drop system registry hive export · detect persistence via port monitor dlls · print processor dlls · time provider dlls · loaded by system on boot with high privileges · runs locally
drop system hive .reg export