Search notes:
Registry: HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001F4
0x1F4 = 500. 500 is a
SID's
suffix for an administrator.
F
The value of
F
stores the
password
of the administrator
V
Byte 0x38 determines if the administrator account is activated (
0x11
= disabled,
0x10
= activ).
Index