SVCHOST Diag
~~~~~Services loaded under SVCHOST~~~~~
Image Name: svchost.exe
PID: 900
Services: DcomLaunch
PlugPlay
Image Name: svchost.exe
PID: 1020
Services: RpcSs
Image Name: svchost.exe
PID: 1060
Services: Audiosrv
Dhcp
Eventlog
lmhosts
wscsvc
Image Name: svchost.exe
PID: 1152
Services: AudioEndpointBuilder
EMDMgmt
hidserv
Netman
PcaSvc
SysMain
TabletInputService
TrkWks
UxSms
WdiSystemHost
Wlansvc
WPDBusEnum
wudfsvc
Image Name: svchost.exe
PID: 1168
Services: AeLookupSvc
Appinfo
BITS
Browser
EapHost
gpsvc
iphlpsvc
LanmanServer
MMCSS
ProfSvc
RasMan
Schedule
seclogon
SENS
ShellHWDetection
Themes
Winmgmt
wuauserv
Image Name: svchost.exe
PID: 1372
Services: EventSystem
fdPHost
FDResPub
LanmanWorkstation
netprofm
nsi
SSDPSRV
SstpSvc
W32Time
WebClient
WinHttpAutoProxySvc
Image Name: svchost.exe
PID: 1556
Services: CryptSvc
Dnscache
KtmRm
NlaSvc
TapiSrv
TermService
Image Name: svchost.exe
PID: 2100
Services: DPS
Image Name: svchost.exe
PID: 2780
Services: stisvc
Image Name: svchost.exe
PID: 3300
Services: WerSvc
~~~~~Modules loaded under SVCHOST~~~~~
Image Name: svchost.exe
PID: 900
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
umpnpmgr.dll
USER32.dll
GDI32.dll
USERENV.dll
Secur32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
POWRPROF.dll
GPAPI.dll
slc.dll
rpcss.dll
WS2_32.dll
NSI.dll
FirewallAPI.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
CRYPT32.dll
MSASN1.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
SETUPAPI.dll
Cabinet.dll
NTMARTA.DLL
WLDAP32.dll
SAMLIB.dll
WINSTA.dll
CLBCatQ.DLL
apphelp.dll
WTSAPI32.dll
Image Name: svchost.exe
PID: 1020
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
rpcss.dll
WS2_32.dll
NSI.dll
Secur32.dll
FirewallAPI.dll
USER32.dll
GDI32.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
rsaenh.dll
mswsock.dll
wshtcpip.dll
wship6.dll
CLBCatQ.DLL
WTSAPI32.dll
WINSTA.dll
Image Name: svchost.exe
PID: 1060
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
wevtsvc.dll
USERENV.dll
Secur32.dll
USER32.dll
GDI32.dll
VERSION.dll
GPAPI.dll
slc.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
CRYPT32.dll
MSASN1.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
WS2_32.dll
NSI.dll
mswsock.dll
wshtcpip.dll
wship6.dll
audiosrv.dll
ole32.dll
OLEAUT32.dll
MMDevAPI.DLL
SHLWAPI.dll
WTSAPI32.dll
WINSTA.dll
comctl32.dll
CLBCatQ.DLL
SETUPAPI.dll
WINTRUST.dll
imagehlp.dll
rsaenh.dll
audioses.dll
audioeng.dll
AVRT.dll
lmhsvc.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
dhcpcsvc6.DLL
wscsvc.dll
FirewallAPI.dll
dbghelp.dll
wbemprox.dll
wbemcomn.dll
wbemsvc.dll
fastprox.dll
NTDSAPI.dll
WLDAP32.dll
ncrypt.dll
BCRYPT.dll
wuapi.dll
Cabinet.dll
Image Name: svchost.exe
PID: 1152
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
audiosrv.dll
OLEAUT32.dll
MMDevAPI.DLL
SHLWAPI.dll
WTSAPI32.dll
WINSTA.dll
comctl32.dll
CLBCatQ.DLL
SETUPAPI.dll
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
Secur32.dll
imagehlp.dll
uxsms.dll
tabsvc.dll
HID.DLL
slc.dll
wudfsvc.dll
WUDFPlatform.dll
VERSION.dll
wevtapi.dll
wlansvc.dll
NETAPI32.dll
SHELL32.dll
WLANMSM.DLL
WLANSEC.dll
OneX.DLL
eappprxy.dll
eappcfg.dll
gdiplus.dll
DUser.dll
UxTheme.dll
OLEACC.dll
AUTHZ.dll
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
wlgpclnt.dll
l2gpstore.dll
wlanutil.dll
SYSNTFY.dll
WinSCard.dll
IPHLPAPI.DLL
dhcpcsvc6.DLL
bcrypt.dll
msxml6.dll
rsaenh.dll
credssp.dll
schannel.dll
kerberos.dll
cryptdll.dll
apphelp.dll
netcfgx.dll
Cabinet.dll
emdmgmt.dll
WDSCORE.dll
SLWGA.dll
urlmon.dll
iertutil.dll
hidserv.dll
pcasvc.dll
netman.dll
RASAPI32.dll
rasman.dll
TAPI32.dll
rtutils.dll
WINMM.dll
sysmain.dll
trkwks.dll
netshell.dll
nlaapi.dll
wpdbusenum.dll
GPAPI.dll
PortableDeviceApi.dll
wdi.dll
pcadm.dll
RASDLG.dll
MPRAPI.dll
ACTIVEDS.dll
adsldpc.dll
credui.dll
ATL.DLL
hnetcfg.dll
WINHTTP.dll
mswsock.dll
wshtcpip.dll
upnp.dll
SSDPAPI.dll
SXS.DLL
msxml3.dll
wbemprox.dll
wbemcomn.dll
wbemsvc.dll
fastprox.dll
NTDSAPI.dll
radardt.dll
Image Name: svchost.exe
PID: 1168
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
mmcss.dll
AVRT.dll
gpsvc.dll
Secur32.dll
NETAPI32.dll
NTDSAPI.dll
DNSAPI.dll
WTSAPI32.dll
OLEAUT32.dll
USERENV.dll
GPAPI.dll
slc.dll
AUTHZ.dll
SYSNTFY.dll
WINSTA.dll
nlaapi.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
WINNSI.DLL
dhcpcsvc6.DLL
profsvc.dll
ATL.DLL
shsvcs.dll
sens.dll
UxTheme.dll
rsaenh.dll
eapsvc.dll
eapphost.dll
CLBCatQ.DLL
umb.dll
SETUPAPI.dll
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
imagehlp.dll
PROPSYS.dll
SXS.DLL
COMCTL32.dll
schedsvc.dll
SHLWAPI.dll
wevtapi.dll
ktmw32.dll
comctl32.dll
credssp.dll
schannel.dll
wiarpc.dll
taskcomp.dll
VERSION.dll
mswsock.dll
wshtcpip.dll
wship6.dll
apphelp.dll
tschannel.dll
srvsvc.dll
SSCORE.DLL
FirewallAPI.DLL
CLUSAPI.DLL
cryptdll.dll
ACTIVEDS.dll
adsldpc.dll
credui.dll
SHELL32.dll
RESUTILS.DLL
browser.dll
aelupsvc.dll
seclogon.dll
wmisvc.dll
wbemcomn.dll
iphlpsvc.dll
fwpuclnt.dll
rtutils.dll
sqmapi.dll
bcrypt.dll
rasmans.dll
Cabinet.dll
rastapi.dll
TAPI32.dll
WINMM.dll
OLEACC.dll
rasppp.dll
MPRAPI.dll
RASAPI32.dll
rasman.dll
kerberos.dll
RASQEC.DLL
QUtil.dll
raschap.dll
rastls.dll
CRYPTUI.dll
MSIMG32.dll
WinSCard.dll
VSSAPI.DLL
vsstrace.dll
XmlLite.dll
MPR.dll
wbemcore.dll
esscli.dll
FastProx.dll
wbemsvc.dll
wmiutils.dll
repdrvfs.dll
wmiprvsd.dll
NCObjAPI.DLL
wbemess.dll
napinsp.dll
pnrpnsp.dll
winrnr.dll
rasadhlp.dll
appinfo.dll
ncprov.dll
qmgr.dll
SHFOLDER.dll
WINHTTP.dll
bitsperf.dll
bitsigd.dll
upnp.dll
SSDPAPI.dll
msxml3.dll
urlmon.dll
iertutil.dll
wuaueng.dll
ESENT.dll
WINSPOOL.DRV
mspatcha.dll
WMsgAPI.dll
wer.dll
SensApi.dll
ncrypt.dll
wups2.dll
dssenh.dll
qmgrprxy.dll
Image Name: svchost.exe
PID: 1372
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
es.dll
OLEAUT32.dll
PROPSYS.dll
rsaenh.dll
CLBCatQ.DLL
nsisvc.dll
secur32.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
NETAPI32.dll
SXS.DLL
webclnt.dll
WINHTTP.dll
SHLWAPI.dll
urlmon.dll
iertutil.dll
comctl32.dll
shell32.dll
WinInet.dll
Normaliz.dll
wkssvc.dll
IPHLPAPI.DLL
dhcpcsvc.DLL
DNSAPI.dll
WINNSI.DLL
dhcpcsvc6.DLL
NTDSAPI.dll
WINBRAND.dll
fdrespub.dll
wsdapi.dll
HTTPAPI.dll
WINTRUST.dll
imagehlp.dll
XmlLite.dll
FirewallAPI.dll
VERSION.dll
FunDisc.dll
ATL.DLL
SETUPAPI.dll
mswsock.dll
wshtcpip.dll
wship6.dll
msxml3.dll
sstpsvc.dll
rtutils.dll
w32time.dll
cryptdll.dll
GPAPI.dll
slc.dll
netprofm.dll
nlaapi.dll
npmproxy.dll
fdphost.dll
fdwsd.dll
MLANG.dll
fdssdp.dll
SSDPAPI.dll
fdproxy.dll
ssdpsrv.dll
napinsp.dll
pnrpnsp.dll
winrnr.dll
rasadhlp.dll
Image Name: svchost.exe
PID: 1556
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
NTMARTA.DLL
USER32.dll
GDI32.dll
WLDAP32.dll
WS2_32.dll
NSI.dll
PSAPI.DLL
SAMLIB.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
dnsrslvr.dll
DNSAPI.dll
dhcpcsvc.DLL
Secur32.dll
WINNSI.DLL
dhcpcsvc6.DLL
IPHLPAPI.DLL
mswsock.dll
wship6.dll
wshtcpip.dll
cryptsvc.dll
OLEAUT32.dll
VSSAPI.DLL
ATL.DLL
vsstrace.dll
AUTHZ.dll
XmlLite.dll
NETAPI32.dll
MPR.dll
SETUPAPI.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
nlasvc.dll
wevtapi.dll
ncsi.dll
WINHTTP.dll
SHLWAPI.dll
WTSAPI32.dll
bcrypt.dll
CFGMGR32.dll
comctl32.dll
rsaenh.dll
credssp.dll
schannel.dll
CLBCatQ.DLL
es.dll
PROPSYS.dll
ssdpapi.dll
tapisrv.dll
ACTIVEDS.dll
adsldpc.dll
credui.dll
SHELL32.dll
rtutils.dll
WINMM.dll
OLEACC.dll
termsrv.dll
ICAAPI.dll
WINTRUST.dll
imagehlp.dll
WINSTA.dll
unimdm.tsp
uniplat.dll
unimdmat.dll
VERSION.dll
modemui.dll
kmddsp.tsp
ndptsp.tsp
hidphone.tsp
HID.DLL
napinsp.dll
pnrpnsp.dll
winrnr.dll
rasadhlp.dll
msdtckrm.dll
ktmw32.dll
CLUSAPI.dll
NTDSAPI.dll
cryptdll.dll
CRYPTNET.dll
SensApi.dll
ESENT.dll
Image Name: svchost.exe
PID: 2100
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
dps.dll
wdi.dll
USER32.dll
GDI32.dll
USERENV.dll
Secur32.dll
OLEAUT32.dll
ole32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
CLBCatQ.DLL
taskschd.dll
SHLWAPI.dll
XmlLite.dll
comctl32.dll
GPAPI.dll
slc.dll
diagperf.dll
SHELL32.dll
pnpts.dll
VERSION.dll
iphlpapi.dll
dhcpcsvc.DLL
DNSAPI.dll
WS2_32.dll
NSI.dll
WINNSI.DLL
dhcpcsvc6.DLL
WINTRUST.dll
CRYPT32.dll
MSASN1.dll
imagehlp.dll
Image Name: svchost.exe
PID: 2780
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
wiaservc.dll
USER32.dll
GDI32.dll
OLEAUT32.dll
ole32.dll
VERSION.dll
COMDLG32.dll
SHLWAPI.dll
COMCTL32.dll
SHELL32.dll
IMM32.DLL
MSCTF.dll
LPK.DLL
USP10.dll
comctl32.dll
wiatrace.dll
secur32.dll
CRYPT32.dll
MSASN1.dll
USERENV.dll
credssp.dll
schannel.dll
NETAPI32.dll
PSAPI.DLL
msv1_0.dll
cryptdll.dll
WS2_32.dll
NSI.dll
WSDCHNGR.DLL
CLBCatQ.DLL
FunDisc.dll
ATL.DLL
SETUPAPI.dll
msxml3.dll
WINTRUST.dll
imagehlp.dll
rsaenh.dll
CFGMGR32.dll
Image Name: svchost.exe
PID: 3300
Modules: ntdll.dll
kernel32.dll
snxhk.dll
msvcrt.dll
ADVAPI32.dll
RPCRT4.dll
wersvc.dll
~~~~~SVCHOST service~~~~~
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"LocalService"=hex(7):6e,00,73,00,69,00,00,00,6c,00,6c,00,74,00,64,00,73,00,76,\
00,63,00,00,00,53,00,53,00,44,00,50,00,53,00,52,00,56,00,00,00,75,00,70,00,\
6e,00,70,00,68,00,6f,00,73,00,74,00,00,00,53,00,43,00,61,00,72,00,64,00,53,\
00,76,00,72,00,00,00,77,00,33,00,32,00,74,00,69,00,6d,00,65,00,00,00,45,00,\
76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,52,00,65,\
00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,00,\
00,00,57,00,69,00,6e,00,48,00,74,00,74,00,70,00,41,00,75,00,74,00,6f,00,50,\
00,72,00,6f,00,78,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,6d,00,\
61,00,6e,00,77,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,54,00,42,00,53,00,00,00,53,00,4c,00,55,00,49,00,4e,00,6f,00,74,00,\
69,00,66,00,79,00,00,00,54,00,48,00,52,00,45,00,41,00,44,00,4f,00,52,00,44,\
00,45,00,52,00,00,00,66,00,64,00,72,00,65,00,73,00,70,00,75,00,62,00,00,00,\
6e,00,65,00,74,00,70,00,72,00,6f,00,66,00,6d,00,00,00,66,00,64,00,70,00,68,\
00,6f,00,73,00,74,00,00,00,77,00,63,00,6e,00,63,00,73,00,76,00,63,00,00,00,\
51,00,57,00,41,00,56,00,45,00,00,00,4d,00,63,00,78,00,32,00,53,00,76,00,63,\
00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,6e,00,74,00,00,00,53,00,\
73,00,74,00,70,00,53,00,76,00,63,00,00,00,00,00
"LocalSystemNetworkRestricted"=hex(7):68,00,69,00,64,00,73,00,65,00,72,00,76,\
00,00,00,55,00,78,00,53,00,6d,00,73,00,00,00,57,00,64,00,69,00,53,00,79,00,\
73,00,74,00,65,00,6d,00,48,00,6f,00,73,00,74,00,00,00,4e,00,65,00,74,00,6d,\
00,61,00,6e,00,00,00,74,00,72,00,6b,00,77,00,6b,00,73,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,45,00,6e,00,64,00,70,00,6f,00,69,00,6e,00,74,00,42,00,75,\
00,69,00,6c,00,64,00,65,00,72,00,00,00,57,00,55,00,44,00,46,00,53,00,76,00,\
63,00,00,00,69,00,72,00,6d,00,6f,00,6e,00,00,00,73,00,79,00,73,00,6d,00,61,\
00,69,00,6e,00,00,00,49,00,50,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,\
00,00,64,00,6f,00,74,00,33,00,73,00,76,00,63,00,00,00,50,00,63,00,61,00,53,\
00,76,00,63,00,00,00,45,00,4d,00,44,00,4d,00,67,00,6d,00,74,00,00,00,54,00,\
61,00,62,00,6c,00,65,00,74,00,49,00,6e,00,70,00,75,00,74,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,00,00,77,00,6c,00,61,00,6e,00,73,00,76,00,63,00,\
00,00,57,00,50,00,44,00,42,00,75,00,73,00,45,00,6e,00,75,00,6d,00,00,00,00,\
00
"NetworkServiceNetworkRestricted"=hex(7):50,00,6f,00,6c,00,69,00,63,00,79,00,\
41,00,67,00,65,00,6e,00,74,00,00,00,00,00
"LocalServiceNoNetwork"=hex(7):50,00,4c,00,41,00,00,00,44,00,50,00,53,00,00,00,\
42,00,46,00,45,00,00,00,6d,00,70,00,73,00,73,00,76,00,63,00,00,00,65,00,68,\
00,73,00,74,00,61,00,72,00,74,00,00,00,00,00
"NetworkService"=hex(7):43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,\
44,00,48,00,43,00,50,00,00,00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,4b,00,74,00,6d,00,52,00,6d,00,00,00,44,00,4e,00,\
53,00,43,00,61,00,63,00,68,00,65,00,00,00,4e,00,61,00,70,00,41,00,67,00,65,\
00,6e,00,74,00,00,00,6e,00,6c,00,61,00,73,00,76,00,63,00,00,00,57,00,69,00,\
6e,00,52,00,4d,00,00,00,57,00,45,00,43,00,53,00,56,00,43,00,00,00,54,00,61,\
00,70,00,69,00,73,00,72,00,76,00,00,00,00,00
"termsvcs"=hex(7):54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,\
65,00,00,00,00,00
"WerSvcGroup"=hex(7):77,00,65,00,72,00,73,00,76,00,63,00,00,00,00,00
"netsvcs"=hex(7):41,00,65,00,4c,00,6f,00,6f,00,6b,00,75,00,70,00,53,00,76,00,\
63,00,00,00,77,00,65,00,72,00,63,00,70,00,6c,00,73,00,75,00,70,00,70,00,6f,\
00,72,00,74,00,00,00,54,00,68,00,65,00,6d,00,65,00,73,00,00,00,43,00,65,00,\
72,00,74,00,50,00,72,00,6f,00,70,00,53,00,76,00,63,00,00,00,53,00,43,00,50,\
00,6f,00,6c,00,69,00,63,00,79,00,53,00,76,00,63,00,00,00,6c,00,61,00,6e,00,\
6d,00,61,00,6e,00,73,00,65,00,72,00,76,00,65,00,72,00,00,00,67,00,70,00,73,\
00,76,00,63,00,00,00,49,00,4b,00,45,00,45,00,58,00,54,00,00,00,41,00,75,00,\
64,00,69,00,6f,00,53,00,72,00,76,00,00,00,46,00,61,00,73,00,74,00,55,00,73,\
00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,69,00,6e,00,67,00,43,00,\
6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,00,69,00,74,00,79,00,00,\
00,49,00,61,00,73,00,00,00,49,00,72,00,6d,00,6f,00,6e,00,00,00,4e,00,6c,00,\
61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,00,00,4e,00,57,00,43,\
00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,\
4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,52,00,61,\
00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,00,6d,00,61,00,6e,00,\
00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,63,00,65,00,73,00,73,\
00,00,00,53,00,45,00,4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,\
61,00,63,00,63,00,65,00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,\
57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,00,\
00,54,00,65,00,72,00,6d,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,\
77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,42,00,49,00,54,00,53,\
00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,00,74,00,65,00,\
63,00,74,00,69,00,6f,00,6e,00,00,00,4c,00,6f,00,67,00,6f,00,6e,00,48,00,6f,\
00,75,00,72,00,73,00,00,00,50,00,43,00,41,00,75,00,64,00,69,00,74,00,00,00,\
68,00,65,00,6c,00,70,00,73,00,76,00,63,00,00,00,75,00,70,00,6c,00,6f,00,61,\
00,64,00,6d,00,67,00,72,00,00,00,69,00,70,00,68,00,6c,00,70,00,73,00,76,00,\
63,00,00,00,73,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,41,00,70,\
00,70,00,49,00,6e,00,66,00,6f,00,00,00,6d,00,73,00,69,00,73,00,63,00,73,00,\
69,00,00,00,4d,00,4d,00,43,00,53,00,53,00,00,00,50,00,72,00,6f,00,66,00,53,\
00,76,00,63,00,00,00,45,00,61,00,70,00,48,00,6f,00,73,00,74,00,00,00,77,00,\
69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,73,00,63,00,68,00,65,00,64,00,75,\
00,6c,00,65,00,00,00,53,00,65,00,73,00,73,00,69,00,6f,00,6e,00,45,00,6e,00,\
76,00,00,00,62,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,68,00,6b,00,6d,\
00,73,00,76,00,63,00,00,00,00,00
"swprv"=hex(7):73,00,77,00,70,00,72,00,76,00,00,00,00,00
"LocalServiceNetworkRestricted"=hex(7):44,00,48,00,43,00,50,00,00,00,65,00,76,\
00,65,00,6e,00,74,00,6c,00,6f,00,67,00,00,00,41,00,75,00,64,00,69,00,6f,00,\
53,00,72,00,76,00,00,00,4c,00,6d,00,48,00,6f,00,73,00,74,00,73,00,00,00,77,\
00,73,00,63,00,73,00,76,00,63,00,00,00,70,00,32,00,70,00,69,00,6d,00,73,00,\
76,00,63,00,00,00,50,00,4e,00,52,00,50,00,53,00,76,00,63,00,00,00,70,00,32,\
00,70,00,73,00,76,00,63,00,00,00,57,00,50,00,43,00,53,00,76,00,63,00,00,00,\
50,00,6e,00,72,00,70,00,41,00,75,00,74,00,6f,00,52,00,65,00,67,00,00,00,00,\
00
"rpcss"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"regsvc"=hex(7):52,00,65,00,6d,00,6f,00,74,00,65,00,52,00,65,00,67,00,69,00,73,\
00,74,00,72,00,79,00,00,00,00,00
"wcssvc"=hex(7):57,00,63,00,73,00,50,00,6c,00,75,00,67,00,49,00,6e,00,53,00,65,\
00,72,00,76,00,69,00,63,00,65,00,00,00,00,00
"DcomLaunch"=hex(7):50,00,6c,00,75,00,67,00,50,00,6c,00,61,00,79,00,00,00,44,\
00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,68,00,00,00,00,00
"wdisvc"=hex(7):57,00,64,00,69,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,48,\
00,6f,00,73,00,74,00,00,00,00,00
"sdrsvc"=hex(7):73,00,64,00,72,00,73,00,76,00,63,00,00,00,00,00
"imgsvc"=hex(7):53,00,74,00,69,00,53,00,76,00,63,00,00,00,00,00
"secsvcs"=hex(7):57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,00,64,00,00,00,\
00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"AuthenticationCapabilities"=dword:00002000
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
"DefaultRpcStackSize"=dword:00000040
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:0000001c
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
"CoInitializeSecurityParam"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
"CoInitializeSecurityParam"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
"CoInitializeSecurityParam"=dword:00000001
"CoInitializeSecurityAppID"="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001
~~~~~SVCHOST MD5~~~~~
3794B461C45882E06856F282EEF025AF C:\Windows\system32\svchost.exe
~~~~~END OF FILE!~~~~~