HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot
    Description    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-400
    DisplayName    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390
    ErrorControl    REG_DWORD    0x1
    Group    REG_SZ    Early-Launch
    ImagePath    REG_EXPAND_SZ    system32\drivers\wd\WdBoot.sys
    Start    REG_DWORD    0x0
    SupportElamHive    REG_DWORD    0x0
    Type    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot\Security

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter
    DependOnService    REG_MULTI_SZ    FltMgr
    Description    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-340
    DisplayName    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330
    ErrorControl    REG_DWORD    0x1
    Group    REG_SZ    FSFilter Anti-Virus
    ImagePath    REG_EXPAND_SZ    system32\drivers\wd\WdFilter.sys
    Start    REG_DWORD    0x0
    SupportedFeatures    REG_DWORD    0xf
    Type    REG_DWORD    0x2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Instances
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter\Security

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv
    DependOnService    REG_MULTI_SZ    BFE
    Description    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-242
    DisplayName    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370
    ErrorControl    REG_DWORD    0x1
    ImagePath    REG_EXPAND_SZ    system32\drivers\wd\WdNisDrv.sys
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv\Security

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc
    DependOnService    REG_MULTI_SZ    WdNisDrv
    Description    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-242
    DisplayName    REG_SZ    @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320
    ErrorControl    REG_DWORD    0x1
    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000
    ImagePath    REG_EXPAND_SZ    "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe"
    LaunchProtected    REG_DWORD    0x3
    ObjectName    REG_SZ    NT AUTHORITY\LocalService
    ServiceSidType    REG_DWORD    0x1
    Start    REG_DWORD    0x3
    Type    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc\Security