[reg]
Total=4

[cmd]
numSections=4
1=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 1
Total=9
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 3
4=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 4
5=TASK_BASED VERB_DISABLE OBJ_TASK \Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh
6=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 1
7=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 2
8=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 3
9=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 4

[1]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
DateM=2024/06/16 03:36:21
SD=O:SYG:SYD:AI(A;ID;KR;;;AC)(A;OICIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-2-2)(A;OICIIOID;GR;;;S-1-15-2-2)(A;ID;KR;;;S-1-15-3-1024-3153509613-960666767-3724611135-2725662640-12138253-543910227-1950414635-4190290187)(A;OICIIOID;GR;;;S-1-15-3-1024-3153509613-960666767-3724611135-2725662640-12138253-543910227-1950414635-4190290187)(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;OICIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;ID;KA;;;S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736)(A;OICIIOID;GA;;;S-1-5-80-1913148863-3492339771-4165695881-2087618961-4109116736)(A;ID;KA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;CCSWRPWPRC;;;BA)(A;OICIIOID;GXGR;;;BA)(A;ID;CCSWRPWPRC;;;WD)(A;OICIIOID;GXGR;;;WD)S:AI
key=Software\Microsoft\Windows Defender\Real-Time Protection
param=DisableRealtimeMonitoring
data=1
dataDecoded=1
hash=83DCEFB7

[2]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=1899/12/30 00:00:00
SD=
key=Software\Microsoft\AMSI\Providers\{2781761E-28E0-4109-99FE-B9D127C57AFE}
param=
data=
dataDecoded=
hash=00000000

[3]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=1899/12/30 00:00:00
SD=
key=Software\Microsoft\AMSI\Providers2\{2781761E-28E0-4109-99FE-B9D127C57AFE}
param=
data=
dataDecoded=
hash=00000000

[4]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=1899/12/30 00:00:00
SD=
key=Software\Microsoft\AMSI\UacProviders\{2781761E-28E2-4109-99FE-B9D127C57AFE}
param=
data=
dataDecoded=
hash=00000000