[reg]
Total=10

[cmd]
numSections=10
1=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 1
Total=13
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 3
4=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 4
5=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 5
6=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 6
7=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 7
8=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 8
9=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 9
10=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 10
11=SERVICE_BASED VERB_SERVICE_STATE OBJ_SERVICE Windows Test My Version 4.0
12=CUSTOM_BASED VERB_RESTART_SYSTEM OBJ_OS 0
13=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 1

[1]
hive=HKLM
type=REG_SZ
redir=0
empty=-1
DateM=2024/06/17 12:05:52
SD=O:BAG:SYD:AI(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;CIIOID;GA;;;CO)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=
data=
dataDecoded=
hash=00000000

[2]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=Type
data=16
dataDecoded=16
hash=483E80D4

[3]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=Start
data=2
dataDecoded=2
hash=1AD5BE0D

[4]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=ErrorControl
data=0
dataDecoded=0
hash=F4DBDF21

[5]
hive=HKLM
type=REG_EXPAND_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=ImagePath
data=\u0043\u003A\u005C\u0057\u0069\u006E\u0064\u006F\u0077\u0073\u005C\u0073\u0079\u0073\u0074\u0065\u006D\u0033\u0032\u005C\u006E\u0062\u0075\u0062\u0072\u0071\u0061\u002E\u0065\u0078\u0065
dataDecoded=C:\Windows\system32\nbubrqa.exe
hash=E98C90FA

[6]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=DisplayName
data=\u0057\u0069\u006E\u0064\u006F\u0077\u0073\u0020\u0054\u0065\u0073\u0074\u0020\u004D\u0079\u0020\u0053\u0065\u0072\u0076\u0065\u0072\u0020\u0056\u0065\u0072\u0073\u0069\u006F\u006E\u0020\u0034\u002E\u0030
dataDecoded=Windows Test My Server Version 4.0
hash=AA5216EA

[7]
hive=HKLM
type=REG_DWORD
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=WOW64
data=332
dataDecoded=332
hash=E5D0B66B

[8]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=ObjectName
data=\u004C\u006F\u0063\u0061\u006C\u0053\u0079\u0073\u0074\u0065\u006D
dataDecoded=LocalSystem
hash=63F2F08C

[9]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=Description
data=\u0054\u0068\u0069\u0073\u0020\u0069\u0073\u0020\u0057\u0069\u006E\u0064\u006F\u0077\u0073\u0020\u0054\u0065\u0073\u0074\u0020\u004D\u0079\u0020\u0053\u0065\u0072\u0076\u0065\u0072\u0020\u0056\u0065\u0072\u0073\u0069\u006F\u006E\u0020\u0034\u002E\u0030
dataDecoded=This is Windows Test My Server Version 4.0
hash=6466BE9A

[10]
hive=HKLM
type=REG_BINARY
redir=0
empty=0
key=System\CurrentControlSet\Services\Windows Test My Version 4.0
param=FailureActions
data=805101000000000000000000030000001400000001000000581B000001000000000000000100000000000000
dataDecoded=805101000000000000000000030000001400000001000000581B000001000000000000000100000000000000
hash=704E0C9D