[reg]
Total=3

[cmd]
numSections=3
1=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 1
Total=4
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 3
4=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 1

[1]
hive=HKLM
type=REG_SZ
redir=0
empty=0
DateM=2024/06/17 09:19:58
SD=O:SYG:SYD:AI(A;ID;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;ID;KA;;;SY)(A;CIIOID;GA;;;SY)(A;ID;KA;;;BA)(A;CIIOID;GA;;;BA)(A;ID;KR;;;BU)(A;CIIOID;GR;;;BU)(A;ID;KR;;;AC)(A;CIIOID;GR;;;AC)(A;ID;KR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)(A;CIIOID;GR;;;S-1-15-3-1024-1065365936-1281604716-3511738428-1654721687-432734479-3232135806-4053264122-3456934681)S:AI
key=Software\Microsoft\Windows NT\CurrentVersion\Winlogon
param=AutoAdminLogon
data=\u0031
dataDecoded=1
hash=8A497EAB

[2]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=Software\Microsoft\Windows NT\CurrentVersion\Winlogon
param=DefaultDomainName
data=\u0057\u0049\u004E\u002D\u004E\u004B\u0038\u0045\u0035\u0050\u0046\u0030\u004F\u0048\u0048
dataDecoded=WIN-NK8E5PF0OHH
hash=9D80C036

[3]
hive=HKLM
type=REG_SZ
redir=0
empty=0
key=Software\Microsoft\Windows NT\CurrentVersion\Winlogon
param=DefaultUserName
data=\u0041\u0064\u006D\u0069\u006E\u0069\u0073\u0074\u0072\u0061\u0074\u006F\u0072
dataDecoded=Administrator
hash=0C4D217D