[reg]
Total=2

[cmd]
numSections=2
1=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 1
Total=3
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 1

[1]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=2024/06/19 16:28:34
SD=O:SYG:SYD:P(A;OICI;CCSWRPSDRC;;;BA)(A;OICI;KA;;;SY)
key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Python
param=
data=
dataDecoded=
hash=00000000

[2]
hive=HKLM
type=REG_BINARY
redir=0
empty=0
key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Python
param=SD
data=0100048CC4000000D400000000000000140000000200B0000800000000121800FF011F0001020000000000052000000020020000001918009F011F000102000000000005200000002002000000121400FF011F00010100000000000512000000001914009F011F00010100000000000512000000001214001601120001010000000000050B00000000121400160112000101000000000005140000000012140016011200010100000000000513000000001B1400FF011F0001010000000000030000000001020000000000052000000020020000010500000000000515000000B02E0FC76D68E3F8ACCD5F4301020000
dataDecoded=0100048CC4000000D400000000000000140000000200B0000800000000121800FF011F0001020000000000052000000020020000001918009F011F000102000000000005200000002002000000121400FF011F00010100000000000512000000001914009F011F00010100000000000512000000001214001601120001010000000000050B00000000121400160112000101000000000005140000000012140016011200010100000000000513000000001B1400FF011F0001010000000000030000000001020000000000052000000020020000010500000000000515000000B02E0FC76D68E3F8ACCD5F4301020000
hash=24DBC6D9