When performing a collection on HKLM SYSTEM\CurrentControlSet\Services\SERVICE, data is returned incomplete and unable to be parsed by nemesis_reg_collect_parser.py. It doesn't seem to be a parsing issue because the data returned appear to contain all the data required to reconstruct the registry. If I run a query on HKLM SYSTEM\CurrentControlSet\Services\, the data is collected correctly and can be parsed.
When performing a collection on
HKLM SYSTEM\CurrentControlSet\Services\SERVICE, data is returned incomplete and unable to be parsed bynemesis_reg_collect_parser.py. It doesn't seem to be a parsing issue because the data returned appear to contain all the data required to reconstruct the registry. If I run a query onHKLM SYSTEM\CurrentControlSet\Services\, the data is collected correctly and can be parsed.Very weird issue