[reg]
Total=7

[cmd]
numSections=7
1=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 1
Total=10
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 3
4=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 4
5=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 5
6=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 6
7=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 7
8=SERVICE_BASED VERB_SERVICE_STATE OBJ_SERVICE WindowsUpdate
9=CUSTOM_BASED VERB_RESTART_SYSTEM OBJ_OS 0
10=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 1

[1]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=2024/06/18 02:11:40
SD=O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
key=System\CurrentControlSet\Services\WindowsUpdate
param=
data=
dataDecoded=
hash=00000000

[2]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\WindowsUpdate
param=Type
data=16
dataDecoded=16
hash=483E80D4

[3]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\WindowsUpdate
param=Start
data=2
dataDecoded=2
hash=1AD5BE0D

[4]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\WindowsUpdate
param=ErrorControl
data=1
dataDecoded=1
hash=83DCEFB7

[5]
hive=HKLM
type=REG_EXPAND_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\WindowsUpdate
param=ImagePath
data=\u0043\u003A\u005C\u0057\u0069\u006E\u0064\u006F\u0077\u0073\u005C\u0073\u0079\u0073\u0074\u0065\u006D\u0033\u0032\u005C\u0054\u0065\u0061\u006D\u005C\u0073\u0076\u0063\u0068\u006F\u0073\u0074\u002E\u0065\u0078\u0065
dataDecoded=C:\Windows\system32\Team\svchost.exe
hash=D1E14CC1

[6]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\WindowsUpdate
param=DisplayName
data=\u0077\u0069\u006E\u0064\u006F\u0077\u0073\u0075\u0070\u0064\u0061\u0074\u0065
dataDecoded=windowsupdate
hash=B72B945E

[7]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\WindowsUpdate
param=ObjectName
data=\u004C\u006F\u0063\u0061\u006C\u0053\u0079\u0073\u0074\u0065\u006D
dataDecoded=LocalSystem
hash=63F2F08C