т╞(zu░┤ю+кozХ&│ №File SystemHР кк|т╞(zu░┤ю+кozХ&┤ №Streams DriversBР кк|т╞(zu░┤ю+кozХ&╡ №NDIS WrapperNР кк|т╞(zu░┤ю+кozХ&╖ №COM Infrastructure<Р кк|т╞(zu░┤ю+кozХ&╕ №Event LogDР кк|т╞(zu░┤ю+кozХ&║ №ProfSvc_Group8Р кк|т╞(zu░┤ю+кozХ&╗ №UIGroup:Р кк|т╞(zu░┤ю+кozХ&╝ №PlugPlayBР кк|т╞(zu░┤ю+кozХ&╜ №Cryptography8Р кк|т╞(zu░┤ю+кozХ&┐ №PNP_TDI2Р кк|т╞(zu░┤ю+кozХ&└ №NDIS0Р кк|т╞(zu░┤ю+кozХ&┬ №TDI4Р кк|т╞(zu░┤ю+кozХ&├ №iSCSIBР кк|т╞(zu░┤ю+кozХ&─ №NetBIOSGroupDР кк|т╞(zu░┤ю+кozХ&┼ №ShellSvcGroupFР кк|т╞(zu░┤ю+кozХ&╟ №SchedulerGroup>Р кк|т╞(zu░┤ю+кozХ&╚ №AudioGroupFР кк|т╞(zu░┤ю+кozХ&╔ №SmartCardGroupHР кк|т╞(zu░┤ю+кozХ&╩ №NetworkProvider^Р кк|т╞(zu░┤ю+кozХ&╦ №MS_WindowsRemoteValidation\Р кк|т╞(zu░┤ю+кozХ&╠ №MS_WindowsLocalValidationBР кк|т╞(zu░┤ю+кozХ&═ №SpoolerGroup@Р кк|т╞(zu░┤ю+кozХ&╧ №NetDDEGroupPР кк|т╞(zu░┤ю+кozХ&╨ №Parallel arbitratorDР кк|т╞(zu░┤ю+кozХ&╤ №Extended BaseLР кк|т╞(zu░┤ю+кozХ&╥ №PCI ConfigurationHР кк|т╞(zu░┤ю+кozХ&╙ №MS Transactions,Рк▄МРк▄М║Рк▄М░Рк▄МРкк|т╞(zu░┤ю+кozХ&вp№PnP FilterBР кк|т╞(zu░┤ю+кozХ&жp№PnP FilterNРFк▄МРПк▄МРNк▄МРПк▄МРNк▄М Рк▄М Рк▄МЁРк▄МNhVqЪиR zП^@CompositeBus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator DriverBРк┤xиц▌aаРП;O¤╦╘[■№CompositeBusRРFк▄МРПк▄МРNк▄МРк┤xиц▌aаРП;O¤╦╘[·№DcomLaunchBРПк▄МРMк▄МИРк▄М4Рк┤xиц▌aаРП;O¤╦╘['И№dmvscNРFк▄МРПк▄МРNк▄МРк┤xиц▌aаРП;O¤╦╘[.ё№e1iexpressNРFк▄МРПк▄МРNк▄МоРк▄МРПк▄МРNк▄МвРк▄М╘Рк▄МРк┤xиц▌aаРП;O¤╦╘[%.!№gencountertРFк▄М▓Рк▄МРк┤xиц▌aаРП;O¤╦╘[;"№HyperVideobРFк▄МРПк▄МРNк▄М8Рк┤xиц▌aаРП;O¤╦╘[vT#№IPMIDRVJРFк▄МЮРк▄М┬Рк▄М╢Рк▄Мv#№LanmanWorkstation+LРMк▄МNhV@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator:Рк┤xиц▌aаРП;O¤╦╘[~#№mlx4_busJРFк▄М&Рк▄М┤Рк▄МиРк▄М Рк▄МРПк▄МРNк▄МРПк▄МРПк▄МРNк▄М Рк▄МРПк▄МРNк▄МРПк▄М>РNк▄М▐Рк▄МРк┤xиц▌aаРП;O¤╦╘[p)№RpcLocatorBРПк▄МРMк▄МРПк▄М╬Рк▄МРПк▄МРNк▄МРПк▄МРNк▄М░Рк▄МРПк▄МРк┤xиц▌aаРП;O¤╦╘[▌ *№SessionEnvBРПк▄МРMк▄М║Рк▄МРПк▄МРNк▄М*№SstpSvc NULL8Рк┤xиц▌aаРП;O¤╦╘[╢*№SstpSvc<РПк▄М╪Рк▄МоРк▄МРПк▄МРNк▄МЮРк▄МфРк▄МРПк▄МNhV@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator:Рк┤xиц▌aаРП;O¤╦╘[xу,№vdrvroot        А░АZpB░ 8Шр  ░М√р  FРFк▄ММРк▄МРк┤xиц▌aаРП;O¤╦╘[ .№WEPHOSTSVCBРПк▄МРПк▄МРNк▄МРк┤xиц▌aаРП;O¤╦╘[Ё┴.№WPDBusEnumкBРПк▄МРMк▄МРПк▄МРNк▄МР┼к▄МР3к▐Є▌╥еєg"┴ЇД╧dlг0№PlugPlay к▓РGк}da╬{%:lт%М╚╨┘/гг0№BrokerInfrastructureC:\Windows\system32\svchost.exe -k DcomLaunch roaЮРGк}da╬{%:lт%М╚╨┘/зг0№DcomLaunchC:\Windows\system32\svchost.exe -k DcomLaunch XдРGк}da╬{%:lт%М╚╨┘/кг0№DeviceInstallC:\Windows\system32\svchost.exe -k DcomLaunch oiРРGк}da╬{%:lт%М╚╨┘/░г0№LSMC:\Windows\system32\svchost.exe -k DcomLaunch ЪРGк}da╬{%:lт%М╚╨┘/┤г0№PlugPlayC:\Windows\system32\svchost.exe -k DcomLaunch ФРGк}da╬{%:lт%М╚╨┘/╖г0№PowerC:\Windows\system32\svchost.exe -k DcomLaunch mоРGк}da╬{%:lт%М╚╨┘/╝г0№SystemEventsBrokerC:\Windows\system32\svchost.exe -k DcomLaunch йC0РIк}da╬{%:lт%М╚╨┘/╞г0№,Р`к}da╬{%:lт%М╚╨┘/ъи0№rv:Р,к┬╤Цw∙█cВIs■4bS▐ш0№PlugPlayиц▌aаР8РcкЬёC╙ъpq└p╔bRжъ|чш0№pў$Ш└<РYкЬёC╙ъpq└p╔bRжъ|-ў0Д№Мpў$ШNU,РgкЬёC╙ъpq└p╔bRжъ|3ў0№М№RРsкЬёC╙ъpq└p╔bRжъ|_ў0№PPlugPlaypў$ШvcJРкR·ъ_6ПЭ:N)Д;Oл∙0Д№PlugPlayМРNк(Р8к▐Є▌╥еєg"┴ЇД╧d№∙0№JРк▐0(\ЭЄ№├  ЁаH▄ Eq1Д№PlugPlaybdJРк▐0(\ЭЄ№├  ЁаH▄ aq1Д№PlugPlayаб"q└В:Рк▐0(\ЭЄ№├  ЁаH▄ eq1Д№PlugPlaycht/Р$к▐Є▌╥еєg"┴ЇД╧d╦q1№demand4Рк▐Є▌╥еєg"┴ЇД╧dеЧ1№Power D4Рк▐Є▌╥еєg"┴ЇД╧dжЧ1№Power№4РRк▐Є▌╥еєg"┴ЇД╧d╣Ч1№Power№:Р"к▐Є▌╥еєg"┴ЇД╧dyШ1№PlugPlayO¤╦╘[,Р1к▐Є▌╥еєg"┴ЇД╧d{Ш1№B"йC4Р2к▐Є▌╥еєg"┴ЇД╧d~Ш1№Poweron8Р3к▐Є▌╥еєg"┴ЇД╧dШ1№Power 4РUк┬╤Цw∙█cВIs■4bS┼Ш1№Power4.LРsкЬёC╙ъpq└p╔bRжъ|▌Ш1№PPowerpў$ШDРкR·ъ_6ПЭ:N)Д;OwЩ1Д№PowerМcr(Р8к▐Є▌╥еєg"┴ЇД╧dWЪ1№DРк▐0(\ЭЄ№├  ЁаH▄ Щч1Д№PowerroDРк▐0(\ЭЄ№├  ЁаH▄ ▀`3Д№Powerri4Рк▐0(\ЭЄ№├  ЁаH▄ ф`3Д№PowerBa/Р$к▐Є▌╥еєg"┴ЇД╧dIa3№demand(Р`к▄МР\к▐Є▌╥еєg"┴ЇД╧dVk3№PlugPlay 8Р\к▐Є▌╥еєg"┴ЇД╧d[k3№Power 4Рк▐Є▌╥еєg"┴ЇД╧ddk3№RpcSspo4Рк▐Є▌╥еєg"┴ЇД╧ddk3№RpcSs BJР)к▐Є▌╥еєg"┴ЇД╧dek3№DcomLaunchRpcSs>РRк▐Є▌╥еєg"┴ЇД╧dvk3№DcomLaunch└ВNР)к▐Є▌╥еєg"┴ЇД╧dwk3№RpcEptMapperRpcSsаРzРTк▐Є▌╥еєg"┴ЇД╧dГk3№RpcEptMapperNT AUTHORITY\NetworkServiceР2к▐Є▌╥еєg"┴ЇД╧dEl3№DcomLaunchBР3к▐Є▌╥еєg"┴ЇД╧dFl3№DcomLaunch N>РUк┬╤Цw∙█cВIs■4bSмl3№DcomLaunchcVРsкЬёC╙ъpq└p╔bRжъ|└l3№PDcomLaunchpў$ШйCNРкR·ъ_6ПЭ:N)Д;Ozm3Д№DcomLaunchМBР2к▐Є▌╥еєg"┴ЇД╧dn3№RpcEptMapper№FР3к▐Є▌╥еєg"┴ЇД╧dn3№RpcEptMapperGmШРGк}da╬{%:lт%М╚╨┘/On3№RpcEptMapperC:\Windows\system32\svchost.exe -k RPCSSGКРGк}da╬{%:lт%М╚╨┘/Rn3№RpcSsC:\Windows\system32\svchost.exe -k RPCSSG0РIк}da╬{%:lт%М╚╨┘/[n3№,Р`к}da╬{%:lт%М╚╨┘/Шq3№svШРGк┬╤Цw∙█cВIs■4bSv╜4№C:\Windows\system32\svchost.exe -k RPCSSRpcEptMapperШРMк┬╤Цw∙█cВIs■4bSД╜4№RpcEptMapperC:\Windows\system32\svchost.exe -k RPCSSШРMк┬╤Цw∙█cВIs■4bSЙ╜4№RpcEptMapperC:\Windows\system32\svchost.exe -k RPCSSШРMк┬╤Цw∙█cВIs■4bSО╜4№RpcEptMapperC:\Windows\system32\svchost.exe -k RPCSS,Р\к┬╤Цw∙█cВIs■4bSП╜4№ciVР^к┬╤Цw∙█cВIs■4bSТ╜4№SeImpersonatePrivilegesXР^к┬╤Цw∙█cВIs■4bSХ╜4№SeCreateGlobalPrivilegeШРMк┬╤Цw∙█cВIs■4bSЩ╜4№!RpcEptMapperC:\Windows\system32\svchost.exe -k RPCSSШРOк┬╤Цw∙█cВIs■4bSа╜4№RpcEptMapperC:\Windows\system32\svchost.exe -k RPCSSBР,к┬╤Цw∙█cВIs■4bS╬┼4№RpcEptMapper8РcкЬёC╙ъpq└p╔bRжъ|╘┼4№Ёя$Ш<РYкЬёC╙ъpq└p╔bRжъ|I╙4Д№░Ёя$Ш,РgкЬёC╙ъpq└p╔bRжъ|N╙4№░scZРsкЬёC╙ъpq└p╔bRжъ|u╙4№PRpcEptMapperЁя$Ш+кozХ&RРкR·ъ_6ПЭ:N)Д;O╘╒4Д№RpcEptMapper░hcp4Р2к▐Є▌╥еєg"┴ЇД╧d"╓4№RpcSs(Р8к▐Є▌╥еєg"┴ЇД╧d*╓4№RРк▐0(\ЭЄ№├  ЁаH▄ ┬S5Д№RpcEptMapperhcpNРк▐0(\ЭЄ№├  ЁаH▄ &6Д№DcomLaunchАйCNРк▐0(\ЭЄ№├  ЁаH▄ й6Д№DcomLaunchАйC>Рк▐0(\ЭЄ№├  ЁаH▄ о6Д№DcomLaunchi,Р1к▐Є▌╥еєg"┴ЇД╧d╖6№riNРJк▐Є▌╥еєg"┴ЇД╧d├6№RpcSsRpcEptMapperйCJР5к▐Є▌╥еєg"┴ЇД╧d┼6№RpcEptMapperHюиц▌aаР4Р2к▐Є▌╥еєg"┴ЇД╧d╟6№RpcSsB"йC(Р8к▐Є▌╥еєg"┴ЇД╧d╬6№RРк▐0(\ЭЄ№├  ЁаH▄ ўH6Д№RpcEptMapperBРк▐0(\ЭЄ№├  ЁаH▄ ¤H6Д№RpcEptMapperРMк,Р1к▐Є▌╥еєg"┴ЇД╧dI6№he4Р2к▐Є▌╥еєg"┴ЇД╧d I6№RpcSssc8Р3к▐Є▌╥еєg"┴ЇД╧dI6№RpcSsG4РUк┬╤Цw∙█cВIs■4bSдK6№RpcSs▌aаРLРsкЬёC╙ъpq└p╔bRжъ|^M6№PRpcSsЁя$Ш№DРкR·ъ_6ПЭ:N)Д;O N6Д№RpcSs░t3(Р8к▐Є▌╥еєg"┴ЇД╧dЦN6№DРк▐0(\ЭЄ№├  ЁаH▄ V6Д№RpcSs└№LРrкЬёC╙ъpq└p╔bRжъ|F 7Д№ RpcSs░Ёя$ШSDРк▐0(\ЭЄ№├  ЁаH▄  7Д№RpcSs└B"йC4Рк▐0(\ЭЄ№├  ЁаH▄ s 7Д№RpcSs"q└В/Р$к▐Є▌╥еєg"┴ЇД╧dы 7№demandВ0Рк▐Є▌╥еєg"┴ЇД╧d° 7№LSM0Рк▐Є▌╥еєg"┴ЇД╧d° 7№LSM<Р)к▐Є▌╥еєg"┴ЇД╧d∙ 7№RpcSsLSMmSJР)к▐Є▌╥еєg"┴ЇД╧d· 7№DcomLaunchRpcSsРMк>РRк▐Є▌╥еєg"┴ЇД╧d7№DcomLaunchйCNР)к▐Є▌╥еєg"┴ЇД╧d7№RpcEptMapperRpcSszРTк▐Є▌╥еєg"┴ЇД╧d7№RpcEptMapperNT AUTHORITY\NetworkServiceРFкlРTк▐Є▌╥еєg"┴ЇД╧d&7№RpcSsNT AUTHORITY\NetworkServiceFР'к▐Є▌╥еєg"┴ЇД╧d'7№DcomLaunchLSM▄~BР(к▐Є▌╥еєg"┴ЇД╧d(7№DcomLaunchs.SJР'к▐Є▌╥еєg"┴ЇД╧d(7№RpcEptMapperLSMI EFР(к▐Є▌╥еєg"┴ЇД╧d)7№RpcEptMapper0РRк▐Є▌╥еєg"┴ЇД╧d37№LSMNР"к▐Є▌╥еєg"┴ЇД╧dч7№COM InfrastructureаР,Р1к▐Є▌╥еєg"┴ЇД╧dъ7№Пк0Р2к▐Є▌╥еєg"┴ЇД╧dь7№LSM4Р3к▐Є▌╥еєg"┴ЇД╧dэ7№LSM phHРsкЬёC╙ъpq└p╔bRжъ|7№PLSMpў$Ш@РкR·ъ_6ПЭ:N)Д;O┌7И№LSMМ(Р8к▐Є▌╥еєg"┴ЇД╧d`7№@Рк▐0(\ЭЄ№├  ЁаH▄ ` 7И№LSM@Рк▐0(\ЭЄ№├  ЁаH▄ mъ8И№LSM0Рк▐0(\ЭЄ№├  ЁаH▄ qъ8И№LSM/Р$к▐Є▌╥еєg"┴ЇД╧dЁъ8№demand6Рк▐Є▌╥еєg"┴ЇД╧dы8№sppsvc6Рк▐Є▌╥еєg"┴ЇД╧dы8№sppsvcBР)к▐Є▌╥еєg"┴ЇД╧dы8№RpcSssppsvc№JР)к▐Є▌╥еєg"┴ЇД╧dы8№DcomLaunchRpcSsРRк▐Є▌╥еєg"┴ЇД╧dы8№DcomLaunchNР)к▐Є▌╥еєg"┴ЇД╧dы8№RpcEptMapperRpcSsаРzРTк▐Є▌╥еєg"┴ЇД╧d$ы8№RpcEptMapperNT AUTHORITY\NetworkServiceniplРTк▐Є▌╥еєg"┴ЇД╧d-ы8№RpcSsNT AUTHORITY\NetworkServicerDnРTк▐Є▌╥еєg"┴ЇД╧d6ы8№sppsvcNT AUTHORITY\NetworkServicea(Р#к▐Є▌╥еєg"┴ЇД╧dDь8№,Р1к▐Є▌╥еєg"┴ЇД╧dEь8№RD6Р2к▐Є▌╥еєg"┴ЇД╧dJь8№sppsvca:Р3к▐Є▌╥еєg"┴ЇД╧dKь8№sppsvcиц▌aаРtР>к}da╬{%:lт%М╚╨┘/hь8№sppsvcC:\Windows\system32\sppsvc.exe"q└В0РIк}da╬{%:lт%М╚╨┘/kь8№,Р`к}da╬{%:lт%М╚╨┘/Жя8№╦╘[xРGк┬╤Цw∙█cВIs■4bS╫я8№C:\Windows\system32\sppsvc.exesppsvcxРMк┬╤Цw∙█cВIs■4bSфя8№sppsvcC:\Windows\system32\sppsvc.exexРMк┬╤Цw∙█cВIs■4bSчя8№sppsvcC:\Windows\system32\sppsvc.exeJР^к┬╤Цw∙█cВIs■4bSщя8№SeAuditPrivilegeSys,Р\к┬╤Цw∙█cВIs■4bSъя8№№VР^к┬╤Цw∙█cВIs■4bSюя8№SeImpersonatePrivilegesXР^к┬╤Цw∙█cВIs■4bSёя8№SeCreateGlobalPrivilegexРMк┬╤Цw∙█cВIs■4bSЇя8№!sppsvcC:\Windows\system32\sppsvc.exexРOк┬╤Цw∙█cВIs■4bS°я8№sppsvcC:\Windows\system32\sppsvc.exe6Р,к┬╤Цw∙█cВIs■4bSэ9№sppsvc8РcкЬёC╙ъpq└p╔bRжъ| э9№0ё$Ш,<РYкЬёC╙ъpq└p╔bRжъ|╚BИ№ф0ё$Шк,РgкЬёC╙ъpq└p╔bRжъ|═B№фNРsкЬёC╙ъpq└p╔bRжъ|°B№Qsppsvc0ё$ШFРкR·ъ_6ПЭ:N)Д;OBИ№sppsvcфi(Р8к▐Є▌╥еєg"┴ЇД╧dcB№FРк▐0(\ЭЄ№├  ЁаH▄ АBИ№sppsvcкFРк▐0(\ЭЄ№├  ЁаH▄ ъXBИ№sppsvc6Рк▐0(\ЭЄ№├  ЁаH▄ яXBИ№sppsvcк/Р$к▐Є▌╥еєg"┴ЇД╧dўXB№demandNРк▐Є▌╥еєg"┴ЇД╧dYB№SystemEventsBrokerйCNРк▐Є▌╥еєg"┴ЇД╧dYB№SystemEventsBrokerZР)к▐Є▌╥еєg"┴ЇД╧dYB№RpcSsSystemEventsBrokerNJР)к▐Є▌╥еєg"┴ЇД╧d YB№DcomLaunchRpcSsРПк>РRк▐Є▌╥еєg"┴ЇД╧d6YB№DcomLaunchкNР)к▐Є▌╥еєg"┴ЇД╧d8YB№RpcEptMapperRpcSs└ВzРTк▐Є▌╥еєg"┴ЇД╧dCYB№RpcEptMapperNT AUTHORITY\NetworkServiceer lРTк▐Є▌╥еєg"┴ЇД╧dNYB№RpcSsNT AUTHORITY\NetworkServicehР'к▐Є▌╥еєg"┴ЇД╧dOYB№RpcEptMapperSystemEventsBrokerFР(к▐Є▌╥еєg"┴ЇД╧dQYB№RpcEptMapperйCNРRк▐Є▌╥еєg"┴ЇД╧d\YB№SystemEventsBrokerк(Р#к▐Є▌╥еєg"┴ЇД╧dmZB№,Р1к▐Є▌╥еєg"┴ЇД╧doZB№pyNР2к▐Є▌╥еєg"┴ЇД╧dtZB№SystemEventsBrokerкRР3к▐Є▌╥еєg"┴ЇД╧duZB№SystemEventsBroker NРUк┬╤Цw∙█cВIs■4bSйZB№SystemEventsBrokerefРsкЬёC╙ъpq└p╔bRжъ|└ZB№PSystemEventsBrokerpў$Ш^РкR·ъ_6ПЭ:N)Д;Ot[BИ№SystemEventsBroker М(Р8к▐Є▌╥еєg"┴ЇД╧d∙[B№^Рк▐0(\ЭЄ№├  ЁаH▄ ФaBИ№SystemEventsBrokert^Рк▐0(\ЭЄ№├  ЁаH▄ LlBИ№SystemEventsBroker┴йCNРк▐0(\ЭЄ№├  ЁаH▄ ЧlBИ№SystemEventsBrokerp/Р$к▐Є▌╥еєg"┴ЇД╧dаlB№demandDРк▐Є▌╥еєg"┴ЇД╧d└lB№DeviceInstallPPDРк▐Є▌╥еєg"┴ЇД╧d└lB№DeviceInstall"q└ВDРRк▐Є▌╥еєg"┴ЇД╧d▄lB№DeviceInstallFx:Р"к▐Є▌╥еєg"┴ЇД╧dЬmB№PlugPlayPro,Р1к▐Є▌╥еєg"┴ЇД╧dЯmB№▌aаРDР2к▐Є▌╥еєg"┴ЇД╧dбmB№DeviceInstallHР3к▐Є▌╥еєg"┴ЇД╧dвmB№DeviceInstall DРUк┬╤Цw∙█cВIs■4bSхmB№DeviceInstallAG\РsкЬёC╙ъpq└p╔bRжъ|√mB№PDeviceInstallpў$ШneTРкR·ъ_6ПЭ:N)Д;OКnBИ№DeviceInstall МAG(Р8к▐Є▌╥еєg"┴ЇД╧d oB№TРк▐0(\ЭЄ№├  ЁаH▄ ╛oBИ№DeviceInstallgpTРк▐0(\ЭЄ№├  ЁаH▄ ¤oBИ№DeviceInstall                                                                                А°0А╛╘° 8АШр  8АЧр  TРк▐0(\ЭЄ№├  ЁаH▄ \pBИ№DeviceInstall>TРк▐0(\ЭЄ№├  ЁаH▄ qBИ№DeviceInstallhVTРк▐0(\ЭЄ№├  ЁаH▄ vrBИ№DeviceInstallosTРк▐0(\ЭЄ№├  ЁаH▄ ЩrBИ№DeviceInstallncTРк▐0(\ЭЄ№├  ЁаH▄ ║rBИ№DeviceInstall-DРк▐0(\ЭЄ№├  ЁаH▄ ╛rBИ№DeviceInstall╦╘[/Р$к▐Є▌╥еєg"┴ЇД╧d&sB№demand>Р к┬╤Цw∙█cВIs■4bSЗ▀єИ№CryptSvcLf:Рк▐Є▌╥еєg"┴ЇД╧dЛ▀єИ№CryptSvc№:Рк▐Є▌╥еєg"┴ЇД╧dМ▀єИ№CryptSvcpsvFР)к▐Є▌╥еєg"┴ЇД╧dО▀єИ№RpcSsCryptSvcкJР)к▐Є▌╥еєg"┴ЇД╧dП▀єИ№DcomLaunchRpcSsed >РRк▐Є▌╥еєg"┴ЇД╧dз▀єИ№DcomLaunchHNР)к▐Є▌╥еєg"┴ЇД╧dи▀єИ№RpcEptMapperRpcSsqЪzРTк▐Є▌╥еєg"┴ЇД╧d╛▀єИ№RpcEptMapperNT AUTHORITY\NetworkService folРTк▐Є▌╥еєg"┴ЇД╧d╦▀єИ№RpcSsNT AUTHORITY\NetworkServicerРTк▐Є▌╥еєg"┴ЇД╧d╪▀єИ№CryptSvcNT Authority\NetworkService!(Р#к▐Є▌╥еєg"┴ЇД╧dсєИ№,Р1к▐Є▌╥еєg"┴ЇД╧dсєИ№vc:Р2к▐Є▌╥еєg"┴ЇД╧dсєИ№CryptSvc>Р3к▐Є▌╥еєg"┴ЇД╧dсєИ№CryptSvcквРGк}da╬{%:lт%М╚╨┘/IсєИ№CryptSvcC:\Windows\system32\svchost.exe -k NetworkService№вРGк}da╬{%:lт%М╚╨┘/MсєИ№DnscacheC:\Windows\system32\svchost.exe -k NetworkServiceаб"q└В┤РGк}da╬{%:lт%М╚╨┘/RсєИ№LanmanWorkstationC:\Windows\system32\svchost.exe -k NetworkServiceinвРGк}da╬{%:lт%М╚╨┘/UсєИ№napagentC:\Windows\system32\svchost.exe -k NetworkServiceаб"q└ВЮРGк}da╬{%:lт%М╚╨┘/YсєИ№NlaSvcC:\Windows\system32\svchost.exe -k NetworkServicesЮРGк}da╬{%:lт%М╚╨┘/aсєИ№WecsvcC:\Windows\system32\svchost.exe -k NetworkService└ВЬРGк}da╬{%:lт%М╚╨┘/cсєИ№WinRMC:\Windows\system32\svchost.exe -k NetworkService0РIк}da╬{%:lт%М╚╨┘/gсєИ№,Р`к}da╬{%:lт%М╚╨┘/╛уєИ№вРGк┬╤Цw∙█cВIs■4bSTфєИ№C:\Windows\system32\svchost.exe -k NetworkServiceCryptSvcаб"q└ВdР^к┬╤Цw∙█cВIs■4bShфєИ№SeAssignPrimaryTokenPrivilege╦╘[вРMк┬╤Цw∙█cВIs■4bSwфєИ№CryptSvcC:\Windows\system32\svchost.exe -k NetworkService№JР^к┬╤Цw∙█cВIs■4bS~фєИ№SeAuditPrivilegeprt,Р\к┬╤Цw∙█cВIs■4bSфєИ№VР^к┬╤Цw∙█cВIs■4bSБфєИ№SeImpersonatePrivilegeXР^к┬╤Цw∙█cВIs■4bSГфєИ№SeCreateGlobalPrivilegeвРMк┬╤Цw∙█cВIs■4bSСфєИ№!CryptSvcC:\Windows\system32\svchost.exe -k NetworkServiceSвРOк┬╤Цw∙█cВIs■4bSХфєИ№CryptSvcC:\Windows\system32\svchost.exe -k NetworkServiceav.:Р,к┬╤Цw∙█cВIs■4bS╚ыєИ№CryptSvcel(8РcкЬёC╙ъpq└p╔bRжъ|╧ыєИ№¤$Ш@<РYкЬёC╙ъpq└p╔bRжъ|ДkЇД№╘¤$ШAV,РgкЬёC╙ъpq└p╔bRжъ|ЧkЇИ№╘№RРsкЬёC╙ъpq└p╔bRжъ|хkЇИ№PCryptSvcL¤$Ш"JРкR·ъ_6ПЭ:N)Д;O"nЇД№CryptSvc ╘ias/Р$к▐Є▌╥еєg"┴ЇД╧d▓nЇИ№demandBР к┬╤Цw∙█cВIs■4bS┬nЇИ№CryptSvcowsLРк┬╤Цw∙█cВIs■4bSoЇИ№CryptSvcS-1-5-18B"йCJРк▐0(\ЭЄ№├  ЁаH▄ є╬ЇИ№CryptSvcРкJРк▐0(\ЭЄ№├  ЁаH▄ $ЎИ№CryptSvcЕ┐~/A:Рк▐0(\ЭЄ№├  ЁаH▄ $ЎИ№CryptSvcbus>РТк▄МР к┬╤Цw∙█cВIs■4bS*Б∙И№netprofmL(Р#к▐Є▌╥еєg"┴ЇД╧d{Б∙Д№,Р1к▐Є▌╥еєg"┴ЇД╧d~Б∙Д№Se8Р2к▐Є▌╥еєg"┴ЇД╧dДБ∙Д№W32Time<Р3к▐Є▌╥еєg"┴ЇД╧dЕБ∙Д№W32TimeB"йCдРGк}da╬{%:lт%М╚╨┘/╗Б∙Д№EventSystemC:\Windows\system32\svchost.exe -k LocalServiceFкЬРGк}da╬{%:lт%М╚╨┘/┐Б∙Д№fdPHostC:\Windows\system32\svchost.exe -k LocalServiceаРGк}da╬{%:lт%М╚╨┘/┴Б∙Д№FontCacheC:\Windows\system32\svchost.exe -k LocalServiceЬРGк}da╬{%:lт%М╚╨┘/┼Б∙Д№lltdsvcC:\Windows\system32\svchost.exe -k LocalServicendЮРGк}da╬{%:lт%М╚╨┘/╔Б∙Д№netprofmC:\Windows\system32\svchost.exe -k LocalService ФРGк}da╬{%:lт%М╚╨┘/╠Б∙Д№nsiC:\Windows\system32\svchost.exe -k LocalServiceesкРGк}da╬{%:lт%М╚╨┘/╨Б∙Д№RemoteRegistryC:\Windows\system32\svchost.exe -k LocalServiceterЬРGк}da╬{%:lт%М╚╨┘/╘Б∙Д№SstpSvcC:\Windows\system32\svchost.exe -k LocalServicehlдРGк}da╬{%:lт%М╚╨┘/┘Б∙Д№THREADORDERC:\Windows\system32\svchost.exe -k LocalServiceMкЬРGк}da╬{%:lт%М╚╨┘/▌Б∙Д№W32TimeC:\Windows\system32\svchost.exe -k LocalService№кРGк}da╬{%:lт%М╚╨┘/▀Б∙Д№WdiServiceHostC:\Windows\system32\svchost.exe -k LocalServiceULL┤РGк}da╬{%:lт%М╚╨┘/тБ∙Д№WinHttpAutoProxySvcC:\Windows\system32\svchost.exe -k LocalService▌aаР0РIк}da╬{%:lт%М╚╨┘/цБ∙Д№ ,Р`к}da╬{%:lт%М╚╨┘/°Д∙Д№ rtЬРGк┬╤Цw∙█cВIs■4bS▐╒·Д№ C:\Windows\system32\svchost.exe -k LocalServiceW32TimeiSЬРMк┬╤Цw∙█cВIs■4bS ╓·Д№W32TimeC:\Windows\system32\svchost.exe -k LocalServiceЬРMк┬╤Цw∙█cВIs■4bS╓·Д№W32TimeC:\Windows\system32\svchost.exe -k LocalServiceSvZР^к┬╤Цw∙█cВIs■4bS.╓·Д№SeSystemProfilePrivilege#TР^к┬╤Цw∙█cВIs■4bS<╓·Д№SeSystemTimePrivilegeJР^к┬╤Цw∙█cВIs■4bSA╓·Д№SeAuditPrivilegeard,Р\к┬╤Цw∙█cВIs■4bSA╓·Д№inVР^к┬╤Цw∙█cВIs■4bSD╓·Д№SeImpersonatePrivilegeкXР^к┬╤Цw∙█cВIs■4bSL╓·Д№SeCreateGlobalPrivilegeЬРMк┬╤Цw∙█cВIs■4bS_╓·Д№!W32TimeC:\Windows\system32\svchost.exe -k LocalService.iЬРMк┬╤Цw∙█cВIs■4bSq╓·Д№"W32TimeC:\Windows\system32\svchost.exe -k LocalService№ЬРOк┬╤Цw∙█cВIs■4bSu╓·Д№W32TimeC:\Windows\system32\svchost.exe -k LocalServiceПк8Р,к┬╤Цw∙█cВIs■4bS6√Д№W32Time8РcкЬёC╙ъpq└p╔bRжъ|<√Д№░є$ШT<РYкЬёC╙ъpq└p╔bRжъ||=√|№░є$Ш№,РgкЬёC╙ъpq└p╔bRжъ|А=√Д№PРsкЬёC╙ъpq└p╔bRжъ|н=√Д№PW32TimeL░є$ШHРкR·ъ_6ПЭ:N)Д;O▓?√|№W32Time /Р$к▐Є▌╥еєg"┴ЇД╧dў?√Д№demand@Р к┬╤Цw∙█cВIs■4bS@√Д№W32Time:Рк▐Є▌╥еєg"┴ЇД╧d @√И№netprofmРFк:Рк▐Є▌╥еєg"┴ЇД╧d @√И№netprofmPNHР)к▐Є▌╥еєg"┴ЇД╧d @√И№NlaSvcnetprofmHР)к▐Є▌╥еєg"┴ЇД╧d@√И№EventLogNlaSvcJРк┬╤Цw∙█cВIs■4bS*@√Д№W32TimeS-1-5-18nРTк▐Є▌╥еєg"┴ЇД╧d*@√И№EventLogNT AUTHORITY\LocalService@Р)к▐Є▌╥еєg"┴ЇД╧d,@√И№DhcpNlaSvc:Р)к▐Є▌╥еєg"┴ЇД╧d-@√И№AFDDhcptmR:Р)к▐Є▌╥еєg"┴ЇД╧dЖ@√И№tdxDhcp<Р)к▐Є▌╥еєg"┴ЇД╧d░@√И№TcpiptdxFк:Р)к▐Є▌╥еєg"┴ЇД╧dЎ@√И№nsiDhcp BР)к▐Є▌╥еєg"┴ЇД╧dў@√И№nsiproxynsinSe<Р)к▐Є▌╥еєg"┴ЇД╧d+A√И№RpcSsnsinmJР)к▐Є▌╥еєg"┴ЇД╧d,A√И№DcomLaunchRpcSsnSe>РRк▐Є▌╥еєg"┴ЇД╧d:A√И№DcomLaunchmNР)к▐Є▌╥еєg"┴ЇД╧dР'к▐Є▌╥еєg"┴ЇД╧duA√И№nsiNlaSvc4Р(к▐Є▌╥еєg"┴ЇД╧dvA√И№nsitdnРTк▐Є▌╥еєg"┴ЇД╧dЕA√И№NlaSvcNT AUTHORITY\NetworkServiceFР'к▐Є▌╥еєg"┴ЇД╧dЖA√И№RpcSsnetprofm8Р(к▐Є▌╥еєg"┴ЇД╧dЗA√И№RpcSsnРTк▐Є▌╥еєg"┴ЇД╧dУA√И№netprofmNT AUTHORITY\LocalService└В<Р"к▐Є▌╥еєg"┴ЇД╧dTB√И№Event Log"q└В,Р1к▐Є▌╥еєg"┴ЇД╧dXB√И№"q└В:Р2к▐Є▌╥еєg"┴ЇД╧dZB√И№EventLognip>Р3к▐Є▌╥еєg"┴ЇД╧d[B√И№EventLog└РGк}da╬{%:lт%М╚╨┘/ЩB√И№AppIDSvcC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted└РGк}da╬{%:lт%М╚╨┘/ЮB√И№AudiosrvC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted╕РGк}da╬{%:lт%М╚╨┘/бB√И№DhcpC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted└РGк}da╬{%:lт%М╚╨┘/дB√И№EventLogC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted╛РGк}da╬{%:lт%М╚╨┘/йB√И№lmhostsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted╚РGк}da╬{%:lт%М╚╨┘/┤B√И№vmictimesyncC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted╝РGк}da╬{%:lт%М╚╨┘/╢B√И№WcmsvcC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted№0РIк}da╬{%:lт%М╚╨┘/║B√И№,Р`к}da╬{%:lт%М╚╨┘/·D√И№.S└РGк┬╤Цw∙█cВIs■4bS╗E√И№C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedEventLog└РMк┬╤Цw∙█cВIs■4bS╬E√И№EventLogC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted└РMк┬╤Цw∙█cВIs■4bS┌E√И№EventLogC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedTР^к┬╤Цw∙█cВIs■4bSфE√И№SeSystemtimePrivilegeniJР^к┬╤Цw∙█cВIs■4bSьE√И№SeAuditPrivilege№,Р\к┬╤Цw∙█cВIs■4bSэE√И№s VР^к┬╤Цw∙█cВIs■4bSюE√И№SeImpersonatePrivilegeoXР^к┬╤Цw∙█cВIs■4bSЇE√И№SeCreateGlobalPrivilegedР^к┬╤Цw∙█cВIs■4bS°E√И№SeIncreaseWorkingSetPrivilegeB"йC└РMк┬╤Цw∙█cВIs■4bSF√И№"EventLogC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted└РOк┬╤Цw∙█cВIs■4bSF√И№EventLogC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted:Р,к┬╤Цw∙█cВIs■4bS■L√И№EventLogous8РcкЬёC╙ъpq└p╔bRжъ|M√И№pЄ$Шl<РYкЬёC╙ъpq└p╔bRжъ|Cm√Д№(pЄ$Шr,РgкЬёC╙ъpq└p╔bRжъ|Jm√И№(uhRРsкЬёC╙ъpq└p╔bRжъ|om√И№PEventLogLpЄ$ШsteJРкR·ъ_6ПЭ:N)Д;O^o√Д№EventLog (oun8РKк▐Є▌╥еєg"┴ЇД╧d╢o√И№W32Time(Р8к▐Є▌╥еєg"┴ЇД╧d╕o√И№HРк▐0(\ЭЄ№├  ЁаH▄ │№Д№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ Ї№Д№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ ▐№Д№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ /№Д№W32Time}8Рк▐0(\ЭЄ№├  ЁаH▄ L/№Д№W32Time,Р1к▐Є▌╥еєg"┴ЇД╧dV/№И№№LРJк▐Є▌╥еєg"┴ЇД╧d[/№И№netprofmEventLogBР5к▐Є▌╥еєg"┴ЇД╧d\/№И№EventLog0uРFк(Р8к▐Є▌╥еєg"┴ЇД╧d╣/№И№JРк▐0(\ЭЄ№├  ЁаH▄ 4k№Д№EventLog№RРrкЬёC╙ъpq└p╔bRжъ|┐В№Д№ EventLog(pЄ$ШР кJРк▐0(\ЭЄ№├  ЁаH▄ ЧР№Д№EventLogаб"q└В:Рк▐0(\ЭЄ№├  ЁаH▄ ЮР№Д№EventLogk,Р1к▐Є▌╥еєg"┴ЇД╧dйР№И№xs0Р"к▐Є▌╥еєg"┴ЇД╧d╨Р№И№TDI,Р1к▐Є▌╥еєg"┴ЇД╧d╥Р№И№(zu░2Р2к▐Є▌╥еєg"┴ЇД╧d╘Р№И№DhcpРFк0Р2к▐Є▌╥еєg"┴ЇД╧d╫Р№И№nsi4Р3к▐Є▌╥еєg"┴ЇД╧d╪Р№И№nsi╦╘[0РUк┬╤Цw∙█cВIs■4bSJС№И№nsiHРsкЬёC╙ъpq└p╔bRжъ|hУ№И№PnsiL░є$Ш@РкR·ъ_6ПЭ:N)Д;Oє,¤Д№nsi(Р8к▐Є▌╥еєg"┴ЇД╧dН-¤И№@Рк▐0(\ЭЄ№├  ЁаH▄ А3¤Д№nsi>Р к┬╤Цw∙█cВIs■4bS5¤Д№Dnscache@Рк▐0(\ЭЄ№├  ЁаH▄ 6¤|№nsi0Рк▐0(\ЭЄ№├  ЁаH▄ 6¤|№nsi,Р1к▐Є▌╥еєg"┴ЇД╧d#6¤И№Jк2Р2к▐Є▌╥еєg"┴ЇД╧d'6¤И№DhcpРMк6Р3к▐Є▌╥еєg"┴ЇД╧d96¤И№Dhcpк2РUк┬╤Цw∙█cВIs■4bSЗ6¤И№DhcpРBкJРsкЬёC╙ъpq└p╔bRжъ|28¤И№PDhcpLpЄ$ШBРкR·ъ_6ПЭ:N)Д;O∙8¤|№Dhcp(le (Р8к▐Є▌╥еєg"┴ЇД╧dи9¤И№BРк▐0(\ЭЄ№├  ЁаH▄ Qц¤|№Dhcp№BРк▐0(\ЭЄ№├  ЁаH▄ пЯ■|№DhcpO¤╦╘[BРк▐0(\ЭЄ№├  ЁаH▄ вк■|№Dhcp$2Рк▐0(\ЭЄ№├  ЁаH▄ зк■|№Dhcp,Р1к▐Є▌╥еєg"┴ЇД╧d│к■И№hi(Р#к▐Є▌╥еєg"┴ЇД╧dл■И№,Р1к▐Є▌╥еєg"┴ЇД╧d л■И№B:Р2к▐Є▌╥еєg"┴ЇД╧d л■И№netprofmO¤╦╘[6Р2к▐Є▌╥еєg"┴ЇД╧d/л■И№NlaSvcйC:Р3к▐Є▌╥еєg"┴ЇД╧d0л■И№NlaSvcSI6РUк┬╤Цw∙█cВIs■4bStл■И№NlaSvcNРsкЬёC╙ъpq└p╔bRжъ|&н■И№PNlaSvcL¤$ШйCFРкR·ъ_6ПЭ:N)Д;Oо■|№NlaSvc╘(Р8к▐Є▌╥еєg"┴ЇД╧dио■И№:Р к┬╤Цw∙█cВIs■4bS ░ |№ThemesLР3к▐Є▌╥еєg"┴ЇД╧dТ И№netprofmb:РUк┬╤Цw∙█cВIs■4bS И№netprofmиц▌aаРRРsкЬёC╙ъpq└p╔bRжъ|╩И№PnetprofmL░є$Ш$JРкR·ъ_6ПЭ:N)Д;OУА№netprofm$/Р$к▐Є▌╥еєg"┴ЇД╧dFИ№demandВBР к┬╤Цw∙█cВIs■4bSVИ№netprofmРкLРк┬╤Цw∙█cВIs■4bSЗИ№netprofmS-1-5-18em(Рк▐Є▌╥еєg"┴ЇД╧dП№RР!к▐Є▌╥еєg"┴ЇД╧dФ№BrokerInfrastructureste^Р)к▐Є▌╥еєg"┴ЇД╧dХ№RpcSsBrokerInfrastructureJР)к▐Є▌╥еєg"┴ЇД╧dЧ№DcomLaunchRpcSsfig>РRк▐Є▌╥еєg"┴ЇД╧d▒№DcomLaunchйCNР)к▐Є▌╥еєg"┴ЇД╧d▓№RpcEptMapperRpcSsozРTк▐Є▌╥еєg"┴ЇД╧d╘№RpcEptMapperNT AUTHORITY\NetworkServicefiglРTк▐Є▌╥еєg"┴ЇД╧dё№RpcSsNT AUTHORITY\NetworkServiceB"йChР'к▐Є▌╥еєg"┴ЇД╧dЇ№DcomLaunchBrokerInfrastructureBР(к▐Є▌╥еєg"┴ЇД╧dЇ№DcomLaunchlР'к▐Є▌╥еєg"┴ЇД╧dЎ№RpcEptMapperBrokerInfrastructureumFР(к▐Є▌╥еєg"┴ЇД╧dЎ№RpcEptMapper[RРRк▐Є▌╥еєg"┴ЇД╧d №BrokerInfrastructureent>Р!к▐Є▌╥еєg"┴ЇД╧d№DcomLaunch0Р!к▐Є▌╥еєg"┴ЇД╧d№LSM<Р'к▐Є▌╥еєg"┴ЇД╧d№RpcSsLSM"q└В8Р(к▐Є▌╥еєg"┴ЇД╧d№RpcSsFР'к▐Є▌╥еєg"┴ЇД╧d№DcomLaunchLSM└ВBР(к▐Є▌╥еєg"┴ЇД╧d№DcomLaunchиц▌aаРJР'к▐Є▌╥еєg"┴ЇД╧d№RpcEptMapperLSM№FР(к▐Є▌╥еєg"┴ЇД╧d№RpcEptMapperS0РRк▐Є▌╥еєg"┴ЇД╧d.№LSM4Р!к▐Є▌╥еєg"┴ЇД╧d5№Power4РRк▐Є▌╥еєg"┴ЇД╧dD№Powerr4Р!к▐Є▌╥еєg"┴ЇД╧dG№RpcSskDNР!к▐Є▌╥еєg"┴ЇД╧dN№SystemEventsBrokereZР'к▐Є▌╥еєg"┴ЇД╧dO№RpcSsSystemEventsBroker№8Р(к▐Є▌╥еєg"┴ЇД╧dO№RpcSshР'к▐Є▌╥еєg"┴ЇД╧dP№RpcEptMapperSystemEventsBrokerFР(к▐Є▌╥еєg"┴ЇД╧dQ№RpcEptMapper NРRк▐Є▌╥еєg"┴ЇД╧dc№SystemEventsBrokerкNР"к▐Є▌╥еєg"┴ЇД╧d№COM Infrastructureк,Р1к▐Є▌╥еєg"┴ЇД╧d#№pRР2к▐Є▌╥еєg"┴ЇД╧d$№BrokerInfrastructureNULVР3к▐Є▌╥еєg"┴ЇД╧d%№BrokerInfrastructure кRРUк┬╤Цw∙█cВIs■4bSn№BrokerInfrastructureиц▌aаРjРsкЬёC╙ъpq└p╔bRжъ|К№PBrokerInfrastructurepў$ШbРкR·ъ_6ПЭ:N)Д;OPИ№BrokerInfrastructureМsuiBР5к▐Є▌╥еєg"┴ЇД╧dы№netprofm0ue I(Р8к▐Є▌╥еєg"┴ЇД╧dЇ№JРк▐0(\ЭЄ№├  ЁаH▄ ╘'И№netprofm@№bРк▐0(\ЭЄ№├  ЁаH▄ Р;И№BrokerInfrastructure%bРк▐0(\ЭЄ№├  ЁаH▄ lmИ№BrokerInfrastructureАRРк▐0(\ЭЄ№├  ЁаH▄ {mИ№BrokerInfrastructureР∙к▄МРк▄МР∙к▄МРк▄МРRк▐Є▌╥еєg"┴ЇД╧d■╥№DcomLaunchNР)к▐Є▌╥еєg"┴ЇД╧d ╥№RpcEptMapperRpcSsкzРTк▐Є▌╥еєg"┴ЇД╧d ╙№RpcEptMapperNT AUTHORITY\NetworkServiceem lРTк▐Є▌╥еєg"┴ЇД╧d╙№RpcSsNT AUTHORITY\NetworkService"q└ВdРTк▐Є▌╥еєg"┴ЇД╧d╙№BFENT AUTHORITY\LocalServiceFкRР!к▐Є▌╥еєg"┴ЇД╧d╙№BrokerInfrastructureer^Р'к▐Є▌╥еєg"┴ЇД╧d╙№RpcSsBrokerInfrastructureU8Р(к▐Є▌╥еєg"┴ЇД╧d ╙№RpcSshР'к▐Є▌╥еєg"┴ЇД╧d!╙№DcomLaunchBrokerInfrastructureBР(к▐Є▌╥еєg"┴ЇД╧d"╙№DcomLaunchLLlР'к▐Є▌╥еєg"┴ЇД╧d#╙№RpcEptMapperBrokerInfrastructurerfFР(к▐Є▌╥еєg"┴ЇД╧d$╙№RpcEptMappertRРRк▐Є▌╥еєg"┴ЇД╧d-╙№BrokerInfrastructureР!к▐Є▌╥еєg"┴ЇД╧dA╙№DcomLaunch2Р!к▐Є▌╥еєg"┴ЇД╧dB╙№Dhcpla:Р)к▐Є▌╥еєg"┴ЇД╧dC╙№AFDDhcplay:Р)к▐Є▌╥еєg"┴ЇД╧dЕ╙№tdxDhcp'<Р)к▐Є▌╥еєg"┴ЇД╧dн╙№Tcpiptdx:Р)к▐Є▌╥еєg"┴ЇД╧d№╙№nsiDhcp'BР)к▐Є▌╥еєg"┴ЇД╧d¤╙№nsiproxynsi№<Р'к▐Є▌╥еєg"┴ЇД╧d/╘№RpcSsnsi▌aаР8Р(к▐Є▌╥еєg"┴ЇД╧d0╘№RpcSsdРTк▐Є▌╥еєg"┴ЇД╧d:╘№nsiNT Authority\LocalService№fРTк▐Є▌╥еєg"┴ЇД╧dC╘№DhcpNT Authority\LocalServiceк:Р!к▐Є▌╥еєg"┴ЇД╧dE╘№DnscacheРFкBР'к▐Є▌╥еєg"┴ЇД╧dF╘№nsiDnscachelay4Р(к▐Є▌╥еєg"┴ЇД╧dF╘№nsiweBР'к▐Є▌╥еєg"┴ЇД╧dG╘№tdxDnscacheРMк4Р(к▐Є▌╥еєg"┴ЇД╧dH╘№tdxNкrРTк▐Є▌╥еєg"┴ЇД╧dQ╘№DnscacheNT AUTHORITY\NetworkService:Р!к▐Є▌╥еєg"┴ЇД╧dS╘№EventLogptpnРTк▐Є▌╥еєg"┴ЇД╧d\╘№EventLogNT AUTHORITY\LocalService@Р!к▐Є▌╥еєg"┴ЇД╧d]╘№EventSystemLР'к▐Є▌╥еєg"┴ЇД╧d^╘№RpcSsEventSystemFк8Р(к▐Є▌╥еєg"┴ЇД╧d_╘№RpcSstРTк▐Є▌╥еєg"┴ЇД╧dg╘№EventSystemNT AUTHORITY\LocalServicePr<Р!к▐Є▌╥еєg"┴ЇД╧di╘№FontCachevepРTк▐Є▌╥еєg"┴ЇД╧dr╘№FontCacheNT AUTHORITY\LocalService4Р!к▐Є▌╥еєg"┴ЇД╧ds╘№gpsvcp<Р)к▐Є▌╥еєg"┴ЇД╧dt╘№MupgpsvcПк@Р'к▐Є▌╥еєg"┴ЇД╧dа╘№RpcSsgpsvc8Р(к▐Є▌╥еєg"┴ЇД╧dа╘№RpcSs4РRк▐Є▌╥еєg"┴ЇД╧dй╘№gpsvc:Р!к▐Є▌╥еєg"┴ЇД╧dл╘№iphlpsvcschbР)к▐Є▌╥еєg"┴ЇД╧dм╘№WinHttpAutoProxySvciphlpsvcrtZР'к▐Є▌╥еєg"┴ЇД╧dн╘№DhcpWinHttpAutoProxySvc Mi6Р(к▐Є▌╥еєg"┴ЇД╧dо╘№Dhcp@ДРTк▐Є▌╥еєg"┴ЇД╧d╖╘№WinHttpAutoProxySvcNT AUTHORITY\LocalService IBР'к▐Є▌╥еєg"┴ЇД╧d╕╘№nsiiphlpsvc'4Р(к▐Є▌╥еєg"┴ЇД╧d╣╘№nsiFР'к▐Є▌╥еєg"┴ЇД╧d╣╘№Tcpipiphlpsvc8Р(к▐Є▌╥еєg"┴ЇД╧d║╘№TcpipJР)к▐Є▌╥еєg"┴ЇД╧d╗╘№Winmgmtiphlpsvc      DР'к▐Є▌╥еєg"┴ЇД╧d╝╘№RpcSsWinmgmt            А╚А╫K╚ ░М√р  8Шр  8Р(к▐Є▌╥еєg"┴ЇД╧d└╘№RpcSs8РRк▐Є▌╥еєg"┴ЇД╧d╩╘№WinmgmtBР'к▐Є▌╥еєg"┴ЇД╧d╦╘№tdxiphlpsvc%;Q4Р(к▐Є▌╥еєg"┴ЇД╧d╦╘№tdx DFР'к▐Є▌╥еєg"┴ЇД╧d╠╘№RpcSsiphlpsvci8Р(к▐Є▌╥еєg"┴ЇД╧d═╘№RpcSs:РRк▐Є▌╥еєg"┴ЇД╧d╒╘№iphlpsvc╒№SamSsLanmanServerк@Р'к▐Є▌╥еєg"┴ЇД╧d?╒№RpcSsSamSs8Р(к▐Є▌╥еєg"┴ЇД╧d@╒№RpcSs4РRк▐Є▌╥еєg"┴ЇД╧dI╒№SamSs╦╘[BРRк▐Є▌╥еєg"┴ЇД╧dV╒№LanmanServer№LР!к▐Є▌╥еєg"┴ЇД╧dX╒№LanmanWorkstationTР'к▐Є▌╥еєg"┴ЇД╧dY╒№nsiLanmanWorkstationAg4Р(к▐Є▌╥еєg"┴ЇД╧dY╒№nsiIK^Р)к▐Є▌╥еєg"┴ЇД╧d[╒№mrxsmb20LanmanWorkstationйCHР)к▐Є▌╥еєg"┴ЇД╧dЙ╒№mrxsmbmrxsmb20BР)к▐Є▌╥еєg"┴ЇД╧d▒╒№rdbssmrxsmbаб"q└В<Р'к▐Є▌╥еєg"┴ЇД╧d╧╒№Muprdbss"q└В4Р(к▐Є▌╥еєg"┴ЇД╧d╨╒№Mup"q└ВZР)к▐Є▌╥еєg"┴ЇД╧dы╒№bowserLanmanWorkstationtpДРTк▐Є▌╥еєg"┴ЇД╧d0╓№LanmanWorkstationNT AUTHORITY\NetworkService6Р!к▐Є▌╥еєg"┴ЇД╧d1╓№lltdio8Р!к▐Є▌╥еєg"┴ЇД╧dg╓№lmhosts@Р'к▐Є▌╥еєg"┴ЇД╧dh╓№AFDlmhosts4Р(к▐Є▌╥еєg"┴ЇД╧di╓№AFDDР)к▐Є▌╥еєg"┴ЇД╧dj╓№NetBTlmhosts№@Р'к▐Є▌╥еєg"┴ЇД╧dН╓№TcpipNetBT8Р(к▐Є▌╥еєg"┴ЇД╧dН╓№Tcpip<Р'к▐Є▌╥еєg"┴ЇД╧dО╓№tdxNetBT4Р(к▐Є▌╥еєg"┴ЇД╧dП╓№tdxplРTк▐Є▌╥еєg"┴ЇД╧dг╓№lmhostsNT AUTHORITY\LocalService0Р!к▐Є▌╥еєg"┴ЇД╧dд╓№LSM<Р'к▐Є▌╥еєg"┴ЇД╧dе╓№RpcSsLSMozХ&8Р(к▐Є▌╥еєg"┴ЇД╧dж╓№RpcSsFР'к▐Є▌╥еєg"┴ЇД╧dз╓№DcomLaunchLSMBР(к▐Є▌╥еєg"┴ЇД╧dз╓№DcomLaunchаб"q└ВJР'к▐Є▌╥еєg"┴ЇД╧dи╓№RpcEptMapperLSM,%rFР(к▐Є▌╥еєg"┴ЇД╧dй╓№RpcEptMappere0РRк▐Є▌╥еєg"┴ЇД╧d▓╓№LSM4Р!к▐Є▌╥еєg"┴ЇД╧d│╓№luafvBР)к▐Є▌╥еєg"┴ЇД╧d▄╓№FltMgrluafvULL6Р!к▐Є▌╥еєg"┴ЇД╧d ╫№MpsSvcD>Р'к▐Є▌╥еєg"┴ЇД╧d ╫№BFEMpsSvc4Р(к▐Є▌╥еєg"┴ЇД╧d ╫№BFEDР)к▐Є▌╥еєg"┴ЇД╧d ╫№mpsdrvMpsSvcrtjРTк▐Є▌╥еєg"┴ЇД╧do╫№MpsSvcNT Authority\LocalServiceРFк:Р!к▐Є▌╥еєg"┴ЇД╧dp╫№mrxsmb10ot HР'к▐Є▌╥еєg"┴ЇД╧dЧ╫№mrxsmbmrxsmb10:Р(к▐Є▌╥еєg"┴ЇД╧dШ╫№mrxsmbeAc6Р!к▐Є▌╥еєg"┴ЇД╧dд╫№NlaSvc[HР'к▐Є▌╥еєg"┴ЇД╧dе╫№EventLogNlaSvc>Р(к▐Є▌╥еєg"┴ЇД╧dж╫№EventLogйC@Р'к▐Є▌╥еєg"┴ЇД╧dи╫№DhcpNlaSvc6Р(к▐Є▌╥еєg"┴ЇД╧dй╫№DhcpsBР'к▐Є▌╥еєg"┴ЇД╧dй╫№TcpipNlaSvcist8Р(к▐Є▌╥еєg"┴ЇД╧dк╫№TcpipBР'к▐Є▌╥еєg"┴ЇД╧dл╫№RpcSsNlaSvcаб"q└В8Р(к▐Є▌╥еєg"┴ЇД╧dм╫№RpcSs>Р'к▐Є▌╥еєg"┴ЇД╧dн╫№nsiNlaSvct4Р(к▐Є▌╥еєg"┴ЇД╧dн╫№nsimonРTк▐Є▌╥еєg"┴ЇД╧d╝╫№NlaSvcNT AUTHORITY\NetworkServiceC0Р!к▐Є▌╥еєg"┴ЇД╧d╜╫№nsi6Р!к▐Є▌╥еєg"┴ЇД╧d┐╫№PEAUTHr4Р!к▐Є▌╥еєg"┴ЇД╧d¤╫№PowercE4РRк▐Є▌╥еєg"┴ЇД╧d ╪№Power8Р!к▐Є▌╥еєg"┴ЇД╧d ╪№ProfSvcDР'к▐Є▌╥еєg"┴ЇД╧d ╪№RpcSsProfSvcB"йC8Р(к▐Є▌╥еєg"┴ЇД╧d╪№RpcSs8РRк▐Є▌╥еєg"┴ЇД╧d╪№ProfSvcFР!к▐Є▌╥еєg"┴ЇД╧d╪№RemoteRegistryLRР'к▐Є▌╥еєg"┴ЇД╧d╪№RpcSsRemoteRegistryr8Р(к▐Є▌╥еєg"┴ЇД╧d╪№RpcSszРTк▐Є▌╥еєg"┴ЇД╧d#╪№RemoteRegistryNT AUTHORITY\LocalServiceаб"q└ВBР!к▐Є▌╥еєg"┴ЇД╧d$╪№RpcEptMapper№4Р!к▐Є▌╥еєg"┴ЇД╧d%╪№RpcSs№6Р!к▐Є▌╥еєg"┴ЇД╧d&╪№rspndr4Р!к▐Є▌╥еєg"┴ЇД╧d^╪№SamSs▌aаР:Р!к▐Є▌╥еєg"┴ЇД╧d_╪№ScheduleР'к▐Є▌╥еєg"┴ЇД╧d╜┘№HTTPWinRM└В6Р(к▐Є▌╥еєg"┴ЇД╧d╛┘№HTTPйC@Р'к▐Є▌╥еєg"┴ЇД╧d╛┘№RpcSsWinRM8Р(к▐Є▌╥еєg"┴ЇД╧d┐┘№RpcSslРTк▐Є▌╥еєg"┴ЇД╧d╚┘№WinRMNT AUTHORITY\NetworkServiceB"йCXР"к▐Є▌╥еєg"┴ЇД╧d┌№FSFilter Virtualization,Р1к▐Є▌╥еєg"┴ЇД╧d┌№ds4Р2к▐Є▌╥еєg"┴ЇД╧d┌№luafvc%8Р3к▐Є▌╥еєg"┴ЇД╧d┌№luafv4Р к%ц╛еi4НеФйАs\и.∙ДJ№luafvFк4Р кшХЙK м▓dS]Kяд┤x №luafv,Р1к▐Є▌╥еєg"┴ЇД╧dЇx №DР"к▐Є▌╥еєg"┴ЇД╧dvy №ProfSvc_Groupcl,Р1к▐Є▌╥еєg"┴ЇД╧dyy №▌aаР4Р2к▐Є▌╥еєg"┴ЇД╧d{y №gpsvcПк8Р3к▐Є▌╥еєg"┴ЇД╧d|y №gpsvcМРGк}da╬{%:lт%М╚╨┘/z №BITSC:\Windows\system32\svchost.exe -k netsvcs_GЪРGк}da╬{%:lт%М╚╨┘/z №CertPropSvcC:\Windows\system32\svchost.exe -k netsvcs*РРGк}da╬{%:lт%М╚╨┘/\z №DsmSvcC:\Windows\system32\svchost.exe -k netsvcsТРGк}da╬{%:lт%М╚╨┘/kz №EaphostC:\Windows\system32\svchost.exe -k netsvcsРРGк}da╬{%:lт%М╚╨┘/░z №hkmsvcC:\Windows\system32\svchost.exe -k netsvcsРРGк}da╬{%:lт%М╚╨┘/╜z №IKEEXTC:\Windows\system32\svchost.exe -k netsvcsФРGк}da╬{%:lт%М╚╨┘/╩z №iphlpsvcC:\Windows\system32\svchost.exe -k netsvcs№ЬРGк}da╬{%:lт%М╚╨┘/фz №LanmanServerC:\Windows\system32\svchost.exe -k netsvcsОРGк}da╬{%:lт%М╚╨┘/{ №MMCSSC:\Windows\system32\svchost.exe -k netsvcs,ТРGк}da╬{%:lт%М╚╨┘/.{ №MSiSCSIC:\Windows\system32\svchost.exe -k netsvcsаб"q└ВРРGк}da╬{%:lт%М╚╨┘/E{ №NcaSvcC:\Windows\system32\svchost.exe -k netsvcsТРGк}da╬{%:lт%М╚╨┘/Л{ №RasAutoC:\Windows\system32\svchost.exe -k netsvcs№РРGк}da╬{%:lт%М╚╨┘/Ш{ №RasManC:\Windows\system32\svchost.exe -k netsvcsЬРGк}da╬{%:lт%М╚╨┘/┤{ №RemoteAccessC:\Windows\system32\svchost.exe -k netsvcsnEФРGк}da╬{%:lт%М╚╨┘/щ{ №ScheduleC:\Windows\system32\svchost.exe -k netsvcs<NЪРGк}da╬{%:lт%М╚╨┘/Ў{ №SCPolicySvcC:\Windows\system32\svchost.exe -k netsvcsaciМРGк}da╬{%:lт%М╚╨┘/| №SENSC:\Windows\system32\svchost.exe -k netsvcs№ШРGк}da╬{%:lт%М╚╨┘/| №SessionEnvC:\Windows\system32\svchost.exe -k netsvcsЬРGк}da╬{%:lт%М╚╨┘/$| №SharedAccessC:\Windows\system32\svchost.exe -k netsvcsarдРGк}da╬{%:lт%М╚╨┘/0| №ShellHWDetectionC:\Windows\system32\svchost.exe -k netsvcs╦╘[ЮРGк}da╬{%:lт%М╚╨┘/6} №wercplsupportC:\Windows\system32\svchost.exe -k netsvcs└ВТРGк}da╬{%:lт%М╚╨┘/R} №WinmgmtC:\Windows\system32\svchost.exe -k netsvcsР к┬╤Цw∙█cВIs■4bS!╞ |№Themes @РUк┬╤Цw∙█cВIs■4bSk╞ №EventSystem>Р к┬╤Цw∙█cВIs■4bS■╟ |№ScheduleLDРк▐0(\ЭЄ№├  ЁаH▄ pF И№gpsvcDРк▐0(\ЭЄ№├  ЁаH▄ ТF И№gpsvcJкDРк▐0(\ЭЄ№├  ЁаH▄ `H И№gpsvc"q└ВDРк▐0(\ЭЄ№├  ЁаH▄ wH И№gpsvc№DРк▐0(\ЭЄ№├  ЁаH▄ ZI И№gpsvcvDРк▐0(\ЭЄ№├  ЁаH▄ K И№gpsvc№DРк▐0(\ЭЄ№├  ЁаH▄ *K И№gpsvc8РТк▄МР к┬╤Цw∙█cВIs■4bS╧Ї А№ScheduleрPРк▐0(\ЭЄ№├  ЁаH▄ tO И№EventSystemPРк▐0(\ЭЄ№├  ЁаH▄ в\ И№EventSystem@Рк▐0(\ЭЄ№├  ЁаH▄ з\ И№EventSystem,Р1к▐Є▌╥еєg"┴ЇД╧dп\ №Nк2Р2к▐Є▌╥еєg"┴ЇД╧d╗\ №SENS6Р3к▐Є▌╥еєg"┴ЇД╧d┼\ №SENSr2РUк┬╤Цw∙█cВIs■4bS] №SENSРкJРsкЬёC╙ъpq└p╔bRжъ|-] №PSENSЁPЩ$Шаб"q└ВBРкR·ъ_6ПЭ:N)Д;O∙] И№SENSрort(Р8к▐Є▌╥еєg"┴ЇД╧dг^ №BРк▐0(\ЭЄ№├  ЁаH▄ >з И№SENSmshBРк▐0(\ЭЄ№├  ЁаH▄ ╘л И№SENSAon%2Рк▐0(\ЭЄ№├  ЁаH▄ м И№SENSAHC,Р1к▐Є▌╥еєg"┴ЇД╧d%м №╦╘[2Р"к▐Є▌╥еєg"┴ЇД╧dSм №NDISР3к▐Є▌╥еєg"┴ЇД╧d!╘ №Dnscachex:РUк┬╤Цw∙█cВIs■4bS^╘ №Dnscache№RРsкЬёC╙ъpq└p╔bRжъ|N╓ №PDnscache¤$ШULLJРкR·ъ_6ПЭ:N)Д;O"╫ И№Dnscache╘Р3к▐Є▌╥еєg"┴ЇД╧dЦ├№Schedule:РUк┬╤Цw∙█cВIs■4bSф├№ScheduleO¤╦╘[RРsкЬёC╙ъpq└p╔bRжъ|№├№PScheduleЁPЩ$ШsbJРкR·ъ_6ПЭ:N)Д;O▓─Д№ScheduleрР"к▐Є▌╥еєg"┴ЇД╧dLў№AudioGroupN:Рjк┬╤Цw∙█cВIs■4bSOўА№SchedulengE,Р1к▐Є▌╥еєg"┴ЇД╧dOў№B"йC<Р2к▐Є▌╥еєg"┴ЇД╧dQў№FontCachece@Р3к▐Є▌╥еєg"┴ЇД╧dQў№FontCacheBР к┬╤Цw∙█cВIs■4bSTўА№Schedule +BР к┬╤Цw∙█cВIs■4bSWў|№Schedule иц▌aаРJРк▐0(\ЭЄ№├  ЁаH▄ eўД№Schedule┼rkW<РUк┬╤Цw∙█cВIs■4bS°№FontCacheTРsкЬёC╙ъpq└p╔bRжъ|=·№PFontCache░є$ШLРкR·ъ_6ПЭ:N)Д;O√|№FontCache"q└В(Р8к▐Є▌╥еєg"┴ЇД╧d─√№LРк▐0(\ЭЄ№├  ЁаH▄ эЛ|№FontCacheLРк▐0(\ЭЄ№├  ЁаH▄ IР|№FontCache№<Рк▐0(\ЭЄ№├  ЁаH▄ NР|№FontCache"q└В,Р1к▐Є▌╥еєg"┴ЇД╧dXР№erHР"к▐Є▌╥еєg"┴ЇД╧dvР№NetworkProvider,Р1к▐Є▌╥еєg"┴ЇД╧dxР№0Р2к▐Є▌╥еєg"┴ЇД╧dyР№BFE4Р3к▐Є▌╥еєg"┴ЇД╧dzР№BFEeжРGк}da╬{%:lт%М╚╨┘/иС№BFEC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkкжРGк}da╬{%:lт%М╚╨┘/Т№DPSC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkRмРGк}da╬{%:lт%М╚╨┘/-У№MpsSvcC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkusжРGк}da╬{%:lт%М╚╨┘/ЬУ№plaC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkf0РIк}da╬{%:lт%М╚╨┘/ОЦ№,РJк}da╬{%:lт%М╚╨┘/ПЦ№к,Р`к}da╬{%:lт%М╚╨┘/╡Ш№ubжРGк┬╤Цw∙█cВIs■4bS═Э№C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkBFE.dР^к┬╤Цw∙█cВIs■4bS╪Э№SeAssignPrimaryTokenPrivilegeGPZР^к┬╤Цw∙█cВIs■4bSрЭ№SeIncreaseQuotaPrivilegeт╞(zu░жРMк┬╤Цw∙█cВIs■4bSщЭ№ BFEC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkJР^к┬╤Цw∙█cВIs■4bSъЭ№SeAuditPrivilege№,Р\к┬╤Цw∙█cВIs■4bSьЭ№VР^к┬╤Цw∙█cВIs■4bSяЭ№SeImpersonatePrivilegeXР^к┬╤Цw∙█cВIs■4bSЄЭ№SeCreateGlobalPrivilegeжРMк┬╤Цw∙█cВIs■4bS·Э№!BFEC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkaжРMк┬╤Цw∙█cВIs■4bSЮ№"BFEC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkrжРOк┬╤Цw∙█cВIs■4bSЮ№BFEC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkйC0Р,к┬╤Цw∙█cВIs■4bSХж№BFE^РOк}da╬{%:lт%М╚╨┘/гж№(A;;GA;;;S-1-5-5-0-102889)кЬРTк}da╬{%:lт%М╚╨┘/ыз№D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;RC;;;OW)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-1383147646-27650227-2710666058-1662982300-1023958487)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-2661322625-712705077-2999183737-3043590567-590698655)(A;;SW;;;BA)╨РXк}da╬{%:lт%М╚╨┘/Tи№D:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;RC;;;OW)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-1383147646-27650227-2710666058-1662982300-1023958487)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-3088073201-1464728630-1879813800-1107566885-823218052)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-80-2661322625-712705077-2999183737-3043590567-590698655)(A;;SW;;;BA)(A;;GA;;;S-1-5-5-0-102889)8РcкЬёC╙ъpq└p╔bRжъ|\и№pXЩ$Ши<РYкЬёC╙ъpq└p╔bRжъ|P╩|№tpXЩ$Ш№,РgкЬёC╙ъpq└p╔bRжъ|S╩№tB"йCHРsкЬёC╙ъpq└p╔bRжъ|q╩№PBFEpXЩ$Ш@РкR·ъ_6ПЭ:N)Д;OT╠|№BFEtLР2к▐Є▌╥еєg"┴ЇД╧dв╠№LanmanWorkstationк6Р2к▐Є▌╥еєg"┴ЇД╧dе╠№MpsSvc:Р2к▐Є▌╥еєg"┴ЇД╧dж╠№mrxsmb20j(Р8к▐Є▌╥еєg"┴ЇД╧d▒╠№@Рк▐0(\ЭЄ№├  ЁаH▄ Иц|№BFEDР∙к▄МР∙к▄МР∙к▄МР∙к▄МР∙к▄МР∙к▄МР∙к▄МР3к▐Є▌╥еєg"┴ЇД╧dc №mrxsmb20кFРк▐0(\ЭЄ№├  ЁаH▄ )|№MpsSvc:Р к%ц╛еi4НеФйАs\и.∙┤z№mrxsmb20mic:Р кшХЙK м▓dS]KядNН№mrxsmb20№(Р8к▐Є▌╥еєg"┴ЇД╧dЕН№FРк▐0(\ЭЄ№├  ЁаH▄ 7Q|№MpsSvc6Рк▐0(\ЭЄ№├  ЁаH▄ к}da╬{%:lт%М╚╨┘/ й №SpoolerC:\Windows\System32\spoolsv.exe0РIк}da╬{%:lт%М╚╨┘/й №,Р`к}da╬{%:lт%М╚╨┘/'л №SC|РGк┬╤Цw∙█cВIs■4bSCл №C:\Windows\System32\spoolsv.exeSpoolerFкdР^к┬╤Цw∙█cВIs■4bSOл №SeAssignPrimaryTokenPrivilege▌aаР|РMк┬╤Цw∙█cВIs■4bSSл №SpoolerC:\Windows\System32\spoolsv.exe▌aаР|РMк┬╤Цw∙█cВIs■4bSWл №SpoolerC:\Windows\System32\spoolsv.exe№FР^к┬╤Цw∙█cВIs■4bSXл №SeTcbPrivilegeD|РMк┬╤Цw∙█cВIs■4bS\л №SpoolerC:\Windows\System32\spoolsv.exeRA|РMк┬╤Цw∙█cВIs■4bS`л № SpoolerC:\Windows\System32\spoolsv.exe;VTР^к┬╤Цw∙█cВIs■4bScл №SeLoadDriverPrivilegeri|РMк┬╤Цw∙█cВIs■4bSfл № SpoolerC:\Windows\System32\spoolsv.exee|РMк┬╤Цw∙█cВIs■4bSiл № SpoolerC:\Windows\System32\spoolsv.exe2T|РMк┬╤Цw∙█cВIs■4bSlл № SpoolerC:\Windows\System32\spoolsv.exee|РMк┬╤Цw∙█cВIs■4bSoл №SpoolerC:\Windows\System32\spoolsv.exeB"йC|РMк┬╤Цw∙█cВIs■4bSrл №SpoolerC:\Windows\System32\spoolsv.exe.S|РMк┬╤Цw∙█cВIs■4bSuл №SpoolerC:\Windows\System32\spoolsv.exeen|РMк┬╤Цw∙█cВIs■4bSxл №SpoolerC:\Windows\System32\spoolsv.exe№|РMк┬╤Цw∙█cВIs■4bS{л №SpoolerC:\Windows\System32\spoolsv.exe|РMк┬╤Цw∙█cВIs■4bS~л №SpoolerC:\Windows\System32\spoolsv.exe▌aаР|РMк┬╤Цw∙█cВIs■4bSБл №SpoolerC:\Windows\System32\spoolsv.exe"q└ВJР^к┬╤Цw∙█cВIs■4bSГл №SeAuditPrivilegecms|РMк┬╤Цw∙█cВIs■4bSЗл №SpoolerC:\Windows\System32\spoolsv.exe▌aаР,Р\к┬╤Цw∙█cВIs■4bSЗл №er|РMк┬╤Цw∙█cВIs■4bSКл №SpoolerC:\Windows\System32\spoolsv.exe|РMк┬╤Цw∙█cВIs■4bSНл №SpoolerC:\Windows\System32\spoolsv.exe└ВVР^к┬╤Цw∙█cВIs■4bSПл №SeImpersonatePrivileger|РMк┬╤Цw∙█cВIs■4bSТл №SpoolerC:\Windows\System32\spoolsv.exevi|РMк┬╤Цw∙█cВIs■4bSЦл №!SpoolerC:\Windows\System32\spoolsv.exeB"йC|РMк┬╤Цw∙█cВIs■4bSЩл №"SpoolerC:\Windows\System32\spoolsv.exeHo|РMк┬╤Цw∙█cВIs■4bSЭл №#SpoolerC:\Windows\System32\spoolsv.exe№|РOк┬╤Цw∙█cВIs■4bSбл №SpoolerC:\Windows\System32\spoolsv.exe№8Р'к┬╤Цw∙█cВIs■4bS┌о №Spooler8Р,к┬╤Цw∙█cВIs■4bSf!№Spooler8РcкЬёC╙ъpq└p╔bRжъ|l!№Ё■$Ш╨<РYкЬёC╙ъpq└p╔bRжъ|pў!Д№ЁЁ■$ШB"йC,РgкЬёC╙ъpq└p╔bRжъ|uў!№ЁPРsкЬёC╙ъpq└p╔bRжъ|аў!№QSpoolerЁ■$ШHРкR·ъ_6ПЭ:N)Д;O╫∙!Д№Spooler#Ё(Р8к▐Є▌╥еєg"┴ЇД╧d(·!№HРк▐0(\ЭЄ№├  ЁаH▄ О"Д№SpoolerPРrкЬёC╙ъpq└p╔bRжъ|бФ"Д№ SpoolerЁЁ■$ШHРк▐0(\ЭЄ№├  ЁаH▄ ░м"Д№SpoolerHРк▐0(\ЭЄ№├  ЁаH▄ н"Д№Spooler┴8Рк▐0(\ЭЄ№├  ЁаH▄ aн"Д№Spooler,Р1к▐Є▌╥еєg"┴ЇД╧dlн"№№(Р#к▐Є▌╥еєg"┴ЇД╧dЪн"№,Р1к▐Є▌╥еєg"┴ЇД╧dЫн"№:Р2к▐Є▌╥еєg"┴ЇД╧dЭн"№iphlpsvcаб"q└ВBР2к▐Є▌╥еєg"┴ЇД╧dЯн"№LanmanServerаб"q└В:Р2к▐Є▌╥еєg"┴ЇД╧dбн"№mrxsmb10Р3к▐Є▌╥еєg"┴ЇД╧dвн"№mrxsmb10к:Р к%ц╛еi4НеФйАs\и.∙F#№mrxsmb10NUL:Р кшХЙK м▓dS]Kяд*K#№mrxsmb10c 6Р2к▐Є▌╥еєg"┴ЇД╧dnK#№PEAUTH}:Р3к▐Є▌╥еєg"┴ЇД╧doK#№PEAUTHc└В6Р к%ц╛еi4НеФйАs\и.∙аз#№PEAUTHFР к┬╤Цw∙█cВIs■4bS~л#|№AppReadinessМ6Р кшХЙK м▓dS]Kядг╕$№PEAUTHFР2к▐Є▌╥еєg"┴ЇД╧d∙╕$№RemoteRegistrytJР3к▐Є▌╥еєg"┴ЇД╧d·╕$№RemoteRegistryиц▌aаРFРUк┬╤Цw∙█cВIs■4bSC╣$№RemoteRegistry└В^РsкЬёC╙ъpq└p╔bRжъ|╚╗$№PRemoteRegistry░є$ШкVРкR·ъ_6ПЭ:N)Д;O╦╝$Д№RemoteRegistry%U6Р2к▐Є▌╥еєg"┴ЇД╧dv╜$№secdrvH:Р3к▐Є▌╥еєg"┴ЇД╧dw╜$№secdrv.6Р к%ц╛еi4НеФйАs\и.∙[%№secdrvкVРк▐0(\ЭЄ№├  ЁаH▄ ├4%Д№RemoteRegistryкVРк▐0(\ЭЄ№├  ЁаH▄ ·A%Д№RemoteRegistryкFРк▐0(\ЭЄ№├  ЁаH▄  A%Д№RemoteRegistryl6Р кшХЙK м▓dS]Kядиu%№secdrvM0Р2к▐Є▌╥еєg"┴ЇД╧dёu%№srv2Р2к▐Є▌╥еєg"┴ЇД╧dєu%№srv2erv6Р2к▐Є▌╥еєg"┴ЇД╧dЇu%№srvnetM:Р3к▐Є▌╥еєg"┴ЇД╧dїu%№srvnetilt6Р к%ц╛еi4НеФйАs\и.∙╫╧%№srvnet6Р кшХЙK м▓dS]Kяд\У&№srvnet└В:Р2к▐Є▌╥еєg"┴ЇД╧dТУ&№tcpipregРк>Р3к▐Є▌╥еєg"┴ЇД╧dУУ&№tcpipregйC:Р к%ц╛еi4НеФйАs\и.∙Eю&№tcpipregG'№dot3svcC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricteds.╝РGк}da╬{%:lт%М╚╨┘/ЭG'№hidservC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted║РGк}da╬{%:lт%М╚╨┘/xH'№NetmanC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedА'№WinRM4РUк┬╤Цw∙█cВIs■4bSТА'№WinRMB"йCLРsкЬёC╙ъpq└p╔bRжъ|ЛВ'№PWinRM¤$Ш▌╥еє`Рк▐0(\ЭЄ№├  ЁаH▄ ╧В'Д№WinHttpAutoProxySvcDРкR·ъ_6ПЭ:N)Д;OoГ'Д№WinRM)╘Gк(Р8к▐Є▌╥еєg"┴ЇД╧dД'№,Р1к▐Є▌╥еєg"┴ЇД╧dД'№nd:Р2к▐Є▌╥еєg"┴ЇД╧d$Д'№iphlpsvccomBР2к▐Є▌╥еєg"┴ЇД╧d&Д'№LanmanServercom0Р2к▐Є▌╥еєg"┴ЇД╧d-Д'№srv2Р2к▐Є▌╥еєg"┴ЇД╧d.Д'№srv2nch6Р3к▐Є▌╥еєg"┴ЇД╧d/Д'№srv2i`Рк▐0(\ЭЄ№├  ЁаH▄ vЛ'Д№WinHttpAutoProxySvcA2Р к%ц╛еi4НеФйАs\и.∙▀'№srv20PРк▐0(\ЭЄ№├  ЁаH▄ Г▀'Д№WinHttpAutoProxySvc2Р кшХЙK м▓dS]Kяд'L(№srv2М╚╨┘/>Р5к▐Є▌╥еєg"┴ЇД╧d`L(№TrkWks0ut@Р5к▐Є▌╥еєg"┴ЇД╧dfL(№Winmgmt0u<Р5к▐Є▌╥еєg"┴ЇД╧dgL(№WinRM0uC:(Р8к▐Є▌╥еєg"┴ЇД╧djL(№,Р1к▐Є▌╥еєg"┴ЇД╧dlL(№h:Р2к▐Є▌╥еєg"┴ЇД╧drL(№iphlpsvcmEvBР2к▐Є▌╥еєg"┴ЇД╧dtL(№LanmanServerchoFР3к▐Є▌╥еєg"┴ЇД╧duL(№LanmanServer┘/BРUк┬╤Цw∙█cВIs■4bS┬L(№LanmanServerrvZРsкЬёC╙ъpq└p╔bRжъ|╫L(№PLanmanServerЁPЩ$Ш0RРкR·ъ_6ПЭ:N)Д;OаM(Д№LanmanServer*рNU0Р2к▐Є▌╥еєg"┴ЇД╧dnN(№srv4Р3к▐Є▌╥еєg"┴ЇД╧doN(№srvPl0Р к%ц╛еi4НеФйАs\и.∙Dз(№srvFРк▐0(\ЭЄ№├  ЁаH▄ ю╡)Д№TrkWksкFРк▐0(\ЭЄ№├  ЁаH▄ F╢)Д№TrkWks6Рк▐0(\ЭЄ№├  ЁаH▄ J╢)Д№TrkWksЄ№0Р кшХЙK м▓dS]Kяд+├)№srv@Р5к▐Є▌╥еєg"┴ЇД╧dl├)№Winmgmt0u<Р5к▐Є▌╥еєg"┴ЇД╧do├)№WinRM0und(Р8к▐Є▌╥еєg"┴ЇД╧dr├)№,Р1к▐Є▌╥еєg"┴ЇД╧dt├)№:Р2к▐Є▌╥еєg"┴ЇД╧dy├)№iphlpsvc№JР5к▐Є▌╥еєg"┴ЇД╧d{├)№LanmanServer0uO¤╦╘[@Р5к▐Є▌╥еєg"┴ЇД╧dД├)№Winmgmt0u<Р5к▐Є▌╥еєg"┴ЇД╧dЕ├)№WinRM0uД╧d(Р8к▐Є▌╥еєg"┴ЇД╧dЖ├)№HРк▐0(\ЭЄ№├  ЁаH▄ Yщ*Д№WinmgmtHРк▐0(\ЭЄ№├  ЁаH▄ Вщ*Д№Winmgmt8Рк▐0(\ЭЄ№├  ЁаH▄ Кщ*Д№Winmgmt,Р1к▐Є▌╥еєg"┴ЇД╧dЩщ*№к:Р2к▐Є▌╥еєg"┴ЇД╧dбщ*№iphlpsvcro>Р3к▐Є▌╥еєg"┴ЇД╧dпщ*№iphlpsvcDРк▐0(\ЭЄ№├  ЁаH▄ фщ*Д№WinRM$к:РUк┬╤Цw∙█cВIs■4bS ъ*№iphlpsvcаб"q└ВRРsкЬёC╙ъpq└p╔bRжъ|9ъ*№PiphlpsvcЁPЩ$ШorkJРкR·ъ_6ПЭ:N)Д;Oы*Д№iphlpsvc+р╬3АРJР5к▐Є▌╥еєg"┴ЇД╧dь*№LanmanServer0uРZк<Р5к▐Є▌╥еєg"┴ЇД╧dь*№WinRM`ъ(Р8к▐Є▌╥еєg"┴ЇД╧d ь*№RРк▐0(\ЭЄ№├  ЁаH▄ o╦,Д№LanmanServer№JРк▐0(\ЭЄ№├  ЁаH▄ u╠,Д№iphlpsvcР)кRРк▐0(\ЭЄ№├  ЁаH▄ E╠-Д№LanmanServerЄ▌╥еєJРк▐0(\ЭЄ№├  ЁаH▄ rб.Д№iphlpsvc╔3:Рк▐0(\ЭЄ№├  ЁаH▄ в.Д№iphlpsvcЄ▌╥еє,Р1к▐Є▌╥еєg"┴ЇД╧d"в.№erJР5к▐Є▌╥еєg"┴ЇД╧dHв.№LanmanServer0uЄ▌╥еє<Р5к▐Є▌╥еєg"┴ЇД╧dТв.№WinRM`ъ\N(Р8к▐Є▌╥еєg"┴ЇД╧dЧв.№RРrкЬёC╙ъpq└p╔bRжъ|не.Д№ iphlpsvcрЁPЩ$ШЄ▌╥еєDРк▐0(\ЭЄ№├  ЁаH▄ ∙10Д№WinRM№4Рк▐0(\ЭЄ№├  ЁаH▄ 20Д№WinRM,Р1к▐Є▌╥еєg"┴ЇД╧d20№UкJР5к▐Є▌╥еєg"┴ЇД╧d:20№LanmanServer0u╔bRжъ|(Р8к▐Є▌╥еєg"┴ЇД╧do20№RРк▐0(\ЭЄ№├  ЁаH▄ ╢1Д№LanmanServerhBРк▐0(\ЭЄ№├  ЁаH▄ !1Д№LanmanServertMa,Р1к▐Є▌╥еєg"┴ЇД╧dS"1№-Р$к▐Є▌╥еєg"┴ЇД╧dc$1№autoк(Рк▐Є▌╥еєg"┴ЇД╧dї&1№,Ркэ╩▀┌SлV"F8r┴F$D,1№└╘st(Р кэ╩▀┌SлV"F8r┴F$.1№(Р:кШxb2═╤s┼lаS!¤,s╖.1№FР?кШxb2═╤s┼lаS!¤,s$D1№ncacn_ip_tcpv(РCкШxb2═╤s┼lаS!¤,sЧE1№,РGкШxb2═╤s┼lаS!¤,sЫG1№!№(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X╕G1№8РкeЗ╘е╩ЎMеЫ╙ЖZv╔XфG1|№N@$Э$ШBРк▐Є▌╥еєg"┴ЇД╧dчG1|№AppReadiness -kBРк▐Є▌╥еєg"┴ЇД╧dшG1|№AppReadiness4BРRк▐Є▌╥еєg"┴ЇД╧d G1|№AppReadinesstem(Р#к▐Є▌╥еєg"┴ЇД╧d&I1|№,Р1к▐Є▌╥еєg"┴ЇД╧d(I1|№№BР2к▐Є▌╥еєg"┴ЇД╧d)I1|№AppReadiness2\sFР3к▐Є▌╥еєg"┴ЇД╧d*I1|№AppReadinessжРGк}da╬{%:lт%М╚╨┘/▀I1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessi0РIк}da╬{%:lт%М╚╨┘/юУ1|№:Р к┬╤Цw∙█cВIs■4bS=а1╨№DsmSvc№Is■4bS,Р`к}da╬{%:lт%М╚╨┘/y▓1|№PrжРGк┬╤Цw∙█cВIs■4bS║1|№C:\Windows\System32\svchost.exe -k AppReadinessAppReadinessжРMк┬╤Цw∙█cВIs■4bS║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadiness█cжРMк┬╤Цw∙█cВIs■4bS║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРMк┬╤Цw∙█cВIs■4bS║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessЭFР^к┬╤Цw∙█cВIs■4bS║1|№SeTcbPrivilegepжРMк┬╤Цw∙█cВIs■4bS"║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРMк┬╤Цw∙█cВIs■4bS&║1|№ AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРMк┬╤Цw∙█cВIs■4bS*║1|№ AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessSжРMк┬╤Цw∙█cВIs■4bS-║1|№ AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessйCжРMк┬╤Цw∙█cВIs■4bS0║1|№ AppReadinessC:\Windows\System32\svchost.exe -k AppReadinesshР^к┬╤Цw∙█cВIs■4bS4║1|№SeProfileSingleProcessPrivilegeжРMк┬╤Цw∙█cВIs■4bS7║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessъ|жРMк┬╤Цw∙█cВIs■4bS:║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРMк┬╤Цw∙█cВIs■4bS>║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessЄ№LР^к┬╤Цw∙█cВIs■4bS@║1|№SeBackupPrivilegeаH▄ NР^к┬╤Цw∙█cВIs■4bSB║1|№SeRestorePrivilegeВжРMк┬╤Цw∙█cВIs■4bSE║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessкжРMк┬╤Цw∙█cВIs■4bSH║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРMк┬╤Цw∙█cВIs■4bSK║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinesseжРMк┬╤Цw∙█cВIs■4bSM║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessm,Р\к┬╤Цw∙█cВIs■4bSN║1|№Д╧dжРMк┬╤Цw∙█cВIs■4bSQ║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРMк┬╤Цw∙█cВIs■4bST║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessкVР^к┬╤Цw∙█cВIs■4bSU║1|№SeImpersonatePrivilegeжРMк┬╤Цw∙█cВIs■4bSX║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРMк┬╤Цw∙█cВIs■4bS[║1|№!AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРMк┬╤Цw∙█cВIs■4bS^║1|№"AppReadinessC:\Windows\System32\svchost.exe -k AppReadinesssжРMк┬╤Цw∙█cВIs■4bS`║1|№#AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessжРOк┬╤Цw∙█cВIs■4bSf║1|№AppReadinessC:\Windows\System32\svchost.exe -k AppReadinessaBР к┬╤Цw∙█cВIs■4bS╗1И№WPDBusEnum№pcEBР,к┬╤Цw∙█cВIs■4bS┴─1|№AppReadinessice8РcкЬёC╙ъpq└p╔bRжъ|╔─1|№-$Ш4<РYкЬёC╙ъpq└p╔bRжъ|юс1X№-$ШrD,РgкЬёC╙ъpq└p╔bRжъ|╠т1|№psZРsкЬёC╙ъpq└p╔bRжъ|&ч1|№PAppReadinessМ-$Ш8RРкR·ъ_6ПЭ:N)Д;O&°1и№AppReadiness-8/Р$к▐Є▌╥еєg"┴ЇД╧dс■1|№demandd(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔Xz 1|№JР к┬╤Цw∙█cВIs■4bSу 1|№AppReadiness\sy8РкeЗ╘е╩ЎMеЫ╙ЖZv╔XХ2╨№N.Э$Ш6Рк▐Є▌╥еєg"┴ЇД╧dШ2╨№DsmSvc┘/6Рк▐Є▌╥еєg"┴ЇД╧dЩ2╨№DsmSvc@Р)к▐Є▌╥еєg"┴ЇД╧dЫ2╨№HTTPDsmSvcTРк┬╤Цw∙█cВIs■4bS┴2|№AppReadinessS-1-5-18:\BР)к▐Є▌╥еєg"┴ЇД╧dC2╨№RpcSsDsmSvcЦw∙█cJР)к▐Є▌╥еєg"┴ЇД╧dD2╨№DcomLaunchRpcSsm32>РRк▐Є▌╥еєg"┴ЇД╧d╢2╨№DcomLaunchNР)к▐Є▌╥еєg"┴ЇД╧d╟2╨№RpcEptMapperRpcSszРTк▐Є▌╥еєg"┴ЇД╧dС 2╨№RpcEptMapperNT AUTHORITY\NetworkService8lРTк▐Є▌╥еєg"┴ЇД╧dб 2╨№RpcSsNT AUTHORITY\NetworkServicevc6РRк▐Є▌╥еєg"┴ЇД╧dн 2╨№DsmSvc.(Р#к▐Є▌╥еєg"┴ЇД╧d2╨№,Р1к▐Є▌╥еєg"┴ЇД╧d2╨№s\BРKк▐Є▌╥еєg"┴ЇД╧d2╨№AppReadiness96Р2к▐Є▌╥еєg"┴ЇД╧d 2╨№DsmSvc:Р3к▐Є▌╥еєg"┴ЇД╧d"2╨№DsmSvc№6РUк┬╤Цw∙█cВIs■4bS▓2╨№DsmSvcNРpкЬёC╙ъpq└p╔bRжъ|/2╨№PDsmSvc№ЁPЩ$Ш0ёFРкR·ъ_6ПЭ:N)Д;O╧2|№DsmSvc.р/Р$к▐Є▌╥еєg"┴ЇД╧d╢,2╨№demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔XХ-2╨№>Р к┬╤Цw∙█cВIs■4bS°-2╨№DsmSvc▄ 8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X4.2И№N )Э$Ш>Рк▐Є▌╥еєg"┴ЇД╧d5.2И№WPDBusEnumеє>Рк▐Є▌╥еєg"┴ЇД╧d6.2И№WPDBusEnumJР)к▐Є▌╥еєg"┴ЇД╧d7.2И№RpcSsWPDBusEnumBJР)к▐Є▌╥еєg"┴ЇД╧d8.2И№DcomLaunchRpcSsB>РRк▐Є▌╥еєg"┴ЇД╧dO.2И№DcomLaunchNNР)к▐Є▌╥еєg"┴ЇД╧dP.2И№RpcEptMapperRpcSsкzРTк▐Є▌╥еєg"┴ЇД╧d`.2И№RpcEptMapperNT AUTHORITY\NetworkServiceperlРTк▐Є▌╥еєg"┴ЇД╧dk.2И№RpcSsNT AUTHORITY\NetworkServiceNeHРк┬╤Цw∙█cВIs■4bSo.2╨№DsmSvcS-1-5-18>РRк▐Є▌╥еєg"┴ЇД╧d|.2И№WPDBusEnumc6РUк%ц╛еi4НеФйАs\и.∙М.2А№DsmSvcE(Р#к▐Є▌╥еєg"┴ЇД╧dУ/2И№,Р1к▐Є▌╥еєg"┴ЇД╧dХ/2И№BРKк▐Є▌╥еєg"┴ЇД╧dЦ/2И№AppReadinessB6РKк▐Є▌╥еєg"┴ЇД╧dЧ/2И№DsmSvcк>Р2к▐Є▌╥еєg"┴ЇД╧dЬ/2И№WPDBusEnumBР3к▐Є▌╥еєg"┴ЇД╧dЭ/2И№WPDBusEnummEv>РUк┬╤Цw∙█cВIs■4bS▐/2И№WPDBusEnumVРpкЬёC╙ъpq└p╔bRжъ|√/2И№PWPDBusEnum№2$ШNРкR·ъ_6ПЭ:N)Д;O 12А№WPDBusEnum//Р$к▐Є▌╥еєg"┴ЇД╧dЇ12И№demandў(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X22И№FР к┬╤Цw∙█cВIs■4bS 22И№WPDBusEnumPРк┬╤Цw∙█cВIs■4bS\22И№WPDBusEnumS-1-5-18>РUк%ц╛еi4НеФйАs\и.∙r22Д№WPDBusEnumк(Рк▐0(\ЭЄ№├  ЁаH▄ Y2X№,Рк▐0(\ЭЄ№├  ЁаH▄ Y2X№йC6Рmк%ц╛еi4НеФйАs\и.∙А╝2X№DsmSvcv6РYк%ц╛еi4НеФйАs\и.∙Ш*3Д№NcaSvcJР кЬёC╙ъpq└p╔bRжъ|d+3И№W32Time@NULLtalPРsкЬёC╙ъpq└p╔bRжъ|{+3И№W32Time№░є$ШHРк▐0(\ЭЄ№├  ЁаH▄ 3,3Д№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ z,3╨№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ и,3╨№W32Time4РKкШxb2═╤s┼lаS!¤,s╜,3И№▌╥еєHРк▐0(\ЭЄ№├  ЁаH▄ ─,3╨№W32Time`РNкШxb2═╤s┼lаS!¤,s╩,3И№═d\O√|▀~: Q▄~▐Пеc (бЛRЕQ)0x40030011HРк▐0(\ЭЄ№├  ЁаH▄ ▌,3╨№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ -3И№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ !-3╨№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ @-3А№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ X-3А№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ o-3А№W32Time        А╪(А@y╙╪ 8АШр  8АЧр  HРк▐0(\ЭЄ№├  ЁаH▄ Й-3А№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ а-3А№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ .3А№W32TimeHРк▐0(\ЭЄ№├  ЁаH▄ %]?А№W32TimeNРк▐0(\ЭЄ№├  ЁаH▄ ╛╔BА№WPDBusEnumЄ№NРк▐0(\ЭЄ№├  ЁаH▄ █CА№WPDBusEnum┴к>Рк▐0(\ЭЄ№├  ЁаH▄ CА№WPDBusEnum[NРrкЬёC╙ъpq└p╔bRжъ|╧╖CА№ DsmSvcрЁPЩ$ШFРк▐0(\ЭЄ№├  ЁаH▄ ╕C╨№DsmSvc:РТк▄МРhк%ц╛еi4НеФйАs\и.∙u╚CX№DsmSvcеє6РSк%ц╛еi4НеФйАs\и.∙x╚CX№DsmSvcк>Рhк%ц╛еi4НеФйАs\и.∙ё╔CX№DsmSvcc6РSк%ц╛еi4НеФйАs\и.∙Є╔CX№DsmSvcE>Рhк%ц╛еi4НеФйАs\и.∙╦╩CX№DsmSvcr6РSк%ц╛еi4НеФйАs\и.∙╠╩CX№DsmSvcRРк▐0(\ЭЄ№├  ЁаH▄ ь}DX№AppReadinessЄ▌╥еєRРк▐0(\ЭЄ№├  ЁаH▄ Э~DX№AppReadinessSerRРк▐0(\ЭЄ№├  ЁаH▄ k·EX№AppReadinessБєBРк▐0(\ЭЄ№├  ЁаH▄ r·EX№AppReadinessSvcbРrкЬёC╙ъpq└p╔bRжъ|И¤|x№ ShellHWDetectionрЁPЩ$ШєbРrкЬёC╙ъpq└p╔bRжъ|m |x№ ShellHWDetectionрЁPЩ$ШetwbРrкЬёC╙ъpq└p╔bRжъ|o}x№ ShellHWDetectionрЁPЩ$ШindbРrкЬёC╙ъpq└p╔bRжъ|\├}x№ ShellHWDetectionрЁPЩ$ШРGк>Рhк%ц╛еi4НеФйАs\и.∙Д╥}x№DsmSvco6РSк%ц╛еi4НеФйАs\и.∙Ж╥}x№DsmSvcs>Рhк%ц╛еi4НеФйАs\и.∙╜╙}x№DsmSvcк6РSк%ц╛еi4НеФйАs\и.∙╛╙}x№DsmSvc\>Рhк%ц╛еi4НеФйАs\и.∙а╘}x№DsmSvc 6РSк%ц╛еi4НеФйАs\и.∙б╘}x№DsmSvc:l>Рhк%ц╛еi4НеФйАs\и.∙╫╒}x№DsmSvcy6РSк%ц╛еi4НеФйАs\и.∙╪╒}x№DsmSvcr>Рhк%ц╛еi4НеФйАs\и.∙$╫}x№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙%╫}x№DsmSvcs>Рhк%ц╛еi4НеФйАs\и.∙3╪}x№DsmSvc└В6РSк%ц╛еi4НеФйАs\и.∙5╪}x№DsmSvc:>Рhк%ц╛еi4НеФйАs\и.∙*┘}x№DsmSvck6РSк%ц╛еi4НеФйАs\и.∙+┘}x№DsmSvc:lbРrкЬёC╙ъpq└p╔bRжъ|dя}x№ ShellHWDetectionрЁPЩ$ШIs■4bSbРrкЬёC╙ъpq└p╔bRжъ|═Ё}X№ ShellHWDetectionрЁPЩ$Шork>Рhк%ц╛еi4НеФйАs\и.∙ё}Д№DsmSvcbS6РSк%ц╛еi4НеФйАs\и.∙ё}Д№DsmSvcn>Рhк%ц╛еi4НеФйАs\и.∙?Є}Д№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙@Є}Д№DsmSvcm>Рhк%ц╛еi4НеФйАs\и.∙Еє}Д№DsmSvce6РSк%ц╛еi4НеФйАs\и.∙Жє}Д№DsmSvcu>Рhк%ц╛еi4НеФйАs\и.∙ОЇ}Д№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙РЇ}Д№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙}ї}Д№DsmSvc█c6РSк%ц╛еi4НеФйАs\и.∙~ї}Д№DsmSvcrbРrкЬёC╙ъpq└p╔bRжъ|6Н~Д№ ShellHWDetectionрЁPЩ$Ш\sy>Рhк%ц╛еi4НеФйАs\и.∙ЗО~X№DsmSvcr6РSк%ц╛еi4НеФйАs\и.∙ИО~X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙KП~X№DsmSvcs6РSк%ц╛еi4НеФйАs\и.∙LП~X№DsmSvce>Рhк%ц╛еi4НеФйАs\и.∙XР~X№DsmSvcc6РSк%ц╛еi4НеФйАs\и.∙YР~X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙С~X№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙С~X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙[Т~X№DsmSvcL6РSк%ц╛еi4НеФйАs\и.∙]Т~X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙_У~X№DsmSvcеє6РSк%ц╛еi4НеФйАs\и.∙aУ~X№DsmSvcbS>Рhк%ц╛еi4НеФйАs\и.∙GФ~X№DsmSvc█c6РSк%ц╛еi4НеФйАs\и.∙HФ~X№DsmSvc1>Рhк%ц╛еi4НеФйАs\и.∙)X№DsmSvcc6РSк%ц╛еi4НеФйАs\и.∙*X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙X№DsmSvcЄ№6РSк%ц╛еi4НеФйАs\и.∙X№DsmSvcк>Рhк%ц╛еi4НеФйАs\и.∙X№DsmSvcк6РSк%ц╛еi4НеФйАs\и.∙X№DsmSvcк>Рhк%ц╛еi4НеФйАs\и.∙№X№DsmSvcк6РSк%ц╛еi4НеФйАs\и.∙¤X№DsmSvcк>Рhк%ц╛еi4НеФйАs\и.∙╥X№DsmSvcO6РSк%ц╛еi4НеФйАs\и.∙╙X№DsmSvc█c>Рhк%ц╛еi4НеФйАs\и.∙┐X№DsmSvcеє6РSк%ц╛еi4НеФйАs\и.∙└X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙ььX№DsmSvcT6РSк%ц╛еi4НеФйАs\и.∙юьX№DsmSvcT>Рhк%ц╛еi4НеФйАs\и.∙юX№DsmSvcn6РSк%ц╛еi4НеФйАs\и.∙юX№DsmSvc\>Рhк%ц╛еi4НеФйАs\и.∙ яX№DsmSvcк6РSк%ц╛еi4НеФйАs\и.∙ яX№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙┌яX№DsmSvc 6РSк%ц╛еi4НеФйАs\и.∙█яX№DsmSvc:l>Рhк%ц╛еi4НеФйАs\и.∙╚ЁX№DsmSvcs6РSк%ц╛еi4НеФйАs\и.∙╔ЁX№DsmSvcc>Рhк%ц╛еi4НеФйАs\и.∙лёX№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙мёX№DsmSvc\>Рhк%ц╛еi4НеФйАs\и.∙ГЄX№DsmSvcd6РSк%ц╛еi4НеФйАs\и.∙ДЄX№DsmSvcm>Рhк%ц╛еi4НеФйАs\и.∙QєX№DsmSvce6РSк%ц╛еi4НеФйАs\и.∙RєX№DsmSvc:lbРrкЬёC╙ъpq└p╔bRжъ|чАА№ ShellHWDetectionрЁPЩ$Шk L>Рhк%ц╛еi4НеФйАs\и.∙xАД№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙zАД№DsmSvcwbРrкЬёC╙ъpq└p╔bRжъ| АД№ ShellHWDetectionрЁPЩ$Шa╬{%:l>Рhк%ц╛еi4НеФйАs\и.∙ЬАX№DsmSvcs6РSк%ц╛еi4НеФйАs\и.∙ЭАX№DsmSvcl>Рhк%ц╛еi4НеФйАs\и.∙ АX№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙ АX№DsmSvce>Рhк%ц╛еi4НеФйАs\и.∙d АX№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙f АX№DsmSvcT>Рhк%ц╛еi4НеФйАs\и.∙┤ АX№DsmSvc.6РSк%ц╛еi4НеФйАs\и.∙╢ АX№DsmSvcк>Рhк%ц╛еi4НеФйАs\и.∙АX№DsmSvcC6РSк%ц╛еi4НеФйАs\и.∙АX№DsmSvcebРrкЬёC╙ъpq└p╔bRжъ|EАx№ ShellHWDetectionрЁPЩ$ШtpA>Рhк%ц╛еi4НеФйАs\и.∙ИАX№DsmSvc\6РSк%ц╛еi4НеФйАs\и.∙КАX№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙ТАX№DsmSvcк6РSк%ц╛еi4НеФйАs\и.∙ФАX№DsmSvc█cbРrкЬёC╙ъpq└p╔bRжъ|╦Аx№ ShellHWDetectionрЁPЩ$ШLocbРrкЬёC╙ъpq└p╔bRжъ|йАx№ ShellHWDetectionрЁPЩ$ШC:<Р к┬╤Цw∙█cВIs■4bSocАX№hidserv№-k8РкeЗ╘е╩ЎMеЫ╙ЖZv╔XscАX№NА/Э$Ш8Рк▐Є▌╥еєg"┴ЇД╧ducАX№hidserv8Рк▐Є▌╥еєg"┴ЇД╧dvcАX№hidserv8РRк▐Є▌╥еєg"┴ЇД╧dМcАX№hidserv(Р#к▐Є▌╥еєg"┴ЇД╧d╢dАX№,Р1к▐Є▌╥еєg"┴ЇД╧d╕dАX№■4bS8Р2к▐Є▌╥еєg"┴ЇД╧d╗dАX№hidserv<Р3к▐Є▌╥еєg"┴ЇД╧d╝dАX№hidservtP8РUк┬╤Цw∙█cВIs■4bS eАX№hidservPРpкЬёC╙ъpq└p╔bRжъ|eАX№Phidserv№2$ШHРкR·ъ_6ПЭ:N)Д;OfАД№hidserv>/Р$к▐Є▌╥еєg"┴ЇД╧dзfАX№demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X▒fАX№@Р к┬╤Цw∙█cВIs■4bS▓fАX№hidservJРк┬╤Цw∙█cВIs■4bS▀fАX№hidservS-1-5-18·8РUк%ц╛еi4НеФйАs\и.∙юfАx№hidservHРк▐0(\ЭЄ№├  ЁаH▄ lАx№hidservHРк▐0(\ЭЄ№├  ЁаH▄ ╛mАx№hidservЕ8Рк▐0(\ЭЄ№├  ЁаH▄ ┬mАx№hidserv8Р к┬╤Цw∙█cВIs■4bS Емx№gpsvc8РкeЗ╘е╩ЎMеЫ╙ЖZv╔XЕмx№N@-Э$Ш(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔XЕмx№<Р к┬╤Цw∙█cВIs■4bSЕмx№gpsvc gк6РТк▄МРRк▐Є▌╥еєg"┴ЇД╧d╧▒╚X№DcomLaunchdNР)к▐Є▌╥еєg"┴ЇД╧d╨▒╚X№RpcEptMapperRpcSszРTк▐Є▌╥еєg"┴ЇД╧dр▒╚X№RpcEptMapperNT AUTHORITY\NetworkServiceelРTк▐Є▌╥еєg"┴ЇД╧dъ▒╚X№RpcSsNT AUTHORITY\NetworkService№6РRк▐Є▌╥еєg"┴ЇД╧dў▒╚X№KeyIso(Р#к▐Є▌╥еєg"┴ЇД╧d│╚X№,Р1к▐Є▌╥еєg"┴ЇД╧d│╚X№▌╥еє6Р2к▐Є▌╥еєg"┴ЇД╧d│╚X№KeyIsoк:Р3к▐Є▌╥еєg"┴ЇД╧d │╚X№KeyIso┴ЇД╧dNРpкЬёC╙ъpq└p╔bRжъ|U│╚X№PKeyIso№РЁ$ШFРкR·ъ_6ПЭ:N)Д;Oi┤╚Д№KeyIsoQ0I/Р$к▐Є▌╥еєg"┴ЇД╧dь┤╚X№demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔Xў┤╚X№>Р к┬╤Цw∙█cВIs■4bS°┤╚X№KeyIsoкHРк┬╤Цw∙█cВIs■4bS;╡╚X№KeyIsoS-1-5-186РUк%ц╛еi4НеФйАs\и.∙P╡╚x№KeyIsoaFРк▐0(\ЭЄ№├  ЁаH▄ b┴╚x№KeyIso:l6Рк▐0(\ЭЄ№├  ЁаH▄ i┴╚x№KeyIso\:РТк▄МРiк%ц╛еi4НеФйАs\и.∙S+~x№WPDBusEnum(>РSк%ц╛еi4НеФйАs\и.∙T+~x№WPDBusEnumЄ№8Р к┬╤Цw∙█cВIs■4bS╔чГx№gpsvc8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X╧чГx№N@!Э$Ш(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X╥чГx№<Р к┬╤Цw∙█cВIs■4bS╘чГx№gpsvc \ЭЄ№DР к┬╤Цw∙█cВIs■4bS#°ЩX№AeLookupSvc№8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X'°ЩX№N@!Э$Ш@Рк▐Є▌╥еєg"┴ЇД╧d)°ЩX№AeLookupSvc@Рк▐Є▌╥еєg"┴ЇД╧d*°ЩX№AeLookupSvc@РRк▐Є▌╥еєg"┴ЇД╧dK°ЩX№AeLookupSvc(Р#к▐Є▌╥еєg"┴ЇД╧dЦ∙ЩX№,Р1к▐Є▌╥еєg"┴ЇД╧dШ∙ЩX№aS@Р2к▐Є▌╥еєg"┴ЇД╧dЩ∙ЩX№AeLookupSvcDР3к▐Є▌╥еєg"┴ЇД╧dЪ∙ЩX№AeLookupSvcaS@РUк┬╤Цw∙█cВIs■4bSы∙ЩX№AeLookupSvcXРpкЬёC╙ъpq└p╔bRжъ|¤∙ЩX№PAeLookupSvc№ЁPЩ$ШPРкR·ъ_6ПЭ:N)Д;O√ЩД№AeLookupSvcbр/Р$к▐Є▌╥еєg"┴ЇД╧dз√ЩX№demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X░√ЩX№HР к┬╤Цw∙█cВIs■4bS▒√ЩX№AeLookupSvcRРк┬╤Цw∙█cВIs■4bS▄√ЩX№AeLookupSvcS-1-5-18№@РUк%ц╛еi4НеФйАs\и.∙Є√Щx№AeLookupSvcPРк▐0(\ЭЄ№├  ЁаH▄ фЪx№AeLookupSvcPРк▐0(\ЭЄ№├  ЁаH▄ ▒Ъx№AeLookupSvcPРк▐0(\ЭЄ№├  ЁаH▄ ЇЪx№AeLookupSvcPРк▐0(\ЭЄ№├  ЁаH▄ Ъx№AeLookupSvcPРк▐0(\ЭЄ№├  ЁаH▄ RЪx№AeLookupSvcPРк▐0(\ЭЄ№├  ЁаH▄ нЪx№AeLookupSvcPРк▐0(\ЭЄ№├  ЁаH▄ еHЪx№AeLookupSvc@Рк▐0(\ЭЄ№├  ЁаH▄ йHЪx№AeLookupSvcbРrкЬёC╙ъpq└p╔bRжъ|╓╘вx№ ShellHWDetectionрЁPЩ$ШbРrкЬёC╙ъpq└p╔bRжъ|%╓вx№ ShellHWDetectionрЁPЩ$ШRpc(Р>к;СY╦╝и╪Е╪╬3АР;[┌№(РIк;СY╦╝и╪Е╪╬3АР║[┌№(РNк;СY╦╝и╪Е╪╬3АРcц█№(Р`к▄МР∙к▄МР∙к▄МР∙к▄Мк}da╬{%:lт%М╚╨┘/я╕X№TrustedInstallerC:\Windows\servicing\TrustedInstaller.exe0РIк}da╬{%:lт%М╚╨┘/я╕X№,Р`к}da╬{%:lт%М╚╨┘/3ё╕X№ciJР,к┬╤Цw∙█cВIs■4bSь√╕X№TrustedInstallerevi8РcкЬёC╙ъpq└p╔bRжъ|Ї√╕X№@3$Шx<РYкЬёC╙ъpq└p╔bRжъ| ╣x№ @3$Ш,РgкЬёC╙ъpq└p╔bRжъ|╣X№ vibРsкЬёC╙ъpq└p╔bRжъ|h╣X№QTrustedInstallerМ@3$ШРRк▐Є▌╥еєg"┴ЇД╧dymX№DcomLaunchNР)к▐Є▌╥еєg"┴ЇД╧d|mX№RpcEptMapperRpcSszРTк▐Є▌╥еєg"┴ЇД╧dЩmX№RpcEptMapperNT AUTHORITY\NetworkServicerfalРTк▐Є▌╥еєg"┴ЇД╧d░mX№RpcSsNT AUTHORITY\NetworkService"q└В0РRк▐Є▌╥еєg"┴ЇД╧d├mX№vds(Р#к▐Є▌╥еєg"┴ЇД╧dуmX№,Р1к▐Є▌╥еєg"┴ЇД╧dцmX№к0Р2к▐Є▌╥еєg"┴ЇД╧dЄmX№vds4Р3к▐Є▌╥еєg"┴ЇД╧dЇmX№vdshР>к}da╬{%:lт%М╚╨┘/3mX№vdsC:\Windows\System32\vds.exe0РIк}da╬{%:lт%М╚╨┘/8mX№,Р`к}da╬{%:lт%М╚╨┘/╙mX№0Р,к┬╤Цw∙█cВIs■4bSM╔mX№vds8РcкЬёC╙ъpq└p╔bRжъ|Z╔mX№А4$ШЇ<РYкЬёC╙ъpq└p╔bRжъ|═oД№,А4$Шme,РgкЬёC╙ъpq└p╔bRжъ|▄oX№,HРsкЬёC╙ъpq└p╔bRжъ|й oX№QvdsМА4$Ш@РкR·ъ_6ПЭ:N)Д;O╜ oД№vdsg,/Р$к▐Є▌╥еєg"┴ЇД╧daoX№demandВ(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X{oX№8Р к┬╤Цw∙█cВIs■4bS~oX№vdsBРк┬╤Цw∙█cВIs■4bS▀oX№vdsS-1-5-18ilt@Рк▐0(\ЭЄ№├  ЁаH▄ ╝wsX№vds@Рк▐0(\ЭЄ№├  ЁаH▄ IлsX№vds0Рк▐0(\ЭЄ№├  ЁаH▄ PлsX№vdsbРrкЬёC╙ъpq└p╔bRжъ|т,IX№ ShellHWDetectionрЁPЩ$ШР∙кbРrкЬёC╙ъpq└p╔bRжъ|h┐IX№ ShellHWDetectionрЁPЩ$Ш№bРrкЬёC╙ъpq└p╔bRжъ|f█IX№ ShellHWDetectionрЁPЩ$ШРкbРrкЬёC╙ъpq└p╔bRжъ|буIX№ ShellHWDetectionрЁPЩ$ШudfbРrкЬёC╙ъpq└p╔bRжъ|ЕэIД№ ShellHWDetectionрЁPЩ$Ш┴ЇД╧dbРrкЬёC╙ъpq└p╔bRжъ|ЇIД№ ShellHWDetectionрЁPЩ$ШFEbРrкЬёC╙ъpq└p╔bRжъ|!KД№ ShellHWDetectionрЁPЩ$Ш№bРrкЬёC╙ъpq└p╔bRжъ|а(KД№ ShellHWDetectionрЁPЩ$ШO¤╦╘[bРrкЬёC╙ъpq└p╔bRжъ|шJKД№ ShellHWDetectionрЁPЩ$Ш№bРrкЬёC╙ъpq└p╔bRжъ|ЙTKД№ ShellHWDetectionрЁPЩ$Шper@Рк▐0(\ЭЄ№├  ЁаH▄ YKД№vdsbРrкЬёC╙ъpq└p╔bRжъ|PdKД№ ShellHWDetectionрЁPЩ$ШvicbРrкЬёC╙ъpq└p╔bRжъ|DnKД№ ShellHWDetectionрЁPЩ$ШvicbРrкЬёC╙ъpq└p╔bRжъ|stKД№ ShellHWDetectionрЁPЩ$ШР'кbРrкЬёC╙ъpq└p╔bRжъ|PvKД№ ShellHWDetectionрЁPЩ$ШЄ▌╥еє>Рhк%ц╛еi4НеФйАs\и.∙!@LД№DsmSvcd6РSк%ц╛еi4НеФйАs\и.∙%@LД№DsmSvcf>Рhк%ц╛еi4НеФйАs\и.∙ўALД№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙∙ALД№DsmSvcd>Рhк%ц╛еi4НеФйАs\и.∙DLД№DsmSvca6РSк%ц╛еi4НеФйАs\и.∙ DLД№DsmSvcbРrкЬёC╙ъpq└p╔bRжъ|щ┤VД№ ShellHWDetectionрЁPЩ$ШrasbРrкЬёC╙ъpq└p╔bRжъ|╥║XД№ ShellHWDetectionрЁPЩ$ШЄ▌╥еєbРrкЬёC╙ъpq└p╔bRжъ|i└]Д№ ShellHWDetectionрЁPЩ$ШpcSbРrкЬёC╙ъpq└p╔bRжъ|-├]X№ ShellHWDetectionрЁPЩ$Шwor@Рк▐0(\ЭЄ№├  ЁаH▄ ═╦]X№vdsbРrкЬёC╙ъpq└p╔bRжъ|ЩДkX№ ShellHWDetectionрЁPЩ$Ш┴ЇД╧d:РТк▄МРhк%ц╛еi4НеФйАs\и.∙¤А╦X№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙Б╦X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙сГ╦X№DsmSvcd6РSк%ц╛еi4НеФйАs\и.∙фГ╦X№DsmSvcd>Рhк%ц╛еi4НеФйАs\и.∙:Ж╦X№DsmSvce6РSк%ц╛еi4НеФйАs\и.∙=Ж╦X№DsmSvcd>Рhк%ц╛еi4НеФйАs\и.∙█И╦X№DsmSvcd6РSк%ц╛еi4НеФйАs\и.∙▐И╦X№DsmSvcTbРrкЬёC╙ъpq└p╔bRжъ|vЙ╦x№ ShellHWDetectionрЁPЩ$ШР'к>Рhк%ц╛еi4НеФйАs\и.∙М╦X№DsmSvce6РSк%ц╛еi4НеФйАs\и.∙М╦X№DsmSvcS>Рhк%ц╛еi4НеФйАs\и.∙ О╦X№DsmSvcs6РSк%ц╛еi4НеФйАs\и.∙'О╦X№DsmSvcc>Рhк%ц╛еi4НеФйАs\и.∙aР╦X№DsmSvch6РSк%ц╛еi4НеФйАs\и.∙cР╦X№DsmSvct>Рhк%ц╛еi4НеФйАs\и.∙XТ╦X№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙YТ╦X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙KФ╦X№DsmSvcк6РSк%ц╛еi4НеФйАs\и.∙MФ╦X№DsmSvcp>Рhк%ц╛еi4НеФйАs\и.∙╒(═X№DsmSvc6РSк%ц╛еi4НеФйАs\и.∙╫(═X№DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙з*═X№DsmSvch6РSк%ц╛еi4НеФйАs\и.∙й*═X№DsmSvcA(Ркэ╩▀┌SлV"F8r┴F$√x╙X№6Ркэ╩▀┌SлV"F8r┴F$¤x╙X№BITSp4Ркэ╩▀┌SлV"F8r┴F$ x╙X№DPS(к8Ркэ╩▀┌SлV"F8r┴F$y╙X№MSDTC:Ркэ╩▀┌SлV"F8r┴F$y╙X№sppsvcoxy:Ркэ╩▀┌SлV"F8r┴F$y╙X№UALSVC I,Ркэ╩▀┌SлV"F8r┴F$y╙X№i8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X y╙X№NЁ u%Ш2Рк▐Є▌╥еєg"┴ЇД╧dy╙X№BITS2Рк▐Є▌╥еєg"┴ЇД╧dy╙X№BITSЄ▌╥еєJР)к▐Є▌╥еєg"┴ЇД╧d5y╙X№EventSystemBITS№LР)к▐Є▌╥еєg"┴ЇД╧d7y╙X№RpcSsEventSystem№                                        АиА═└" и ░М√р  8Шр  JР)к▐Є▌╥еєg"┴ЇД╧dCy╙X№DcomLaunchRpcSs┴ЇД╧d>РRк▐Є▌╥еєg"┴ЇД╧doy╙X№DcomLaunchNР)к▐Є▌╥еєg"┴ЇД╧dpy╙X№RpcEptMapperRpcSszРTк▐Є▌╥еєg"┴ЇД╧dЙy╙X№RpcEptMapperNT AUTHORITY\NetworkService№lРTк▐Є▌╥еєg"┴ЇД╧dЬy╙X№RpcSsNT AUTHORITY\NetworkServicetРTк▐Є▌╥еєg"┴ЇД╧d╝y╙X№EventSystemNT AUTHORITY\LocalServiceql>Р'к▐Є▌╥еєg"┴ЇД╧d╛y╙X№RpcSsBITS8Р(к▐Є▌╥еєg"┴ЇД╧d└y╙X№RpcSs2РRк▐Є▌╥еєg"┴ЇД╧d╙y╙X№BITS(Р#к▐Є▌╥еєg"┴ЇД╧d▐{╙X№,Р1к▐Є▌╥еєg"┴ЇД╧dс{╙X№2Р2к▐Є▌╥еєg"┴ЇД╧dф{╙X№BITS╦╘[6Р3к▐Є▌╥еєg"┴ЇД╧dх{╙X№BITSe2РUк┬╤Цw∙█cВIs■4bSJ|╙X№BITS№JРsкЬёC╙ъpq└p╔bRжъ|g|╙X№PBITSЁPЩ$Ш№BРкR·ъ_6ПЭ:N)Д;O╖}╙Д№BITS}р┴ЇД╧d/Р$к▐Є▌╥еєg"┴ЇД╧dе~╙X№demandє(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X┤~╙X№6Ркэ╩▀┌SлV"F8r┴F$╖~╙X№BITSеєBРк▐0(\ЭЄ№├  ЁаH▄ +╡╫Д№BITSБЄ▌╥еє2Рк▐0(\ЭЄ№├  ЁаH▄ 3╡╫Д№BITSаб"q└В6РТк▄МРRк▐Є▌╥еєg"┴ЇД╧d.▀X№DcomLaunchDNР)к▐Є▌╥еєg"┴ЇД╧d.▀X№RpcEptMapperRpcSsеєzРTк▐Є▌╥еєg"┴ЇД╧d3.▀X№RpcEptMapperNT AUTHORITY\NetworkServiceЄ▌╥еєlРTк▐Є▌╥еєg"┴ЇД╧dD.▀X№RpcSsNT AUTHORITY\NetworkService▌╥еє4РRк▐Є▌╥еєg"┴ЇД╧d`.▀X№SamSs'к@Р'к▐Є▌╥еєg"┴ЇД╧db.▀X№RpcSsMSDTC8Р(к▐Є▌╥еєg"┴ЇД╧dc.▀X№RpcSslРTк▐Є▌╥еєg"┴ЇД╧du.▀X№MSDTCNT AUTHORITY\NetworkServiceen(Р#к▐Є▌╥еєg"┴ЇД╧dИ0▀X№,Р1к▐Є▌╥еєg"┴ЇД╧dЛ0▀X№йC4Р2к▐Є▌╥еєg"┴ЇД╧dС0▀X№MSDTCla8Р3к▐Є▌╥еєg"┴ЇД╧dТ0▀X№MSDTCpР>к}da╬{%:lт%М╚╨┘/═0▀X№MSDTCC:\Windows\System32\msdtc.exe0РIк}da╬{%:lт%М╚╨┘/╙0▀X№,Р`к}da╬{%:lт%М╚╨┘/Я3▀X№"q└ВtРGк┬╤Цw∙█cВIs■4bSь3▀X№C:\Windows\System32\msdtc.exeMSDTCttРMк┬╤Цw∙█cВIs■4bS·3▀X№MSDTCC:\Windows\System32\msdtc.exeAUtРMк┬╤Цw∙█cВIs■4bS■3▀X№MSDTCC:\Windows\System32\msdtc.exeД╧dtРMк┬╤Цw∙█cВIs■4bS4▀X№MSDTCC:\Windows\System32\msdtc.exe,Р\к┬╤Цw∙█cВIs■4bS4▀X№Д╧dtРMк┬╤Цw∙█cВIs■4bS4▀X№MSDTCC:\Windows\System32\msdtc.exe▌╥еєXР^к┬╤Цw∙█cВIs■4bS 4▀X№SeCreateGlobalPrivilegetРMк┬╤Цw∙█cВIs■4bS4▀X№!MSDTCC:\Windows\System32\msdtc.exe№tРOк┬╤Цw∙█cВIs■4bS4▀X№MSDTCC:\Windows\System32\msdtc.exe▌╥еє4Р,к┬╤Цw∙█cВIs■4bSNH▀X№MSDTCN8РcкЬёC╙ъpq└p╔bRжъ|XH▀X№р.$Ш,<РYкЬёC╙ъpq└p╔bRжъ|Р╢тД№рр.$Шer,РgкЬёC╙ъpq└p╔bRжъ|Э╢тX№р№LРsкЬёC╙ъpq└p╔bRжъ|ё╢тX№QMSDTCр.$Ш!кDРкR·ъ_6ПЭ:N)Д;OЎ║тД№MSDTCАрД╧d/Р$к▐Є▌╥еєg"┴ЇД╧dг╗тX№demandDРк▐0(\ЭЄ№├  ЁаH▄ │╗тД№MSDTCS(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X╣╗тX№8Ркэ╩▀┌SлV"F8r┴F$╝╗тX№MSDTCDРк▐0(\ЭЄ№├  ЁаH▄ 1rцД№MSDTC4Рк▐0(\ЭЄ№├  ЁаH▄ 7rцД№MSDTCMa8Ркэ╩▀┌SлV"F8r┴F$,цX№MSDTC8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X3цX№NРu%Ш6Рк▐Є▌╥еєg"┴ЇД╧d7цX№sppsvct6Рк▐Є▌╥еєg"┴ЇД╧d9цX№sppsvcdBР)к▐Є▌╥еєg"┴ЇД╧d<цX№RpcSssppsvc┴ЇД╧dJР)к▐Є▌╥еєg"┴ЇД╧d>цX№DcomLaunchRpcSsche>РRк▐Є▌╥еєg"┴ЇД╧dlцX№DcomLaunchdNР)к▐Є▌╥еєg"┴ЇД╧doцX№RpcEptMapperRpcSsеєzРTк▐Є▌╥еєg"┴ЇД╧dИцX№RpcEptMapperNT AUTHORITY\NetworkServiceemlРTк▐Є▌╥еєg"┴ЇД╧dЪцX№RpcSsNT AUTHORITY\NetworkServiceelnРTк▐Є▌╥еєg"┴ЇД╧dоцX№sppsvcNT AUTHORITY\NetworkServicei(Р#к▐Є▌╥еєg"┴ЇД╧d╒БцX№,Р1к▐Є▌╥еєg"┴ЇД╧d╪БцX№Д╧d6Р2к▐Є▌╥еєg"┴ЇД╧dтБцX№sppsvcS:Р3к▐Є▌╥еєg"┴ЇД╧dфБцX№sppsvcР)кtР>к}da╬{%:lт%М╚╨┘/(ВцX№sppsvcC:\Windows\system32\sppsvc.exeSp0РIк}da╬{%:lт%М╚╨┘/.ВцX№,Р`к}da╬{%:lт%М╚╨┘/╓ЕцX№Д╧dxРGк┬╤Цw∙█cВIs■4bS<ЖцX№C:\Windows\system32\sppsvc.exesppsvcxРMк┬╤Цw∙█cВIs■4bSQЖцX№sppsvcC:\Windows\system32\sppsvc.exexРMк┬╤Цw∙█cВIs■4bSXЖцX№sppsvcC:\Windows\system32\sppsvc.exeJР^к┬╤Цw∙█cВIs■4bS[ЖцX№SeAuditPrivilege┴ЇД╧d,Р\к┬╤Цw∙█cВIs■4bS]ЖцX№▌╥еєVР^к┬╤Цw∙█cВIs■4bScЖцX№SeImpersonatePrivilegemXР^к┬╤Цw∙█cВIs■4bSiЖцX№SeCreateGlobalPrivilegexРMк┬╤Цw∙█cВIs■4bSoЖцX№!sppsvcC:\Windows\system32\sppsvc.exexРOк┬╤Цw∙█cВIs■4bSvЖцX№sppsvcC:\Windows\system32\sppsvc.exe6Р,к┬╤Цw∙█cВIs■4bSЭцX№sppsvcк8РcкЬёC╙ъpq└p╔bRжъ|"ЭцX№7$Ш(<РYкЬёC╙ъpq└p╔bRжъ|╘=чД№D7$Шor,РgкЬёC╙ъpq└p╔bRжъ|┌=чX№D!кNРsкЬёC╙ъpq└p╔bRжъ|&>чX№Qsppsvc7$ШFРкR·ъ_6ПЭ:N)Д;O╤AчД№sppsvcБDP/Р$к▐Є▌╥еєg"┴ЇД╧daBчX№demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔XuBчX№:Ркэ╩▀┌SлV"F8r┴F$wBчX№sppsvcЄ▌╥еєFРк▐0(\ЭЄ№├  ЁаH▄ ║BчД№sppsvcFРк▐0(\ЭЄ№├  ЁаH▄ VчД№sppsvcc6Рк▐0(\ЭЄ№├  ЁаH▄ VчД№sppsvci:РТк▄МРRк▐Є▌╥еєg"┴ЇД╧d-`ыX№DcomLaunch NР)к▐Є▌╥еєg"┴ЇД╧d/`ыX№RpcEptMapperRpcSsszРTк▐Є▌╥еєg"┴ЇД╧dM`ыX№RpcEptMapperNT AUTHORITY\NetworkService lРTк▐Є▌╥еєg"┴ЇД╧de`ыX№RpcSsNT AUTHORITY\NetworkService8РRк▐Є▌╥еєg"┴ЇД╧dЗ`ыX№Winmgmt6РRк▐Є▌╥еєg"┴ЇД╧dа`ыX№UALSVCt(Р#к▐Є▌╥еєg"┴ЇД╧dьbыX№,Р1к▐Є▌╥еєg"┴ЇД╧dЁbыX№nm6Р2к▐Є▌╥еєg"┴ЇД╧d√bыX№UALSVC2:Р3к▐Є▌╥еєg"┴ЇД╧d№bыX№UALSVCРGкNРsкЬёC╙ъpq└p╔bRжъ|пcыX№PUALSVC2$Ш3FРкR·ъ_6ПЭ:N)Д;OTeыД№UALSVCВ:l/Р$к▐Є▌╥еєg"┴ЇД╧d╔fыX№demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔XхfыX№:Ркэ╩▀┌SлV"F8r┴F$чfыX№UALSVCa╬{%:lFРк▐0(\ЭЄ№├  ЁаH▄ щэяД№UALSVCm:РТк▄МРhк%ц╛еi4НеФйАs\и.∙▄=┌X№DsmSvct6РSк%ц╛еi4НеФйАs\и.∙▀=┌X№DsmSvcbРrкЬёC╙ъpq└p╔bRжъ|#╡█X№ ShellHWDetectionрЁPЩ$Шm32bРrкЬёC╙ъpq└p╔bRжъ|·▄X№ ShellHWDetectionрЁPЩ$ШCPobРrкЬёC╙ъpq└p╔bRжъ|ЄC▄X№ ShellHWDetectionрЁPЩ$Шs>Рiк%ц╛еi4НеФйАs\и.∙k+▀X№WPDBusEnum\>РSк%ц╛еi4НеФйАs\и.∙m+▀X№WPDBusEnum :РТк▄МРRк▐Є▌╥еєg"┴ЇД╧de|D №DcomLaunchNР)к▐Є▌╥еєg"┴ЇД╧de|D №RpcEptMapperRpcSsеєzРTк▐Є▌╥еєg"┴ЇД╧d!e|D №RpcEptMapperNT AUTHORITY\NetworkService╔bRжъ|lРTк▐Є▌╥еєg"┴ЇД╧d6e|D №RpcSsNT AUTHORITY\NetworkServicecnРTк▐Є▌╥еєg"┴ЇД╧dLe|D №sppsvcNT AUTHORITY\NetworkService(Р#к▐Є▌╥еєg"┴ЇД╧dОg|D №,Р1к▐Є▌╥еєg"┴ЇД╧dУg|D №Uк6Р2к▐Є▌╥еєg"┴ЇД╧dЭg|D №sppsvcк:Р3к▐Є▌╥еєg"┴ЇД╧dЯg|D №sppsvcШtР>к}da╬{%:lт%М╚╨┘/фg|D №sppsvcC:\Windows\system32\sppsvc.exe№0РIк}da╬{%:lт%М╚╨┘/ыg|D №,Р`к}da╬{%:lт%М╚╨┘/ k|D №аH▄ xРGк┬╤Цw∙█cВIs■4bS`k|D №C:\Windows\system32\sppsvc.exesppsvcxРMк┬╤Цw∙█cВIs■4bSvk|D №sppsvcC:\Windows\system32\sppsvc.exexРMк┬╤Цw∙█cВIs■4bS}k|D №sppsvcC:\Windows\system32\sppsvc.exeJР^к┬╤Цw∙█cВIs■4bSАk|D №SeAuditPrivilege ,Р\к┬╤Цw∙█cВIs■4bSВk|D №∙█cVР^к┬╤Цw∙█cВIs■4bSЙk|D №SeImpersonatePrivilegeXР^к┬╤Цw∙█cВIs■4bSОk|D №SeCreateGlobalPrivilegexРMк┬╤Цw∙█cВIs■4bSХk|D №!sppsvcC:\Windows\system32\sppsvc.exexРOк┬╤Цw∙█cВIs■4bSЬk|D №sppsvcC:\Windows\system32\sppsvc.exe6Р,к┬╤Цw∙█cВIs■4bS╚В|D №sppsvc8РcкЬёC╙ъpq└p╔bRжъ|╘В|D №а7$Ш№<РYкЬёC╙ъpq└p╔bRжъ|'}Д№╠а7$Ш№,РgкЬёC╙ъpq└p╔bRжъ|'}D №╠NРpкЬёC╙ъpq└p╔bRжъ|Х'}D №Qsppsvc° а7$ШFРкR·ъ_6ПЭ:N)Д;O+}Д№sppsvcК╠/Р$к▐Є▌╥еєg"┴ЇД╧dи+}D №demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X╝+}D №>Р к┬╤Цw∙█cВIs■4bS┐+}D №sppsvcъ|FРк▐0(\ЭЄ№├  ЁаH▄ ╥+}Д№sppsvcкТРк┬╤Цw∙█cВIs■4bS,}D №sppsvcS-1-5-21-1242754773-2862960173-4029343502-500┴ЇД╧dFРк▐0(\ЭЄ№├  ЁаH▄ ╝?}D №sppsvcк6Рк▐0(\ЭЄ№├  ЁаH▄ ┴?}D №sppsvcNРsкЬёC╙ъpq└p╔bRжъ|R■жD №sppsvc№ а7$ШеєFРк▐0(\ЭЄ№├  ЁаH▄  жД№sppsvceHР кЬёC╙ъpq└p╔bRжъ|ъзD №sppsvcNULLNРsкЬёC╙ъpq└p╔bRжъ| зD №sppsvc№ а7$ШsFРк▐0(\ЭЄ№├  ЁаH▄ zзX№sppsvcnЪРБкЬёC╙ъpq└p╔bRжъ|gзD №sppsvcS-1-5-21-1242754773-2862960173-4029343502-500№ №FРк▐0(\ЭЄ№├  ЁаH▄ ииD №sppsvcк(Р2к┤xиц▌aаРП;O¤╦╘[уии( №0Р]кЬёC╙ъpq└p╔bRжъ|6киD №а7$Ш4РwкЬёC╙ъpq└p╔bRжъ|Н┼и( №╠р(Р3к┤xиц▌aаРП;O¤╦╘[У┼и( №(Р8к┤xиц▌aаРП;O¤╦╘[Ц┼и( №:Р к┬╤Цw∙█cВIs■4bSB╬∙D №sppsvcР  ЁаH▄ 8РкeЗ╘е╩ЎMеЫ╙ЖZv╔XK╬∙D №N╨u%Ш6Рк▐Є▌╥еєg"┴ЇД╧dO╬∙D №sppsvcк6Рк▐Є▌╥еєg"┴ЇД╧dQ╬∙D №sppsvcеєBР)к▐Є▌╥еєg"┴ЇД╧dT╬∙D №RpcSssppsvc JР)к▐Є▌╥еєg"┴ЇД╧dW╬∙D №DcomLaunchRpcSsР3к>РRк▐Є▌╥еєg"┴ЇД╧dГ╬∙D №DcomLaunchкNР)к▐Є▌╥еєg"┴ЇД╧dЖ╬∙D №RpcEptMapperRpcSszРTк▐Є▌╥еєg"┴ЇД╧dЯ╬∙D №RpcEptMapperNT AUTHORITY\NetworkServicespnlРTк▐Є▌╥еєg"┴ЇД╧d▓╬∙D №RpcSsNT AUTHORITY\NetworkService№nРTк▐Є▌╥еєg"┴ЇД╧d╞╬∙D №sppsvcNT AUTHORITY\NetworkService(Р#к▐Є▌╥еєg"┴ЇД╧d·╨∙D №,Р1к▐Є▌╥еєg"┴ЇД╧d■╨∙D №№6Р2к▐Є▌╥еєg"┴ЇД╧d╤∙D №sppsvc:Р3к▐Є▌╥еєg"┴ЇД╧d ╤∙D №sppsvc tР>к}da╬{%:lт%М╚╨┘/X╤∙D №sppsvcC:\Windows\system32\sppsvc.exeLL0РIк}da╬{%:lт%М╚╨┘/^╤∙D №,Р`к}da╬{%:lт%М╚╨┘/╒╘∙D №▌╥еєxРGк┬╤Цw∙█cВIs■4bS2╒∙D №C:\Windows\system32\sppsvc.exesppsvcxРMк┬╤Цw∙█cВIs■4bSH╒∙D №sppsvcC:\Windows\system32\sppsvc.exexРMк┬╤Цw∙█cВIs■4bSP╒∙D №sppsvcC:\Windows\system32\sppsvc.exeJР^к┬╤Цw∙█cВIs■4bST╒∙D №SeAuditPrivilegeРUк,Р\к┬╤Цw∙█cВIs■4bSU╒∙D №VР^к┬╤Цw∙█cВIs■4bS\╒∙D №SeImpersonatePrivilegeкXР^к┬╤Цw∙█cВIs■4bSa╒∙D №SeCreateGlobalPrivilegexРMк┬╤Цw∙█cВIs■4bSh╒∙D №!sppsvcC:\Windows\system32\sppsvc.exexРOк┬╤Цw∙█cВIs■4bSo╒∙D №sppsvcC:\Windows\system32\sppsvc.exe6Р,к┬╤Цw∙█cВIs■4bS■ь∙D №sppsvcs8РcкЬёC╙ъpq└p╔bRжъ| э∙D №7$Шд<РYкЬёC╙ъpq└p╔bRжъ|Х·X№ 7$Ш№,РgкЬёC╙ъpq└p╔bRжъ|(Х·D № №NРpкЬёC╙ъpq└p╔bRжъ|пХ·D №QsppsvcР 7$ШoFРкR·ъ_6ПЭ:N)Д;ObЩ·X№sppsvcО Є№/Р$к▐Є▌╥еєg"┴ЇД╧dЪ·D №demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X+Ъ·D №>Р к┬╤Цw∙█cВIs■4bS.Ъ·D №sppsvc▄ FРк▐0(\ЭЄ№├  ЁаH▄ 4Ъ·X№sppsvcТРк┬╤Цw∙█cВIs■4bStЪ·D №sppsvcS-1-5-21-1242754773-2862960173-4029343502-500FРк▐0(\ЭЄ№├  ЁаH▄ до·D №sppsvc▄ 6Рк▐0(\ЭЄ№├  ЁаH▄ ло·D №sppsvcйCNРsкЬёC╙ъpq└p╔bRжъ|8iND №sppsvc<7$ШаРFРк▐0(\ЭЄ№├  ЁаH▄ jNX№sppsvcHР кЬёC╙ъpq└p╔bRжъ|fnNД№sppsvcNULLNРsкЬёC╙ъpq└p╔bRжъ|ЖnNД№sppsvc<7$ШFРк▐0(\ЭЄ№├  ЁаH▄ №nND №sppsvceЪРБкЬёC╙ъpq└p╔bRжъ|рoNД№sppsvcS-1-5-21-1242754773-2862960173-4029343502-500<FРк▐0(\ЭЄ№├  ЁаH▄ ф┘NД№sppsvcD(Р2к┤xиц▌aаРП;O¤╦╘[╘┌Nl№0Р]кЬёC╙ъpq└p╔bRжъ|'▄NД№7$Ш4РwкЬёC╙ъpq└p╔bRжъ|B■Nl№ he(Р3к┤xиц▌aаРП;O¤╦╘[H■Nl№(Р8к┤xиц▌aаРП;O¤╦╘[K■Nl№@Р к┬╤Цw∙█cВIs■4bSRКД№msiserverМ8РкeЗ╘е╩ЎMеЫ╙ЖZv╔XRКД№Npu%Ш<Рк▐Є▌╥еєg"┴ЇД╧dRКД№msiserverЩ$Ш<Рк▐Є▌╥еєg"┴ЇД╧dRКД№msiserverelHР)к▐Є▌╥еєg"┴ЇД╧dRКД№RpcSsmsiserverJР)к▐Є▌╥еєg"┴ЇД╧dRКД№DcomLaunchRpcSstec>РRк▐Є▌╥еєg"┴ЇД╧dCRКД№DcomLaunchNР)к▐Є▌╥еєg"┴ЇД╧dERКД№RpcEptMapperRpcSsЄ№zРTк▐Є▌╥еєg"┴ЇД╧d\RКД№RpcEptMapperNT AUTHORITY\NetworkServiceЄ▌╥еєlРTк▐Є▌╥еєg"┴ЇД╧doRКД№RpcSsNT AUTHORITY\NetworkService2к<РRк▐Є▌╥еєg"┴ЇД╧dМRКД№msiserver3к(Р#к▐Є▌╥еєg"┴ЇД╧dЯTКД№,Р1к▐Є▌╥еєg"┴ЇД╧dвTКД№<Р2к▐Є▌╥еєg"┴ЇД╧dйTКД№msiserver@Р3к▐Є▌╥еєg"┴ЇД╧dкTКД№msiserverВР>к}da╬{%:lт%М╚╨┘/шTКД№msiserverC:\Windows\system32\msiexec.exe /V ЁаH▄ 0РIк}da╬{%:lт%М╚╨┘/яTКД№,Р`к}da╬{%:lт%М╚╨┘/▒XКД№№ЖРGк┬╤Цw∙█cВIs■4bSяXКД№C:\Windows\system32\msiexec.exe /VmsiserverdР^к┬╤Цw∙█cВIs■4bSYКД№SeAssignPrimaryTokenPrivilegeД╧dTР^к┬╤Цw∙█cВIs■4bSYКД№SeLockMemoryPrivilegeheZР^к┬╤Цw∙█cВIs■4bS-YКД№SeIncreaseQuotaPrivilegeFР^к┬╤Цw∙█cВIs■4bS.YКД№SeTcbPrivilegePР^к┬╤Цw∙█cВIs■4bS5YКД№SeSecurityPrivilegeZР^к┬╤Цw∙█cВIs■4bSDYКД№SeTakeOwnershipPrivilegeРкTР^к┬╤Цw∙█cВIs■4bSSYКД№SeLoadDriverPrivilege∙█cЖРMк┬╤Цw∙█cВIs■4bSfYКД№ msiserverC:\Windows\system32\msiexec.exe /VЖРMк┬╤Цw∙█cВIs■4bSxYКД№ msiserverC:\Windows\system32\msiexec.exe /VЄ№hР^к┬╤Цw∙█cВIs■4bSАYКД№SeProfileSingleProcessPrivilegehР^к┬╤Цw∙█cВIs■4bSДYКД№SeIncreaseBasePriorityPrivilege\Р^к┬╤Цw∙█cВIs■4bSЖYКД№SeCreatePagefilePrivilegetw^Р^к┬╤Цw∙█cВIs■4bSЛYКД№SeCreatePermanentPrivilegedLР^к┬╤Цw∙█cВIs■4bSЫYКД№SeBackupPrivilegeeNР^к┬╤Цw∙█cВIs■4bSзYКД№SeRestorePrivilegeePР^к┬╤Цw∙█cВIs■4bS┤YКД№SeShutdownPrivilegeЖРMк┬╤Цw∙█cВIs■4bS╞YКД№msiserverC:\Windows\system32\msiexec.exe /VlJР^к┬╤Цw∙█cВIs■4bS╦YКД№SeAuditPrivilege№ЖРMк┬╤Цw∙█cВIs■4bS▌YКД№msiserverC:\Windows\system32\msiexec.exe /Vs,Р\к┬╤Цw∙█cВIs■4bS▐YКД№aЖРMк┬╤Цw∙█cВIs■4bSЁYКД№msiserverC:\Windows\system32\msiexec.exe /V:lЖРMк┬╤Цw∙█cВIs■4bSZКД№msiserverC:\Windows\system32\msiexec.exe /VкVР^к┬╤Цw∙█cВIs■4bS ZКД№SeImpersonatePrivilegesXР^к┬╤Цw∙█cВIs■4bSZКД№SeCreateGlobalPrivilegeЖРMк┬╤Цw∙█cВIs■4bS'ZКД№!msiserverC:\Windows\system32\msiexec.exe /VnЖРMк┬╤Цw∙█cВIs■4bS9ZКД№"msiserverC:\Windows\system32\msiexec.exe /V3dР^к┬╤Цw∙█cВIs■4bSKZКД№SeCreateSymbolicLinkPrivilege■4bSЖРOк┬╤Цw∙█cВIs■4bSTZКД№msiserverC:\Windows\system32\msiexec.exe /V<Р,к┬╤Цw∙█cВIs■4bSЛwЮД№msiserver^к8РcкЬёC╙ъpq└p╔bRжъ|УwЮД№а7$Ш <РYкЬёC╙ъpq└p╔bRжъ|╘ЄЮD №Hа7$Ш№,РgкЬёC╙ъpq└p╔bRжъ|╪ЄЮД№Hm3TРsкЬёC╙ъpq└p╔bRжъ|єЮД№QmsiserverМа7$ШMкLРкR·ъ_6ПЭ:N)Д;OБЎЮD №msiserverТHm3/Р$к▐Є▌╥еєg"┴ЇД╧dўЮД№demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔XўЮД№DР к┬╤Цw∙█cВIs■4bSўЮД№msiserverysNРк┬╤Цw∙█cВIs■4bSFўЮД№msiserverS-1-5-18oLРк▐0(\ЭЄ№├  ЁаH▄ OўЮD №msiserver╨┘/LРк▐0(\ЭЄ№├  ЁаH▄ X°ЮD №msiserverTкLРк▐0(\ЭЄ№├  ЁаH▄ Ш ЯD №msiserverCRLРк▐0(\ЭЄ№├  ЁаH▄ Ё ЯD №msiserverRPLРк▐0(\ЭЄ№├  ЁаH▄ с&ЯD №msiserver-2<Рк▐0(\ЭЄ№├  ЁаH▄ щ&ЯD №msiserver10LРк▐0(\ЭЄ№├  ЁаH▄ КXЯD №msiserverO;:Р к┬╤Цw∙█cВIs■4bS╗▄аD №sppsvcР 7-68РкeЗ╘е╩ЎMеЫ╙ЖZv╔X┬▄аD №NРu%Ш6Рк▐Є▌╥еєg"┴ЇД╧d╞▄аD №sppsvcC6Рк▐Є▌╥еєg"┴ЇД╧d╚▄аD №sppsvc1BР)к▐Є▌╥еєg"┴ЇД╧d╦▄аD №RpcSssppsvc232JР)к▐Є▌╥еєg"┴ЇД╧d═▄аD №DcomLaunchRpcSs;;S>РRк▐Є▌╥еєg"┴ЇД╧dЎ▄аD №DcomLaunch9NР)к▐Є▌╥еєg"┴ЇД╧d°▄аD №RpcEptMapperRpcSsAzРTк▐Є▌╥еєg"┴ЇД╧d▌аD №RpcEptMapperNT AUTHORITY\NetworkService)(AlРTк▐Є▌╥еєg"┴ЇД╧d"▌аD №RpcSsNT AUTHORITY\NetworkService83nРTк▐Є▌╥еєg"┴ЇД╧d6▌аD №sppsvcNT AUTHORITY\NetworkServiceD(Р#к▐Є▌╥еєg"┴ЇД╧dg▀аD №,Р1к▐Є▌╥еєg"┴ЇД╧dk▀аD №576Р2к▐Є▌╥еєg"┴ЇД╧dt▀аD №sppsvc1:Р3к▐Є▌╥еєg"┴ЇД╧dv▀аD №sppsvcPDTtР>к}da╬{%:lт%М╚╨┘/║▀аD №sppsvcC:\Windows\system32\sppsvc.exe100РIк}da╬{%:lт%М╚╨┘/└▀аD №,Р`к}da╬{%:lт%М╚╨┘/╙таD №WOxРGк┬╤Цw∙█cВIs■4bS)уаD №C:\Windows\system32\sppsvc.exesppsvcxРMк┬╤Цw∙█cВIs■4bS>уаD №sppsvcC:\Windows\system32\sppsvc.exexРMк┬╤Цw∙█cВIs■4bSEуаD №sppsvcC:\Windows\system32\sppsvc.exeJР^к┬╤Цw∙█cВIs■4bSIуаD №SeAuditPrivilegeЩ$Ш,Р\к┬╤Цw∙█cВIs■4bSJуаD №№VР^к┬╤Цw∙█cВIs■4bSQуаD №SeImpersonatePrivilegetXР^к┬╤Цw∙█cВIs■4bSVуаD №SeCreateGlobalPrivilegexРMк┬╤Цw∙█cВIs■4bS\уаD №!sppsvcC:\Windows\system32\sppsvc.exexРOк┬╤Цw∙█cВIs■4bScуаD №sppsvcC:\Windows\system32\sppsvc.exe6Р,к┬╤Цw∙█cВIs■4bSЁ∙аD №sppsvc8РcкЬёC╙ъpq└p╔bRжъ|√∙аD №@)$Ш <РYкЬёC╙ъpq└p╔bRжъ|ТЬбД№$ @)$Шvc,РgкЬёC╙ъpq└p╔bRжъ|ЭЬбD №$ №NРpкЬёC╙ъpq└p╔bRжъ|чЬбD №QsppsvcР @)$ШFРкR·ъ_6ПЭ:N)Д;OBабД№sppsvcУ$ /Р$к▐Є▌╥еєg"┴ЇД╧d─абD №demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X┘абD №>Р к┬╤Цw∙█cВIs■4bS█абD №sppsvceFРк▐0(\ЭЄ№├  ЁаH▄ ·абД№sppsvciТРк┬╤Цw∙█cВIs■4bSббD №sppsvcS-1-5-21-1242754773-2862960173-4029343502-500eviFРк▐0(\ЭЄ№├  ЁаH▄ г┤бD №sppsvcc6Рк▐0(\ЭЄ№├  ЁаH▄ и┤бD №sppsvcLРк▐0(\ЭЄ№├  ЁаH▄ єЄєD №msiserverLРк▐0(\ЭЄ№├  ЁаH▄ ФyЇD №msiserver∙кLРк▐0(\ЭЄ№├  ЁаH▄ ОБЇD №msiserverLРк▐0(\ЭЄ№├  ЁаH▄ by√D №msiserverLРк▐0(\ЭЄ№├  ЁаH▄ ∙■D №msiserver"q└В>Р&к$▐╙╓}╠F√Ъ╥СО}[6К лD №ASTGRP▄ └ВxРSк$▐╙╓}╠F√Ъ╥СО}[6КлD №\SystemRoot\system32\DRIVERS\astkmd.sysxРUк$▐╙╓}╠F√Ъ╥СО}[6КлD №\SystemRoot\system32\DRIVERS\astkmd.sys6Рк┤xиц▌aаРП;O¤╦╘[rлD №ASTGRP HР=к▄МР&к$▐╙╓}╠F√Ъ╥СО}[6КЛ╓D №ASTGRP▄ txРSк$▐╙╓}╠F√Ъ╥СО}[6КО╓D №\SystemRoot\system32\DRIVERS\astkmd.sysxРUк$▐╙╓}╠F√Ъ╥СО}[6КС╓D №\SystemRoot\system32\DRIVERS\astkmd.sys4РHк$▐╙╓}╠F√Ъ╥СО}[6К▒╓D №1:Р к$▐╙╓}╠F√Ъ╥СО}[6К┘D №ASTGRP▄ numHР=к▄МРhк%ц╛еi4НеФйАs\и.∙у"D №DsmSvcn6РSк%ц╛еi4НеФйАs\и.∙у"D №DsmSvcbРrкЬёC╙ъpq└p╔bRжъ|7#D № ShellHWDetectionрЁPЩ$ШР∙кbРrкЬёC╙ъpq└p╔bRжъ|#D № ShellHWDetectionрЁPЩ$Шudf>Рhк%ц╛еi4НеФйАs\и.∙rY#D №DsmSvcf6РSк%ц╛еi4НеФйАs\и.∙uY#D №DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙0[#D №DsmSvc6РSк%ц╛еi4НеФйАs\и.∙2[#D №DsmSvcBLРк▐0(\ЭЄ№├  ЁаH▄ шM&D №msiserverД╧dLРк▐0(\ЭЄ№├  ЁаH▄ нY&D №msiserver№@РТк▄МРк┤xиц▌aаРП;O¤╦╘[оt╦ D №e1rexpress$HР=к▄МРкк|т╞(zu░┤ю+кozХ&∙y╦ D №e1rexpressк<РDк$▐╙╓}╠F√Ъ╥СО}[6К√y╦ D №аov%Ш▌╥еєРРEк$▐╙╓}╠F√Ъ╥СО}[6К■y╦ D №NDIS\SystemRoot\system32\DRIVERS\e1r64x64.sysNULL4РHк$▐╙╓}╠F√Ъ╥СО}[6К]z╦ D №PУ #ШooNР коў[Щ·Zю+╖B]Йi}╦ D №e1rexpressPУ #Шh к,Р-коў[Щ·Zю+╖B]Йi7}╦ D №rbРrкЬёC╙ъpq└p╔bRжъ|К2╬ D № ShellHWDetectionрЁPЩ$Ш№bРrкЬёC╙ъpq└p╔bRжъ|5╬ D № ShellHWDetectionрЁPЩ$ШC:bРrкЬёC╙ъpq└p╔bRжъ|0t╒ D № ShellHWDetectionрЁPЩ$ШIs■4bSbРrкЬёC╙ъpq└p╔bRжъ|┴v╒ D № ShellHWDetectionрЁPЩ$ШIs■4bSbРrкЬёC╙ъpq└p╔bRжъ|O╒▄ D № ShellHWDetectionрЁPЩ$Ш▌aаРbРrкЬёC╙ъpq└p╔bRжъ|t╫▄ D № ShellHWDetectionрЁPЩ$Ш\spbРrкЬёC╙ъpq└p╔bRжъ|yф D № ShellHWDetectionрЁPЩ$ШРMкbРrкЬёC╙ъpq└p╔bRжъ|ьф D № ShellHWDetectionрЁPЩ$ШolsFР&к$▐╙╓}╠F√Ъ╥СО}[6КPъэ D №e1rexpress,e|РSк$▐╙╓}╠F√Ъ╥СО}[6КSъэ D №\SystemRoot\system32\DRIVERS\e1r64x64.sysDr|РUк$▐╙╓}╠F√Ъ╥СО}[6КWъэ D №\SystemRoot\system32\DRIVERS\e1r64x64.sysm3,Р кк|т╞(zu░┤ю+кozХ&▐ъэ D №∙█c4РHк$▐╙╓}╠F√Ъ╥СО}[6Кыэ D №1inBР к$▐╙╓}╠F√Ъ╥СО}[6Кsээ D №e1rexpress,Цw∙█cHР=к▄МР к┬╤Цw∙█cВIs■4bSTщц# №wuauservМк8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X]щц# №N`Т$Ш:Рк▐Є▌╥еєg"┴ЇД╧dbщц# №wuauservC::Рк▐Є▌╥еєg"┴ЇД╧dcщц# №wuauserv -kFР)к▐Є▌╥еєg"┴ЇД╧dgщц# №RpcSswuauservкJР)к▐Є▌╥еєg"┴ЇД╧diщц# №DcomLaunchRpcSs'>РRк▐Є▌╥еєg"┴ЇД╧dЭщц# №DcomLaunchNР)к▐Є▌╥еєg"┴ЇД╧dЯщц# №RpcEptMapperRpcSsкzРTк▐Є▌╥еєg"┴ЇД╧d╜щц# №RpcEptMapperNT AUTHORITY\NetworkServices&lРTк▐Є▌╥еєg"┴ЇД╧d╙щц# №RpcSsNT AUTHORITY\NetworkService▌╥еє:РRк▐Є▌╥еєg"┴ЇД╧dъщц# №wuauservvc(Р#к▐Є▌╥еєg"┴ЇД╧dьц# №,Р1к▐Є▌╥еєg"┴ЇД╧dьц# №c:Р2к▐Є▌╥еєg"┴ЇД╧d ьц# №wuauservAut>Р3к▐Є▌╥еєg"┴ЇД╧d"ьц# №wuauservO:РUк┬╤Цw∙█cВIs■4bSиьц# №wuauservRРsкЬёC╙ъpq└p╔bRжъ|цьц# №PwuauservМЁPЩ$Ш┴ЇД╧dJРкR·ъ_6ПЭ:N)Д;Oxюц#D №wuauserv┴р№/Р$к▐Є▌╥еєg"┴ЇД╧d Ёц# №demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔XАЁц# №BР к┬╤Цw∙█cВIs■4bSЕЁц# №wuauservinRLРк┬╤Цw∙█cВIs■4bS┌Ёц# №wuauservS-1-5-18∙█cJРк▐0(\ЭЄ№├  ЁаH▄ k∙ш# №wuauserv№JРк▐0(\ЭЄ№├  ЁаH▄ #Tщ# №wuauserv┼№:Рк▐0(\ЭЄ№├  ЁаH▄ пTщ# №wuauservРк>РТк▄МРТк▄МР╪к▄Мэ%М №pci└┼Ю$Шl,Р-коў[Щ·Zю+╖B]Йiu>э%М №ne@Р коў[Щ·Zю+╖B]Йi┐>э%М №pci└┼Ю$Шl0РЫк▄Мэ%М №pci,Р-коў[Щ·Zю+╖B]Йi╙>э%М №Wi8Р&к$▐╙╓}╠F√Ъ╥СО}[6Кг%&М №pciИ ZРSк$▐╙╓}╠F√Ъ╥СО}[6Кж%&М №System32\drivers\pci.sysine,Р кк|т╞(zu░┤ю+кozХ&ё%&М № \s4РHк$▐╙╓}╠F√Ъ╥СО}[6К¤%&М №14Р к$▐╙╓}╠F√Ъ╥СО}[6К^(&М №pciИ eaHР=к▄МРhк%ц╛еi4НеФйАs\и.∙▄BТ)М №DsmSvc6РSк%ц╛еi4НеФйАs\и.∙▀BТ)М №DsmSvc:РТк▄МРhк%ц╛еi4НеФйАs\и.∙Е┼;/М №DsmSvcn6РSк%ц╛еi4НеФйАs\и.∙И┼;/М №DsmSvc>Рhк%ц╛еi4НеФйАs\и.∙е╠;/М №DsmSvcm6РSк%ц╛еi4НеФйАs\и.∙и╠;/М №DsmSvcbРrкЬёC╙ъpq└p╔bRжъ|)}/М №DsmSvc№:РТк▄М/М №DsmSvc№:РТк▄М/М №DsmSvcsmS:РТк▄М/М №DsmSvcsmS:РТк▄М/М №DsmSvcc:РТк▄М/М №DsmSvcc:РТк▄МРhк%ц╛еi4НеФйАs\и.∙╡uб1М №DsmSvcеє6РSк%ц╛еi4НеФйАs\и.∙╕uб1М №DsmSvcеєbРrкЬёC╙ъpq└p╔bRжъ|FWг1М № ShellHWDetectionрЁPЩ$ШАbРrкЬёC╙ъpq└p╔bRжъ|Zг1М № ShellHWDetectionрЁPЩ$ШЦw∙█cbРrкЬёC╙ъpq└p╔bRжъ|odг1М № ShellHWDetectionрЁPЩ$Ш№bРrкЬёC╙ъpq└p╔bRжъ|gmг1М № ShellHWDetectionрЁPЩ$ШЄ▌╥еєbРrкЬёC╙ъpq└p╔bRжъ|Цoг1М № ShellHWDetectionрЁPЩ$ШАbРrкЬёC╙ъpq└p╔bRжъ|YОг1М № ShellHWDetectionрЁPЩ$Ш-18bРrкЬёC╙ъpq└p╔bRжъ|ДРг1М № ShellHWDetectionрЁPЩ$Ш№>Рhк%ц╛еi4НеФйАs\и.∙╥╨ж1М №DsmSvc6РSк%ц╛еi4НеФйАs\и.∙╘╨ж1М №DsmSvcЄ№:РТк▄МР к$▐╙╓}╠F√Ъ╥СО}[6К?┬├1М №msisadrvаъ|HР=к▄МРhк%ц╛еi4НеФйАs\и.∙V[#2 №DsmSvcd6РSк%ц╛еi4НеФйАs\и.∙Z[#2 №DsmSvcеєbРrкЬёC╙ъpq└p╔bRжъ|X╟)2 № ShellHWDetectionрЁPЩ$ШЩ>Рhк%ц╛еi4НеФйАs\и.∙╓'-2 №DsmSvc6РSк%ц╛еi4НеФйАs\и.∙╪'-2 №DsmSvc█cbРrкЬёC╙ъpq└p╔bRжъ|Щ√.2 № ShellHWDetectionрЁPЩ$ШookbРrкЬёC╙ъpq└p╔bRжъ|fJ/2 № ShellHWDetectionрЁPЩ$ШbРrкЬёC╙ъpq└p╔bRжъ|ЁЛ/2М № ShellHWDetectionрЁPЩ$ШР кbРrкЬёC╙ъpq└p╔bRжъ|Б12М № ShellHWDetectionрЁPЩ$Ш№BР к┬╤Цw∙█cВIs■4bS-12 №WPDBusEnum№Аs\и.∙8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X512 №N░$ $Ш>Рк▐Є▌╥еєg"┴ЇД╧d912 №WPDBusEnum>Рк▐Є▌╥еєg"┴ЇД╧d;12 №WPDBusEnumJР)к▐Є▌╥еєg"┴ЇД╧d>12 №RpcSsWPDBusEnumvcJР)к▐Є▌╥еєg"┴ЇД╧d@12 №DcomLaunchRpcSsvc>РRк▐Є▌╥еєg"┴ЇД╧dw12 №DcomLaunchoNР)к▐Є▌╥еєg"┴ЇД╧dy12 №RpcEptMapperRpcSsozРTк▐Є▌╥еєg"┴ЇД╧dЭ12 №RpcEptMapperNT AUTHORITY\NetworkService(\ЭЄ№lРTк▐Є▌╥еєg"┴ЇД╧d┤12 №RpcSsNT AUTHORITY\NetworkServiceet>РRк▐Є▌╥еєg"┴ЇД╧d═12 №WPDBusEnumъ|(Р#к▐Є▌╥еєg"┴ЇД╧d12 №,Р1к▐Є▌╥еєg"┴ЇД╧d12 №>к>Р2к▐Є▌╥еєg"┴ЇД╧d!12 №WPDBusEnumBР3к▐Є▌╥еєg"┴ЇД╧d$12 №WPDBusEnumаб"q└В>Рhк%ц╛еi4НеФйАs\и.∙%12Р№DsmSvcN6РSк%ц╛еi4НеФйАs\и.∙(12Р№DsmSvcйC>РUк┬╤Цw∙█cВIs■4bS╨12 №WPDBusEnumVРpкЬёC╙ъpq└p╔bRжъ|12 №PWPDBusEnum№2$ШNРкR·ъ_6ПЭ:N)Д;O▓12Р№WPDBusEnum/Р$к▐Є▌╥еєg"┴ЇД╧d╫12 №demandC(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔XЇ12 №FР к┬╤Цw∙█cВIs■4bSў12 №WPDBusEnumkPРк┬╤Цw∙█cВIs■4bS312 №WPDBusEnumS-1-5-18>РUк%ц╛еi4НеФйАs\и.∙h12М №WPDBusEnumrNРк▐0(\ЭЄ№├  ЁаH▄ ╥12М №WPDBusEnumlNРк▐0(\ЭЄ№├  ЁаH▄ а!12М №WPDBusEnum┴к>Рк▐0(\ЭЄ№├  ЁаH▄ &"12М №WPDBusEnumкbРrкЬёC╙ъpq└p╔bRжъ|-12М № ShellHWDetectionрЁPЩ$ШbРrкЬёC╙ъpq└p╔bRжъ|к/12М № ShellHWDetectionрЁPЩ$Ш№bРrкЬёC╙ъpq└p╔bRжъ|+╤72М № ShellHWDetectionрЁPЩ$Ш92 № ShellHWDetectionрЁPЩ$Шy>Рhк%ц╛еi4НеФйАs\и.∙Х?92М №DsmSvcr6РSк%ц╛еi4НеФйАs\и.∙Ч?92М №DsmSvcebРrкЬёC╙ъpq└p╔bRжъ|╣@92М № ShellHWDetectionрЁPЩ$Шк}da╬{%:lт%М╚╨┘/iў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroup№0РIк}da╬{%:lт%М╚╨┘/pў4Р№,Р`к}da╬{%:lт%М╚╨┘/ў4Р№ТкШРGк┬╤Цw∙█cВIs■4bS3ў4Р№C:\Windows\System32\svchost.exe -k WerSvcGroupWerSvcdР^к┬╤Цw∙█cВIs■4bS?ў4Р№SeAssignPrimaryTokenPrivilegeТкШРMк┬╤Цw∙█cВIs■4bSBў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSEў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupFР^к┬╤Цw∙█cВIs■4bSGў4Р№SeTcbPrivilegeъ|ШРMк┬╤Цw∙█cВIs■4bSJў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSLў4Р№ WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSOў4Р№ WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSQў4Р№ WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSTў4Р№ WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSVў4Р№ WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSXў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bS[ў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bS]ў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bS`ў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSbў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSdў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupJР^к┬╤Цw∙█cВIs■4bSfў4Р№SeDebugPrivilegedsШРMк┬╤Цw∙█cВIs■4bShў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSjў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroup,Р\к┬╤Цw∙█cВIs■4bSkў4Р№ъpqШРMк┬╤Цw∙█cВIs■4bSnў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSpў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupVР^к┬╤Цw∙█cВIs■4bSrў4Р№SeImpersonatePrivilegeШРMк┬╤Цw∙█cВIs■4bSuў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSwў4Р№!WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bSyў4Р№"WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРMк┬╤Цw∙█cВIs■4bS|ў4Р№#WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroupШРOк┬╤Цw∙█cВIs■4bSБў4Р№WerSvcC:\Windows\System32\svchost.exe -k WerSvcGroup6Р,к┬╤Цw∙█cВIs■4bSў4Р№WerSvcq8РcкЬёC╙ъpq└p╔bRжъ|ў4Р№а-$Ш▄<РYкЬёC╙ъpq└p╔bRжъ|Лў4М №4а-$Ш,РgкЬёC╙ъpq└p╔bRжъ|Пў4Р№4i4НеNРsкЬёC╙ъpq└p╔bRжъ|├ў4Р№QWerSvcа-$ШFРкR·ъ_6ПЭ:N)Д;OМ"ў4М №WerSvc/4S/Р$к▐Є▌╥еєg"┴ЇД╧dр"ў4Р№demand(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔Xю"ў4Р№>Рnк┬╤Цw∙█cВIs■4bSя"ў4Р№WerSvcъ|FРк▐0(\ЭЄ№├  ЁаH▄ mЙў4Р№WerSvcFРк▐0(\ЭЄ№├  ЁаH▄ √Нў4Р№WerSvct6Рк▐0(\ЭЄ№├  ЁаH▄ ■Нў4Р№WerSvcq6Рiк%ц╛еi4НеФйАs\и.∙E ·4Р№WerSvci6РSк%ц╛еi4НеФйАs\и.∙F ·4Р№WerSvcъ|8Р к┬╤Цw∙█cВIs■4bS4г√4Р№gpsvc8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X9г√4Р№NЙ$Ш(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X=г√4Р№<Р к┬╤Цw∙█cВIs■4bS>г√4Р№gpsvc ti0РРкЬёC╙ъpq└p╔bRжъ|Ы╟■4Р№ZРrкЬёC╙ъpq└p╔bRжъ|╫╟■4Р№AppReadinessМ-$ШDsJРrкЬёC╙ъpq└p╔bRжъ|S╔■4Р№BITSМЁPЩ$Ш┴ЇД╧djРrкЬёC╙ъpq└p╔bRжъ|▌╔■4Р№BrokerInfrastructureМpў$ШDsRРrкЬёC╙ъpq└p╔bRжъ|°╦■4Р№CryptSvcМ¤$ШРкVРrкЬёC╙ъpq└p╔bRжъ|Х╠■4Р№DcomLaunchМpў$Ш8Р к┬╤Цw∙█cВIs■4bSї╠■4 №gpsvc8РкeЗ╘е╩ЎMеЫ╙ЖZv╔X·╠■4 №N░$ $Ш(Р кeЗ╘е╩ЎMеЫ╙ЖZv╔X№╠■4 №<Р к┬╤Цw∙█cВIs■4bS¤╠■4 №gpsvc "q└ВPРrкЬёC╙ъpq└p╔bRжъ| ═■4Р№hidservМ2$ШRРrкЬёC╙ъpq└p╔bRжъ|Ш═■4Р№iphlpsvcМЁPЩ$ШРhкRРrкЬёC╙ъpq└p╔bRжъ||╬■4Р№netprofmМ░є$Ш╦NРrкЬёC╙ъpq└p╔bRжъ| ╧■4Р№NlaSvcМ¤$ШLРrкЬёC╙ъpq└p╔bRжъ|P╥■4Р№RpcSsМЁя$Шi4НеRРrкЬёC╙ъpq└p╔bRжъ|░╙■4Р№ScheduleМЁPЩ$Ш№bРrкЬёC╙ъpq└p╔bRжъ|╒■4Р№ShellHWDetectionМЁPЩ$ШЁPЩ$ШPРrкЬёC╙ъpq└p╔bRжъ|y╒■4Р№SpoolerМЁ■$ШfРrкЬёC╙ъpq└p╔bRжъ|t╓■4Р№SystemEventsBrokerМpў$ШSNРrкЬёC╙ъpq└p╔bRжъ|█╓■4Р№WcmsvcМpЄ$ШкVРrкЬёC╙ъpq└p╔bRжъ|а╫■4Р№WPDBusEnumМ2$ШRРrкЬёC╙ъpq└p╔bRжъ|╪■4Р№wuauservМЁPЩ$Ш(Р*кЬёC╙ъpq└p╔bRжъ|hL 4Р№RР-кЬёC╙ъpq└p╔bRжъ|ГL 4Р№trustedinstallerРSк,РAкЬёC╙ъpq└p╔bRжъ|ЗL 4Р№p:Р9кЬёC╙ъpq└p╔bRжъ|ЙL 4Р№wuauserv4Р9кЬёC╙ъpq└p╔bRжъ|ЙL 4Р№gpsvc4Р;кЬёC╙ъpq└p╔bRжъ|НL 4Р№gpsvc:Р;кЬёC╙ъpq└p╔bRжъ|ФL 4Р№wuauservcA,РCкЬёC╙ъpq└p╔bRжъ|ХL 4Р№к>Р1кЬёC╙ъpq└p╔bRжъ|ЯO 4Р№wuauservлV:РJкЬёC╙ъpq└p╔bRжъ|вO 4Р№wuauserv8r┴F$RРsкЬёC╙ъpq└p╔bRжъ|║O 4Р№wuauserv╘ЁPЩ$ШcJРк▐0(\ЭЄ№├  ЁаH▄ P 4М №wuauservРкTРБкЬёC╙ъpq└p╔bRжъ|дP 4Р№wuauservS-1-5-18╘Ё u%JРк▐0(\ЭЄ№├  ЁаH▄ ╧| 4 №wuauservЄ▌╥еєJРк▐0(\ЭЄ№├  ЁаH▄ В} 4 №wuauserv№JРк▐0(\ЭЄ№├  ЁаH▄ &y5 №wuauserv№:Р4кЬёC╙ъpq└p╔bRжъ|Е╦5Р№wuauserv                      Аа+алл┬/5 а+!░М√р  8Шр  8Р1кЬёC╙ъpq└p╔bRжъ|Ъ╠5Р№gpsvc4РJкЬёC╙ъpq└p╔bRжъ|Ю╠5Р№gpsvcLРsкЬёC╙ъpq└p╔bRжъ|л╠5Р№gpsvc╘ЁPЩ$ШcEDРк▐0(\ЭЄ№├  ЁаH▄ j¤5 №gpsvcA№DРк▐0(\ЭЄ№├  ЁаH▄ Ъ■5 №gpsvcAerDРк▐0(\ЭЄ№├  ЁаH▄  5 №gpsvcANTNРБкЬёC╙ъpq└p╔bRжъ|d 5Р№gpsvcS-1-5-18╘dDРк▐0(\ЭЄ№├  ЁаH▄ №5 №gpsvcAocDРк▐0(\ЭЄ№├  ЁаH▄ г5 №gpsvcAcSDРк▐0(\ЭЄ№├  ЁаH▄ ╣5 №gpsvcADРк▐0(\ЭЄ№├  ЁаH▄ У5 №gpsvcA▌╥еєDРк▐0(\ЭЄ№├  ЁаH▄ ╘5 №gpsvcADРк▐0(\ЭЄ№├  ЁаH▄ %5 №gpsvcA▌╥еєDРк▐0(\ЭЄ№├  ЁаH▄ c5 №gpsvcADРк▐0(\ЭЄ№├  ЁаH▄ Ы5 №gpsvcABIDРк▐0(\ЭЄ№├  ЁаH▄ ё5 №gpsvcA№DРк▐0(\ЭЄ№├  ЁаH▄ *5 №gpsvcA№DРк▐0(\ЭЄ№├  ЁаH▄ ▐5 №gpsvcA┴F$4Р4кЬёC╙ъpq└p╔bRжъ|│55Р№gpsvcаH▄ BРJкЬёC╙ъpq└p╔bRжъ|╕55Р№AppReadiness ЁаH▄ ZРsкЬёC╙ъpq└p╔bRжъ|┬55Р№AppReadiness╘-$ШРrкRРк▐0(\ЭЄ№├  ЁаH▄ P65 №AppReadiness▀┌SлV\РБкЬёC╙ъpq└p╔bRжъ|┌65Р№AppReadinessS-1-5-18╘6РJкЬёC╙ъpq└p╔bRжъ|▀65Р№UALSVCкNРsкЬёC╙ъpq└p╔bRжъ|Ў65Р№UALSVC╘2$ШRРк▐0(\ЭЄ№├  ЁаH▄  65 №AppReadiness┴ЇД╧dFРк▐0(\ЭЄ№├  ЁаH▄ P75 №UALSVCкRРк▐0(\ЭЄ№├  ЁаH▄ m75М №AppReadinessPSRРк▐0(\ЭЄ№├  ЁаH▄ и75 №AppReadiness█PРБкЬёC╙ъpq└p╔bRжъ|├75Р№UALSVCS-1-5-18╘FР1кЬёC╙ъpq└p╔bRжъ|╧85Р№AppReadinessRРк▐0(\ЭЄ№├  ЁаH▄ ї▓5 №AppReadinessPS(Р2к┤xиц▌aаРП;O¤╦╘[Я│5▄ №0Р]кЬёC╙ъpq└p╔bRжъ|Y┤5 №-$ШFРк▐0(\ЭЄ№├  ЁаH▄ И▌5 №UALSVC▄ 4РwкЬёC╙ъpq└p╔bRжъ|3 5▄ №\ЭЄ№(Р3к┤xиц▌aаРП;O¤╦╘[6 5▄ №(Р8к┤xиц▌aаРП;O¤╦╘[8 5▄ №BР4кЬёC╙ъpq└p╔bRжъ|▄Я 5Р№AppReadinessРк:Р1кЬёC╙ъpq└p╔bRжъ|ча 5Р№UALSVCЄ▌╥еє6Р4кЬёC╙ъpq└p╔bRжъ|ща 5Р№UALSVCеє(Р)кШxb2═╤s┼lаS!¤,sЛЧ5, №(Р*кШxb2═╤s┼lаS!¤,sМЧ5, №(РкЬёC╙ъpq└p╔bRжъ|Бд5, №РРНкЬёC╙ъpq└p╔bRжъ|╘д5Р№C:\Windows\system32\svchost.exe -k DcomLaunch1DРОкЬёC╙ъpq└p╔bRжъ|█д5Р№DeviceInstallеєШРНкЬёC╙ъpq└p╔bRжъ|юд5 №C:\Windows\system32\svchost.exe -k NetworkService5:РОкЬёC╙ъpq└p╔bRжъ|Ўд5 №CryptSvctwo\РsкЬёC╙ъpq└p╔bRжъ|№д5Р№DeviceInstallpў$Ш▌╥еєRРsкЬёC╙ъpq└p╔bRжъ|е5 №CryptSvc¤$Ш№ФРНкЬёC╙ъpq└p╔bRжъ|е5М №C:\Windows\system32\svchost.exe -k LocalService5Д╧d<РОкЬёC╙ъpq└p╔bRжъ|е5М №FontCacheйCTРsкЬёC╙ъpq└p╔bRжъ|'е5М №FontCache░є$Ш╢РНкЬёC╙ъpq└p╔bRжъ|:е5h№C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted52РОкЬёC╙ъpq└p╔bRжъ|?е5h№DhcpРGкКРНкЬёC╙ъpq└p╔bRжъ|Xе5 №C:\Windows\system32\svchost.exe -k netsvcs 1▀6РОкЬёC╙ъpq└p╔bRжъ|]е5 №DsmSvceNРsкЬёC╙ъpq└p╔bRжъ|gе5 №DsmSvcЁPЩ$ШSJРsкЬёC╙ъpq└p╔bRжъ|hе5h№DhcppЄ$ШРMкTРк▐0(\ЭЄ№├  ЁаH▄ Ме5М №DeviceInstall2\жРНкЬёC╙ъpq└p╔bRжъ|░е5М №C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork=\0РОкЬёC╙ъpq└p╔bRжъ|▓е5М №DPSHРsкЬёC╙ъpq└p╔bRжъ|╣е5М №DPSpXЩ$ШJРк▐0(\ЭЄ№├  ЁаH▄ ═е5| №CryptSvcste┤РНкЬёC╙ъpq└p╔bRжъ|Єе5| №C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted18РОкЬёC╙ъpq└p╔bRжъ|Їе5| №hidservPРsкЬёC╙ъpq└p╔bRжъ|№е5| №hidserv2$ШpРНкЬёC╙ъpq└p╔bRжъ|/ж5ф №C:\Windows\System32\msdtc.exe44РОкЬёC╙ъpq└p╔bRжъ|3ж5ф №MSDTCLРsкЬёC╙ъpq└p╔bRжъ|?ж5ф №MSDTCр.$Ш№:РОкЬёC╙ъpq└p╔bRжъ|Bж5Р№PlugPlayRРsкЬёC╙ъpq└p╔bRжъ|Nж5Р№PlugPlaypў$ШтzРНкЬёC╙ъpq└p╔bRжъ|tж5─№C:\Windows\system32\msiexec.exe /V4ц<РОкЬёC╙ъpq└p╔bRжъ|xж5─№msiserver№TРsкЬёC╙ъpq└p╔bRжъ|Еж5─№msiserverа7$Ш▌╥еє8РОкЬёC╙ъpq└p╔bRжъ|Йж5 №ProfSvcPРsкЬёC╙ъpq└p╔bRжъ|Ыж5 №ProfSvcЁPЩ$ШTРк▐0(\ЭЄ№├  ЁаH▄ иж5@№DeviceInstallunFРк▐0(\ЭЄ№├  ЁаH▄ ╠ж5 №DsmSvcm4РОкЬёC╙ъpq└p╔bRжъ|з5 №WinRM№HРк▐0(\ЭЄ№├  ЁаH▄ з5@№hidservЕJРк▐0(\ЭЄ№├  ЁаH▄ "з5 №PlugPlaySerLРsкЬёC╙ъpq└p╔bRжъ|-з5 №WinRM¤$ШUT@Рк▐0(\ЭЄ№├  ЁаH▄ |з5@№DPSHРк▐0(\ЭЄ№├  ЁаH▄ Вз5@ №ProfSvcTРк▐0(\ЭЄ№├  ЁаH▄ дз5 №DeviceInstallД╧dDРк▐0(\ЭЄ№├  ЁаH▄ нз5@ №MSDTCpsLРк▐0(\ЭЄ№├  ЁаH▄ ╙з5@ №msiserver>кJРк▐0(\ЭЄ№├  ЁаH▄ Їз5 №PlugPlaytemDРк▐0(\ЭЄ№├  ЁаH▄ Ўз5@ №WinRM№@Рк▐0(\ЭЄ№├  ЁаH▄ _и5@№DPS6РОкЬёC╙ъpq└p╔bRжъ|vи5| №TrkWkssDРк▐0(\ЭЄ№├  ЁаH▄ Ки5@ №MSDTC∙█cNРsкЬёC╙ъpq└p╔bRжъ|Ни5| №TrkWks2$Ш2HРк▐0(\ЭЄ№├  ЁаH▄ Ри5№hidservTРк▐0(\ЭЄ№├  ЁаH▄ ки5P №DeviceInstall∙█cFРк▐0(\ЭЄ№├  ЁаH▄ ┘и5t №TrkWksк:РОкЬёC╙ъpq└p╔bRжъ|й5 №ScheduleIs■4bSRРsкЬёC╙ъpq└p╔bRжъ|0й5 №ScheduleЁPЩ$ШIs■4bSJРк▐0(\ЭЄ№├  ЁаH▄ ай5 №Schedule┼Цw∙█c8РОкЬёC╙ъpq└p╔bRжъ| к5 №WinmgmtPРsкЬёC╙ъpq└p╔bRжъ|"к5 №WinmgmtЁPЩ$ШTРк▐0(\ЭЄ№├  ЁаH▄ Uк5| №DeviceInstalleTРк▐0(\ЭЄ№├  ЁаH▄ uк5| №DeviceInstallFРк▐0(\ЭЄ№├  ЁаH▄ ~к5 №TrkWks$TРк▐0(\ЭЄ№├  ЁаH▄ ╪к5| №DeviceInstallRжъ|HРк▐0(\ЭЄ№├  ЁаH▄ л5@№Winmgmt@Рк▐0(\ЭЄ№├  ЁаH▄ &о5 №DPSLРк▐0(\ЭЄ№├  ЁаH▄ c▓5 №msiserver№(Р2к┤xиц▌aаРП;O¤╦╘[╙▓5┤ №0Р]кЬёC╙ъpq└p╔bRжъ|k│5 №а7$ШHРк▐0(\ЭЄ№├  ЁаH▄ ы╜5 №ProfSvcHРк▐0(\ЭЄ№├  ЁаH▄ ~┐5 №Winmgmt4РwкЬёC╙ъpq└p╔bRжъ|╞5┤ №H"q└В(Р3к┤xиц▌aаРП;O¤╦╘[╞5┤ №(Р8к┤xиц▌aаРП;O¤╦╘[╞5┤ №LРк▐0(\ЭЄ№├  ЁаH▄ н╤5 №FontCachevcDРк▐0(\ЭЄ№├  ЁаH▄ ч▐5М №MSDTCFк(Р2к┤xиц▌aаРП;O¤╦╘[X▀5\ №0Р^кЬёC╙ъpq└p╔bRжъ|yс5М №р.$Ш0Р]кЬёC╙ъpq└p╔bRжъ|zс5М №р.$Ш4РwкЬёC╙ъpq└p╔bRжъ|&ш5\ №р▌╥еє(Р3к┤xиц▌aаРП;O¤╦╘[)ш5\ №(Р8к┤xиц▌aаРП;O¤╦╘[+ш5\ №BРк▐0(\ЭЄ№├  ЁаH▄ V5М №Dhcpаб"q└В:РОкЬёC╙ъpq└p╔bRжъ|║5h№EventLog8r┴F$RРsкЬёC╙ъpq└p╔bRжъ|─5h№EventLogpЄ$Шpu%LРк▐0(\ЭЄ№├  ЁаH▄ qW5М №FontCache▌╥еєJРк▐0(\ЭЄ№├  ЁаH▄ ыn5М №EventLog№6РОкЬёC╙ъpq└p╔bRжъ|Eo5h№WcmsvcdNРsкЬёC╙ъpq└p╔bRжъ|[o5h№WcmsvcpЄ$ШJРк▐0(\ЭЄ№├  ЁаH▄ жo5М №EventLogыFРк▐0(\ЭЄ№├  ЁаH▄ !q5М №Wcmsvc(РкЬёC╙ъpq└p╔bRжъ|Лq5, №,РкЬёC╙ъpq└p╔bRжъ|Мq5, №егcEBРк▐0(\ЭЄ№├  ЁаH▄ ■в5h№DhcpiceJРк▐0(\ЭЄ№├  ЁаH▄ {√5h№EventLogORIJРк▐0(\ЭЄ№├  ЁаH▄  5h№Schedule№FРк▐0(\ЭЄ№├  ЁаH▄ ╥15h№DsmSvctBРк▐0(\ЭЄ№├  ЁаH▄ ж╖5h№DhcpыDРк▐0(\ЭЄ№├  ЁаH▄ ╕f5h№WinRM2>РкЬёC╙ъpq└p╔bRжъ|╚Щ5, №CryptSvcк:РкЬёC╙ъpq└p╔bRжъ|╩Щ5, №Wcmsvc`ъ2FРк▐0(\ЭЄ№├  ЁаH▄ 5h№WcmsvcВ>РкЬёC╙ъpq└p╔bRжъ|■"5, №CryptSvc>РкЬёC╙ъpq└p╔bRжъ|=n%5, №CryptSvcF$>РкЬёC╙ъpq└p╔bRжъ|M╪(5, №CryptSvc▄ >РкЬёC╙ъpq└p╔bRжъ|ВB,5, №CryptSvcйCJРк▐0(\ЭЄ№├  ЁаH▄ З╔,5h№CryptSvcЄ(РкЬёC╙ъpq└p╔bRжъ|╢м/5, №