search

hfiref0x / UACME

Defeating Windows User Account Control
BSD 2-Clause "Simplified" License
6.29k stars 1.31k forks source link

Someone help me understand this log #20

Closed helpdesk788 closed 7 years ago

helpdesk788 commented 7 years ago

ElevationEnabled=Enabled VirtualizationEnabled=Enabled InstallerDetectEnabled=Enabled ConsentPromptBehaviorAdmin=5 PromptOnSecureDesktop=Enabled

WPD Association LUA Virtual Factory WPD Association LUA Virtual Factory Portable Device Association \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{00393519-3A67-4507-A2B8-85146167ACA7}

Virtual Factory for Biometrics Virtual Factory for Biometrics Biometric Devices \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}

CEIPLuaElevationHelper wercplsupport.dll Customer Experience Improvement Program \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{01D0A625-782D-4777-8D4E-547E6457FAD5}

CTapiLuaLib Class AppId{03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Phone and Modem \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}

undefined AppId{642ef9d6-48a5-476b-919a-a507cfd02c0f} Windows Font Folder \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{08d450b7-f7e5-4424-8229-11888adb7c14}

PersistentZoneIdentifier AppId{0968e258-16c7-4dba-aa86-462dd61e31a3} Open File - Security Warning \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{0968e258-16c7-4dba-aa86-462dd61e31a3}

RasDlg LUA RASDLGLUA Network Connections \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{0C3B05FB-3498-40C3-9C03-4B22D735550C}

Wireless Setup Class Mcx2Setup Class Windows Media Center Wireless Configuration \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{0c98b8bc-273c-464d-938a-b9709607e137}

HNetCfg.FwOpenPort AppId{0CA545C6-37AD-4A6C-BF92-9F7610067EF5} Windows Firewall \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}

ARP CBS Uninstaller Proxy %SystemRoot%\system32\appwiz.cpl Uninstall an update \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}

WUAppElevator class Windows Update Agent User Interface Windows Update \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1138506a-b949-46a7-b6c0-ee26499fdeaf}

VistaWUWebControl Class Vista Elevated Windows Update Web Control Windows Update \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{12a66224-5e8a-4679-8941-0b9b960bf5ea}

Virtual Factory for DiagCpl Virtual Factory for DiagCpl Troubleshooting \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{12C21EA7-2EB8-4B55-9249-AC243DA8C666}

SPPLUAObject Class SPPComApi Software Licensing \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{179CC917-3A82-40E7-9F8C-2FC8A3D2212B}

Share Media Settings Writer SMLUA Media streaming options \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{19BA17F2-2602-4E77-9027-103894607626}

Create New Link AppId{1BA783C1-2A30-4ad3-B928-A9A46C604C28} Create New Shortcut \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1BA783C1-2A30-4ad3-B928-A9A46C604C28}

Lpksetup LUA Elevation %systemroot%\system32\lpksetup.exe Language Pack Installer \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1C749B87-568C-4865-8E73-6413F8372CE6}

Shell Indexer Admin Object AppId{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F} Pause Indexing \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1E1714A3-50B9-480b-A94A-636D9A9B56D1}

Parental Controls Override wpcao.dll Parental Controls \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1E5300BE-0762-4527-8140-C0FF22DDFC56}

Office Licensing COM Server 15 undefined Microsoft Office 2013 \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1E886174-DC88-4B83-8BC5-66409EC75F15}

Security Shell Extension rshx32.dll Permissions editor for files and folders \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1f2e5c40-9550-11ce-99d2-00aa006e086c}

Microsoft Disk Quota UI Elevation Helper AppId{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728} Disk Quota Settings \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}

Detection And Sharing DetectionAndSharing Network discovery and file sharing \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{1fda955b-61ff-11da-978c-0008744faab7}

Sensors Sensor Configuration Helper Sensors Sensor Configuration Helper Location and Other Sensors \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{2331D136-E39D-4019-92D6-7CE5579962FB}

WUPublishedAppInstallorElevator Class Windows Update Agent User Interface for Published Applications Windows Update Published Application Installer \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{26D32566-760A-40A2-AA82-A40366528916}

FaultrepElevatedDataCollection faultrep.dll Windows Problem Reporting \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}

HNetCfg.FwRule AppId{2C5BC43E-3369-4C33-AB0C-BE9469677AF4} Windows Firewall \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}

Advanced Indexing Options Dialog Object AppId{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F} Advanced Indexing Options \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{2F2165FF-2C2D-4612-87B2-CC8E5002EF4C}

HNetCfg.FwMgr AppId{304CE942-6E39-40D8-943A-B913C40C9CD4} Windows Firewall \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{304CE942-6E39-40D8-943A-B913C40C9CD4}

CtTuner Class cttunesvr Microsoft ClearType Tuner \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{32BA16FD-77D9-4AFB-9C9F-703E92AD4BFF}

Mcx2Install Class Mcx2Setup Class Media Center Extender Install \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{3630AB4B-C0D2-4C1B-B7E7-73A2CF9A4521}

Office 15 Microsoft Update Opt-In AppId{37B05236-FFB5-4D42-B0C8-4A36CBF1BE15} Microsoft Update \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{37B05236-FFB5-4D42-B0C8-4A36CBF1BE15}

Device Pairing Handler Class DevicePairingHandler.dll Add a device \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{383b69fa-5486-49da-91f5-d63c24c8e9d0}

Copy/Move/Rename/Delete/Link Object AppId{3ad05575-8857-4850-9277-11b85bdb8e09} File Operation \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{3ad05575-8857-4850-9277-11b85bdb8e09}

CMLUAUTIL CMLUAUTIL Connection Manager \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{3E000D72-A845-4CD9-BD83-80C07C3B881F}

CMSTPLUA CMSTPLUA Connection Manager \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{3E5FC7F9-9A51-4367-9063-A120244FBEC7}

AccesibilityCplAdmin Class AccessibilityCplAdmin Ease of Access Administrative Settings \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{434A6274-C539-4E99-88FC-44206D942775}

Manage Network Names AppId{44C39C96-0167-478F-B68D-783294A2545D} Manage Network List \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{44C39C96-0167-478F-B68D-783294A2545D}

Home Networking Configuration Manager AppId{46C166AA-3108-11D4-9348-00C04F8EEB71} Network Connections \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{46C166AA-3108-11D4-9348-00C04F8EEB71}

CIEContentAdvisorBroker AppId{27170d71-7a40-4c8b-a3d1-64f7cbe81c66} Content Advisor \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{46CB32FA-B5CA-8A3A-62CA-A7023C0496C5}

RasGcw LUA RASGCWLUA Network Connections \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{4A6B8BAD-9872-4525-A812-71A52367DC17}

CIERegistryHKLMBroker AppId{27170d71-7a40-4c8b-a3d1-64f7cbe81c66} Internet Explorer \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{4b360c3c-d284-4384-abcc-ef133e1445da}

ERCLuaElevationHelper wercplsupport.dll Problem Reporting \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}

Shell Security Editor Shell Security Editor Edit Security \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{4D111E08-CBF7-4f12-A926-2C7920AF52FC}

AddMdmObj Class UICOM Add modems \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{4DF929E7-4C5E-4587-A598-7ED7B3D6E462}

LayerUIPropPage acppage.dll Program Compatibility \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}

Region and Language UAC Elevation %systemroot%\system32\intl.cpl Region and Language \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{514B5E31-5596-422F-BE58-D804464683B5}

FaxCommon Class FaxCommon Class Windows Fax and Scan \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{59347292-B72D-41F2-98C5-E9ACA1B247A2}

IE Spelling Dictionary Installer Broker AppId{27170d71-7a40-4c8b-a3d1-64f7cbe81c66} IE Spelling Dictionary Installer \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{5bbd58bb-993e-4c17-8af6-3af8e908fca8}

Virtual Factory for Display Virtual Factory for Display CPL Display \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}

Mount Point Rename AppId{60173D16-A550-47f0-A14B-C6F9E4DA0831} Rename Drive \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{60173D16-A550-47f0-A14B-C6F9E4DA0831}

Windows Data Burn AppId{66eea0f5-001a-4073-a496-783f86fcf4c0} Windows Data Burn \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{66eea0f5-001a-4073-a496-783f86fcf4c0}

NAP Elevated class Nap Elevated COM class Network Access Protection \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{677126ed-2a91-40ff-8c52-06181c064573}

Sensors CPL Change Device Permission LUA Helper Sensors CPL Change Device Permission LUA Helper Location and Other Sensors \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{6CE51F75-0448-438e-B9CA-69C352A248A7}

Advanced Indexing Options Dialog Object AppId{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F} Common Indexed Locations Settings \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{6D3951EB-0B07-4fb8-B703-7C5CEE0DB578}

LAN Connection UI Class AppId{7007ACC5-3202-11D1-AAD2-00805FC1270E} Network Connections \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{7007ACC5-3202-11D1-AAD2-00805FC1270E}

Network Common Connections Ui AppId{7007ACD1-3202-11D1-AAD2-00805FC1270E} Network Connections \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{7007ACD1-3202-11D1-AAD2-00805FC1270E}

Windows SideShow AutoWake Configuration Helper Windows SideShow AutoWake Configuration Helper Windows SideShow \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{71B804C5-5577-471D-8FE5-C4A45B654EB8}

Sharing Elevated Virtual Factory Sharing Elevated Virtual Factory Windows File Sharing \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{72A7994A-3092-4054-B6BE-08FF81AEEFFC}

FwCpl LUA FwCplLUA Windows Firewall \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{752438CB-E941-433F-BCB4-8B7D2329F0C8}

Connect to a Network Projector NetProjW Connect to a Network Projector \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{76052C5C-2EB4-4C40-B1F1-2A5C8554590A}

Sensors CPL Change Description LUA Helper Sensors CPL Change Description LUA Helper Location and Other Sensors \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{76AE5F57-B7C9-421f-B55E-FB25144317B6}

Indexer Status Update Object AppId{76be8257-c4c0-4d37-90c0-a23372254d27} Update Indexer Status \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{76be8257-c4c0-4d37-90c0-a23372254d27}

XWizard Task Stub XWizard Virtual Factory The wizard program needs permission to access to your system \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{777BA815-2498-4875-933A-3067DE883070}

XWizard Page Stub XWizard Virtual Factory The wizard program needs permission to access to your system \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{777BA816-2498-4875-933A-3067DE883070}

XWizard Virtual Factory XWizard Virtual Factory The wizard program needs permission to access to your system \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{777BA81A-2498-4875-933A-3067DE883070}

Private XWizard Registration Manager Class XWizard Virtual Factory The wizard program needs permission to access to your system \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{777BA8F5-2498-4875-933A-3067DE883070}

Private XWizard Factory Registration Manager Class XWizard Virtual Factory The wizard program needs permission to access to your system \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{777BA8F9-2498-4875-933A-3067DE883070}

Private XWizard Type Registration Manager Class XWizard Virtual Factory The wizard program needs permission to access to your system \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{777BA8FB-2498-4875-933A-3067DE883070}

Network and Sharing Center Cpl Elevated Virtual Factory Network and Sharing Center Cpl Elevated Virtual Factory Network and Sharing Center \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{7A076CE1-4B31-452a-A4F1-0304C8738100}

Shell FMIFS Wrapper Shell FMIFS Wrapper Format Drive \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{7aa7790d-75d7-484b-98a1-3913d022091d}

HomeGroup Password provsvc.dll HomeGroup Password \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{7be73787-ce71-4b33-b4c8-00d32b54bea8}

HomeGroup Printing Device Class HomeGroup Printing Device Class Install Homegroup Printer \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}

Setup Controller 15 undefined Contrôleur d’installation \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{7EA9A8FA-F5D2-49E1-99E8-C26EE07FCE15}

WlanConn LUA WlanConn Connect to a network wizard \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{868A2E25-D6C1-450b-8510-734A4AFEE8BC}

Virtual Factory for Usercpl Virtual Factory for Usercpl User Accounts Control Panel \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}

CElevateWlanUi CElevateWlanUi Wireless Network Properties \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{86F80216-5DD6-4F43-953B-35EF40A35AEE}

X509 Enrollment Helper undefined X509 Enrollment Helper \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{884e2050-217d-11da-b2a4-000e7bbb2b09}

Virtual Factory for Action Center CPL Virtual Factory for Action Center CPL Action Center \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{8D26D9AA-5DA8-4b95-949A-B74954A229A6}

Virtual Factory for Recovery Virtual Factory for Recovery Recovery \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{9200689A-F979-4eea-8830-0E1D6B74821F}

Default Location CPL Data Handler LUA Helper Default Location CPL Data Handler LUA Helper Default Location \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}

Date and Time Properties timedate.cpl Date and Time \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}

undefined AppId{A0ADD4EC-5BD3-4f70-A47B-07797A45C635} Offline Files \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{A0ADD4EC-5BD3-4f70-A47B-07797A45C635}

WlanPref LUA WlanPrefLUA Manage Wireless Networks \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{A25821B5-F310-41BD-806F-5864CC441B78}

Microsoft Windows Defender Microsoft Windows Defender Windows Defender \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{A2D75874-6750-4931-94C1-C99D3BC9D0C7}

Windows Parental Controls Windows Parental Controls Parental Controls \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{A2D8CFE7-7BA4-4bad-B86B-851376B59134}

Virtual Factory for Windows Firewall Cpl Virtual Factory for Windows Firewall Cpl Windows Firewall \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{A4B07E49-6567-4FB8-8D39-01920E3B2357}

Shell ChkdskEx Dialog Shell ChkdskEx Dialog Check Disk \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{a4c31131-ff70-4984-afd6-0609ced53ad6}

Mcx2Uninstall Class Mcx2Setup Class Media Center Extender Uninstall \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{A4E118DF-B9E5-4B42-888C-065CEAF8DDC3}

Secure Startup %SystemRoot%\System32\fveui.dll BitLocker Drive Encryption \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}

RemMdmObj Class UICOM Remove modems \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{A9710FB5-1840-4224-BD42-86831E28E43A}

MBN Pin Unblock page WwanAdvui Mobile broadband PIN unblock \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{b70cc729-28ae-11dd-9676-000000000000}

Connection Manager LUA Host Object AppId{BA126F01-2166-11D1-B1D0-00805FC1270E} Network Connections \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{BA126F01-2166-11D1-B1D0-00805FC1270E}

WlanAdhoc LUA WlanPrefLUA Adhoc Wireless Network \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{BB2D41DF-7E34-4F06-8F51-007C9CAD36BE}

Virtual Factory for Power Options Control Panel Virtual Factory for Power Options Control Panel Power Options Control Panel \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}

DfsShellAdmin Class DfsShlEx.dll DFS Shell Extension \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}

Internet Explorer Add-on Installer AppId{7B29F495-0F55-49F7-8885-9E8A22CE3829} Internet Explorer Add-on Installer \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{bdb57ff2-79b9-4205-9447-f5fe85f37312}

WPD PnPX Association Manager Class undefined undefined \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{BFD6C433-4B17-4F6D-A93C-B03FCC4E586E}

Network Center LUA NCLUA Network and Sharing Center \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{C0DCC3A6-BE26-4bad-9833-61DFACE1A8DB}

WCN Elevation Helper AppId{C100BEBB-D33A-4a4b-BF23-BBEF4663D017} Read a Network Profile \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}

Network Diagnostics Framework NDFAPI Windows Network Diagnostics \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{C529C7EF-A3AF-45F2-8A47-767B33AA5CC0}

PNPX Association Class PNPXAssoc.dll PnPX Device Association \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{cee8ccc9-4f6b-4469-a235-5a22869eef03}

ColorDataProxy AppId{D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Color Management \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{D2E7041B-2927-42fb-8E9F-7CE93B6DC937}

Windows SideShow Device Configuration Helper Windows SideShow Device Configuration Helper Windows SideShow \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}

CIEInetcplRasBroker AppId{27170d71-7a40-4c8b-a3d1-64f7cbe81c66} Network Connections Deletion Tool \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{d63c23c5-53e6-48d5-adda-a385b6bb9c7b}

Bluewire Elevated Unpairing Handler Bluewire unpairing elevation surrogate Add or remove a device \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}

Advanced Configuration Dialog AppId{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F} Network Connections \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}

SDChangeObj Class sdchange Remote Assistance Secure Desktop Disable \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{E1BA41AD-4A1D-418F-AABA-3D1196B423D3}

HNetCfg.FwPolicy2 AppId{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD} Windows Firewall \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}

Security Center wscui.cpl Action Center \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}

File Prop Sheet Page Helper AppId{E96767E0-7EAA-45e1-8E7D-64414AFF281A} Apply File Attributes \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{E96767E0-7EAA-45e1-8E7D-64414AFF281A}

User Account Control Settings %systemroot%\System32\UserAccountControlSettings.dll User Account Control Settings \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}

HNetCfg.FwAuthorizedApplication AppId{EC9846B3-2762-4A6B-A214-6ACB603462D2} Windows Firewall \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{EC9846B3-2762-4A6B-A214-6ACB603462D2}

PerfCenter Enabler PerfCenter Enabler Performance Problems \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{f4be747e-45c4-4701-90f1-d49d9ac30248}

Internet Shortcut AppId{FBF23B40-E3F0-101B-8488-00AA003E56F8} \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{FBF23B40-E3F0-101B-8488-00AA003E56F8}

ARP UninstallString Launcher appwiz.cpl Uninstall or change an application \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{FCC74B77-EC3E-4dd8-A80B-008A702075A9}

Elevatable Shortcut AppId{ff9e6131-a8c1-4188-aa03-82e9f10a05a8} Save Shortcut Properties \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}

HomeGroup CPL Advanced Settings Writer HomeGroup CPL Advanced Settings Writer Advanced sharing settings \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID{ffe1df5f-9f06-46d3-af27-f1fc10d63892}

================================================

ManagementConsole: mmc.exe SnapinFile: adfs.msc SnapinFile: admgmt.msc SnapinFile: adrmsadmin.msc SnapinFile: adsiedit.msc SnapinFile: appsrv.msc SnapinFile: appsrv64.msc SnapinFile: azman.msc SnapinFile: certmgr.msc SnapinFile: certsrv.msc SnapinFile: certtmpl.msc SnapinFile: ciadmin.msc SnapinFile: ciadv.msc SnapinFile: cluadmin.msc SnapinFile: comexp.msc SnapinFile: compmgmt.msc SnapinFile: da6to4.msc SnapinFile: daiphttps.msc SnapinFile: daipsecdos.msc SnapinFile: daisatap.msc SnapinFile: damgmt.msc SnapinFile: datrdr.msc SnapinFile: datrds.msc SnapinFile: devmgmt.msc SnapinFile: dfsgui.msc SnapinFile: dfsmgmt.msc SnapinFile: dhcpmgmt.msc SnapinFile: diskmgmt.msc SnapinFile: dnsmgmt.msc SnapinFile: domain.msc SnapinFile: dsa.msc SnapinFile: dssite.msc SnapinFile: eventvwr.msc SnapinFile: failoverclusters.snapinhelper.msc SnapinFile: fsmgmt.msc SnapinFile: fsrm.msc SnapinFile: fxsadmin.msc SnapinFile: gpedit.msc SnapinFile: gpmc.msc SnapinFile: gpme.msc SnapinFile: gptedit.msc SnapinFile: hcscfg.msc SnapinFile: idmumgmt.msc SnapinFile: iis.msc SnapinFile: iis6.msc SnapinFile: ilr.msc SnapinFile: ipaddrmgmt.msc SnapinFile: lsdiag.msc SnapinFile: lusrmgr.msc SnapinFile: napclcfg.msc SnapinFile: nfsmgmt.msc SnapinFile: nps.msc SnapinFile: ntwkmgmt.msc SnapinFile: ocsp.msc SnapinFile: perfmon.msc SnapinFile: pkiview.msc SnapinFile: pkmgmt.msc SnapinFile: printmanagement.msc SnapinFile: remoteprograms.msc SnapinFile: rrasmgmt.msc SnapinFile: rsadmin.msc SnapinFile: rsop.msc SnapinFile: sanmmc.msc SnapinFile: sbmgr.msc SnapinFile: scanmanagement.msc SnapinFile: schmmgmt.msc SnapinFile: secpol.msc SnapinFile: servermanager.msc SnapinFile: services.msc SnapinFile: storagemgmt.msc SnapinFile: storexpl.msc SnapinFile: tapimgmt.msc SnapinFile: taskschd.msc SnapinFile: tpm.msc SnapinFile: tsadmin.msc SnapinFile: tsconfig.msc SnapinFile: tsgateway.msc SnapinFile: tsmmc.msc SnapinFile: virtmgmt.msc SnapinFile: wbadmin.msc SnapinFile: wdsmgmt.msc SnapinFile: wf.msc SnapinFile: winsmgmt.msc SnapinFile: wmimgmt.msc SnapinFile: wsrm.msc

C:\Windows\ehome\Mcx2Prov.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\AdapterTroubleshooter.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\bthudtask.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\chkntfs.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\cleanmgr.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\cliconfg.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\CompMgmtLauncher.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\ComputerDefaults.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\dccw.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\dcomcnfg.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\DeviceEject.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\DeviceProperties.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\dfrgui.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\djoin.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\eudcedit.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\eventvwr.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\FXSUNATD.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\hdwwiz.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\iscsicli.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\iscsicpl.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\lpksetup.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\MdSched.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\msconfig.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\msdt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\msra.exe asInvoker uiAccess=TRUE autoElevate=TRUE

C:\Windows\System32\MultiDigiMon.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\Netplwiz.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\newdev.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\ntprint.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\ocsetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\odbcad32.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\OptionalFeatures.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\perfmon.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\printui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\recdisc.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\sdclt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\shrpubw.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\slui.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\SndVol.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\SystemPropertiesAdvanced.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\SystemPropertiesComputerName.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\SystemPropertiesHardware.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\SystemPropertiesPerformance.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\SystemPropertiesProtection.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\SystemPropertiesRemote.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\taskmgr.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\tcmsetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\TpmInit.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\verifier.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\WindowsAnytimeUpgrade.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\wisptis.exe asInvoker uiAccess=TRUE autoElevate=TRUE

C:\Windows\System32\wusa.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\fsquirt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\oobe\setupsqm.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\System32\sysprep\sysprep.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\AdapterTroubleshooter.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\bthudtask.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\chkntfs.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\cleanmgr.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\cliconfg.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\ComputerDefaults.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\dccw.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\dcomcnfg.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\DeviceProperties.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\dfrgui.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\eudcedit.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\eventvwr.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\hdwwiz.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\iscsicli.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\iscsicpl.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\msdt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\Netplwiz.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\newdev.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\ntprint.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\ocsetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\odbcad32.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\OptionalFeatures.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\perfmon.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\printui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\shrpubw.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\SndVol.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\SystemPropertiesComputerName.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\SystemPropertiesHardware.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\SystemPropertiesPerformance.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\SystemPropertiesProtection.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\SystemPropertiesRemote.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\taskmgr.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\tcmsetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\TpmInit.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\verifier.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\SysWOW64\wusa.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\fsquirt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17607_none_d0789c5ad225ef11\fsquirt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17889_none_d024215ad264fb95\fsquirt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.21716_none_d0f668efeb4c9175\fsquirt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.22046_none_d0d5d519eb6512d8\fsquirt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_eventviewersettings_31bf3856ad364e35_6.1.7600.16385_none_50ecc9ae1d642aa9\eventvwr.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104\sdbinst.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_2df6395b9cf7e9a5\AdapterTroubleshooter.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-anytime-upgrade_31bf3856ad364e35_6.1.7600.16385_none_fb591b6cf023ade3\WindowsAnytimeUpgrade.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_244e76d61e1989e5\SndVol.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_74b76d3fa1757c6f\chkntfs.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_c33f455aebcd9dbb\bthudtask.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-c..utermanagerlauncher_31bf3856ad364e35_6.1.7600.16385_none_ea0a643b0e032c19\CompMgmtLauncher.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_c9392808773cd7da\cleanmgr.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.1.7600.16385_none_0c9cb55c61e99805\dcomcnfg.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-computerdefaults_31bf3856ad364e35_6.1.7600.16385_none_626b9352dcfa715c\ComputerDefaults.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\dfrgui.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_463f54aa539a0b62\DeviceProperties.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_1660ccbeb66c6cf1\verifier.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-mcx2prov_31bf3856ad364e35_6.1.7600.16385_none_3482237b32c1daff\Mcx2Prov.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86\iscsicli.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_76e39d87a834545e\dccw.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed\ieUnatt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_6.1.7600.16385_none_33e01c5875c2e5cb\iscsicpl.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_3e69140a61f1eff5\hdwwiz.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_6.1.7601.17514_none_7f7f66788318015d\lpksetup.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_a044d905576812d4\odbcad32.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_cc12387f7062eb3b\cliconfg.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.1.7601.17514_none_f1fca1ab90570e8a\MdSched.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_fa8534ab236134c4\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.18741_none_fa61b10d237c5081\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.19091_none_fa2b7d5f23a509c6\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.22948_none_faf251c43c939ed3\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.23290_none_fab41bc63cc38d60\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.23471_none_facabfb43cb26923\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.1.7601.17514_none_38a043f2b45f9ad2\msconfig.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0177539a37378025\msdt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_494ba66d2a12efc3\Netplwiz.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a\newdev.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7601.17514_none_41a3376575e751b4\ocsetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_c25bebf1075ff6aa\OptionalFeatures.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_3df12febe293ce5d\tcmsetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d\printui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_4e297fab940bc0e5\ntprint.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.23488_none_4e6b3ccead5ec296\ntprint.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_fa2fc39ab7937a51\perfmon.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.23841_none_fa95c5ffd0cc4f79\perfmon.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_6.1.7600.16385_none_44d62330646f757a\DeviceEject.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_e2a1ffe0ca40cff2\recdisc.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_934d08d31b96d4ee\msra.exe asInvoker uiAccess=TRUE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.1.7600.16385_none_25d85b4a3e4a7709\SystemPropertiesDataExecutionPrevention.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_533d797efdf7728b\SystemPropertiesAdvanced.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_9cef76e6ecab612f\SystemPropertiesHardware.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7600.16385_none_b6cb9ed71c8b43d5\SystemPropertiesPerformance.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.1.7600.16385_none_8c6823f855ef04a5\SystemPropertiesComputerName.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.1.7600.16385_none_bfa748753634ba48\SystemPropertiesProtection.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7601.17514_none_832fc1bb7d681e0d\sdclt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef\BitLockerWizardElev.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_b9e7a42ab571bbb9\slui.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\setupsqm.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\shrpubw.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-sysprep_31bf3856ad364e35_6.1.7600.16385_none_4b73926c122be805\sysprep.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\SystemPropertiesRemote.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17514_none_a505d556c9de886a\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.17836_none_a4f23bc4c9ecea6f\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18711_none_a502c17cc9e15054\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18715_none_a506c2a4c9ddb5b0\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18717_none_a508c338c9dbe85e\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18741_none_a4e251b8c9f9a427\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18869_none_a4d4b616ca02a3e8\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18923_none_a4f9f5f0c9e79941\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18933_none_a4ef2604c9efb532\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.18939_none_a4f527c0c9ea4d3c\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.19135_none_a4f100a0c9ee1849\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.21988_none_a547c987e331489c\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.22917_none_a59261e9e2f9854f\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.22921_none_a5819041e3070936\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.22923_none_a58390d5e3053be4\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.22948_none_a572f26fe310f279\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23072_none_a54c5911e32ee184\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23126_none_a5866bbbe302b852\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23136_none_a57b9bcfe30ad443\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23142_none_a56ccabbe3168ad8\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23338_none_a57da02fe309013f\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23391_none_a535bea1e33ff784\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23392_none_a536beebe33f10db\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23418_none_a59341ede2f8c684\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23539_none_a57ea445e30814e4\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23543_none_a56dd29de31598cb\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23569_none_a55e3481e32068b7\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23572_none_a54c628fe32ed347\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23677_none_a55165e7e32a4f21\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23714_none_a58f4677e2fc589d\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23796_none_a53ac7abe33b6ad3\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23807_none_a59d1927e2f185d8\rstrui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_6.1.7601.17514_none_7d0125c85cc31d2a\rdpshell.exe asInvoker uiAccess=TRUE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-t..platform-input-core_31bf3856ad364e35_6.1.7601.17514_none_2f3651e7f36d703f\wisptis.exe asInvoker uiAccess=TRUE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4\MultiDigiMon.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_7288349cbfd37b08\taskmgr.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.1.7600.16385_none_d3720895f8f22acd\TpmInit.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_6.1.7601.17514_none_113aea0e8374286d\djoin.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\amd64_microsoft-windows-wusa_31bf3856ad364e35_6.1.7601.17514_none_0b2696ec2f3c656d\wusa.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\amd64_microsoft-windows-systemrestore-main_31bf3856ad364e35_6.1.7601.23807_none_a59d1927e2f185d8_rstrui.exe_dfa7225b requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_3e69140a61f1eff5_hdwwiz.exe_b6a1c2df requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_6.1.7601.17514_none_e2a1ffe0ca40cff2_recdisc.exe_20690b49 requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_3899b0ad2bb77a86_iscsicli.exe_20e14d4f requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\amd64_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_6d6b3cfb6a5a1e5a_newdev.exe_7eb73dcd asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_347a450f0c8bd52d_printui.exe_bb673fff requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728_printui.exe_bb673fff requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_42ee5aff60183c81_iscsicli.exe_20e14d4f requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\x86_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_e24a7886a9947ebf_hdwwiz.exe_b6a1c2df requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\Backup\x86_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_114ca177b1fcad24_newdev.exe_7eb73dcd asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_eventviewersettings_31bf3856ad364e35_6.1.7600.16385_none_5b41740051c4eca4\eventvwr.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3d8bb37f97ba22ff\sdbinst.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_cd93efad202e5fb6\bthudtask.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_6.1.7601.17514_none_42ee5aff60183c81\iscsicli.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_813847d9dc951659\dccw.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7601.17514_none_b296f701dc00c582\ieUnatt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.17514_none_04d9defd57c1f6bf\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.18741_none_04b65b5f57dd127c\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.19091_none_048027b15805cbc1\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.22948_none_0546fc1670f460ce\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.23290_none_0508c61871244f5b\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_6.1.7601.23471_none_051f6a0671132b1e\rrinstaller.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-msdt_31bf3856ad364e35_6.1.7600.16385_none_0bcbfdec6b984220\msdt.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728\printui.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\perfmon.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.23841_none_04ea7052052d1174\perfmon.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-adaptertroubleshooter_31bf3856ad364e35_6.1.7600.16385_none_d1d79dd7e49a786f\AdapterTroubleshooter.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_c82fdb5265bc18af\SndVol.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-autochkconfigurator_31bf3856ad364e35_6.1.7600.16385_none_1898d1bbe9180b39\chkntfs.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_6d1a8c84bedf66a4\cleanmgr.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.1.7600.16385_none_b07e19d8a98c26cf\dcomcnfg.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-computerdefaults_31bf3856ad364e35_6.1.7600.16385_none_064cf7cf249d0026\ComputerDefaults.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_9b1d78a9ee870c74\dfrgui.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-deviceproperties_31bf3856ad364e35_6.1.7600.16385_none_ea20b9269b3c9a2c\DeviceProperties.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_ba42313afe0efbbb\verifier.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_5b9fee911dc04044\eudcedit.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7601.17514_none_0a379bcfbdcffb74\PDMSetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_6.1.7600.16385_none_d7c180d4bd657495\iscsicpl.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-legacyhwui_31bf3856ad364e35_6.1.7600.16385_none_e24a7886a9947ebf\hdwwiz.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_6.1.7600.16385_none_44263d819f0aa19e\odbcad32.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_6.1.7600.16385_none_6ff39cfbb8057a05\cliconfg.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-netplwiz-exe_31bf3856ad364e35_6.1.7600.16385_none_ed2d0ae971b57e8d\Netplwiz.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-newdev_31bf3856ad364e35_6.1.7600.16385_none_114ca177b1fcad24\newdev.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-ocsetup_31bf3856ad364e35_6.1.7601.17514_none_e5849be1bd89e07e\ocsetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574\OptionalFeatures.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-optionaltsps_31bf3856ad364e35_6.1.7600.16385_none_e1d294682a365d27\tcmsetup.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.17514_none_f20ae427dbae4faf\ntprint.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.1.7601.23488_none_f24ca14af5015160\ntprint.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-s..executionprevention_31bf3856ad364e35_6.1.7600.16385_none_c9b9bfc685ed05d3\SystemPropertiesDataExecutionPrevention.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_6.1.7600.16385_none_f71eddfb459a0155\SystemPropertiesAdvanced.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_6.1.7600.16385_none_40d0db63344deff9\SystemPropertiesHardware.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_6.1.7600.16385_none_5aad0353642dd29f\SystemPropertiesPerformance.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_6.1.7600.16385_none_304988749d91936f\SystemPropertiesComputerName.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_6.1.7600.16385_none_6388acf17dd74912\SystemPropertiesProtection.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\shrpubw.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\SystemPropertiesRemote.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_16699919077609d2\taskmgr.exe asInvoker uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.1.7600.16385_none_77536d124094b997\TpmInit.exe highestAvailable uiAccess=FALSE autoElevate=TRUE

C:\Windows\winsxs\x86_microsoft-windows-wusa_31bf3856ad364e35_6.1.7601.17514_none_af07fb6876def437\wusa.exe requireAdministrator uiAccess=FALSE autoElevate=TRUE

================================================

hfiref0x commented 7 years ago

UAC general info, registered COM autoelevated interfaces, whitelisted mmc console list, autoelevated executables found in your system. Consider most of this log as potential UAC bypass targets.

http://www.kernelmode.info/forum/viewtopic.php?p=30022#p30022