{"success":true,"data":{"ext":"sud","name":"Windows NT Registry and Registry Undo files","description":"The .sud format is a Windows NT Registry and Registry Undo file type developed and maintained by Microsoft as part of the Windows operating system. It is used to store registry backup and undo information for system recovery, troubleshooting, and rollback operations by Windows administrative tools. The format is generally safe, but it is legacy in nature and should be handled carefully because it affects core system configuration when restored.","mime":[],"risk_level":"Safe","signatures":[{"hex":"52 45 47 45 44 49 54","offset":0,"sources":[{"name":"Gary Kessler","url":"https://www.garykessler.net/library/file_sigs_GCK_latest.html"}]}],"related":["reg"],"usage":{"python":"def is_sud(file_path: str) -> bool:\n    \"\"\"Check if file is a valid SUD by magic bytes.\"\"\"\n    signature = bytes([0x52, 0x45, 0x47, 0x45, 0x44, 0x49, 0x54])\n    with open(file_path, \"rb\") as f:\n        return f.read(7) == signature","node":"function isSUD(buffer: Buffer): boolean {\n  const signature = Buffer.from([0x52, 0x45, 0x47, 0x45, 0x44, 0x49, 0x54]);\n  return buffer.subarray(0, 7).equals(signature);\n}","go":"func IsSUD(data []byte) bool {\n    signature := []byte{0x52, 0x45, 0x47, 0x45, 0x44, 0x49, 0x54}\n    if len(data) < 7 {\n        return false\n    }\n    return bytes.Equal(data[:7], signature)\n}"}}}