Home

Welcome to the xCyclopedia wiki!

This wiki page is automatically converted from the strontic-xcyclopedia.json file.

comment

key	value
author	@strontic20
website	strontic.com
github	github.com/strontic/xcyclopedia
synopsis	Gather metadata of executables
license	MIT License; Copyright (c) 2020 strontic
rundate	2020-06-04

acu.exe-5A62052F6F1D9E8B5BD1485ADD99E5A0

key	value
file_name	acu.exe
file_path	C:\Windows\system32\acu.exe
hash_md5	5A62052F6F1D9E8B5BD1485ADD99E5A0
hash_sha1	C9DD6471F40307D2014DF8EC5F6DDD1E1F7978A4
hash_sha256	02C641F75E43000FD19A82BF12949C40F0E4AE4C7C8A9BBB3725B1537187AD69
hash_sha384	1B774ACFC98ED1663CFB2947E6E464A6CE4886004CADA3CF7E816E338C7211C3E096D4F9D831B2422CC2F65A00E70A49
hash_sha512	CD28F6D7E513A0FEBCE3048A118D3094EFDB75EAB0638485D71C5A7D6BE0CFB6735AE72377574624BE59E3D78D80743B58966D255331CA2F8CC6A4C7908380E6
hash_ssdeep	384:Xy2s+fssUg+OSxhDs9W9DA+YvrQKahZNisVUmDsVltVk0dvaeT7QCbmwDV7wJ/Wk:Erw2dYsbRnlDsV7gewKrPOwR
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	ACU
meta_original_filename	acu.exe
meta_product_name	Microsoft (R) Windows (R) Operating System
meta_comments	Contains the Application Container Updater
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0
meta_product_version	10.0.14393.0
meta_language	Language Neutral
meta_legal_copyright	Copyright (c) Microsoft Corporation. All rights reserved.

AgentService.exe-D9546C1D46352D55704A3696C8DFF19A

key	value
file_name	AgentService.exe
file_path	C:\Windows\system32\AgentService.exe
hash_md5	D9546C1D46352D55704A3696C8DFF19A
hash_sha1	7A9B1728983B37EE2BF4C5ABE28EC271390EC59E
hash_sha256	BF7B512F54AE828774094ECA9AA39D50FD5FF9511CA1D140102995C8EC468B11
hash_sha384	EF596A10ED4D3A7D7F4C9DBC2B21792931C7F098E16D4928EF8C2ECE6305E0B985CA883D0BF4EDB59470112FCA9110A3
hash_sha512	DFD0808A5C40DB6DB6A304952878EEC04F3E3C5FFC163315D0C43626B1EBE437960F9FEE6811BCCBC8EB56FAA43CD5E19FC26B713307AA5A982BFBBE85C221C9
hash_ssdeep	24576:CwYF+IB16g77Rv8ik9qpAv59GlSvBnKouO+1WaZUDJk9X:CwYF+IyI7x4OK59GEKSDJk9
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	AgentService EXE
meta_original_filename	AgentService.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

aitstatic.exe-901E2BAC6E0292AD04CA8423A3A2C384

key	value
file_name	aitstatic.exe
file_path	C:\Windows\system32\aitstatic.exe
hash_md5	901E2BAC6E0292AD04CA8423A3A2C384
hash_sha1	65865A3112D6E5BD3444FC5E2995DEE9858E5ED6
hash_sha256	19D82DCD19879F157FCDF7FA2380B90A89B8EB09B8ABC732F911032EFEE29FDE
hash_sha384	E7F5A07EDC83DA5FDA050A4B46FF22A733D72A7A505FF7CDC8DB0B16760DB436C439B05B191346A69CD59A589A0DB753
hash_sha512	DC331F9E98BAED6A34A019171C4BCFEDE22C40F78A930E9AB1984E6BB241885EB98EB5987FED663969746AADBC62CA967A042CA9D7AD9A8784D97F4AA7EEB937
hash_ssdeep	49152:IabKOtEZWV6N82RyvoQ4Q4ullYF5svlRlZaAoTMZmhJv3eEkF/LX:IyKNNYtaAIrAoTMgJvuLX
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Application Impact Telemetry Static Analyzer
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.18362.1035 (WinBuild.160101.0800)
meta_product_version	10.0.18362.1035
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

alg.exe-8FD51B3B35707A66080D7C8CB05E792D

key	value
file_name	alg.exe
file_path	C:\Windows\system32\alg.exe
hash_md5	8FD51B3B35707A66080D7C8CB05E792D
hash_sha1	7D3F39EDAB05CD0C3CF112D47008116BCB306B92
hash_sha256	FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B
hash_sha384	F20B9BDB519E11D51948CD1E13D5EDD738729B989651F673F063D2FB1918740439970D8749AE8837E4231CC5360CE0A4
hash_sha512	05C8E010B82250BD40D66F62CFD514B10257D8FCAD2F399746D28DB094BBE66ED5A053F23F84FCB34C9A5225EDFB897F16C7FB05E9B2324F9A0A95E76A4452AA
hash_ssdeep	1536:DHAOeXaumt+SUcoCL74fzD72RSz5q91F80AfvHK4oismH3:DLfumt/YCLcfPz091FcvqN
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Application Layer Gateway Service
meta_original_filename	ALG.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

AppHostRegistrationVerifier.exe-349A75331035C5266DA27BC3AFC552CC

key	value
file_name	AppHostRegistrationVerifier.exe
file_path	C:\Windows\system32\AppHostRegistrationVerifier.exe
hash_md5	349A75331035C5266DA27BC3AFC552CC
hash_sha1	A3E21C10B33DA06D01A81CCED190D0604988A602
hash_sha256	3D134E850306AE1DFBCC84F01503A8B63438CE72AAC1C62B9DF420DB28100114
hash_sha384	57C8065D4C70FCA582607B976853998E86C21282E005CE26DA1225FD1ADEFF51136051D08DB025BE7ED01B234E42B9E3
hash_sha512	927CD86C6ACC82FA508DAED2102BFCD6848843488F376929E5ABA0DE4E386419323761E34D24F639A75EDB9B8D9656FFBAEBF38A32C47E7FFB4450B074BF240B
hash_ssdeep	3072:hExf1PZ2cMzr10kgcye+fP5hP4mxZKG9W:hExfFMnzye+zP48
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	App Uri Handlers Registration Verifier
meta_original_filename	AppHostNameRegistrationVerifier.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

appidcertstorecheck.exe-C90A66F047631C13630C1891500C9C45

key	value
file_name	appidcertstorecheck.exe
file_path	C:\Windows\system32\appidcertstorecheck.exe
hash_md5	C90A66F047631C13630C1891500C9C45
hash_sha1	50D8EB1A7C1C450FD7F9CF6789B6BB84A80F04B7
hash_sha256	90BE9841349DF2465522A3B8F1404CA886E227C87BB9C986DBF98935CC72B5DB
hash_sha384	7899AB18CA20C9EC10F76FCE916C4B31A9FE2649D9911C4CDCF3EFAA026B7D4CC90D875F6A0BD2FC61585F9D143056ED
hash_sha512	280FBFDCF0C235B30E9BDC7052AB86D77CEC914E39B5CC183A8B45BD429FA3E983D59F7DFFFB1B1B79D6999D9B24E0A8C0676B7A03DD01A8B247C3967FBB71BE
hash_ssdeep	384:o2PV3ZVoFGq0kYg23HdRoGPYMOvUVXUQ32MOX4xxBPD+9BqWbaK1W:o8VpVoFGq8hRoYOzE24zPDqBPaK
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	AppID Certificate Store Verification Task
meta_original_filename	AppIDCertstoreCheck.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.1198 (rs1_release_sec.170427-1353)
meta_product_version	10.0.14393.1198
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

appidpolicyconverter.exe-5207A6FB31CAF328C3461DA0D7AD01E1

key	value
file_name	appidpolicyconverter.exe
file_path	C:\Windows\system32\appidpolicyconverter.exe
hash_md5	5207A6FB31CAF328C3461DA0D7AD01E1
hash_sha1	9AB86C353D5B46906EAE90E1EF6003B82EAC6CD0
hash_sha256	AB4692F6CCACF20BF82675AD415A5E3AD1C3FD0C5526666661E060835EDCC33F
hash_sha384	9BE17CC2FFB1BBF344E798C682188076054A71398A53BE4BCE879074C92FE193BDF52AC786D8BDA22B205FCB013A91E9
hash_sha512	45A0A6650600A9D992C14369AD5FF173C3C8C5618F3D1C1A0130DABA25D5D2A0BB4180F11EFBAD2E9ADA7F61F4F85BCAE37C0FF238972D4924EEE2A31AF3CD08
hash_ssdeep	3072:Z5i7J6W7X30gb8Z6Q3jT2Um1QVzeebBLN4VocqnwBg5RFuhBkCyN:ZkBn0gRb1yjbBZ4Vo0gbAhBkC
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	AppID Policy Converter Task
meta_original_filename	AppIDPolicyConverter.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

appidtel.exe-3A28AC2A5D214F9F8071D094045DACDC

key	value
file_name	appidtel.exe
file_path	C:\Windows\system32\appidtel.exe
hash_md5	3A28AC2A5D214F9F8071D094045DACDC
hash_sha1	DD5B6632C3ED0AFBA5EDFAC323A0699EE8AE5851
hash_sha256	C8F93FFEE5E0E267E1D2225EF73D6B6B938CC7E6A0907645CF955EBE6163EDC8
hash_sha384	2BF2BDBC7D9D8A590E1F648E6EF3D8DD5060429D85909622519D9E3BAB5DC358E64A08F6D81EC77483C632DB2ED55196
hash_sha512	B8BBEDBAE100ABA4C05ABEDF3EC83C3B637A736434039508B5B4001ACD9D6B47D7A9C5A3C9D80F16C32728763197B67194944826A238385703CB18499443EC5C
hash_ssdeep	384:qnWST+GxWkh9zKf77M3I5TaC1oAD7v/F4TzIpncul2R5FSWrMF1u3+4KQTge0Ws1:AT+qv8779513v/Gzml05Fo3L4bq
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Initializes Appid ManagedInstaller and Smartscreen Telemetry
meta_original_filename	APPIDTEL.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	1.00 (rs1_release_d.170807-1806)
meta_product_version	10.0.14393.1613
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

ApplicationFrameHost.exe-654D3D69623B9DD7AF410C360AB12136

key	value
file_name	ApplicationFrameHost.exe
file_path	C:\Windows\system32\ApplicationFrameHost.exe
hash_md5	654D3D69623B9DD7AF410C360AB12136
hash_sha1	0C2FE933ABB71C8D97082AE6D732D49B0B01BE15
hash_sha256	1149BA08C3C39E66F8D56898C809FFF97AD5693C686D820FC5301F6113ED9B9B
hash_sha384	73104E7153810897F799E53BDF1AD9895EE153BA43EE47AEF578B1322C020E671682CEF25194DC3915FC5840BE531190
hash_sha512	97F180AD8A669F4C1371661CDB2BA17CCD6432A5A87350D8B7D3681A715F1F77955109A03F3B0A252AD54D350112DC4D12597D97EBE1DD2CABEBC08CFA8CBFA8
hash_ssdeep	768:x5QhpssSBRpXH769rXsAq9COl0DOg6LtseT2OwRX1PCarx:xwp3sXHI5O+DnCtsevwRlPnrx
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Application Frame Host
meta_original_filename	ApplicationFrameHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

ApplySettingsTemplateCatalog.exe-6E5E4A7013022C59461E01487487AE39

key	value
file_name	ApplySettingsTemplateCatalog.exe
file_path	C:\Windows\system32\ApplySettingsTemplateCatalog.exe
hash_md5	6E5E4A7013022C59461E01487487AE39
hash_sha1	4C9E02ED058D5DD1FF8790C6669BF73A3687E8F2
hash_sha256	A6B2BC0DE4FA4DB587FE4FA0B9BA368904BA14508D61802988F5933CE4678671
hash_sha384	BE331C1C2C04238495192D8A37006E6AF46331315070F37C45E55C9BD21B12C5231AEC1950670DA619DD6047263BF99E
hash_sha512	2B4FED15EA38EAEC61A57CE0D8872F310297B059AA6E6FDDDEB49BB014FF82B5474BE2F528603E4CA32002703A1D906FCBBC8879284CBF38237FB23858B740E5
hash_ssdeep	24576:X0KdFOSqr40VzK9a8C5vtsBQlU8STQ/jTuI8G26crjGEzq9yiXlM:RfOSqFZK9St47q3Xl
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	ApplySettingsTemplateCatalog EXE
meta_original_filename	ApplySettingsTemplateCatalog.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3471 (rs1_release_1.191218-1729)
meta_product_version	10.0.14393.3471
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

AppVClient.exe-6D386C4567836ED0F6188419C653F46C

key	value
file_name	AppVClient.exe
file_path	C:\Windows\system32\AppVClient.exe
hash_md5	6D386C4567836ED0F6188419C653F46C
hash_sha1	FBBBF818FE872F537CC6A453F726B5514591C37C
hash_sha256	51E3B575FB7A4D6469D4217399118414C8F377A03FC7FEF715AF90612144DBD8
hash_sha384	7CF52A43FF1DDF6CE8B2DA2657E452CC07D0668E884326D62AFA319536BCB66A432C86C02721960EADC55651D91E7355
hash_sha512	037DD28D3FD02063E074347C64B8642A00308683B68B38708DA5410BA26B0FCB58CC28A04DD506DA393FAE13C3C33D827993CCEB988AB563A5343B9BA9B0D111
hash_ssdeep	24576:DSXrvk0fpTNboKb1uNclDsaefhjKWN3mlt9NcGXWbDyLM6a6hpf2:Dwrvk08WNlwaahjKWNc9NcGXWfyL7LpO
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Application Virtualization Client Service
meta_original_filename	AppVClient.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3471 (rs1_release_1.191218-1729)
meta_product_version	10.0.14393.3471
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

AppVDllSurrogate.exe-2F1282C7BF27495D921F702C81958F10

key	value
file_name	AppVDllSurrogate.exe
file_path	C:\Windows\system32\AppVDllSurrogate.exe
hash_md5	2F1282C7BF27495D921F702C81958F10
hash_sha1	CEA6A8C6759014E1F3F36396D4137452F7369D8D
hash_sha256	01A9FDC4BC9B4571EF8019569903893604053CCF5A639D65DEC5CE2A3AF4D5C0
hash_sha384	7FC9622B9C963E0C3A58E98315A4CD1065704F78B771F8F8FA016C213990A7672294A1695E3F073074008FC68E040642
hash_sha512	E4B7050515D1BDB5FC8D7066070478609498A81F43028F3086C3AA9B2C6ABFBF0835E1128306632D95CA1229375C36CA2E645E76C16B369DA97DD5ABFA6EBE1F
hash_ssdeep	3072:tKHXk8OYtTt+8qFrrz7YLriqWGNU6gTLe7Thec7d77:t3YbZqFrrz7cWGNU6gTLep/N7
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Client DLL Surrogate Host
meta_original_filename	AppVDllSurrogate.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3659 (rs1_release_1.200410-1813)
meta_product_version	10.0.14393.3659
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

AppVNice.exe-23AFC486E58A3841A015F2F45E34F781

key	value
file_name	AppVNice.exe
file_path	C:\Windows\system32\AppVNice.exe
hash_md5	23AFC486E58A3841A015F2F45E34F781
hash_sha1	73B7398DCF42D86BF58C7C2E8ADD6A35E4B42832
hash_sha256	A4E48D641C9F227BD0C8F1BB90414655AD2C28D91E5D1D3A2FB0DE492983BFE5
hash_sha384	3A5F5D46990E75B500A1B8593BA796F2B4050DED97C7D0E89BD4CFF224D31796E9571B822C4BF93463DED4802B1C4132
hash_sha512	7DB14AFDD75FAA32CD02E062845B6D3B443828BD5CB91F8A1E26DA6513CD5252ABBC73C0FA2CE6427549BC2379D90FFACE6863E01C34490244F91EBB84BA105B
hash_ssdeep	1536:wKYbc2+xsCvof6N/uYhjaPCbLqt/6QWSfKYbkkbsFDfSIT0nJ2QC7pFJan1ZQnBF:wncxsCR/hjbqhPWONU6ITLJJk16nBLR
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Application Virtualization appvnice
meta_original_filename	appvnice.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3659 (rs1_release_1.200410-1813)
meta_product_version	10.0.14393.3659
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

AppVShNotify.exe-DAFCE696CFDFEA5F622F16CC2376972B

key	value
file_name	AppVShNotify.exe
file_path	C:\Windows\system32\AppVShNotify.exe
hash_md5	DAFCE696CFDFEA5F622F16CC2376972B
hash_sha1	66DCDA15B8A56E67929112BDC79AD81B38E66787
hash_sha256	FEEDF7E94B5F6079F8154DBE53299D483246986AC06A64C7BE2AE63C3CBF55AC
hash_sha384	419B84F18F5154C5D3B9F656D2EE151D8F58287775568A19E687960BCE2E108A15030649FC3E4094ED0C1F7EFDFAE171
hash_sha512	E4C2E1F645870CE91D37CCC183AC449CA2D9A718E8EA1EBA63C0BA61D42F63FB6E5B86DE7F25AF3016C8760DD1596A95B4B83A69ED5B561F9FBF074A3F13E8D8
hash_ssdeep	3072:k/ZPeVGFGmT0bbplXIP9rRnWwDyJLt6bWfNU6ITLn3CJ+eqGm41ArZKarG:k/ZqQ2/IP91ZDIhYWfNU6ITLnSvYdrZG
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Application Virtualization Client Shell Notifier
meta_original_filename	AppVShNotify.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3659 (rs1_release_1.200410-1813)
meta_product_version	10.0.14393.3659
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

AppVStreamingUX.exe-71F4D0AC9EB0985E1F01EB8FAFFE7220

key	value
file_name	AppVStreamingUX.exe
file_path	C:\Windows\system32\AppVStreamingUX.exe
hash_md5	71F4D0AC9EB0985E1F01EB8FAFFE7220
hash_sha1	9BFBA2FE9AA0C62E24F1728F7AC1840E6BC99B46
hash_sha256	EE3F5047C9B9031A8FA2AC6AACA1B8CCA67F386A79EAF6FAC83AE82A2EFE2554
hash_sha384	0F4C2B93F13BD2138BBFCBA65366D7A0A69EA2C6DB39F22D4777ECD3F66107EF7C78AD500665B4DAF13514350C5F4DCD
hash_sha512	FF66942988074BCC322275DAC72BB561C161FD2B75E3E1BBB6D2343EF4035BEBC248BDE11843F199B88786C8305D784D6ADFF2510874840E5284697A001D3A19
hash_ssdeep	3072:yXCLn5CZiLwhrwZ/kEUIXtrVjMqVVdmabWcONiHNp6ei/EzVHMqVVdmabWcONiHy:isC4whrwbCaqg6RcnCaqg6R8KD
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description
meta_original_filename	AppVStreamingUX.exe
meta_product_name	Microsoft (R) Windows (R) Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0
meta_product_version	10.0.14393.0
meta_language	Language Neutral
meta_legal_copyright	Copyright (c) Microsoft Corporation. All rights reserved.

ARP.EXE-1E065F9F13F4A59292BE9B2EC513D7A6

key	value
file_name	ARP.EXE
file_path	C:\Windows\system32\ARP.EXE
hash_md5	1E065F9F13F4A59292BE9B2EC513D7A6
hash_sha1	E785019523B22DBDEEA30179FB4FC80877B593A6
hash_sha256	CCA1F962F9435330C556F07A1745D743AD7ACAD7561C4C79420B0BF16C8E1D0A
hash_sha384	87AECC4A3D25EBF019CCADCE6B048B252F49CD21A281EEACE063E55EBB8B27FF86C31A98CFE673F5B7759870BA155D7A
hash_sha512	019E96D0AB6A198EEB0351A5A4F169B6DDD8B8773B91C26930264D90D0CCE220A52414E5816F58F113D2683B408FD812ED140598896A6FD78455F480D1651CD8
hash_ssdeep	384:IopBYhDEmOoFIXanzv2jWL7pU6O04mpIxEhTVIMSnh7mC37PuIub2LWSOmW:Io4hDEWniO7pU6O3u0nhTPutb/
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	TCP/IP Arp Command
meta_original_filename	arp.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP). ARP -s inet_addr eth_addr [if_addr] ARP -d inet_addr [if_addr] ARP -a [inet_addr] [-N if_addr] [-v] -a Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed. -g Same as -a. -v Displays current ARP entries in verbose mode. All invalid entries and entries on the loop-back interface will be shown. inet_addr Specifies an internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -d Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to delete all hosts. -s Adds the host and associates the Internet address inet_addr with the Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies a physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. Example: > arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry. > arp -a .... Displays the arp table.

at.exe-8C4291D714DDDA7EF9786CB7686E8B20

key	value
file_name	at.exe
file_path	C:\Windows\system32\at.exe
hash_md5	8C4291D714DDDA7EF9786CB7686E8B20
hash_sha1	FE26135A938F4058F60106346833D1C3A25E7479
hash_sha256	A60D4E00E9DF07AC09C8C607239DB08BB7D167299572E4436A5B14CC2BF2AD26
hash_sha384	A8B86C450DEB438E4D6D09FED78DAA31624B8EF21FAD67D9623EF4CC2C7039467EBEA2A3D38CBA7679FCAB24DF657CB0
hash_sha512	86AF53290DF291DB062AA0C51F4EC968DDC1F7E802A2504190B3FE25296F687CC50B4EFF6D6C590582863B5EDC40C6CA1A66A9B994E6A687FE0622EC9CE03B1A
hash_ssdeep	768:Cdagjj8+Dno7dR7gi8mAShL74iAeXuUjn/p:kWRxn8ZSiIug/p
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Schedule service command line interface
meta_original_filename	AT.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	The AT command has been deprecated. Please use schtasks.exe instead. Invalid command. The AT command schedules commands and programs to run on a computer at a specified time and date. The Schedule service must be running to use the AT command. AT [\computername] [ [id] [/DELETE] \| /DELETE [/YES]] AT [\computername] time [/INTERACTIVE] [ /EVERY:date[,...] \| /NEXT:date[,...]] "command" \computername Specifies a remote computer. Commands are scheduled on the local computer if this parameter is omitted. id Is an identification number assigned to a scheduled command. /delete Cancels a scheduled command. If id is omitted, all the scheduled commands on the computer are canceled. /yes Used with cancel all jobs command when no further confirmation is desired. time Specifies the time when command is to run. /interactive Allows the job to interact with the desktop of the user who is logged on at the time the job runs. /every:date[,...] Runs the command on each specified day(s) of the week or month. If date is omitted, the current day of the month is assumed. /next:date[,...] Runs the specified command on the next occurrence of the day (for example, next Thursday). If date is omitted, the current day of the month is assumed. "command" Is the Windows NT command, or batch program to be run.

AtBroker.exe-8507D8A98EFA12F285A504DAEF14A0A5

key	value
file_name	AtBroker.exe
file_path	C:\Windows\system32\AtBroker.exe
hash_md5	8507D8A98EFA12F285A504DAEF14A0A5
hash_sha1	333AC42FFA0A3294CF9EAC36AB8026DFAE8D8D2B
hash_sha256	A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4
hash_sha384	27E4555BC3BA6EDE958D170147A88D1753362588C58BBC902AB1BF75BB4C03A2A58FEA1F23BC542C2A15161C181E7EAF
hash_sha512	29C494ED047CEB2A2CB27546C666A5D268B1215FEDCB674A810B27EF50EAD84E44E18F4073F73F88C3CE8797D5674021292442060FDB53DE7CE73847D2CDB507
hash_ssdeep	1536:+5uYU9BH7oTzrD1TSDXJPMIUcS3ABteD8WlGxnIM:+5uczrUDsV3AidlGxnIM
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Assistive Technology Manager
meta_original_filename	ATBroker.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

attrib.exe-E2B44D665E20F6FF5C453E0BD450D6FB

key	value
file_name	attrib.exe
file_path	C:\Windows\system32\attrib.exe
hash_md5	E2B44D665E20F6FF5C453E0BD450D6FB
hash_sha1	3A5684E9496357F7A2AAD5ECB175C3DC99C1D7FC
hash_sha256	F9F41EE710DCA39EFF229F5277AF4E3A24EDF7ECA6DFB2627AC3FEFC934907B2
hash_sha384	B86F9206323866A0079629C0EEB01903C81DCC57F13F705D6DFF82835D83327779E80AF39175EF25E9A13AF5FC764A9E
hash_sha512	32974CCC40AE7490FC51CA529AAB40EBC8CF6B7873DE845875EFD3FA0631637984AD50215C9F1C418ACCCAD8EF5E8C1129B4DFE63E3B40C84BB9BFDB0F4BCFAB
hash_ssdeep	384:hkOm9rkgs4iO70XbuqT5m/yDfqBZSFwWPW8tW:hyrkt4ibiqeyIZSFR3
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Attribute Utility
meta_original_filename	ATTRIB.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Displays or changes file attributes. ATTRIB [+R \| -R] [+A \| -A ] [+S \| -S] [+H \| -H] [+I \| -I] [drive:][path][filename] [/S [/D] [/L]] + Sets an attribute. - Clears an attribute. R Read-only file attribute. A Archive file attribute. S System file attribute. H Hidden file attribute. I Not content indexed file attribute. X No scrub file attribute. V Integrity attribute. [drive:][path][filename] Specifies a file or files for attrib to process. /S Processes matching files in the current folder and all subfolders. /D Processes folders as well. /L Work on the attributes of the Symbolic Link versus the target of the Symbolic Link

audiodg.exe-B6AD9EA14ECBA405C88628BC78282710

key	value
file_name	audiodg.exe
file_path	C:\Windows\system32\audiodg.exe
hash_md5	B6AD9EA14ECBA405C88628BC78282710
hash_sha1	87A17FA486A5C143EEB6F1C848E1334ECBB57B55
hash_sha256	CC23EC7F03AF7C2B27113C71BEB978BBB3C833CC1074478D57852DB21A769AF9
hash_sha384	A7F0532A2701E563D88CE0D5613DBF6E2E6287D2546B18288F4DA80958718F2C2AC989E411F88EAB5B59EE221718E2CC
hash_sha512	E50011ACEA13FBD19A78FA0951A8BC5A364B62876748FD99CB2D438570496158891571835D2B62FF06CC53A5FB58E2E8CA6AA54FB6B2908F1BBE001DB87E09B8
hash_ssdeep	6144:inVW0hJZ8U/7+z5e6JuHspYbrj6T0ThjjhYE+JrJf:4JZ1SM6JuHspYXBKFR
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Audio Device Graph Isolation
meta_original_filename	audioadg.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

auditpol.exe-3F7C7B2CE3E905ED4868DEBB640A5234

key	value
file_name	auditpol.exe
file_path	C:\Windows\system32\auditpol.exe
hash_md5	3F7C7B2CE3E905ED4868DEBB640A5234
hash_sha1	9D0F2C4224F780847E0D1AC6C21C11A0CDCE7EEF
hash_sha256	91278DA04F3A40DA84CD151D3E69A4F39EEF82BD7F7F3A238DD5E3C224CAA33A
hash_sha384	36460CFBDB2ECCF1691C54A95DAD1222F028FB901C7FE55E39815275E3DDBA12BD3DF23468AC10AFAC51886FE5D446A2
hash_sha512	8755396F0E01859C938D5D6E2B0155F0A86E52BE1B14742DA97C71B1A0C002FCCABD3C3628BC55E96E07E9B1320FE3465E7115F3B1295456B831C012954DD0E6
hash_ssdeep	768:k/5zR9nJTTUb0HRh03+pIh7zokpKLBSlLv0U0pv5ar:8RkQzy7zzpKLUlLcU0pv5ar
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Audit Policy Program
meta_original_filename	AUDITPOL.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Usage: AuditPol command []\r \r \r Commands (only one command permitted per execution)\r /? Help (context-sensitive)\r /get Displays the current audit policy.\r /set Sets the audit policy.\r /list Displays selectable policy elements.\r /backup Saves the audit policy to a file.\r /restore Restores the audit policy from a file.\r /clear Clears the audit policy.\r /remove Removes the per-user audit policy for a user account.\r /resourceSACL Configure global resource SACLs\r \r \r Use AuditPol /? for details on each command\r
error	Error 0x00000057 occurred:\r The parameter is incorrect.\r \r

AuthHost.exe-FA740A5A8260D95D953A2F6F49558CEF

key	value
file_name	AuthHost.exe
file_path	C:\Windows\system32\AuthHost.exe
hash_md5	FA740A5A8260D95D953A2F6F49558CEF
hash_sha1	3ACB1F41715EDEF39AD17BF463BA08DA4CA3C31F
hash_sha256	EB526FCFBA01CB683AFE421FFDB38BE6E2633003C96BC193CA5BAC71E418C613
hash_sha384	484ACBA4FBEE306BC20DC77051731C2705F65B5E31C869030656FDF7D2C0FF946A7EDEDD604AA999B93951F6D6E89131
hash_sha512	89F28DF67B7DA680A3F8EF216D5D2AE0A1A866C96F3F566EBBA9CC224A89AD61141A4736B021BC685B6591A8F496516411063B292F2AF701CEE4C8BF5B2FAA68
hash_ssdeep	3072:zTiePil36/JNQlwxyB6cs7gZUI+b+scRil3pOS:zTiePKvlYKsh5cK3US
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft AuthHost
meta_original_filename	AuthHost.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children": [
iCloudPhotos.exe
iCloudDrive.exe"

autochk.exe-33900CEB40D3ECD3504F1DD287428B49

key	value
file_name	autochk.exe
file_path	C:\Windows\system32\autochk.exe
hash_md5	33900CEB40D3ECD3504F1DD287428B49
hash_sha1	530FB3D624E14DDB4B11B561E274944C4C54E82C
hash_sha256	A279FC9CECA961D9040AA69F06A0A78B530E21C788C7D7590E866EFC447E979B
hash_sha384	1A9EFA89B96A4E42C3ED132883ECDCCDCCD243E51EC638313DD8288243D7C36D35AA6361188E48DE7A2D02A010DF0BF0
hash_sha512	406A55278AFB5BCFD70FF8C84B60AD93E427DEF558FF651E72E966A5E4BF907DAF333AC7B270F7F3D9A1ED4A54BBA748CDB6BD5A86A03DF492038732A5AEDC05
hash_ssdeep	12288:kEOVuzEjiPvADKg2ALAR3q/jiVO8dFeSoDTUm/Zg1X:bquQjHDKg2A0Ra/jedJ09/W1
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Auto Check Utility
meta_original_filename	AutoChk.Exe.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.1532 (rs1_release_d.170711-1840)
meta_product_version	10.0.14393.1532
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

autoconv.exe-0BCE6022D8B46680FF8FA1FC2DD409A6

key	value
file_name	autoconv.exe
file_path	C:\Windows\system32\autoconv.exe
hash_md5	0BCE6022D8B46680FF8FA1FC2DD409A6
hash_sha1	32E731935BED82384AEDE89CE879A6DA05B7B1A0
hash_sha256	3A2ED5EBD7D053C3328ECFFA4FC7D8A9608329B21449AE901D18BCF5034D5DE5
hash_sha384	E970427F69E16FC09C29C1655FE30BF2C0F8B39B3DED587D4F6BAEE4AD57D678FEE86B356F18563025271BC5B27D0EBE
hash_sha512	064CF0A6B5D8A0ED91E900952792EC256DE5305D3CB7D0C3535F60620A10219D6266873027C28D5D4202C2392596157F94FA713AAD0B6F3902AD8C46B0CD3F34
hash_ssdeep	12288:/u58hRuHsVJ8ENoekZ88Z+IdU8gu3Z4ERetAbbJ5UCYD1X:/u5+RuMVTfkZ88Z+Idr3D6YfUC81
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Auto File System Conversion Utility
meta_original_filename	AUTOCONV.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.1532 (rs1_release_d.170711-1840)
meta_product_version	10.0.14393.1532
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

autofmt.exe-B2CA009AF6A907269E340AFDC1AC7D1D

key	value
file_name	autofmt.exe
file_path	C:\Windows\system32\autofmt.exe
hash_md5	B2CA009AF6A907269E340AFDC1AC7D1D
hash_sha1	E33441C047771C13A84F09C46795CB70FADF6151
hash_sha256	8E17300288E2844D0DD1B0B0C1B2D1F31C3016EDA1922F88BB423F44368B946A
hash_sha384	E09E3BA5E9A3D81EC2CED979C2EDE3B50DDDFE548730079F0981FFC8FAF7B2847C03214734F49C187B2C540DFD9C72DF
hash_sha512	72707B630C48FB7E476CD38BBD7C3FBBD3EF37BF803A4355AE5064794EEE11BDEA43A6F52168A47345BFA7DA3B6F7816A8B85B5EE64CC2522E55BFAEAF17DD6A
hash_ssdeep	12288:k7Y6yPHxGm/dSjZGDlGdcI6qdo0qWTyc3OF3xL2l5z1X:k7YNPRGmlSj+lGdWUxTbOvc5z1
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Auto File System Format Utility
meta_original_filename	AUTOFMT.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.1532 (rs1_release_d.170711-1840)
meta_product_version	10.0.14393.1532
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

AxInstUI.exe-04D542885F20AADF19D2D2C3464B4835

key	value
file_name	AxInstUI.exe
file_path	C:\Windows\system32\AxInstUI.exe
hash_md5	04D542885F20AADF19D2D2C3464B4835
hash_sha1	91ACAA0BB83CEC34D6641660D34C48BFFF2551B7
hash_sha256	4974A7203DECD230B06935A9F76DA8CBBE4291F398E6256201F7EE6DBD2FA68B
hash_sha384	712665C15752FCAEC9C925802A4176F7E8C8BB0018D87E100E02F6C4AA6397CCADE7DD03528BBA7282AFC795ED8C1C34
hash_sha512	EC7D923E1D01ED3A6FDEBF00DB322ED11B4FCFA3B936B3DC3017187B42E603799B9EF916853179C8B57EED678320DFAD33143D69F57CD656E26645E0F37A123D
hash_ssdeep	384:qfoN1CWpDLEFV553RCoB1GM4+1xq3UZU9a1xq3UZU9iWmIW:qoNk8m5hCS1GM48ZU9QZU9q
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	ActiveX Installer Service
meta_original_filename	AxInstUI.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

backgroundTaskHost.exe-0601F285DCFF75E679BD91E39B6EBDBF

key	value
file_name	backgroundTaskHost.exe
file_path	C:\Windows\system32\backgroundTaskHost.exe
hash_md5	0601F285DCFF75E679BD91E39B6EBDBF
hash_sha1	8B4E7D875398E67D5277D9C8C9BFA027F9705EDC
hash_sha256	23A80E09DAE6DB17909E81B1CA7E9BF43158BDEE69C1646125FC62E6BFE2745B
hash_sha384	4A3D32544D52B06EE0E98CBE2694E83B2AEA205D89DCDB0642D54B7967E538752D8AF867620F839AB099AE3E0A54F270
hash_sha512	D9400D7261F929CF0AD2B366DD6A6352D15D398789EE416D3255C0910A5A4720D9F6319FCB7334AB46514AC0F5D78672A328791C30B023944FED68CDF5FD40D3
hash_ssdeep	384:WWXMoCedanirwMOe7WhGWTlRDBRJB2GolghvJO:FXMyZOeCz1PXVJO
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Background Task Host
meta_original_filename	backgroundTaskHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

BackgroundTransferHost.exe-1D6D710DFF26D49BCE1023D5AE2479FF

key	value
file_name	BackgroundTransferHost.exe
file_path	C:\Windows\system32\BackgroundTransferHost.exe
hash_md5	1D6D710DFF26D49BCE1023D5AE2479FF
hash_sha1	4E38115E5D040AEB4B91A6CA466A425D4A5DD188
hash_sha256	EE406F94F5E8E4DB280DFA70A77B7CC3AB53D1B11D6A52566A5CBCAA70D9EABC
hash_sha384	CC6401EA16EA28D6FCA7382DE1EB3442DFF782303B2A33D6B436C26156031A72DF1374D040FEA46C11DBD1568B8F86E2
hash_sha512	77BD2C36FDDCEAFF4162D67987000309765BAE1AB98002E5BB4471D64B4B5A7A52AEAD59A6028C54C366111A0DE368C6A0EF0CF066534B96FE522F2DFAD86C0E
hash_ssdeep	384:P26LrFHXUgU8g/LDBDKj+ZAWRIjRgpQNQpdRsp2TI0ToSxW0fgWkvE0g7QmmrIPh:+6vFFU8g//BW4AZ1NeI0jDN03A
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Download/Upload Host
meta_original_filename	BackgroundTransferHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

bcastdvr.exe-31C322433B3292783E839BC83493C399

key	value
file_name	bcastdvr.exe
file_path	C:\Windows\system32\bcastdvr.exe
hash_md5	31C322433B3292783E839BC83493C399
hash_sha1	87DACAEA1EF2AC5D62B6020636989B871B4121BF
hash_sha256	83E69C2AC58782B5A3FA484ED80F9BAB8C0C47F72EFF02C2B1C7D687CEE7BE3A
hash_sha384	4E27160E882DD04B90B2594B2E530BE0F4FE183737B12B188C1A11A3A86C459939FE13CD570D4FB9831A38AC27767F82
hash_sha512	E4188C7A75C14DD872326162B1384DE7AA18112EC766CB371A28CB9356745B983F75F0456D9D1BCACD51315BB850E4D90B74F859E64A3583E05DE9D3E9C67A4B
hash_ssdeep	12288:ElJpdpzZQmTiVXGUSXgFBgi1BD8t1cbV:ELVZVTJXDcBD8sb
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Broadcast DVR server
meta_original_filename	bcastdvr.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3686 (rs1_release.200504-1524)
meta_product_version	10.0.14393.3686
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

bcdboot.exe-728818E7BC00EF3333A3D23C7FF6AFA8

key	value
file_name	bcdboot.exe
file_path	C:\Windows\system32\bcdboot.exe
hash_md5	728818E7BC00EF3333A3D23C7FF6AFA8
hash_sha1	42A50C87008B7EECA9918F47471C74AA2B065D5F
hash_sha256	6FCE4D0E7A0C3A0D051EFB61CA5AD1E30AF75BCCA01DCD42CD3F49A105F34FFE
hash_sha384	062187D0487EE03AE1CF82D50C2966FCAE78D3C291943050639DBA3ED36E4DDAB91E06754F059A280D67017D4EB9DB0E
hash_sha512	24A61D11977F8FCE680F6F2DA80FE354FE8CBB5303E0F01AA162F900B7FA114E6743552D97EA05B6A25873CD2EA375E85A9DF46D3C2B47EC6BB886C4DA276421
hash_ssdeep	3072:BohQoV9ohKGp0qe9kzMVjS5EVk/R6iPeW+cUfbdQ:BohQoVGhKE0qt49Sak/0Dd
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Bcdboot utility
meta_original_filename	bcdboot.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Bcdboot - Bcd boot file creation and repair tool. The bcdboot.exe command-line tool is used to copy critical boot files to the system partition and to create a new system BCD store. bcdboot [/l ] [/s [/f ]] [/v] [/m [{OS Loader ID}]] [/addlast] [/p] [/c] source Specifies the location of the windows system root. /l Specifies an optional locale parameter to use when initializing the BCD store. The default is US English. /s Specifies an optional volume letter parameter to designate the target system partition where boot environment files are copied. The default is the system partition identified by the firmware. /v Enables verbose mode. /m If an OS loader GUID is provided, this option merges the given loader object with the system template to produce a bootable entry. Otherwise, only global objects are merged. /d Specifies that the existing default windows boot entry should be preserved. /f Used with the /s command, specifies the firmware type of the target system partition. Options for are 'UEFI', 'BIOS', or 'ALL'. /addlast Specifies that the windows boot manager firmware entry should be added last. The default behavior is to add it first. /p Specifies that the windows boot manager firmware entry position should be preserved. If entry does not exist, new entry will be added in the first position. /c Specifies that any existing objects described by the template should not be migrated. Examples: bcdboot c:\windows /l en-us bcdboot c:\windows /s h: bcdboot c:\windows /s h: /f UEFI bcdboot c:\windows /m {00000000-0000-0000-0000-000000000000} bcdboot c:\windows /d /addlast bcdboot c:\windows /p

bcdedit.exe-38F0419E6AC1A5B7A30438426C5D03AA

key	value
file_name	bcdedit.exe
file_path	C:\Windows\system32\bcdedit.exe
hash_md5	38F0419E6AC1A5B7A30438426C5D03AA
hash_sha1	05144616817F67849B4454AAD14F857EAF12FE7D
hash_sha256	7202B952F1456DBE5C75B19BFE2B8BD37F40384007F1E51FD632EAD10F1EEACC
hash_sha384	92220B32026C9555550157667EADC8B087B7A1A203EB5C036173AB7CCBE0743C38F0CC12F9AF3D9CCEA47ADA13F95246
hash_sha512	6683C28E3858106DEE3AF793C531B239E21F382568048A5AADCEFC423448B05952EF97A3777CD2BC49ABD77DDF70508DF8ED6565230FB94F18755FDF23EF7D5D
hash_ssdeep	3072:f3c6plKHsrMQg0bkZ61YM+ukyvNB4bduMafEh74MeUAOREquXg7PeYhuJ/XBMhdY:Pc6pgswQgY1YM+p8NB6IfECTTfYuJ/T
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Boot Configuration Data Editor
meta_original_filename	bcdedit.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	BCDEDIT - Boot Configuration Data Store Editor The Bcdedit.exe command-line tool modifies the boot configuration data store. The boot configuration data store contains boot configuration parameters and controls how the operating system is booted. These parameters were previously in the Boot.ini file (in BIOS-based operating systems) or in the nonvolatile RAM entries (in Extensible Firmware Interface-based operating systems). You can use Bcdedit.exe to add, delete, edit, and append entries in the boot configuration data store. For detailed command and option information, type bcdedit.exe /? . For example, to display detailed information about the /createstore command, type: bcdedit.exe /? /createstore For an alphabetical list of topics in this help file, run "bcdedit /? TOPICS". Commands that operate on a store ================================ /store Used to specify a BCD store other than the current system default. /createstore Creates a new and empty boot configuration data store. /export Exports the contents of the system store to a file. This file can be used later to restore the state of the system store. /import Restores the state of the system store using a backup file created with the /export command. /sysstore Sets the system store device (only affects EFI systems, does not persist across reboots, and is only used in cases where the system store device is ambiguous). Commands that operate on entries in a store =========================================== /copy Makes copies of entries in the store. /create Creates new entries in the store. /delete Deletes entries from the store. /mirror Creates mirror of entries in the store. Run bcdedit /? ID for information about identifiers used by these commands. Commands that operate on entry options ====================================== /deletevalue Deletes entry options from the store. /set Sets entry option values in the store. Run bcdedit /? TYPES for a list of datatypes used by these commands. Run bcdedit /? FORMATS for a list of valid data formats. Commands that control output ============================ /enum Lists entries in the store. /v Command-line option that displays entry identifiers in full, rather than using names for well-known identifiers. Use /v by itself as a command to display entry identifiers in full for the ACTIVE type. Running "bcdedit" by itself is equivalent to running "bcdedit /enum ACTIVE". Commands that control the boot manager ====================================== /bootsequence Sets the one-time boot sequence for the boot manager. /default Sets the default entry that the boot manager will use. /displayorder Sets the order in which the boot manager displays the multiboot menu. /timeout Sets the boot manager time-out value. /toolsdisplayorder Sets the order in which the boot manager displays the tools menu. Commands that control Emergency Management Services for a boot application ========================================================================== /bootems Enables or disables Emergency Management Services for a boot application. /ems Enables or disables Emergency Management Services for an operating system entry. /emssettings Sets the global Emergency Management Services parameters. Command that control debugging ============================== /bootdebug Enables or disables boot debugging for a boot application. /dbgsettings Sets the global debugger parameters. /debug Enables or disables kernel debugging for an operating system entry. /hypervisorsettings Sets the hypervisor parameters. Command that control remote event logging ========================================= /eventsettings Sets the global remote event logging parameters. /event Enables or disables remote event logging for an operating system entry.

BioIso.exe-0855653EBDFF403F8252D1797777ADC1

key	value
file_name	BioIso.exe
file_path	C:\Windows\system32\BioIso.exe
hash_md5	0855653EBDFF403F8252D1797777ADC1
hash_sha1	504A79EA9E0EE79DCDF0B6DADA0D18800CF3A3B2
hash_sha256	5E38342AF8D87785850EA09687A34CCD19543989B68DEB841E98D8F617007D89
hash_sha384	8C8FDF7291A961C2FE2710280091C1EE23580F81A4233684D469C8440EF0D307EDF584A700A564DA7688EAA225BFF47F
hash_sha512	0193E6564A96DFDAF5F80C125A58AC29F38DDACEC5126AABD001B4FC1BCAE8A34C75F8B02DA873E11B024E6BEDC1D2F31B6FB227C5CB1E1A0715E40F6DA59B78
hash_ssdeep	3072:43Af+FgHqzM4AmUarGlkHkibGanY15pwuOltoBbe38WxGsU1lkZjiTs01CDA/3eS:iAWFgKz67lsYf916is0cU8PN0as
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Secure Biometrics
meta_original_filename	BioIso.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

bitsadmin.exe-F548717B821860C2B2242367732FE105

key	value
file_name	bitsadmin.exe
file_path	C:\Windows\system32\bitsadmin.exe
hash_md5	F548717B821860C2B2242367732FE105
hash_sha1	8D6CB70C836642E0424CFC47D7156F285E382A5D
hash_sha256	E1057A20945BCE8F00C0BE5E3DB40C4A98AB33F42F4D2DF919AEDB0EF6651D6E
hash_sha384	2E0480DBC0AA2D014C81468D9DFD9064907626A32D4C358B87C08BDEDC2D85385547D435789195185AFCD7D1E4949414
hash_sha512	7F78E459FE1BD588519847E4BFD57EB30F19BED634D2A447A0BF151B5073B85399C0EF5EF483058D55A71F6EEAB2D285D6D00D1E8E5607F5271987B86F4F9F09
hash_ssdeep	3072:0aNHfEZH0gh/oX8NaV//+YksdZet0Z+q+mBSwS:RHAW8NYDZSw
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	BITS administration utility
meta_original_filename	bitsadmin.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	7.8.14393.0 (rs1_release.160715-1616)
meta_product_version	7.8.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Invalid command USAGE: BITSADMIN [/RAWRETURN] [/WRAP \| /NOWRAP] command The following commands are available: /HELP Prints this help /? Prints this help /UTIL /? Prints the list of utilities commands /PEERCACHING /? Prints the list of commands to manage Peercaching /CACHE /? Prints the list of cache management commands /PEERS /? Prints the list of peer management commands /LIST [/ALLUSERS] [/VERBOSE] List the jobs /MONITOR [/ALLUSERS] [/REFRESH sec] Monitors the copy manager /RESET [/ALLUSERS] Deletes all jobs in the manager /TRANSFER [type] [/PRIORITY priority] [/ACLFLAGS flags] remote_url local_name Transfers one of more files. [type] may be /DOWNLOAD or /UPLOAD; default is download Multiple URL/file pairs may be specified. Unlike most commands, may only be a name and not a GUID. /CREATE [type] Creates a job [type] may be /DOWNLOAD, /UPLOAD, or /UPLOAD-REPLY; default is download Unlike most commands, may only be a name and not a GUID. /INFO [/VERBOSE] Displays information about the job /ADDFILE <remote_url> <local_name> Adds a file to the job /ADDFILESET Adds multiple files to the job Each line of lists a file's remote name and local name, separated by spaces. A line beginning with '#' is treated as a comment. Once the file set is read into memory, the contents are added to the job. /ADDFILEWITHRANGES <remote_url> <local_name range_list> Like /ADDFILE, but BITS will read only selected byte ranges of the URL. range_list is a comma-delimited series of offset and length pairs. For example, 0:100,2000:100,5000:eof instructs BITS to read 100 bytes starting at offset zero, 100 bytes starting at offset 2000, and the remainder of the URL starting at offset 5000. /REPLACEREMOTEPREFIX <old_prefix> <new_prefix> All files whose URL begins with <old_prefix> are changed to use <new_prefix> Note that BITS currently supports HTTP/HTTPS downloads and uploads. It also supports UNC paths and file:// paths as URLS /LISTFILES Lists the files in the job /SUSPEND Suspends the job /RESUME Resumes the job /CANCEL Cancels the job /COMPLETE Completes the job /GETTYPE Retrieves the job type /GETACLFLAGS Retrieves the ACL propagation flags /SETACLFLAGS <ACL_flags> Sets the ACL propagation flags for the job O - OWNER G - GROUP D - DACL S - SACL Examples: bitsadmin /setaclflags MyJob OGDS bitsadmin /setaclflags MyJob OGD /GETBYTESTOTAL Retrieves the size of the job /GETBYTESTRANSFERRED Retrieves the number of bytes transferred /GETFILESTOTAL Retrieves the number of files in the job /GETFILESTRANSFERRED Retrieves the number of files transferred /GETCREATIONTIME Retrieves the job creation time /GETMODIFICATIONTIME Retrieves the job modification time /GETCOMPLETIONTIME Retrieves the job completion time /GETSTATE Retrieves the job state /GETERROR Retrieves detailed error information /GETOWNER Retrieves the job owner /GETDISPLAYNAME Retrieves the job display name /SETDISPLAYNAME <display_name> Sets the job display name /GETDESCRIPTION Retrieves the job description /SETDESCRIPTION Sets the job description /GETPRIORITY Retrieves the job priority /SETPRIORITY Sets the job priority Priority usage choices: FOREGROUND HIGH NORMAL LOW /GETNOTIFYFLAGS Retrieves the notify flags /SETNOTIFYFLAGS <notify_flags> Sets the notify flags For more help on this option, please refer to the MSDN help page for SetNotifyFlags/GETNOTIFYINTERFACE Determines if notify interface is registered /GETMINRETRYDELAY Retrieves the retry delay in seconds /SETMINRETRYDELAY <retry_delay> Sets the retry delay in seconds /GETNOPROGRESSTIMEOUT Retrieves the no progress timeout in seconds /SETNOPROGRESSTIMEOUT Sets the no progress timeout in seconds /GETMAXDOWNLOADTIME Retrieves the download timeout in seconds /SETMAXDOWNLOADTIME Sets the download timeout in seconds /GETERRORCOUNT Retrieves an error count for the job /SETPROXYSETTINGS Sets the proxy usage usage choices: PRECONFIG - Use the owner's default Internet settings. AUTODETECT - Force autodetection of proxy. NO_PROXY - Do not use a proxy server. OVERRIDE - Use an explicit proxy list and bypass list. Must be followed by a proxy list and a proxy bypass list. NULL or "" may be used for an empty proxy bypass list. Examples: bitsadmin /setproxysettings MyJob PRECONFIG bitsadmin /setproxysettings MyJob AUTODETECT bitsadmin /setproxysettings MyJob NO_PROXY bitsadmin /setproxysettings MyJob OVERRIDE proxy1:80 "" bitsadmin /setproxysettings MyJob OVERRIDE proxy1,proxy2,proxy3 NULL /GETPROXYUSAGE Retrieves the proxy usage setting /GETPROXYLIST Retrieves the proxy list /GETPROXYBYPASSLIST Retrieves the proxy bypass list /TAKEOWNERSHIP Take ownership of the job /SETNOTIFYCMDLINE <program_name> [program_parameters] Sets a program to execute for notification, and optionally parameters. The program name and parameters can be NULL. IMPORTANT: if parameters are non-NULL, then the program name should be the first parameter. Examples: bitsadmin /SetNotifyCmdLine MyJob c:\winnt\system32\notepad.exe NULL bitsadmin /SetNotifyCmdLine MyJob c:\callback.exe "c:\callback.exe parm1 parm2" bitsadmin /SetNotifyCmdLine MyJob NULL NULL /GETNOTIFYCMDLINE Returns the job's notification command line /SETCREDENTIALS Adds credentials to a job. may be either SERVER or PROXY may be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT. /REMOVECREDENTIALS Removes credentials from a job. /GETCUSTOMHEADERS Gets the Custom HTTP Headers /SETCUSTOMHEADERS <...> Sets the Custom HTTP Headers /GETCLIENTCERTIFICATE Gets the job's Client Certificate Information /SETCLIENTCERTIFICATEBYID <store_location> <store_name> <hexa-decimal_cert_id> Sets a client authentication certificate to a job. <store_location> may be 1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE), 4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY), 7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE). /SETCLIENTCERTIFICATEBYNAME <store_location> <store_name> <subject_name> Sets a client authentication certificate to a job. <store_location> may be 1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE), 4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY), 7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE). /REMOVECLIENTCERTIFICATE Removes the Client Certificate Information from the job /SETSECURITYFLAGS Sets the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer. The value is an unsigned integer with the following interpretation for the bits in the binary representation. Enable CRL Check : Set the least significant bit Ignore invalid common name in server certificate : Set the 2nd bit from right Ignore invalid date in server certificate : Set the 3rd bit from right Ignore invalid certificate authority in server certificate : Set the 4th bit from right Ignore invalid usage of certificate : Set the 5th bit from right Redirection policy : Controlled by the 9th-11th bits from right 0,0,0 - Redirects will be automatically allowed. 0,0,1 - Remote name in the IBackgroundCopyFile interface will be updated if a redirect occurs. 0,1,0 - BITS will fail the job if a redirect occurs. Allow redirection from HTTPS to HTTP : Set the 12th bit from right /GETSECURITYFLAGS Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer. /SETVALIDATIONSTATE <true\|false> starts from 0 Sets the content-validation state of the given file within the job. /GETVALIDATIONSTATE starts from 0 Reports the content-validation state of the given file within the job. /GETTEMPORARYNAME starts from 0 Reports the temporary filename of the given file within the job. The following options control peercaching of a particular job: /SETPEERCACHINGFLAGS Sets the flags for the job's peercaching behavior. The value is an unsigned integer with the following interpretation for the bits in the binary representation. Allow the job's data to be downloaded from a peer : Set the least significant bit Allow the job's data to be served to peers : Set the 2nd bit from right /GETPEERCACHINGFLAGS Reports the flags for the job's peercaching behavior. The following options are valid for UPLOAD-REPLY jobs only: /GETREPLYFILENAME Gets the path of the file containing the server reply /SETREPLYFILENAME Sets the path of the file containing the server reply /GETREPLYPROGRESS Gets the size and progress of the server reply /GETREPLYDATA Dumps the server's reply data in hex format The following options can be placed before the command: /RAWRETURN Return data more suitable for parsing /WRAP Wrap output around console (default) /NOWRAP Don't wrap output around console The /RAWRETURN option strips new line characters and formatting. It is recognized by the /CREATE and /GET* commands. Commands that take a parameter will accept either a job name or a job ID GUID inside braces. BITSADMIN reports an error if a name is ambiguous.

bootcfg.exe-DE200E259184C1E27A46A273826F4598

key	value
file_name	bootcfg.exe
file_path	C:\Windows\system32\bootcfg.exe
hash_md5	DE200E259184C1E27A46A273826F4598
hash_sha1	5A687E4901E1E09405239BEFB7745CC9A121D286
hash_sha256	D788BE82341083FEFB8320CCC9F88CDEC21F9CD5582125AF4FEFBC441FD9A748
hash_sha384	015C1EC93785398CD20351EA5337B7A8EEF24AE1AA7CE522FB91664354CB26113026E8E970487882935F92446034C22C
hash_sha512	7B8654D2AE8679FDDB4B788DCE234B386E5DF36E8C86879499425C1AE1E8C6C8BB2719E4F6B3F00FB2D6A7DA407AB77C835F68C9F4BDE242D87A38326F12F202
hash_ssdeep	1536:M8P7Mxh11crAug4IRLeC0byqklCLzaAx+DVmsJQuutas7PTa:y711cEX4F/b48uAMxmtas7ra
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	BootCfg - Lists or changes the boot settings.
meta_original_filename	bootcfg.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	BOOTCFG /parameter [arguments] Description: This command line tool can be used to configure, query, change or delete the boot entry settings in the BOOT.INI file. Parameter List: /Copy Makes a copy of an existing boot entry. /Delete Deletes an existing boot entry from the BOOT.INI file. /Query Displays the current boot entries and their settings. /Raw Allows the user to specify any switch to be added. /Timeout Allows the user to change the Timeout value. /Default Allows the user to change the Default boot entry. /EMS Allows the user to configure the /redirect switch for headless support. /Debug Allows the user to specify the port and baudrate for remote debugging. /Addsw Allows the user to add predefined switches. /Rmsw Allows the user to remove predefined switches. /Dbg1394 Allows the user to configure 1394 port for debugging. /? Displays this help message. Examples: BOOTCFG /Copy /? BOOTCFG /Delete /? BOOTCFG /Query /? BOOTCFG /Raw /? BOOTCFG /Timeout /? BOOTCFG /EMS /? BOOTCFG /Debug /? BOOTCFG /Addsw /? BOOTCFG /Rmsw /? BOOTCFG /Dbg1394 /? BOOTCFG /Default /? BOOTCFG /? WARNING: BOOT.INI is used for boot options on Windows XP and earlier operating systems. Use the BCDEDIT command line tool to modify Windows Vista boot options.
error	ERROR: Invalid syntax. Type "BOOTCFG /?" for usage.

bootim.exe-B710761B5ED0288253672C1BA805EBBF

key	value
file_name	bootim.exe
file_path	C:\Windows\system32\bootim.exe
hash_md5	B710761B5ED0288253672C1BA805EBBF
hash_sha1	205E58464ACE32358BA2062E956676F50C4B61C9
hash_sha256	4C66A88D7981117EF438EA867DC67445B3706BBB16AAFEA688AE74DB5DDF0D5C
hash_sha384	7609225A74038B72E437D85AA3679F74B1051CE8149098157609A2AE22F9AFCE0918394519723F206FB58FD1D2151541
hash_sha512	5BAEB73847C1854D5BAA58367F2268C4BA662CD0CDAF153E791BA0034C6DBA030F99EC6770F7EF9BAFC72D1EF093A8134F934F29FE794341D3D5EF376F30176E
hash_ssdeep	768:+wvsOjY8RL3Kpw2fCHAUTCdFPkkPL2vFHHoQ:+QsSLHgc09FMFHHoQ
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	boot immersive menus
meta_original_filename	bootim.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

bridgeunattend.exe-E8A0611BAEA2DD61EDF1033B3748A1D9

key	value
file_name	bridgeunattend.exe
file_path	C:\Windows\system32\bridgeunattend.exe
hash_md5	E8A0611BAEA2DD61EDF1033B3748A1D9
hash_sha1	D8C4F6F95B00C7C20CF2BB86008552CBDB0D5FBA
hash_sha256	33AC0BC2AAC1FB4A70804618460DC701D7D84ECFF343FFC20DD0CE873566081F
hash_sha384	A779EA165CDAB99DEDF747F20647B6CCDC99B90FA294F20B9FF3A84EB252B83E5041ECEBB7C06C3B020F7FD4F2EED231
hash_sha512	05378FDF70C425185A934319727444F764E05D5323186A590662CEEEED04029DF60A5FE51521AB4033B212FADE0E8C80A2FDAB3FA8377764C38717517A2464B0
hash_ssdeep	384:lNViIGafHo53dfNFCYMJYDoVbPPyvjKNbcD43C/O0YHWcfW:sJJCODiPQWeD410Yf
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Bridge Unattend Utility
meta_original_filename	bridgeunattend.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

browser_broker.exe-C7C56DB13D5F1A2BB6DE92B8BBD22CA0

key	value
file_name	browser_broker.exe
file_path	C:\Windows\system32\browser_broker.exe
hash_md5	C7C56DB13D5F1A2BB6DE92B8BBD22CA0
hash_sha1	1415D7D0C0BCC2B82BBAF0C5B965BE3E39132B61
hash_sha256	63CAB0DB2A90DAFA855F92BD9505DCF6BD197545A9D5A8FC40C3DFDFDB2AB2CB
hash_sha384	C9B92DF4FDA02A72A69EDCD729CDD0355E3260A81ADC956BE8CEF4BE4FDD8BD074709D0592265A4AC357F70FDAF53E73
hash_sha512	B7D27488AE9235A800145062C7146C455D903BEEEC5B2049B3A340B15C13C611C0F0138305F552593736604390F8DD4915A94212B34DDF8B8CE66421F254F18C
hash_ssdeep	384:/789syaX6EptzFas9SYtSZu0h5Q2DgWQHFWMWbHFWumXjDBRJp81Zl9Qz:/geXPXzcW0ha2DKEyXj1PAY
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Browser_Broker
meta_original_filename	browser_broker.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	11.00.14393.2791 (rs1_release.190205-1511)
meta_product_version	11.00.14393.2791
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

bthudtask.exe-CCDD2D8B1E499BFC883BA7436B480DE3

key	value
file_name	bthudtask.exe
file_path	C:\Windows\system32\bthudtask.exe
hash_md5	CCDD2D8B1E499BFC883BA7436B480DE3
hash_sha1	E0378C5D47A2B81B31AC38AFC39EBFDE7903AE10
hash_sha256	8C5B4D4B3AAD46D75F119DC627E1215186BCABCDB03CADAC8AEA4E6B3AA5A645
hash_sha384	463699B5D78590DE320513A3F505D9EC5D4AC71DAFD090B25AC904E4C946B95685917AF2F0AB48FAC441F27F2340011C
hash_sha512	B3824502EF9D678078741EBDA37AC044F6FA3CD1EA2BB150B77BE2A7A9CE843EE2DD1497ED4FF00A4A4B654FA070B7889A69EC7DE8625FC7352547B998A73204
hash_ssdeep	384:xB/XWYz5UAFDKUKw2cfXNIZwAZdkkYWWUHWJKJajXDO1/EagS817l:f/mYNl49UfdYkkhEzDO
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Bluetooth Uninstall Device Task
meta_original_filename	BthUdTask.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

ByteCodeGenerator.exe-E36553DAD04554CB8E891F348DD6955E

key	value
file_name	ByteCodeGenerator.exe
file_path	C:\Windows\system32\ByteCodeGenerator.exe
hash_md5	E36553DAD04554CB8E891F348DD6955E
hash_sha1	44F85E6A74AE49BFC2B4DEA5A8F7ECDA8CF97C40
hash_sha256	8EABA705068D576ECF9BEEAF62DE53A8189FF9F339905E4A71EA3FDF5E3C90B2
hash_sha384	0B11533398E1E161341FBB3EF76B3822713A341EA9D2A146C33A8FF953FC55EBC2173B333676D4D8B19237AAECFF709B
hash_sha512	C83BFF61CF1D4874387345C26B71DD47625A39D56E37BF8301A9A3FF28157E559875EEF901710B51E0CEADF472B347FE6F224797B56AF121DCFBA4CDE5E6BFDA
hash_ssdeep	768:QXO7ydUYDCJ9RqQRecfgWdaDtgZtgXnbGefpVi+DiU4lelTUoxE0cxEMvdpB7Bq:OOB/icXh0b7hk++U2p0YlpBdq
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	AppX Deployment Bytecode Generator EXE
meta_original_filename	BytecodeGenerator.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

cacls.exe-5A28B3C94D93A367B370C80820942DC8

key	value
file_name	cacls.exe
file_path	C:\Windows\system32\cacls.exe
hash_md5	5A28B3C94D93A367B370C80820942DC8
hash_sha1	1328A9F91A011F707B2C0718EB206CD2DEFA4D7B
hash_sha256	1E7C610F63BA1E22F8CE1350DF98F0825A4A23328C15928BE67EE6E8B58E0290
hash_sha384	88EBC5C363B085C9BEED8912537EC008F3D2A4007B937FE44135A8DBF6F09FA6A919F49B58802BF6E87370BB1C7136F6
hash_sha512	291D9CB617700388F16C202C859A7020CC7F8E1985D96530526404DA4DD4D82EEFF26B5483ECBF01C974BE558D4767530D749B791515B291ABCB09855D94C156
hash_ssdeep	768:5RieH9nlsba7UydioQhMSj6DkPkzixXsLmM+Pu:riUltYyiofSj64PdSmM+Pu
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Control ACLs Program
meta_original_filename	CACLS.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	\r NOTE: Cacls is now deprecated, please use Icacls.\r \r Displays or modifies access control lists (ACLs) of files\r \r CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]\r [/R user [...]] [/P user:perm [...]] [/D user [...]]\r filename Displays ACLs.\r /T Changes ACLs of specified files in\r the current directory and all subdirectories.\r /L Work on the Symbolic Link itself versus the target\r /M Changes ACLs of volumes mounted to a directory\r /S Displays the SDDL string for the DACL.\r /S:SDDL Replaces the ACLs with those specified in the SDDL string\r (not valid with /E, /G, /R, /P, or /D).\r /E Edit ACL instead of replacing it.\r /C Continue on access denied errors.\r /G user:perm Grant specified user access rights.\r Perm can be: R Read\r W Write\r C Change (write)\r F Full control\r /R user Revoke specified user's access rights (only valid with /E).\r /P user:perm Replace specified user's access rights.\r Perm can be: N None\r R Read\r W Write\r C Change (write)\r F Full control\r /D user Deny specified user access.\r Wildcards can be used to specify more than one file in a command.\r You can specify more than one user in a command.\r \r Abbreviations:\r CI - Container Inherit.\r The ACE will be inherited by directories.\r OI - Object Inherit.\r The ACE will be inherited by files.\r IO - Inherit Only.\r The ACE does not apply to the current file/directory.\r ID - Inherited.\r The ACE was inherited from the parent directory's ACL.\r

calc.exe-4673C27FDCAB6166578A1863060D83FF

key	value
file_name	calc.exe
file_path	C:\Windows\system32\calc.exe
hash_md5	4673C27FDCAB6166578A1863060D83FF
hash_sha1	4A2446EE9651D90AC6C5613BDDF416DF197F6401
hash_sha256	B093FD472121CDA0BBB1E0079479DE36325F1B2FAA7FDA54C4F757565572FE1D
hash_sha384	FDD4BB991CD9FB460DE2A77B1EC9142988AB256604102F04AA775C4E274B94FD0A7B467FCADB1A5A547C3BCEB8A88ED0
hash_sha512	D570BA4428BC5085B7CADD56A25233CAB810DCEB17D8873D4B458A4E7FA565201B45525F252489B4571ECEC24333BA216907FC849992A74572ADE03E61F00F3E
hash_ssdeep	384:ju/51mFSDUiIMbPWUrytejUSFqpy7LJcGWSAYWSiiiiiiiiiiiiiiiiiiiiiiiik:juiQI0OUfjUUevb
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Calculator
meta_original_filename	CALC.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	win32calc.exe

CameraSettingsUIHost.exe-1BF18CFEE1C87D70212A6221A1902412

key	value
file_name	CameraSettingsUIHost.exe
file_path	C:\Windows\system32\CameraSettingsUIHost.exe
hash_md5	1BF18CFEE1C87D70212A6221A1902412
hash_sha1	51A745FF2762E15C070F3BC52BA2311602FF548E
hash_sha256	4A3F27D0B975E2CC2FAA75763913A17E64244BF44C44907A0DD6F1AE681F080A
hash_sha384	2EBEC29A91DB8C5140404EE526F94BFCCCE8D79502825D9A45A68665FDD434418FA6EBB329A6F8A53DF9D0AF29A3C6D9
hash_sha512	FA4FF8BC8035FE8310564320B21AD95187668CD1E44502E9BC7598873813C5D602BFBB4489E055EFB3A9495E3C0A779A6EC2B3328C4A87F0302BA61AE155856C
hash_ssdeep	768:7tBKESlh0V9HekDZ3WAcUArXYHAIe1PO1q:2Bj6ZmApADYHAIGP6q
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Camera Settings UI Host
meta_original_filename	CameraSettingsUIHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

CastSrv.exe-78AACFC94400EC961796DECA636C5E25

key	value
file_name	CastSrv.exe
file_path	C:\Windows\system32\CastSrv.exe
hash_md5	78AACFC94400EC961796DECA636C5E25
hash_sha1	F8D4C766104209B5E78336466D3D93176B20D1B0
hash_sha256	260B608EC4C2E43A78C5585B97AEFCE1A34429A6FA85CE6E152719344EDF896D
hash_sha384	2840F98C1B6A49782FC479FC6FE5B0C94DF93A7E3B50AF6F1722612B4DD231543FB62B9102937444712C1D41EB485C84
hash_sha512	E2F80FB124C201E678F52921513B17EB03BDD91576F0D4BACB48C86200E27A39D43EB286F56FDF78C74D0A90220796F745D714213171EFEA2052A116EBD7FD23
hash_ssdeep	1536:gObBZ2wy1VwFvmrzQx4Qg+pLvrT8hZKiWuKhazDnJPKoJ:hbBZZyrUvmrolgwrTSKiWuKozzJCoJ
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Casting protocol connection listener
meta_original_filename	CastSrv.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

CertEnrollCtrl.exe-D9DE355599A2CD57600B1C4932D12F3A

key	value
file_name	CertEnrollCtrl.exe
file_path	C:\Windows\system32\CertEnrollCtrl.exe
hash_md5	D9DE355599A2CD57600B1C4932D12F3A
hash_sha1	48EF2A0F97CF94DA58AD93FF2B9E34B2417AD7F7
hash_sha256	912EF3F36892C013566988D86796ABFDE12AC513D32408E83DB589FA64BDFFC4
hash_sha384	DE8C26754059494549D19127D96AEB47EF93FB75328FCC0E3691820C763996CB203E95FB902E0E1285151F8D0CD6F8CB
hash_sha512	61E10A3F3E0A909C774006F0B6AC66CEBFA3251C41DAE14A89A7A580E52A27F78254A6327432225C022E5857A31E0FBC8C961CAFB11F50865AD6D9E491A421AF
hash_ssdeep	768:fAQHFNpqi4P1fhZzUkjmj+LINv7tWNp+2OEiZ+iaOjprTllDyVO1vTzwiEU7JWG8:fAQRql5k+89BWC2fivHuYHwPUIGeCNK
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Certificate Enrollment Control
meta_original_filename	EnrollComServer.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

certreq.exe-81C07107AB05BD4C4AE1B7D889BCD4FE

key	value
file_name	certreq.exe
file_path	C:\Windows\system32\certreq.exe
hash_md5	81C07107AB05BD4C4AE1B7D889BCD4FE
hash_sha1	97BA5F1CEA1C13C8E89CB476BEBD5B278BA853E5
hash_sha256	23FD587C7C7FACF6B1B23EDAEC7DBEA5EAEF4F3820ACBAD73D338774D29F2970
hash_sha384	EE61C90C810840EB4E77618ED983E5575E045C9FFDF68796B2EA8EF3C278EEC414CECFE2E0298414117AC15F9FD4E6CA
hash_sha512	96E261C01D859DD9C1F15BDC04AFD44E6F4CBA2B6C64540693CB37B92B1653785B59017B2490B6DE72F3F2BB84EDB0D4A222FAE8B8C2271E21A729AC6E1FB293
hash_ssdeep	6144:e1yDud3OkISnubPVJZ8Ua7Z/xrR47giuXoXPPj:eoUVniPXZK7Zv40p0b
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	CertReq.exe
meta_original_filename	CertReq.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	conhost.exe
output	Usage:\r CertReq -?\r CertReq [-v] -?\r CertReq [-Command] -?\r CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]]\r Submit a request to a Certification Authority.\r Options:\r -attrib AttributeString\r -binary\r -PolicyServer PolicyServer\r -config ConfigString\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -crl\r -rpc\r -AdminForceMachine\r -RenewOnBehalfOf\r -NoChallenge\r CertReq -Retrieve [Options] RequestId [CertFileOut [CertChainFileOut [FullResponseFileOut]]]\r Retrieve a response to a previous request from a Certification Authority.\r Options:\r -binary\r -PolicyServer PolicyServer\r -config ConfigString\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -crl\r -rpc\r -AdminForceMachine\r CertReq -New [Options] [PolicyFileIn [RequestFileOut]]\r Create a new request as directed by PolicyFileIn\r Options:\r -attrib AttributeString\r -binary\r -cert CertId\r -PolicyServer PolicyServer\r -config ConfigString\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -pin Pin\r -user\r -machine\r -xchg ExchangeCertFile\r CertReq -Accept [Options] [CertChainFileIn \| FullResponseFileIn \| CertFileIn]\r Accept and install a response to a previous new request.\r Options:\r -user \r -machine \r -pin Pin\r CertReq -Policy [Options] [RequestFileIn [PolicyFileIn [RequestFileOut [PKCS10FileOut]]]]\r Construct a cross certification or qualified subordination request\r from an existing CA certificate or from an existing request.\r Options:\r -attrib AttributeString\r -binary\r -cert CertId\r -PolicyServer PolicyServer\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -pin Pin\r -noEKU\r -AlternateSignatureAlgorithm\r -HashAlgorithm HashAlgorithm\r CertReq -Sign [Options] [RequestFileIn [RequestFileOut]]\r Sign a certificate request with an enrollment agent or qualified\r subordination signing certificate.\r Options:\r -binary\r -cert CertId\r -PolicyServer PolicyServer\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -pin Pin\r -crl\r -noEKU\r -HashAlgorithm HashAlgorithm\r CertReq -Enroll [Options] TemplateName\r CertReq -Enroll -cert CertId [Options] Renew [ReuseKeys]\r Enroll for or renew a certificate.\r Options:\r -PolicyServer PolicyServer\r -user \r -machine \r -pin Pin\r CertReq -EnrollAIK [Options] [KeyContainerName]\r Enroll for AIK certificate.\r Options:\r -config\r CertReq -EnrollCredGuardCert [Options] TemplateName [ExtensionInfFile]\r Enroll for machine account Credential Guard certificate.\r Options:\r -config\r Unknown argument: -help

certutil.exe-E4EF926FE8FADE150250A706922BB969

key	value
file_name	certutil.exe
file_path	C:\Windows\system32\certutil.exe
hash_md5	E4EF926FE8FADE150250A706922BB969
hash_sha1	BF24C5E8C4C2B25740E1AEB1FBCB36C58F392A83
hash_sha256	7F924C38130A582FC3B6F94F388234789569C3D8101FD471925217D0F6212175
hash_sha384	79B9A860CD81D5D0B8BDBAC9EA1CB429B83B20D23C191509D18ACE16147F6773F581FABA17EF97890044018F5B9376FD
hash_sha512	4F129E89AD91F5FB979CCF67C5C5C7C8EBB1723D38D0F1398558B8E5F8E2440B8A177D05336BEBE8264820CA65EBF0EB78801765AFBF6B983B8AFC251C675503
hash_ssdeep	24576:m2WXVRbBU0x/BzK2za8KXDqp5DNvtrGGbz0bBE9hDauGXbuEsqf:m2WlRbBU0xEiazUNvzuE9FauG6q
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	CertUtil.exe
meta_original_filename	CertUtil.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Verbs: -dump -- Dump configuration information or file -dumpPFX -- Dump PFX structure -asn -- Parse ASN.1 file -decodehex -- Decode hexadecimal-encoded file -decode -- Decode Base64-encoded file -encode -- Encode file to Base64 -deny -- Deny pending request -resubmit -- Resubmit pending request -setattributes -- Set attributes for pending request -setextension -- Set extension for pending request -revoke -- Revoke Certificate -isvalid -- Display current certificate disposition -getconfig -- Get default configuration string -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface -CAInfo -- Display CA Information -ca.cert -- Retrieve the CA's certificate -ca.chain -- Retrieve the CA's certificate chain -GetCRL -- Get CRL -CRL -- Publish new CRLs [or delta CRLs only] -shutdown -- Shutdown Active Directory Certificate Services -installCert -- Install Certification Authority certificate -renewCert -- Renew Certification Authority certificate -schema -- Dump Certificate Schema -view -- Dump Certificate View -db -- Dump Raw Database -deleterow -- Delete server database row -backup -- Backup Active Directory Certificate Services -backupDB -- Backup Active Directory Certificate Services database -backupKey -- Backup Active Directory Certificate Services certificate and private key -restore -- Restore Active Directory Certificate Services -restoreDB -- Restore Active Directory Certificate Services database -restoreKey -- Restore Active Directory Certificate Services certificate and private key -importPFX -- Import certificate and private key -dynamicfilelist -- Display dynamic file List -databaselocations -- Display database locations -hashfile -- Generate and display cryptographic hash over a file -store -- Dump certificate store -enumstore -- Enumerate certificate stores -addstore -- Add certificate to store -delstore -- Delete certificate from store -verifystore -- Verify certificate in store -repairstore -- Repair key association or update certificate properties or key security descriptor -viewstore -- Dump certificate store -viewdelstore -- Delete certificate from store -UI -- Certificate Trust List: -attest -- Verify Key Attestation Request -dsPublish -- Publish certificate or CRL to Active Directory -ADTemplate -- Display AD templates -Template -- Display Enrollment Policy templates -TemplateCAs -- Display CAs for template -CATemplates -- Display templates for CA -SetCASites -- Manage Site Names for CAs -enrollmentServerURL -- Display, add or delete enrollment server URLs associated with a CA -ADCA -- Display AD CAs -CA -- Display Enrollment Policy CAs -Policy -- Display Enrollment Policy -PolicyCache -- Display or delete Enrollment Policy Cache entries -CredStore -- Display, add or delete Credential Store entries -InstallDefaultTemplates -- Install default certificate templates -URLCache -- Display or delete URL cache entries -pulse -- Pulse autoenrollment event or NGC task -MachineInfo -- Display Active Directory machine object information -DCInfo -- Display domain controller information -EntInfo -- Display enterprise information -TCAInfo -- Display CA information -SCInfo -- Display smart card information -SCRoots -- Manage smart card root certificates -verifykeys -- Verify public/private key set -verify -- Verify certificate, CRL or chain -verifyCTL -- Verify AuthRoot or Disallowed Certificates CTL -syncWithWU -- Sync with Windows Update -generateSSTFromWU -- Generate SST from Windows Update -generatePinRulesCTL -- Generate Pin Rules CTL -downloadOcsp -- Download OCSP Responses and Write to Directory -addEccCurve -- Add ECC Curve -deleteEccCurve -- Delete ECC Curve -displayEccCurve -- Display ECC Curve -sign -- Re-sign CRL or certificate -vroot -- Create/delete web virtual roots and file shares -vocsproot -- Create/delete web virtual roots for OCSP web proxy -addEnrollmentServer -- Add an Enrollment Server application -deleteEnrollmentServer -- Delete an Enrollment Server application -addPolicyServer -- Add a Policy Server application -deletePolicyServer -- Delete a Policy Server application -oid -- Display ObjectId or set display name -error -- Display error code message text -getreg -- Display registry value -setreg -- Set registry value -delreg -- Delete registry value -ImportKMS -- Import user keys and certificates into server database for key archival -ImportCert -- Import a certificate file into the database -GetKey -- Retrieve archived private key recovery blob, generate a recovery script, or recover archived keys -RecoverKey -- Recover archived private key -MergePFX -- Merge PFX files -ConvertEPF -- Convert PFX files to EPF file -? -- Display this usage message CertUtil -? -- Display a verb list (command list) CertUtil -dump -? -- Display help text for the "dump" verb CertUtil -v -? -- Display all help text for all verbs CertUtil: -? command completed successfully.

change.exe-4645FC757936A446550596B27CE63E79

key	value
file_name	change.exe
file_path	C:\Windows\system32\change.exe
hash_md5	4645FC757936A446550596B27CE63E79
hash_sha1	A68600DEF3CCA2294CDBC2933C8D5081220FB227
hash_sha256	C66BF7322DEEAEC6109FD82C700569E3322701AFB5EC19006B51E3600EEE86CB
hash_sha384	2D15C5554ED1049137820CF75C3461A05F186678BC1402AE51BB0D726F5268BB2C3CB2356AF53717071B93E05DCBFF9A
hash_sha512	2ACE5B1370A0F0931A96951EED0AF1E382D6A18D41D6F4786265B79EA1254D3BC6C5035D3902DCEC873A07D0216CA292340B77CE65D53C2567860052C41D3B92
hash_ssdeep	192:vWS8qyttAW2/Ei8h9aPB/E/RJoqxx2+YcLWjhAvNsr+GXn1qmvWNLW:vWS8qyUW2s9/fTD2TKo2vNsr+wvWNLW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Remote Desktop Services Change Utility
meta_original_filename	change.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	CHANGE { LOGON \| PORT \| USER }
error	Invalid parameter(s) CHANGE { LOGON \| PORT \| USER }

changepk.exe-E158157A57E322D9BB683FE2378724BA

key	value
file_name	changepk.exe
file_path	C:\Windows\system32\changepk.exe
hash_md5	E158157A57E322D9BB683FE2378724BA
hash_sha1	A863F6C4299446AA6DFBDADCA98AE40FA044EB5E
hash_sha256	64708A3E27EE5ACBEB14140A956AAF8F6472CF60D592C05BC564851BE5CD42D5
hash_sha384	D86A41EA963DC9B3970EE8B909AA03E6FD79ECA23384145FCF3FF02C74EB09FC31989F87BDCFF901A3323508F89A8A62
hash_sha512	2767FB90151E7A2BFB41516854D8893BCEC9E9458369ED481ED6A97EE06E7107832FB1215FF61973C17645F2511DCED990B6C3A04664EC94302DEB5AD673154E
hash_ssdeep	1536:/nceOoyWlp5h15wTGjvzj07j5UfTTfPLr0:EoyqHXzK5UfTTfzr0
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Activation
meta_original_filename	changepk.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

charmap.exe-9FE7E5B2973E876A0A48A2B3C3104AEB

key	value
file_name	charmap.exe
file_path	C:\Windows\system32\charmap.exe
hash_md5	9FE7E5B2973E876A0A48A2B3C3104AEB
hash_sha1	68EBCD6019C94215568DAAF356CA71EE76C024CC
hash_sha256	25E722D47EA9421B38E41059C73077606CAEE3EF6B6E4885E3D59F80E014B1D8
hash_sha384	72CDE8130C5BC100328B0FCBF84A4705FE5EE1888BE749285F64341A6DF70C0F9E2F643CA48DCDD23B7F972251427D73
hash_sha512	C2AAE18B11B743A043942948A3903E347BA5813E5B2AE3BD4CB951C745B1F9DCA80074588C9923E035319C4BE0B46ACA1ADF8CD3E042865A6794E9391A1CAE4B
hash_ssdeep	3072:ci6ND48iXJJ5G4peH4817f7UIH+XnF/buMbrLF5NUdrSO9K/tagbdDu5nB:8i5J5GK63lY7n1Dbgqt5g
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Character Map
meta_original_filename	charmap.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	5.2.3668.0
meta_product_version	5.2.3668.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

CheckNetIsolation.exe-E1E1BCDF1C08D0FCB81B521C1EBADEE9

key	value
file_name	CheckNetIsolation.exe
file_path	C:\Windows\system32\CheckNetIsolation.exe
hash_md5	E1E1BCDF1C08D0FCB81B521C1EBADEE9
hash_sha1	7A6BB4D9287450108917DFC87829237DA8CBE7AD
hash_sha256	5C47AB615178CFBD5633F77029F7B05C8F7151C865A3CF3E347312C6A04167AA
hash_sha384	968A500F7CF32A1AC2928E86BA53B5AFA63961374593331077F175257214C89CB88903744B797C0003B020FBBD92036F
hash_sha512	D027FDD29DD1E484483486ED3C4BBF3F31A9DEF9757209BA373792DA7580BEC52B421C4AF61E22678D9EC9A9B27992ACD712690EB62778C662BFE509A2799811
hash_ssdeep	768:KmIFT6/SRYi9TFAClvoGayQ+h1b4v7pN:hsTAZShAClvoGany1b4v7p
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	AppContainer Network Isolation Diagnostic Tool
meta_original_filename	CheckNetIsolation.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Error: Invalid Parameters Usage: CheckNetIsolation [Module] List Of Modules: LoopbackExempt - controls the loopback exemption of AppContainers and Package Families to ease application development. Debug - Starts a network traffic troubleshooting session of an AppContainer or Package Family. Generates a report of network capabilities that are used, not used or missing, together with the network traffic generated by the application. -? - Displays this help message.

chglogon.exe-B6A3F273EE6A39CDDEB63AABCB6393DA

key	value
file_name	chglogon.exe
file_path	C:\Windows\system32\chglogon.exe
hash_md5	B6A3F273EE6A39CDDEB63AABCB6393DA
hash_sha1	C0BFE8B5628D9DCFE2966721FB3F0BF7845EA93D
hash_sha256	1C83A61F2FBCF0713498086E22786E105557CAEEDC9A9DAA8064DD19BAA85F0B
hash_sha384	D1423EEC68A653823B00CFC2344C269B4E2C00674802ABCD20EB161F50792A575F5E295FD3A51B12E21FDD67D0A22A2E
hash_sha512	56436EC4624ED30E469683C103F31210F8D1E8AF0E5083E61D4FCE11FDEB26A27D3AD7A98187012F51B1B68970736B97E5A915D74C7CA95E6E2982BE1973476E
hash_ssdeep	384:+zDWGx94ReeBLAJS5Zdt2QFiEt55l/W1Vf+6YZ9aM5mlpXMrPYPuqWZEW:+/uBLZdBp+jf+3NmwYPuV
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Change Logon Utility
meta_original_filename	chglogon.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
error	Invalid parameter(s) Enable, disable, or drain session logins. CHANGE LOGON {/QUERY \| /ENABLE \| /DISABLE \| /DRAIN \| /DRAINUNTILRESTART} /QUERY Query current session login mode. /ENABLE Enable user login from sessions. /DISABLE Disable user login from sessions. /DRAIN Disable new user logons, but allow reconnections to existing sessions. /DRAINUNTILRESTART Disable new user logons until the server is restarted, but allow reconnections to existing sessions.

chgport.exe-1C0796B4A1B37D9970DE98F05ABB3E1A

key	value
file_name	chgport.exe
file_path	C:\Windows\system32\chgport.exe
hash_md5	1C0796B4A1B37D9970DE98F05ABB3E1A
hash_sha1	8F83E5A5EE2A34C32BD66FEA557BE96210D42F62
hash_sha256	0FE597AD95B4878CC62E79ABE423CF4F757763C0A9C1415745C80DCE3CF31372
hash_sha384	05F90154A6163C8927275EC15B2EF823E134AECB8DFBBF08D4717A3DB297E000E655F474F1F1990E6F0450B846012328
hash_sha512	9F4ADB12BF222421D36A3C2ECC6A731E1E433B3EEDD5BF371C2568448C243F630A8326C62B247B3527F15A7BAEBA217E2592063F77098813A254333E4D59F07C
hash_ssdeep	384:BFHyeMQeeCdiiRdSyYIRIA0L9Bt9XEBEw55kmPtQFj4PSvzy8/5HhMJPGDrMWgQW:BFHaQjibAIuBwNllEkmzf/bDrm
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Change port Utility
meta_original_filename	chgport.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
error	Invalid parameter(s) List or change COM port mappings for DOS application compatibility. CHANGE PORT [portx=porty \| /D portx \| /QUERY] portx=porty Map port x to port y. /D portx Delete mapping for port x. /QUERY Display current mapping ports.

chgusr.exe-FA3BD1F9901285218280C4019623F589

key	value
file_name	chgusr.exe
file_path	C:\Windows\system32\chgusr.exe
hash_md5	FA3BD1F9901285218280C4019623F589
hash_sha1	E57D5845D4B25E8A11D2C92FC78E322D8B849A11
hash_sha256	51FE407785A2B1164B5313C981968A6EB100AB21A3B9DEBA25DE223BA96A22BE
hash_sha384	B21057D8278936B680589D0DFEE6677422034AABF7E41D03825BBCF7127BB07826895ACE5DEE76F94ACB5A0D678F5C5C
hash_sha512	98E3EF448D6AF85E9378E237BA3CB659155BB113FBD750F632943028E192E26B35143234F8E27116CA4F5080BEED34F49611B323AF4FB3BAFD130D0B2E3DB4A8
hash_ssdeep	384:kyMAOpQEtYZQBEP55zi/ErBPC3Y71OcQLu0Qm16jNH4aWsVW:FENY6mBPIEjQa0QT4A
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Change INI File Mapping Utility
meta_original_filename	chgusr.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Change Install Mode. CHANGE USER {/EXECUTE \| /INSTALL \| /QUERY} /EXECUTE Enable execute mode (default). /INSTALL Enable install mode. /QUERY Display current settings.
error	Invalid parameter(s) Change Install Mode. CHANGE USER {/EXECUTE \| /INSTALL \| /QUERY} /EXECUTE Enable execute mode (default). /INSTALL Enable install mode. /QUERY Display current settings.

chkdsk.exe-7FF8B08D7537D3EB817332D962488C69

key	value
file_name	chkdsk.exe
file_path	C:\Windows\system32\chkdsk.exe
hash_md5	7FF8B08D7537D3EB817332D962488C69
hash_sha1	9D3D757D38B44EA84D19A7DE63B860821217CDEF
hash_sha256	249CE8BFC6DFDB17CF87F97DC8F5541FAFB75F8ABDC9419364204AB8144E5E29
hash_sha384	7A3EDF82F94F4D52ED90DB72BA5E8CA1784E39A3B4B09D30A26AB6E8D11FABF8AD27D3C026360DB36E3E32F4BA7B698B
hash_sha512	3A58412C9D091A3F8B239744877A025A139C7546D1A6DC145DA390EEA3FBF8685D8FDF21B209DF6D7204476BA6D47C507283315EEC017C6AC4EC3EB3443B2FE0
hash_ssdeep	384:Zf1Q/Mof3hE7QaVigrWBLD4APQ7fJGro1h2+0eImIoOzFNWWSFrhW:h10hP0ViYWBDMfQrM30ev4Or
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Check Disk Utility
meta_original_filename	CHKDSK.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Checks a disk and displays a status report. CHKDSK [volumepath]filename] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]] [/B] [/scan] [/spotfix] volume Specifies the drive letter (followed by a colon), mount point, or volume name. filename FAT/FAT32 only: Specifies the files to check for fragmentation. /F Fixes errors on the disk. /V On FAT/FAT32: Displays the full path and name of every file on the disk. On NTFS: Displays cleanup messages if any. /R Locates bad sectors and recovers readable information (implies /F, when /scan not specified). /L:size NTFS only: Changes the log file size to the specified number of kilobytes. If size is not specified, displays current size. /X Forces the volume to dismount first if necessary. All opened handles to the volume would then be invalid (implies /F). /I NTFS only: Performs a less vigorous check of index entries. /C NTFS only: Skips checking of cycles within the folder structure. /B NTFS only: Re-evaluates bad clusters on the volume (implies /R) /scan NTFS only: Runs a online scan on the volume /forceofflinefix NTFS only: (Must be used with "/scan") Bypass all online repair; all defects found are queued for offline repair (i.e. "chkdsk /spotfix"). /perf NTFS only: (Must be used with "/scan") Uses more system resources to complete a scan as fast as possible. This may have a negative performance impact on other tasks running on the system. /spotfix NTFS only: Runs spot fixing on the volume /sdcleanup NTFS only: Garbage collect unneeded security descriptor data (implies /F). /offlinescanandfix Runs an offline scan and fix on the volume. /freeorphanedchains FAT/FAT32/exFAT only: Frees any orphaned cluster chains instead of recovering their contents. /markclean FAT/FAT32/exFAT only: Marks the volume clean if no corruption was detected, even if /F was not specified. The /I or /C switch reduces the amount of time required to run Chkdsk by skipping certain checks of the volume.

chkntfs.exe-B153574FEFD4B21A45855C4267027007

key	value
file_name	chkntfs.exe
file_path	C:\Windows\system32\chkntfs.exe
hash_md5	B153574FEFD4B21A45855C4267027007
hash_sha1	BD03976BDE015ABCA84961E3AE4FAA04696FBE96
hash_sha256	C5066D00E21F691F9716EFA0A85386EB10AF407011363B123DBB7386166339F0
hash_sha384	6714422C73E76E5751126775F28EC4B111650763900FCECDB7D1325BDC0CF438FB67286C4A25FC8F7C23B2CC010A7353
hash_sha512	E2D2044C967E741C4EAB91E23DE55A6CA83642AA9C3C5D82CBC2965782C86ED61643227B1BFA3B652AA3379FB53124A8457FCAA11DE5518426A2814B10D93452
hash_ssdeep	384:ZrTDt8z/kU8lV9F5ip3LiolfCTvCl0CTFLIk23jsONEW56W:tDt87klVBidnfC+mCZL4AOR
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	NTFS Volume Maintenance Utility
meta_original_filename	CHKNTFS.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Displays or modifies the checking of disk at boot time. CHKNTFS volume [...] CHKNTFS /D CHKNTFS /T[:time] CHKNTFS /X volume [...] CHKNTFS /C volume [...] volume Specifies the drive letter (followed by a colon), mount point, or volume name. /D Restores the machine to the default behavior; all drives are checked at boot time and chkdsk is run on those that are dirty. /T:time Changes the AUTOCHK initiation countdown time to the specified amount of time in seconds. If time is not specified, displays the current setting. /X Excludes a drive from the default boot-time check. Excluded drives are not accumulated between command invocations. /C Schedules a drive to be checked at boot time; chkdsk will run if the drive is dirty. If no switches are specified, CHKNTFS will display if the specified drive is dirty or scheduled to be checked on next reboot.

choice.exe-ED5FC58EC99A058CE9B7BB1EE3A96A8E

key	value
file_name	choice.exe
file_path	C:\Windows\system32\choice.exe
hash_md5	ED5FC58EC99A058CE9B7BB1EE3A96A8E
hash_sha1	C573BE90E21A389E0D70CF6D5DF6DE0DB5C29335
hash_sha256	DF8085FB7D979C644A751804ED6BD3B74B26CE682291B5E5EDE4C76ECA599E7E
hash_sha384	B48ACF039E5B6DCF459BE9359B3531D9CD99DA628477A1C5430C327CC251244E390D5DC2482CE6A4DE48AA71A5FC1354
hash_sha512	B539515D4F468375E7631BE23B873D7F0A296C34FB5717F8D5B9D4B67941CD8B079B55E90B15BB7A6F101568408EDC29E3924439ED473D892ABA41DF12B7CEC2
hash_ssdeep	768:/yUBO99iglShcyDArO3VOUHzefixuer/qmKbxLflfw:DBO7iR7aixuer/JwxBfw
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Offers the user a choice
meta_original_filename	choice.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	CHOICE [/C choices] [/N] [/CS] [/T timeout /D choice] [/M text] Description: This tool allows users to select one item from a list of choices and returns the index of the selected choice. Parameter List: /C choices Specifies the list of choices to be created. Default list is "YN". /N Hides the list of choices in the prompt. The message before the prompt is displayed and the choices are still enabled. /CS Enables case-sensitive choices to be selected. By default, the utility is case-insensitive. /T timeout The number of seconds to pause before a default choice is made. Acceptable values are from 0 to 9999. If 0 is specified, there will be no pause and the default choice is selected. /D choice Specifies the default choice after nnnn seconds. Character must be in the set of choices specified by /C option and must also specify nnnn with /T. /M text Specifies the message to be displayed before the prompt. If not specified, the utility displays only a prompt. /? Displays this help message. NOTE: The ERRORLEVEL environment variable is set to the index of the key that was selected from the set of choices. The first choice listed returns a value of 1, the second a value of 2, and so on. If the user presses a key that is not a valid choice, the tool sounds a warning beep. If tool detects an error condition, it returns an ERRORLEVEL value of 255. If the user presses CTRL+BREAK or CTRL+C, the tool returns an ERRORLEVEL value of 0. When you use ERRORLEVEL parameters in a batch program, list them in decreasing order. Examples: CHOICE /? CHOICE /C YNC /M "Press Y for Yes, N for No or C for Cancel." CHOICE /T 10 /C ync /CS /D y CHOICE /C ab /M "Select a for option 1 and b for option 2." CHOICE /C ab /N /M "Select a for option 1 and b for option 2."
error	ERROR: Invalid argument/option - '-help'. Type "CHOICE /?" for usage.

cipher.exe-981F342BFEB1A495202275ADBCDA141E

key	value
file_name	cipher.exe
file_path	C:\Windows\system32\cipher.exe
hash_md5	981F342BFEB1A495202275ADBCDA141E
hash_sha1	010960B96FEA177539F4661A311625F4719E5820
hash_sha256	F2C1D0936204911AB67DEEC718F8136257DDAE477BF56BDEED296D197E8D7215
hash_sha384	4CF3D9BCDAE0F9EB137AEA28CC2981E414686FFB3700858AD9088E43CC72B87DB838789327F736B31573F6FFAF1BA6BB
hash_sha512	101E3F9711FC39019806AC8FA56D898BB7231866E9EA6C71BDB0E1DADCA1C3243B67B82F59D5F0AF37FAB9F86D8CE70F5BC79CA9D51EAB47AB3E32E525427173
hash_ssdeep	768:+nIEAyHarnYDRo/k536GbgjvXvvvD73RG7kkXUgwKmbbisev5xjEw4v:6AyHaIr36Gbivv3Im//HqEw4v
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	File Encryption Utility
meta_original_filename	CIPHER.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Displays or alters the encryption of directories [files] on NTFS partitions. CIPHER [/E \| /D \| /C] [/S:directory] [/B] [/H] [pathname [...]] CIPHER /K [/ECC:256\|384\|521] CIPHER /R:filename [/SMARTCARD] [/ECC:256\|384\|521] CIPHER /P:filename.cer CIPHER /U [/N] CIPHER /W:directory CIPHER /X[:efsfile] [filename] CIPHER /Y CIPHER /ADDUSER [/CERTHASH:hash \| /CERTFILE:filename \| /USER:username] [/S:directory] [/B] [/H] [pathname [...]] CIPHER /FLUSHCACHE [/SERVER:servername] CIPHER /REMOVEUSER /CERTHASH:hash [/S:directory] [/B] [/H] [pathname [...]] CIPHER /REKEY [pathname [...]] /B Abort if an error is encountered. By default, CIPHER continues executing even if errors are encountered. /C Displays information on the encrypted file. /D Decrypts the specified files or directories. /E Encrypts the specified files or directories. Directories will be marked so that files added afterward will be encrypted. The encrypted file could become decrypted when it is modified if the parent directory is not encrypted. It is recommended that you encrypt the file and the parent directory. /H Displays files with the hidden or system attributes. These files are omitted by default. /K Creates a new certificate and key for use with EFS. If this option is chosen, all the other options will be ignored. Note: By default, /K creates a certificate and key that conform to current group policy. If ECC is specified, a self-signed certificate will be created with the supplied key size. /N This option only works with /U. This will prevent keys being updated. This is used to find all the encrypted files on the local drives. /R Generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the certificate). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery key for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is generated. Note: By default, /R creates an 2048-bit RSA recovery key and certificate. If ECC is specified, it must be followed by a key size of 256, 384, or 521. /P Creates a base64-encoded recovery-policy blob from the passed-in certificate. This blob can be used to set DRA policy for MDM deployments. /S Performs the specified operation on the given directory and all files and subdirectories within it. /U Tries to touch all the encrypted files on local drives. This will update user's file encryption key or recovery keys to the current ones if they are changed. This option does not work with other options except /N. /W Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume will be removed. /X Backup EFS certificate and keys into file filename. If efsfile is provided, the current user's certificate(s) used to encrypt the file will be backed up. Otherwise, the user's current EFS certificate and keys will be backed up. /Y Displays your current EFS certificate thumbprint on the local PC. /ADDUSER Adds a user to the specified encrypted file(s). If CERTHASH is provided, cipher will search for a certificate with this SHA1 hash. If CERTFILE is provided, cipher will extract the certificate from the file. If USER is provided, cipher will try to locate the user's certificate in Active Directory Domain Services. /FLUSHCACHE Clears the calling user's EFS key cache on the specified server. If servername is not provided, cipher clears the user's key cache on the local machine. /REKEY Updates the specified encrypted file(s) to use the configured EFS current key. /REMOVEUSER Removes a user from the specified file(s). CERTHASH must be the SHA1 hash of the certificate to remove. directory A directory path. filename A filename without extensions. pathname Specifies a pattern, file or directory. efsfile An encrypted file path. Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put spaces between multiple parameters.

cleanmgr.exe-B6A5162D28FDCB87869A2ED87F46C8A6

key	value
file_name	cleanmgr.exe
file_path	C:\Windows\system32\cleanmgr.exe
hash_md5	B6A5162D28FDCB87869A2ED87F46C8A6
hash_sha1	659B7F78216F5FED46C251399EAF7FCD08B14FC6
hash_sha256	A12A5393FAFD1B373BBB9ABA6384DD84D8A8DE8F306A331380355B945D6918F8
hash_sha384	C2DDAE0FAF935C0D16A4F7A63D0A7ADCE4073B45C55F776069152769814189E63FB6372387D0BD03545D8E2C53460D4A
hash_sha512	2A9C5654C20115F4982D978F43C81D0C01C79DE259972F0CED439C2C2D111B0E1F11C890DED4AB20ED83DB0D9A6922691070FF2D80A49B7FA125197736FB61CB
hash_ssdeep	3072:T7iHR8+DLd664sn+yfZAEPGRvQhRkKqUa9antF5hvvJkuXp6:Xir3JfeE+ohSKq99UF5hvv/
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Disk Space Cleanup Manager for Windows
meta_original_filename	CLEANMGR.DLL.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	DismHost.exe

cliconfg.exe-FF9932C30F72B19E57D9B07F230487E7

key	value
file_name	cliconfg.exe
file_path	C:\Windows\system32\cliconfg.exe
hash_md5	FF9932C30F72B19E57D9B07F230487E7
hash_sha1	0B7A0E55A69820062D9C9A4D6522B2CD3CB4414F
hash_sha256	FBD7F130718C6A73E0AFD15D1F8D843426604A866EC63624357F8A952B484AD1
hash_sha384	04D2E87133F9930DC6764E91CE81C487774608A814D5A18F86104E5F856F473223734CBEDF347F110592062F49E77382
hash_sha512	735DAB7C2165A5A29B64B80D64F11551DCFEC7F2D7B099E7EBCC5DE9EFD0554AD537273E13EB4DBB7DA1C37A744D27D9F743C0F995049B58FA5982C33A1055AF
hash_ssdeep	384:nhjdkMnHDyWjUyEurzWkpWrwWlPXuNvBQAMYJQ2JQSkdowyo:nhjRnHlcGbiLuI30lJBkvT
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	SQL Client Configuration Utility EXE
meta_original_filename	cliconfg.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

clip.exe-020308633CC047DB3026FE49ED9A8363

key	value
file_name	clip.exe
file_path	C:\Windows\system32\clip.exe
hash_md5	020308633CC047DB3026FE49ED9A8363
hash_sha1	497E1981B6943E81E350AC6B8CD34E463F245B83
hash_sha256	B57333B76E5CAABC4B8A8AE4264CD664E1EEEC3CC4A7F6BED76C23D53B5418DA
hash_sha384	C9AF5A8C9AB9C0136822D35FD72C204FFDE29E573C2230633E28A28D84EA2F09E8760C270C84CD2677BB671997543F9E
hash_sha512	578CBB625E9B29ABE9CD7002002E6FA3F132E53ACA9E712EDF7790FF832AFDC9F83160555D46A8403D5425F1A1B1A0D30C9E896DF6A2E95F3056C9B294B7B874
hash_ssdeep	768:ZtTxvqQ5ch96j6O3VRiSXALa3cAefgy6x5YCM:fT9vzpcAefwxCC
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Clip - copies the data into clipboard
meta_original_filename	clip.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	CLIP Description: Redirects output of command line tools to the Windows clipboard. This text output can then be pasted into other programs. Parameter List: /? Displays this help message. Examples: DIR \| CLIP Places a copy of the current directory listing into the Windows clipboard. CLIP < README.TXT Places a copy of the text from readme.txt on to the Windows clipboard.
error	ERROR: Invalid argument/option - '-help'. Type "CLIP /?" for usage.

ClipUp.exe-F0B12178989648631AE6988B47AAA1D9

key	value
file_name	ClipUp.exe
file_path	C:\Windows\system32\ClipUp.exe
hash_md5	F0B12178989648631AE6988B47AAA1D9
hash_sha1	96B729050E0CBFD44A7BD87798F3BDBDB53C1231
hash_sha256	C2DD216FD13A31C5F273301B60F8DFC67F7B569E32008B95456756AC2FE2AAC2
hash_sha384	05D417C3DB874236B5E83A57D140426E7B7007B04F27C7C57FAB98A0DDE55F0CDFFAA33F61D0C68B2F6D3DB9B38DDD76
hash_sha512	AABA17267EADD16F4CA5D5740854E5A6715F12AA0D9B7B3E262FF4BE67F31BDF35BEC513282BE9FABF916D1B4734B497C3125CAF972412CC8381456B4E3BB620
hash_ssdeep	24576:hu4ui7hq/WVUewvRvg6uGuItJIVvQCbI2FYjeU7Vv7aa0PHoVTZZ9nAyaxEv4VPB:TJhq/WVUewvRvg6uGuItJIVvQCbI2FYS
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Client License Platform migration tool
meta_original_filename	ClipUp.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3503 (rs1_release.200131-0410)
meta_product_version	10.0.14393.3503
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
error	Failed! Error 0x80070057.
output	Done. C:\Windows\system32\ClipUp.exe Usage: -?/-h This help menu -p Attempts to migrate data from the legacy Windows Phone database -o Attempts to migrate data from Windows Genuine Authorization blob -altto [path] Optional alternative Windows Genuine Authorization blob folder location -d Generate a genuine ticket for the BIOS key -k [5X5 product key] Windows 7/8/Blue product key -pfm [package family name] Optional package family name to look for a migratable license -l [path] Optional folder of legacy Windows Store licenses -v Enables optional verbose logging -previd Device ID prior to hardware-related changes [path] Optional alternative output location for migrated data Done.

CloudExperienceHostBroker.exe-077DDBBA17D8017A86A221B091DAA2B1

key	value
file_name	CloudExperienceHostBroker.exe
file_path	C:\Windows\system32\CloudExperienceHostBroker.exe
hash_md5	077DDBBA17D8017A86A221B091DAA2B1
hash_sha1	4126ACA16CD148BE04EBF4F39E0F0A7087ADEDA3
hash_sha256	F5A654EBDBAA9A88412F718F8924D70E75E22E5CFE45A06406AAE71C3E28630A
hash_sha384	85DBDCC2C34BB671504E1A89DCD256EA221D631BE0E860706E6E3409DD706759FEBF243BBAC0D69469E167D32CC05D8C
hash_sha512	6534737A874622DC753DF2F6A95A0535B02391D2D1873F373A8D862F1FA2EF5A43FA53242ACC37AF9D26981103E00EF166F30D8401D94568ADAF4FB00737E72B
hash_ssdeep	1536:aZBWjco9eS2/Eqidhxz43BkxYMvNhIsd+pS199YMXVP15FP0cG:QBqMS28vkBkxYE+pSb9YM515FMZ
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	CloudExperienceHost Broker
meta_original_filename	CloudExperienceHostBroker.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

CloudNotifications.exe-61DB0642A13AE2FA2BD396346DF8D4EC

key	value
file_name	CloudNotifications.exe
file_path	C:\Windows\system32\CloudNotifications.exe
hash_md5	61DB0642A13AE2FA2BD396346DF8D4EC
hash_sha1	18C64D244E70D67C829093562B7C3AD0444F1E2C
hash_sha256	EB823693C4281FD34D871297C4088B1E5E5B4A24A1B02C73977F2983041E13C9
hash_sha384	742EA3C393D6CC3D09BFDA85FA47114C05404B5795E7B4CEB67ADC7C3C668FAD72D6800AFFEFF5A41CACF1A9CB546DAC
hash_sha512	D928504D80E3227379DDB3460B033EF88F95956D6682DA405286A4B5DE737DF38D93BE8AA24EAC3663BCC8B8C493B4D1885ACD3E0E35751C89C73ED427D80865
hash_ssdeep	1536:P+KGtFXerKIEynO4ODc4XZY+z1GcLZdMiG9w/E6pPXfP:PCXUHEykDJC+z1ZVGf9bS/H
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Cloud notifications
meta_original_filename	CloudNotifications.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

CloudStorageWizard.exe-710ECA77A9DD864DB7FF59B74F9A4FFF

key	value
file_name	CloudStorageWizard.exe
file_path	C:\Windows\system32\CloudStorageWizard.exe
hash_md5	710ECA77A9DD864DB7FF59B74F9A4FFF
hash_sha1	BA72139C00F609D6B282BB7F2D2EAEA0BA8F122D
hash_sha256	6A0C048E20622EC78B70230B38BBFD5E9B8D752AD1D84C096E19645CE566D6C8
hash_sha384	E9F2BB5B60941809C190681C0B170B06D0D79FFABA64368DDFF7FA92BD89DCB27A18EB8772CFE94B01563B1F99631D26
hash_sha512	8D7C9DDD66D02C1EB8E89F0A88221E260EEC66E702C84405841B8750D2F92707F2100A77E8D3B76CEAE819ADB33577A2CD2B6591F609533B3FEB8C4BC9FE8FC8
hash_ssdeep	3072:MkKlA48WgqLPCEp9FcYBp2BsSVB+ZCTGP40H+w2pVmM3T2jk:MkCA4FLdpX37uZBEH+RiyD
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	CloudStorageWizard
meta_original_filename	CloudStorageWizard.dll.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

cmd.exe-F4F684066175B77E0C3A000549D2922C

key	value
file_name	cmd.exe
file_path	C:\Windows\system32\cmd.exe
hash_md5	F4F684066175B77E0C3A000549D2922C
hash_sha1	99AE9C73E9BEE6F9C76D6F4093A9882DF06832CF
hash_sha256	935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2
hash_sha384	1ABF23B8C686B89573BEAD0736FDA0E336DAA2C6EF3B0FDB00D9BAFEC5CE45E44E2587D14E2C130F30341725550EBAB2
hash_sha512	FE8F0593CC335AD28EB90211BC4FF01A3D2992CFFB3877D04CEFEDE9EF94AFEB1A7D7874DD0C0AE04EAF8308291D5A4D879E6ECF6FE2B8D0FF1C3AC7EF143206
hash_ssdeep	3072:bkd4COZG6/A1tO1Y6TbkX2FtynroeJ/MEJoSsasbLLkhyjyGe:bkuC9+Af0Y6TbbFtkoeJk1KsfLXm
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Command Processor
meta_original_filename	Cmd.Exe.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Starts a new instance of the Windows command interpreter CMD [/A \| /U] [/Q] [/D] [/E:ON \| /E:OFF] [/F:ON \| /F:OFF] [/V:ON \| /V:OFF] [[/S] [/C \| /K] string] /C Carries out the command specified by string and then terminates /K Carries out the command specified by string but remains /S Modifies the treatment of string after /C or /K (see below) /Q Turns echo off /D Disable execution of AutoRun commands from registry (see below) /A Causes the output of internal commands to a pipe or file to be ANSI /U Causes the output of internal commands to a pipe or file to be Unicode /T:fg Sets the foreground/background colors (see COLOR /? for more info) /E:ON Enable command extensions (see below) /E:OFF Disable command extensions (see below) /F:ON Enable file and directory name completion characters (see below) /F:OFF Disable file and directory name completion characters (see below) /V:ON Enable delayed environment variable expansion using ! as the delimiter. For example, /V:ON would allow !var! to expand the variable var at execution time. The var syntax expands variables at input time, which is quite a different thing when inside of a FOR loop. /V:OFF Disable delayed environment expansion. Note that multiple commands separated by the command separator '&&' are accepted for string if surrounded by quotes. Also, for compatibility reasons, /X is the same as /E:ON, /Y is the same as /E:OFF and /R is the same as /C. Any other switches are ignored. If /C or /K is specified, then the remainder of the command line after the switch is processed as a command line, where the following logic is used to process quote (") characters: 1. If all of the following conditions are met, then quote characters on the command line are preserved: - no /S switch - exactly two quote characters - no special characters between the two quote characters, where special is one of: &<>()@^\| - there are one or more whitespace characters between the two quote characters - the string between the two quote characters is the name of an executable file. 2. Otherwise, old behavior is to see if the first character is a quote character and if so, strip the leading character and remove the last quote character on the command line, preserving any text after the last quote character. If /D was NOT specified on the command line, then when CMD.EXE starts, it looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and if either or both are present, they are executed first. HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun Command Extensions are enabled by default. You may also disable extensions for a particular invocation by using the /E:OFF switch. You can enable or disable extensions for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions to either 0x1 or 0x0. The user specific setting takes precedence over the machine setting. The command line switches take precedence over the registry settings. In a batch file, the SETLOCAL ENABLEEXTENSIONS or DISABLEEXTENSIONS arguments takes precedence over the /E:ON or /E:OFF switch. See SETLOCAL /? for details. The command extensions involve changes and/or additions to the following commands: DEL or ERASE COLOR CD or CHDIR MD or MKDIR PROMPT PUSHD POPD SET SETLOCAL ENDLOCAL IF FOR CALL SHIFT GOTO START (also includes changes to external command invocation) ASSOC FTYPE To get specific details, type commandname /? to view the specifics. Delayed environment variable expansion is NOT enabled by default. You can enable or disable delayed environment variable expansion for a particular invocation of CMD.EXE with the /V:ON or /V:OFF switch. You can enable or disable delayed expansion for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion to either 0x1 or 0x0. The user specific setting takes precedence over the machine setting. The command line switches take precedence over the registry settings. In a batch file the SETLOCAL ENABLEDELAYEDEXPANSION or DISABLEDELAYEDEXPANSION arguments takes precedence over the /V:ON or /V:OFF switch. See SETLOCAL /? for details. If delayed environment variable expansion is enabled, then the exclamation character can be used to substitute the value of an environment variable at execution time. You can enable or disable file name completion for a particular invocation of CMD.EXE with the /F:ON or /F:OFF switch. You can enable or disable completion for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar with the hex value of a control character to use for a particular function (e.g. 0x4 is Ctrl-D and 0x6 is Ctrl-F). The user specific settings take precedence over the machine settings. The command line switches take precedence over the registry settings. If completion is enabled with the /F:ON switch, the two control characters used are Ctrl-D for directory name completion and Ctrl-F for file name completion. To disable a particular completion character in the registry, use the value for space (0x20) as it is not a valid control character. Completion is invoked when you type either of the two control characters. The completion function takes the path string to the left of the cursor appends a wild card character to it if none is already present and builds up a list of paths that match. It then displays the first matching path. If no paths match, it just beeps and leaves the display alone. Thereafter, repeated pressing of the same control character will cycle through the list of matching paths. Pressing the Shift key with the control character will move through the list backwards. If you edit the line in any way and press the control character again, the saved list of matching paths is discarded and a new one generated. The same occurs if you switch between file and directory name completion. The only difference between the two control characters is the file completion character matches both file and directory names, while the directory completion character only matches directory names. If file completion is used on any of the built in directory commands (CD, MD or RD) then directory completion is assumed. The completion code deals correctly with file names that contain spaces or other special characters by placing quotes around the matching path. Also, if you back up, then invoke completion from within a line, the text to the right of the cursor at the point completion was invoked is discarded. The special characters that require quotes are: &()[]{}^=;!'+,`~
children	conhost.exe

cmdkey.exe-343E6DA0ADF3D528C54E1767254432A6

key	value
file_name	cmdkey.exe
file_path	C:\Windows\system32\cmdkey.exe
hash_md5	343E6DA0ADF3D528C54E1767254432A6
hash_sha1	AD489907F7EE31329CC09E70E21FF70B8EF43DB1
hash_sha256	89B6A8CB5CF989E3D999482CECF779BA295871A9C80C8CA151694942D5881114
hash_sha384	861113EC543A92759B4A659F0027A6E1C2C0B91A35E7721C14A2793B4B0654A3A93A90187DD7335C8178F219BE1B947F
hash_sha512	7BEA84928ED745BFDF9F22E11E2032168AF402B4BF76F35AB05CE2EE54CF1755385AAB74F2551CF74347FD212513DF15F7A08C9C4C9C3A2EA7211ACCA263D705
hash_ssdeep	384:uEpXrrS58wQb5Hm/D9LtkwkNdsHCybbm/rD1/D/8F62WQwW:7rSHQlH+YICmm/rD1b8Q4
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Credential Manager Command Line Utility
meta_original_filename	cmdkey.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Creates, displays, and deletes stored user names and passwords. The syntax of this command is: CMDKEY [{/add \| /generic}:targetname {/smartcard \| /user:username {/pass{:password}}} \| /delete{:targetname \| /ras} \| /list{:targetname}] Examples: To list available credentials: cmdkey /list cmdkey /list:targetname To create domain credentials: cmdkey /add:targetname /user:username /pass:password cmdkey /add:targetname /user:username /pass cmdkey /add:targetname /user:username cmdkey /add:targetname /smartcard To create generic credentials: The /add switch may be replaced by /generic to create generic credentials To delete existing credentials: cmdkey /delete:targetname To delete RAS credentials: cmdkey /delete /ras

cmdl32.exe-FA1D5B8802FFF4A85B6F52A52C871BBB

key	value
file_name	cmdl32.exe
file_path	C:\Windows\system32\cmdl32.exe
hash_md5	FA1D5B8802FFF4A85B6F52A52C871BBB
hash_sha1	5A16BEBFAF89081DE501887AB8582C3852D7B37A
hash_sha256	9489CB8520A6AEA11FA6B1A2F019768417DC4963C1369CC87D4E1107C2ED788B
hash_sha384	75C811694B3E2F7C1444129C048A91ADAE5D41DDFAB17EE93FC35525F0E8B6F66E1FF3564D651407AF57F7E6D9EC808B
hash_sha512	80746D6688E84B95A2174E57F64A3671A65796CD44776BD0F730BF14526F43E16A7CF42C75D871DA3976FD357D71D3EDC9E23E0A050096CA10D06C4869568AC5
hash_ssdeep	1536:Sg54co5XqW6rJ9HT05zevkp8KdUaAEuI:SqOY5s8KdUpI
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Connection Manager Auto-Download
meta_original_filename	CMDL32.EXE.MUI
meta_product_name	Microsoft(R) Connection Manager
meta_company_name	Microsoft Corporation
meta_file_version	7.2.14393.0 (rs1_release.160715-1616)
meta_product_version	7.2.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

cmmon32.exe-527B257B270FE03BB7C2CA5BC54CC71B

key	value
file_name	cmmon32.exe
file_path	C:\Windows\system32\cmmon32.exe
hash_md5	527B257B270FE03BB7C2CA5BC54CC71B
hash_sha1	F30F79322C5C1CA0A20597B12F6C6AB7663B65DE
hash_sha256	A95970D4F8DE4F869D508ACBCF70CBB4A02F06A0F3201F85CF028C5F72B1728A
hash_sha384	1CE68D76A9C4D56F8175E984631E352CB3521078516BFED645644FE58EEA3405823FB7971AD92F123E4E001BA5C08B7B
hash_sha512	FA70DD5FEE8F985F21B9A05D41B4EEC9FB1019E99F1CCF26D6F57C287216EF5C20F5CCD5DDD7949D394C626CCEF1ACE60893C1AB5DF303891CE84DD4B95C1671
hash_ssdeep	768:zbi6c54hoUjVgqPpjT466QHDnOHh9UASnhBmNDJf2X:zbikhoUG+466QHDq900NDJeX
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Connection Manager Monitor
meta_original_filename	CMMON32.exe.mui
meta_product_name	Microsoft(R) Connection Manager
meta_company_name	Microsoft Corporation
meta_file_version	7.2.14393.0 (rs1_release.160715-1616)
meta_product_version	7.2.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

cmstp.exe-3A6BDA23988B72A24458551CCE0449A5

key	value
file_name	cmstp.exe
file_path	C:\Windows\system32\cmstp.exe
hash_md5	3A6BDA23988B72A24458551CCE0449A5
hash_sha1	51BB20013415F3904DB6A0D9E58847D7F6FF48F6
hash_sha256	3D95ECACACF64066AC25B17E8A458003A000BAE45F5A70D660AFB7A8D88D4F00
hash_sha384	76725F90B98C600BE5A464D4278CC5F20CB5601FF9985F7F5CC823B459E01A43C84A7A2A428A94768B8017FC7F6F0009
hash_sha512	BE28D4DE895A556777AA12C6C937290F3BE342CFFF8C1B95C1BA382B35AC3097777A774F6EF39FD2A32BA7FFC9B32E356C0B5C8C5EB6541C8CBE2180F0D23753
hash_ssdeep	1536:j+s9y5VG7d4FSLBnQz9h+88dEHsh2MqoaoRuE1AERu1/87BMVRXlW15x0/AyS:SIyi7WS1kymsh2/oBuE1A11k7BMVRXYr
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Connection Manager Profile Installer
meta_original_filename	CMSTP.EXE.MUI
meta_product_name	Microsoft(R) Connection Manager
meta_company_name	Microsoft Corporation
meta_file_version	7.2.14393.0 (rs1_release.160715-1616)
meta_product_version	7.2.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

cofire.exe-7122293F5957D751921C08267199BA92

key	value
file_name	cofire.exe
file_path	C:\Windows\system32\cofire.exe
hash_md5	7122293F5957D751921C08267199BA92
hash_sha1	616E328A44555BEEA5C9A309832705B5B3F498BC
hash_sha256	BC5C3E946738B49FA8E3EC466244F0549F846B81278BBCC68FAB63A544E0E9CA
hash_sha384	B7D3D3AE4EBF16FE3708A9DA4E3C0402D18B13BD43BC826C66F93FAD4FEF30B50FEB4E33948B7EB5C7B35D864CA81D8D
hash_sha512	04C252474C3148C98487F7621488514657AC533EB7DFC1D84B1FF9ADAD90B158C1A88E197A004CED373A18476C85551CB151FB7B6E083202AA88C2D67805F1F5
hash_ssdeep	384:1XJWJBS7ApUMDv2yTNf/NL/7R4d3xP8PDymu5fltWLJW:94XS7SDBTNFjDymSflW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Corrupted File Recovery Client
meta_original_filename	cofire.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

colorcpl.exe-362986B35574BF922A81E7B0BA50C96B

key	value
file_name	colorcpl.exe
file_path	C:\Windows\system32\colorcpl.exe
hash_md5	362986B35574BF922A81E7B0BA50C96B
hash_sha1	FD3359E461AE6BC2EE3C72AE5E456E5617695E91
hash_sha256	AFC126088E3292D6455584222B70822D3A1AF397F48EF6982834A03ED181863D
hash_sha384	C11903F4E80D8A58D633434F8CA890C8BD5727EE3581FE68B7ABEE9A700B3B01F431BC26F3CB0B7D5A2B9C15DDBCDA14
hash_sha512	177D1F3A1AD6EEDFE4E1DFBD762A1B7F49F756791D4F8CDFF6280282AE26FAE821443DBE852693F634324029DFB70052223E1F4FADBCBA5181263BC250C9CEAE
hash_ssdeep	1536:0z7IPfSbS9vMBN7rQOJ7CFToTCzhcRguhwxTyPCb3lZpdym4dy7p:skXlvq7jSP1cR2prbpdCY9
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Color Control Panel
meta_original_filename	colorcpl.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

comp.exe-9246204D06C7D8EB3DA2999F51E94DD6

key	value
file_name	comp.exe
file_path	C:\Windows\system32\comp.exe
hash_md5	9246204D06C7D8EB3DA2999F51E94DD6
hash_sha1	12619BA913E709E018D4CAF3B88ED62AF211ABC7
hash_sha256	20FD32B6503A1826D10C6447CF5A04F938615FE1CF65E7C1804D99D306225426
hash_sha384	3571FE1F4889AE18C019662F780DDA36161FF96EDEA523F97154E1488F45A532ADFE2E5B0CDF97D6CB54C13A705F55E0
hash_sha512	A3C2FF82DEEDC1E844560180A91465BA260F1F4C7FED5A154FC459585CBE9E682AE5E8B5BCAAAC3084A8D62E6F5334A05B2C2B8416B3489B0741B8D2EE3A553E
hash_ssdeep	384:fVFhUhkkjkm1IGxT/ldBjdq2X9carlGpafBN7WjcW:X6m8IST/9E+9NPBy
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	File Compare Utility
meta_original_filename	Comp.Exe.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Compares the contents of two files or sets of files. COMP [data1] [data2] [/D] [/A] [/L] [/N=number] [/C] [/OFF[LINE]] data1 Specifies location and name(s) of first file(s) to compare. data2 Specifies location and name(s) of second files to compare. /D Displays differences in decimal format. /A Displays differences in ASCII characters. /L Displays line numbers for differences. /N=number Compares only the first specified number of lines in each file. /C Disregards case of ASCII letters when comparing files. /OFF[LINE] Do not skip files with offline attribute set. To compare sets of files, use wildcards in data1 and data2 parameters.
error	Name of second file to compare:
children	conhost.exe

compact.exe-06CB9005B45476BBCFA7DA89572A3012

key	value
file_name	compact.exe
file_path	C:\Windows\system32\compact.exe
hash_md5	06CB9005B45476BBCFA7DA89572A3012
hash_sha1	0F67DF3CD323CAE6D0004B92D2E45CCCE2B0ACB9
hash_sha256	CF847A846107E19BCD596479AF3B7CF848D7FA5974F514383491928FA6C2BE80
hash_sha384	0CA8DF29A3C39F1887AED5541F1FE4276E870291E5817527E0710D4A044D9BAD77E6C829C739F64539008E660372F3BF
hash_sha512	3A479356ED37FAC6DD5699AE677C58ABBA2E0E7052807E02974F2D7F403086EA5CB81939252133450BCF8BBA14D664456240D7B3271347D2C6B4405CC9420FFC
hash_ssdeep	768:Z7Ryb6dpu6gCRsddJA8LdCrZgPV7gGKJLz9cdlpduo/IjDw7XNImXKN:R1UqsHJA8ZCZArQLz9cdlpdusoU7XN5e
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	File Compress Utility
meta_original_filename	COMPACT.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Displays or alters the compression of files on NTFS partitions. COMPACT [/C \| /U] [/S[:dir]] [/A] [/I] [/F] [/Q] [/EXE[:algorithm]] [/CompactOs[:option] [/WinDir:dir]] [filename [...]] /C Compresses the specified files. Directories will be marked so that files added afterward will be compressed unless /EXE is specified. /U Uncompresses the specified files. Directories will be marked so that files added afterward will not be compressed. If /EXE is specified, only files compressed as executables will be uncompressed; if this is omitted, only NTFS compressed files will be uncompressed. /S Performs the specified operation on files in the given directory and all subdirectories. Default "dir" is the current directory. /A Displays files with the hidden or system attributes. These files are omitted by default. /I Continues performing the specified operation even after errors have occurred. By default, COMPACT stops when an error is encountered. /F Forces the compress operation on all specified files, even those which are already compressed. Already-compressed files are skipped by default. /Q Reports only the most essential information. /EXE Use compression optimized for executable files which are read frequently and not modified. Supported algorithms are: XPRESS4K (fastest) (default) XPRESS8K XPRESS16K LZX (most compact) /CompactOs Set or query the system's compression state. Supported options are: query - Query the system's Compact state. always - Compress all OS binaries and set the system state to Compact which remains unless administrator changes it. never - Uncompress all OS binaries and set the system state to non Compact which remains unless administrator changes it. /WinDir Used with /CompactOs:query, when querying the offline OS. Specifies the directory where Windows is installed. filename Specifies a pattern, file, or directory. Used without parameters, COMPACT displays the compression state of the current directory and any files it contains. You may use multiple filenames and wildcards. You must put spaces between multiple parameters.

CompatTelRunner.exe-E261809228A9C7DDD17E7E0B5E23704C

key	value
file_name	CompatTelRunner.exe
file_path	C:\Windows\system32\CompatTelRunner.exe
hash_md5	E261809228A9C7DDD17E7E0B5E23704C
hash_sha1	32AFE403DB068F240400435688B179FDF8290AE7
hash_sha256	B1F8A6AE285A2485AC2D876DFC135B985450A887DFDB42C2BDDC414CCB487E46
hash_sha384	7E4FFBE63A3E00E88C85C64622A543EEFA77EFBC8D57FD0E941B3AD1035A0232BA86F2DFB2A8A8DE773B84B48367A473
hash_sha512	7C4F57D9813962F9DB22392B5220EA6230C2E3511AEAA37367C023A0D22CD6A36712832F9B0C59B89C2577AD05FCDFAD8F7A001D94A17C5C1917F3624E9807F4
hash_ssdeep	3072:017mRucu5IfDAZp+dBYE6lDgQr9hbwwBr5cxQ+VBD4nax79UkJvmRItLJ2wkLkl5:m7mRuc0IfDUoBCge9hbwwBtaQH6ukMRI
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Compatibility Telemetry
meta_original_filename	CompatTelRunner.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.18362.1035 (WinBuild.160101.0800)
meta_product_version	10.0.18362.1035
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

CompMgmtLauncher.exe-28317A51B8F874BCF5220872269FEC2C

key	value
file_name	CompMgmtLauncher.exe
file_path	C:\Windows\system32\CompMgmtLauncher.exe
hash_md5	28317A51B8F874BCF5220872269FEC2C
hash_sha1	D26DF3B03D41FE5BA7854A04FCE7EAD17A32661B
hash_sha256	4352BE6FDB79A4552AE9D41A088F0B6FB16E36686FAC2A69F2AB863972AD53C1
hash_sha384	48FF12D5EEF474D8D0E89E918403ACDAB03F3D5A816D28E17B934235F506D09BA2FB4C74C8B5242EA720A4ACD3E6AF33
hash_sha512	CFB1DA18B1FAA715E2A1B0D61D346A7E0ED0FD8DCD916D6044BFDC8B1DC6C1B1D5C716A624E5FC08E835A108E60838383642C93B36807E3B25ADD0FE5E8E11A6
hash_ssdeep	1536:9DeNdNKcJaVlpAjzfldyCKPu1oT1ldlOo+vi6Uf:BHcJazmjTldyCut1ldco+Q
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Computer Management Snapin Launcher
meta_original_filename	CompMgmtLauncher.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	ServerManager.exe

ComputerDefaults.exe-3F032A1BDF4D7DF2F43FE7C0410AC175

key	value
file_name	ComputerDefaults.exe
file_path	C:\Windows\system32\ComputerDefaults.exe
hash_md5	3F032A1BDF4D7DF2F43FE7C0410AC175
hash_sha1	1D9CFDB4C324543CC3231029913D735D6EE27C70
hash_sha256	4978AD7650C44D4239ED6B77267DD21D50D33BBD3D875ACE4131F2DED3A11804
hash_sha384	7C564FD80D41AEA6A7BAB82152322511CC0EB782BDC64739A9871E94FDD5393E2EBC09F56032FEC0AF3B0EDC0B6E9A95
hash_sha512	C281C1009D2CF7CC41E45B39E3EFBBAD3AED091A21FAC30EE369281BAF4C0D9AC190B321E9BE891092BCE7FC2DDEC2195F67A5B6E70CA680BE4F9205090130A4
hash_ssdeep	1536:gS1tjONtCc7jFGPURDoq4OZZZLlCIibk:7HOocRD68wbk
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Set Program Access and Computer Defaults Control Panel
meta_original_filename	ComputerDefaults.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Configure-SMRemoting.exe-59EF03A3CE316E02EC6C916E86715282

key	value
file_name	Configure-SMRemoting.exe
file_path	C:\Windows\system32\Configure-SMRemoting.exe
hash_md5	59EF03A3CE316E02EC6C916E86715282
hash_sha1	A47CE1CBBF89AE72FC4575D6A21EBB93856ED6E5
hash_sha256	E26FE2AD8452293B4B1E957B21371693996941A4D3D2371E7E51A35892C59418
hash_sha384	74086034DDBCB3DE293522F949BBE627CE36C0B93A3F4B928AC05D3BEAE4F915EF5B9C9B4B526D076F877819675572BD
hash_sha512	682CA659B0CC47E235FB5177E41359565339CFD6B41651CF448961B4131DA57F3A410047D0AB4A7E36D0EA545A368AD7774B4DD418F688512D273FC4294B4661
hash_ssdeep	768:Z8RbOjsY9kR/Luxlf3qHgeNljODzWLZGj+B/YYLyOoZzytqfvbJbkYLEzXQbJW5P:uR89+pSLf3YgmlNwfXOtqfj2FrBW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Configure-SMRemoting
meta_original_filename	Configure-SMRemoting.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
error	Configure-SMRemoting.exe -GET \| -ENABLE \| -DISABLE

conhost.exe-D752C96401E2540A443C599154FC6FA9

key	value
file_name	conhost.exe
file_path	C:\Windows\system32\conhost.exe
hash_md5	D752C96401E2540A443C599154FC6FA9
hash_sha1	00667A0F0C0D5E9DA697E9FF54ECDDD449259354
hash_sha256	046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0
hash_sha384	AD67D3EDBB13C362730836F72850B01A0E5A0F8C5155D50FC21A1BBE6799B356C54C0CD182C644A17BDD48C240AB244A
hash_sha512	DDEFBDD11FF0A4B3F47155331479E4D01852C1EA7670A7E449F3AD5F0AA0EAFED4146B91AEDC50328BC1BF80395B1E7E51E42A0B8507BBBFDEE5ACD9867073F4
hash_ssdeep	384:MJrgzqNPdIb4NQUFiuBGPnUixUXeYKSWhnWUOufano5wACtQMyBs:MFVVdvQUnGPUixUOYK1SuYotCtGBs
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Console Window Host
meta_original_filename	CONHOST.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

consent.exe-E43A9155F6B33B869B33EF3E42686A95

key	value
file_name	consent.exe
file_path	C:\Windows\system32\consent.exe
hash_md5	E43A9155F6B33B869B33EF3E42686A95
hash_sha1	6D722CA9F9EB63A2286DDC012B3D2BE7A5EBC5FE
hash_sha256	B2F1ADF4123953EB808FFEA652E0F0F894315E5205E25129C007C8BA10A2E79D
hash_sha384	126F8D0654CC87D6D2ED3C9C58444992FEDDC2FBCDD2E3EE1DABD2B202E8146A281B18DB9E181037AC6072AB9841C582
hash_sha512	3E2CB8721DAA431AD4FE98A447AAC589CB0D59A03B835134B95F7FCF9FE2580B3C4D8FA4E2F613298A65C1E41ADFA3B5D129F015121617B5CE283583A680E8E9
hash_ssdeep	1536:fhPwZ9//62wgsLLO3aeEA3XKTIUQdud9V6BILDblLVQ+Ffss728apgczk5pPoO:fR29EgsSaSSXjMwble+FfsfpgczkL7
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Consent UI for administrative applications
meta_original_filename	consent.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

control.exe-924219B426830FF7476AF7D22AE91DE1

key	value
file_name	control.exe
file_path	C:\Windows\system32\control.exe
hash_md5	924219B426830FF7476AF7D22AE91DE1
hash_sha1	6230F80FEF1563F087E641B34A318811FD82B57A
hash_sha256	CB089C50698BEE280244437BCAF56D3955402A582E5E928DBC8812A5D9C0EF4D
hash_sha384	2EC3CAC66FFF26E48FFDA6920FE2E6429E2F828B4B798CD6E0C6B96FC205F2F1D2EF79045EE6113A0458886ACEBD1FFC
hash_sha512	4447C609ED3428F7F44A4015C7B9C320A8C2CA38DD3AD41B33A8F100B5255621CBDD9B66B1230873F2F809631CC15B182CF33F8305224E51F9573674B520FC90
hash_ssdeep	1536:vhM9USq0WalUt7ae/qzSpZ3r1q6QkjfkQUk8+k6kawM1x8Dkf8dani25imK:vBUUxa7Sp5+1k12b/Af885RK
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Control Panel
meta_original_filename	CONTROL.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

convert.exe-B7F09576EA6958004C704E5F4AD13D35

key	value
file_name	convert.exe
file_path	C:\Windows\system32\convert.exe
hash_md5	B7F09576EA6958004C704E5F4AD13D35
hash_sha1	FC21F5E51611B8A19F0B5A6E2D8155FFD4C9A400
hash_sha256	E02C54FDA923DC10375E569D6C5C45D95AF8ED5E6613B073A77DAE2BA0B20AE9
hash_sha384	BE55FE701A1C59CD496CD71259B068A53368C3F72DE69AAA3506F1F2872D0D287D8D9EF16B4476731F516DBCF34ECF05
hash_sha512	BF21D3B3AE13A3E21C275054930E20F27D9877A612EAE494232FB0830559699DCEA4DBF9AFBF2538146C260FD47A726D3BB905E84E02ED9F7D31B01573FDA33C
hash_ssdeep	384:eEN9ZWz+IhDbQ7ZUnGtg9yV1Y2yoRk+vKclmPaNcWzqW:PZWz+I9Q1/tUyVeoeOmPa3
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	File System Conversion Utility
meta_original_filename	CONVERT.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2969 (rs1_release.190503-1820)
meta_product_version	10.0.14393.2969
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Converts a FAT volume to NTFS. CONVERT volume /FS:NTFS [/V] [/CvtArea:filename] [/NoSecurity] [/X] volume Specifies the drive letter (followed by a colon), mount point, or volume name. /FS:NTFS Specifies that the volume will be converted to NTFS. /V Specifies that Convert will be run in verbose mode. /CvtArea:filename Specifies a contiguous file in the root directory that will be the place holder for NTFS system files. /NoSecurity Specifies that the security settings on the converted files and directories allow access by all users. /X Forces the volume to dismount first if necessary. All open handles to the volume will not be valid.
error	Invalid drive specification.

CredentialUIBroker.exe-3D03F2265F973E1FAD95B189BDAF1B02

key	value
file_name	CredentialUIBroker.exe
file_path	C:\Windows\system32\CredentialUIBroker.exe
hash_md5	3D03F2265F973E1FAD95B189BDAF1B02
hash_sha1	D492A060D76A164D0EE964900BA63F80A79B1CE7
hash_sha256	A9804ED800307E8E9D14D7909936521619ACFA6EC714559963FC2DEC0C3CE8B7
hash_sha384	AC0FCA06906E843A9F38041DA1ADDEBFC11215545120D93010352D4CCA128732F10DC2BA3D6B87156A08A7AEB0C78015
hash_sha512	4731FB67474A0917BCB894269595E9F0E0520B87F514EAE2ED41B79DBD855E55F5840F4CFBE89D9F8F64E3808E9C9F86D638EDFD8A4E957B35F6C0ED986786B1
hash_ssdeep	1536:v4v4wE51+mShF/poFvCTTCP96+kuOSGucsePpo:5Y/+dC/m/D4udeBo
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Credential Manager UI Host
meta_original_filename	CredentialUIBroker.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

credwiz.exe-A6001253D5FD839243DB624A2735F188

key	value
file_name	credwiz.exe
file_path	C:\Windows\system32\credwiz.exe
hash_md5	A6001253D5FD839243DB624A2735F188
hash_sha1	0FEE237A8DF821F4E38BA89441B83A28DCC09D43
hash_sha256	9DEDB08C7F04F9C0BF33B48C4B8692A200AE62112F02FEF985F13322D6AB540E
hash_sha384	9606DEF02F459A4A463A1F15192BD36317B3D4F0A85924C61E6A4E9446C054B8766ED4FB8BE63359B8C8CD29F89C46E1
hash_sha512	519844821CDBD9A4D38C4AD93428D4C7698C9A3DC3A13AE9348187EF69A47A13BE45502FB45F1ECAE31223B7178D89BE285D5A0EFDCEA3F75921F8B567B3C5A1
hash_ssdeep	768:dLaECK6c9URwnAU0+tXyJYFOJLta8UbMWVPtCyHbTGsFZ:NY+qA0NYYJLta8wMWVPtCgTGsF
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Credential Backup and Restore Wizard
meta_original_filename	credwiz.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

cscript.exe-8552F94CFD39A4C307BCD1BD88D41604

key	value
file_name	cscript.exe
file_path	C:\Windows\system32\cscript.exe
hash_md5	8552F94CFD39A4C307BCD1BD88D41604
hash_sha1	024BE36DC724F7D9C7F9F509111C75F847E86664
hash_sha256	6216383428EAB3292C5590C70D24B33A7D84FBF1C463E331C40F052E6EA356FE
hash_sha384	E79D4C51FAE898EDE3454EAAF0AABE27A6E791CFB7F796F9247BA65C71C4337AA61326143AA5E96FED3C43F93A2DC767
hash_sha512	32CE39310BA72808DF51FD69666AB58FF9FB0A21832DD31A26F986BA66A59ED969EE4E9131A3BDF809FF587C046BC9736D24FEC49AC2842BF9FCDE3458CA7C53
hash_ssdeep	3072:1rPQPDxl6mHuN0OZdrV5m3X96edko49UKdGxBZgNJ6IZxtt:1r4LuNHZ1+3XAlsBZ+JfZh
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Console Based Script Host
meta_original_filename	cscript.exe.mui
meta_product_name	Microsoft Windows Script Host
meta_company_name	Microsoft Corporation
meta_file_version	5.812.10240.16384
meta_product_version	5.812.10240.16384
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft (R) Windows Script Host Version 5.812 Copyright (C) Microsoft Corporation. All rights reserved. Usage: CScript scriptname.extension [option...] [arguments...] Options: //B Batch mode: Suppresses script errors and prompts from displaying //D Enable Active Debugging //E:engine Use engine for executing script //H:CScript Changes the default script host to CScript.exe //H:WScript Changes the default script host to WScript.exe (default) //I Interactive mode (default, opposite of //B) //Job:xxxx Execute a WSF job //Logo Display logo (default) //Nologo Prevent logo display: No banner will be shown at execution time //S Save current command line options for this user //T:nn Time out in seconds: Maximum time a script is permitted to run //X Execute script in debugger //U Use Unicode for redirected I/O from the console

csrss.exe-955E9227AA30A08B7465C109B863B886

key	value
file_name	csrss.exe
file_path	C:\Windows\system32\csrss.exe
hash_md5	955E9227AA30A08B7465C109B863B886
hash_sha1	563338B189DE230AEDF51B69E6D1601FBA40292D
hash_sha256	D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E
hash_sha384	63186C5336EC460B02A928F88A18646A71772DCA1D37F29F976D130601FD40F93BE043FF6F31C864DBB541763F4E6D7A
hash_sha512	993FE93F54295BAA3BD789DA3457EB7D63297B57BF014114B3083751794A95CB3B52FF000E9DDE8D340C3E9F2606373F1F737C8A3A393B981A6F77565874C287
hash_ssdeep	192:9HF0JXHYYI813lB9iCQWmYW5JnWgKN7OwDBQABJE8Foodqnajqh+HgwSG:9oXHY6lBSDYW5JnWBNHDBRJzSIle4HJ7
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Client Server Runtime Process
meta_original_filename	CSRSS.Exe.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

ctfmon.exe-BB38581A13B7265CF4E62741955E7457

key	value
file_name	ctfmon.exe
file_path	C:\Windows\system32\ctfmon.exe
hash_md5	BB38581A13B7265CF4E62741955E7457
hash_sha1	725DE67B89D97CAE8029F34AF5F4891C0A6A3D54
hash_sha256	103C028F6ED13FDF916B0B15138BDFE66CAC0D667D735D853FC8E45341FE8A3A
hash_sha384	A512EDCC58E99FEB211034376B4343AA45322AE9156D3A01BF5493296D7003F5F883D44D8EB31DB13625F293D42B66D1
hash_sha512	D9E94AFFBF8B564FDDB59F2E275933E969F3F9272388D2ADF309222AA0D999189904409951081994B85B45F91F999352E723337C6D49A69D1B7B67397E278994
hash_ssdeep	192:ZIPh6+S+J/zawTqs9g+fhnyq6oC347W6gW:2FSQ/WIqEg+fcqbW6gW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	CTF Loader
meta_original_filename	CTFMON.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

cttune.exe-CCD6BF7BE1F0944A59F2BDC788FE24D5

key	value
file_name	cttune.exe
file_path	C:\Windows\system32\cttune.exe
hash_md5	CCD6BF7BE1F0944A59F2BDC788FE24D5
hash_sha1	98F4BA9FC727E715B21C13B8AD8AC92502E44ACA
hash_sha256	A9E7564FF4E42D143A9AD94E8B2D8E416F90FDD40103B25B7E97E6DE0B222E51
hash_sha384	3D630C0D36B4440CEFB918AB78720ED7F08EE2C5DD64636FF34ECD130CB1B4F07B36C5A651031E789D90DAF86DC3716A
hash_sha512	BB9E0C5AE79FE469B6D4EA9E8D3BA42D62B13800117464EDF6E4019CACFCDDC055E44ACC4508CEA7CAA5A588C771C453A8D985E6C8D3C822F133270B6EA186EA
hash_ssdeep	3072:DyuUhMflm2sfT+SMK5NBdQR7u4h6vJqxEm4x1ESuQG+3SeyRS6CSfKVu1xgCAWUe:+3qflm5KfQGZu4h6voxEvTEPp/F
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	ClearType Tuner
meta_original_filename	CTTUNE.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

cttunesvr.exe-C5CD274DF4E70681AE0EDC2FDDD47607

key	value
file_name	cttunesvr.exe
file_path	C:\Windows\system32\cttunesvr.exe
hash_md5	C5CD274DF4E70681AE0EDC2FDDD47607
hash_sha1	3FE75BE073D2D603B9ABC9BB92D57A8B5B804D2A
hash_sha256	99B1A2437959A31D588BF8119A3517F214F15FDCB7EA71B9685FAD5456D46E74
hash_sha384	56E71581C317D946854800D6B37F100659A9C2B14DFCF357A53CE8E130CBAA549E6FC5D7B8C911CE91F01634667E699B
hash_sha512	A63BF2AFD6E229C6839A66468F4416457B2C110144D6EB7F306696A3376EA7173B3CB65C01F30FD6A38D532713FA22669B17A986D5175831989B582A4A786D42
hash_ssdeep	768:osb3lkNePOWzUfWatpsuDAV0QHOCcgJnXPHq5yiuabJN+3HTD:R5ODWaIu8V0QHB1nXPqyiXE3zD
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	ClearType Tuner
meta_original_filename	CTTUNESVR.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dasHost.exe-2BEA31D5635883B5E7471853E1F55CDB

key	value
file_name	dasHost.exe
file_path	C:\Windows\system32\dasHost.exe
hash_md5	2BEA31D5635883B5E7471853E1F55CDB
hash_sha1	E4013F35E869C1BB64E61A0FE4A341ADEC51C85A
hash_sha256	97543C2C341DACFCEA21D5D3FB799E2112124CED951F33EB30BFC230D435F457
hash_sha384	75AF0078A6757A7D7D6920DBB681237A47BA13513AF419077A59B09208F5595289025ACA6638E039AD59990593A50EA7
hash_sha512	3C3300881FFCB6654E60291646B11748299340029C36F8401E012A0C57679FB1F0ABBBCEB008D94CDBFBFA850171EDCB4E093FAE02836DCF24063965ADC73AED
hash_ssdeep	1536:BH2ICtxwqaU6hh3mgCiIfkye2pb1n6xMyTktG8letDBlwiY2lZJI3:liw06hoO2ppStktG7tHwiYKy
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Device Association Framework Provider Host
meta_original_filename	dasHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2791 (rs1_release.190205-1511)
meta_product_version	10.0.14393.2791
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	conhost.exe

DataExchangeHost.exe-516E28557D03FBBB5B06D0A871A71320

key	value
file_name	DataExchangeHost.exe
file_path	C:\Windows\system32\DataExchangeHost.exe
hash_md5	516E28557D03FBBB5B06D0A871A71320
hash_sha1	A83D1B437D4ABEABAD9ECAA1F0FF9EE500852189
hash_sha256	2CEEB1A1C7FE0E1E1BBC05B942A855AD7150FE766BF629CB773F1424CC84D3DD
hash_sha384	3CC71A3E76CF151EFB3CF4B15A14CC22255851C3FA7A838CB765604F10B9339C7EC8C84062B1B4EBA043D357DAAD0A6B
hash_sha512	4E82D1040E46C235C52D8CFAD7DD8432A5551B5AA0CCB3F463AB1F6DD67C975F3BE06258D35FF339C59C7F9D746326D6C737FCA19AA93375FBA2082DAC9B4CFA
hash_ssdeep	6144:P9KFZFytGANN5k9zu9QAQ2FaTd7FE/Fno9hs:Pwpytvkhu9pQ+aTdC8hs
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Data Exchange Host
meta_original_filename	DataExchangeHost.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DataSenseLiveTileTask.exe-3EF5F79338BF1A3D256C55170044D1AC

key	value
file_name	DataSenseLiveTileTask.exe
file_path	C:\Windows\system32\DataSenseLiveTileTask.exe
hash_md5	3EF5F79338BF1A3D256C55170044D1AC
hash_sha1	85F0930246A8AA0515EF70C527ABB80945876139
hash_sha256	E07FAFA91A53B2FFE5C6A9B6302FF2575EF4D7D653848D4E0316012073B8F5AE
hash_sha384	0CA6A898160F34FD3ADE8D40CCF0D768D3E85890698109D411E99EE0F8B29639BF6004CFABCCDD7590DF5B0BBA9B515E
hash_sha512	5ACD05ECCF61F9537EF3B8BD2C26AD7D67793190ABE11564ECF4B628A031B26257F19406AA87DBAC2322E17DE579C064C12507E31ED5C1D4B2661891D81A85EB
hash_ssdeep	768:dl/fh8A7EU+1mj9pgDokEoiJs7rtLyQuj+SAf1l7OVwH5RGl0HF0fxf4t/+1vQ6z:fewEUwtokniiPtrf1EkG+HOfax+e6z
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Data Sense Live Tile Task
meta_original_filename	DataSenseLiveTileTask.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dccw.exe-B6532886AB39BD25126033D15C241E45

key	value
file_name	dccw.exe
file_path	C:\Windows\system32\dccw.exe
hash_md5	B6532886AB39BD25126033D15C241E45
hash_sha1	00EFB0625553E970A6A86BA79FFB5159FD43B550
hash_sha256	E163A1C97456E32FF40744D1E1CEBDF59978A7BE0501598FE40134B65C510CFE
hash_sha384	0161096B2F84C0638AB95146A6F20EA98DCE94CEE2841045E0FB6DC53967FE00B28F72233EBE1AF82FB1B445FEA7395C
hash_sha512	CED7DA762B61598E52351C9064EA6D99932469B756A63999917B082B13FD42E59B141222318E4DD46910BF66E5300818BE2A64A67074F4F837D2FCA6A432F72A
hash_ssdeep	12288:pSJ10jGOhS/IzJqrraq/t2qXy6xdRhMA:4rGS/EEn/tkI
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Display Color Calibration
meta_original_filename	dccw.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dcgpofix.exe-240AB7E571FC384F8A5C48985856011E

key	value
file_name	dcgpofix.exe
file_path	C:\Windows\system32\dcgpofix.exe
hash_md5	240AB7E571FC384F8A5C48985856011E
hash_sha1	02677648C909F3DA4BE2C314F4A927A72F3594A6
hash_sha256	32B2012C038DD49E96DD2F0DE5A2A2A17BC29E166B94C4B21B984B7A3B09A2F7
hash_sha384	448E0A2AF5B90A2598A584696DDF7F4AFB2E58C2453B29169E7D1563BD0ECD088755AC520B779F8F557F9DE49EC75017
hash_sha512	E665B41756464FD81618FA6972BAAB13A8213788186381A05C5FC5C287E5E28D6EB0FE2171802C92AAACA4BF48FB7B5B77B6FF9A605B71834CD70EE43CD03EA3
hash_ssdeep	1536:ZNYh3QQ1eb2045yZhteRKntUIc+aW8R77QVfI:kXet/7t4+aNR77iQ
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft (C) Default Group Policy Object Restore Utility
meta_original_filename	DefaultGPOFix
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft(R) Windows(R) Operating System Default Group Policy Restore Utility v5.1 Copyright (C) Microsoft Corporation. 1981-2003 Description: Recreates the Default Group Policy Objects (GPOs) for a domain Syntax: DcGPOFix [/ignoreschema] [/Target: Domain \| DC \| BOTH] /target: {Domain \| DC \| BOTH} Optional. Specifies the GPO to be restored: the Default Domain Policy GPO, the Default Domain Controllers Policy GPO, or both. /ignoreschema: Optional. Use this switch to enable this tool to ignore the schema version of Active Directory. Otherwise, this tool will only work on the same AD schema version as the Windows version in which the tool was shipped.

dcomcnfg.exe-97EDBB24F9A5970325DAF0B0E39805A8

key	value
file_name	dcomcnfg.exe
file_path	C:\Windows\system32\dcomcnfg.exe
hash_md5	97EDBB24F9A5970325DAF0B0E39805A8
hash_sha1	E5C2BF03DF48AC54823B10C07422591E3E3B9A97
hash_sha256	720878507B5C004CDB9FFC4C99D1F14EF8E03FA76E753BEEA0FE111DEE6C3123
hash_sha384	5FFF79DF5881F2FA4D4DD2117821485BAAF98FD1A6185718267EA7D5EF99CEAEEA82B59E786798E4ECA9C4E26923AC86
hash_sha512	C078E9C333DA1E37B25F53004E125C10A3F957E856E8F4A9A89C5F5E523E4EA470B4EBD4AD2B2DCCDF7A6BE0FD381155EBEC591C258DE2D02718FE5EE314EA33
hash_ssdeep	192:onUDb+CMPDA/20Wki5mlJpeWLf6w5Svnb0FG8x9L6fVWZEW:onUDCC84lWkiwlJAWr6bvnb0FGWZEW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	COM+
meta_original_filename	DCOMCNFG.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	2001.12.10941.16384 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	mmc.exe

dcpromo.exe-7CBFAC17F4A4BCA957D351749F0D9803

key	value
file_name	dcpromo.exe
file_path	C:\Windows\system32\dcpromo.exe
hash_md5	7CBFAC17F4A4BCA957D351749F0D9803
hash_sha1	A5748FF4A15F0F947BF3E93F2D06EE37F4573D94
hash_sha256	673B7844466F95D10780C5ECF267FA938D51C7818BBBAB6C49C989A5B2619084
hash_sha384	694717AB3F1C7534BBEAB689664154D66AA98880A79B17B737AAEE87236958D64901ED1498C9A66FD75C3D70BD01313F
hash_sha512	6EAFF562984F47A66C0EF2382CB69BDC8CBE43F2CF5761259393FD9F852E907C56DBAB4240165D3894BDDF3D7B3A6E0B820562BDB1A67B5917395F4D014565C2
hash_ssdeep	6144:CWms72era8bVjnCbn+URLQvG+4ntASgZaghY:GsaUbnCT+URwOtgQg
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Active Directory Domain Services Installer
meta_original_filename	dcpromo.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	conhost.exe
output	The specified argument 'help' should start with '/' or '-'.

ddodiag.exe-AC8C4B3F8FF22209B1BBB95271C56D56

key	value
file_name	ddodiag.exe
file_path	C:\Windows\system32\ddodiag.exe
hash_md5	AC8C4B3F8FF22209B1BBB95271C56D56
hash_sha1	59971678D97B8D2709035F1CC9675873996D2CF4
hash_sha256	6584E99E510951361469880D7802718F16D5D598C65858CC9CB7529186B03384
hash_sha384	1454276357DAAF1321FB8CBA8D82EF2EBEB7228F100046B9721223D72B84CBC3436E12FA7732788D6CB1776FB568DFC8
hash_sha512	B1D7FA9F3D1BFAE182EB61614D90D589F11230CB32972308BC1E9DCCE279C9F7EFD8ADCEDD494AC94E9ED292E623115EF22EDD3501D82D9A460D95CE5F2CDCBB
hash_ssdeep	768:+k+B6N+9R9H+uhGK/hc3aZkLmMgMaouZl6iOSYIf:k6U9R9H+cGK/hc3aZkLmMgMaouZl6iUG
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DDODiag is a tool that collects Device Display Object (DDO) information from the system and logs it
meta_original_filename	DDODiag.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Defrag.exe-BCBD8C0BFD620A4761C8ACDF96D9CDAE

key	value
file_name	Defrag.exe
file_path	C:\Windows\system32\Defrag.exe
hash_md5	BCBD8C0BFD620A4761C8ACDF96D9CDAE
hash_sha1	608A8D6663A114825E800F84A053D74B901C0754
hash_sha256	9FEC67B7E7C6FB7009C5D16387B1B34C017EA0BBE7543C63A2E197B1F369F127
hash_sha384	5F508C96D54DBB97478F5375A31279BCDB972EAA727295B429F61008BDCD1862CFD156E429678B2A6998A9FB9ED5985D
hash_sha512	5CAF2D20CE205E197CF58A63AB93F6EEC9D9FAA5267E25438FDA5C324243FB71E24F6B0D35C918FE4CE849517BA437323E8C251C23C237F178EA6EC079485DBC
hash_ssdeep	3072:BRzXzWWCZawAPFeFtyab4C6c5Q3eSjlR+8qxLijgJyfFOG83Yj34YFnw6OC2c9cB:/XRCMPuk3lRGOUZGKc4YFnwjCpW
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Disk Defragmenter Module
meta_original_filename	Defrag.EXE.MUI
meta_product_name	Windows Drive Optimizer
meta_company_name	Microsoft Corp.
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	2013 Microsoft Corp.
output	Microsoft Drive Optimizer Copyright (c) 2013 Microsoft Corp. Please specify a volume to perform the operation on. (0x89000007) Description: Optimizes and defragments files on local volumes to improve system performance. Syntax: defrag \| /C \| /E [<task(s)>] [/H] [/M [n] \| [/U] [/V]] [/I n] Where <task(s)> is omitted (traditional defrag), or as follows: /A \| [/D] [/K] [/L] \| /O \| /X Or, to track an operation already in progress on a volume: defrag /T Parameters: Value Description /A Perform analysis on the specified volumes. /C Perform the operation on all volumes. /D Perform traditional defrag (this is the default). /E Perform the operation on all volumes except those specified. /G Optimize the storage tiers on the specified volumes. /H Run the operation at normal priority (default is low). /I n Tier optimization would run for at most n seconds on each volume. /K Perform slab consolidation on the specified volumes. /L Perform retrim on the specified volumes. /M [n] Run the operation on each volume in parallel in the background. At most n threads optimize the storage tiers in parallel. /O Perform the proper optimization for each media type. /T Track an operation already in progress on the specified volume. /U Print the progress of the operation on the screen. /V Print verbose output containing the fragmentation statistics. /X Perform free space consolidation on the specified volumes. Examples: defrag C: /U /V defrag C: D: /M defrag C:\mountpoint /A /U defrag /C /H /V
children	conhost.exe

DeviceCensus.exe-26FC7C7BDB99AB9B3EACB4BD513F6642

key	value
file_name	DeviceCensus.exe
file_path	C:\Windows\system32\DeviceCensus.exe
hash_md5	26FC7C7BDB99AB9B3EACB4BD513F6642
hash_sha1	23232E14346D850903001DC75E2BC08049658186
hash_sha256	8210C4F78F6BEFFB8BE252988F80A34BC7F49D583C710E34611F0427FAF02C95
hash_sha384	03AB5DFB0D5D479F077BCEFE514A33126584B48EA4E5B39DA79B61CFA6E843BF24B78828601D72E3281B0A2C60704EE9
hash_sha512	549B74E464A4F1749912F6B23440A34CEBD727554A9D255647AB74674F80C728F42E375D38A293E64BAC9AF48906E8281CEE2362E5082DA03046547360EAA92C
hash_ssdeep	768:/rqp1ssuvWRCll0zrMF7G4i6Xf4r6wD1Pu:2jivW0+PO7GcfWPu
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Device Census
meta_original_filename	DeviceCensus.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.18362.1035 (WinBuild.160101.0800)
meta_product_version	10.0.18362.1035
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DeviceEject.exe-45DBFE6EA65E1FA16A2E9DA86EE01124

key	value
file_name	DeviceEject.exe
file_path	C:\Windows\system32\DeviceEject.exe
hash_md5	45DBFE6EA65E1FA16A2E9DA86EE01124
hash_sha1	FE7A3796A020F51E995BBE8D08D17940DD81EB96
hash_sha256	BF114A11688A5FF9E1A665F8E57F43F37743BA9445F8B8A5756322AD807472D9
hash_sha384	1E6CEAC47AAE23FD492A83657D8F624F9F80A9606A60A24D118DE9ED9BCF27F9E59A2B32CB75344214E4FFEECB69CFB5
hash_sha512	D656E3D9822D94CAA3A590BFCF9A13E1D884C2FF5DA0D13C8286A0493C12EC08B0A3E2BDD0383F688AC7C0E2DFF6BD43294C20586D8830C72895E41C4F196717
hash_ssdeep	384:mfAm+y3Vvrc92z0DOZ969eNopxWvyDyK5TYWpwWJJY0ehA/9gnl0:mAczcq0D19eg0yuK5zbJYQ/9gnl0
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Eject Device
meta_original_filename	DeviceEject.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DeviceEnroller.exe-96A487B266262DC65DC08ECD591BB25D

key	value
file_name	DeviceEnroller.exe
file_path	C:\Windows\system32\DeviceEnroller.exe
hash_md5	96A487B266262DC65DC08ECD591BB25D
hash_sha1	83E3422A787B0AAA4B70633EAB5B445DA32F9A23
hash_sha256	420E680C4F681DCA6273080E8B1290991A8889BBE7CBE7E47B88C830A4136108
hash_sha384	002DB87CEE3008D4900F97F46896EE19D681B3740E42C77E67CE1651353AC5F25B94F2B9A6559202149C96E7322C7571
hash_sha512	F1BB784C5D699E70EF7CDFF2485D2A9EB026BCE9E6A3199ED8E1833F5211969F7A953ED2747C60D2F67EA9E24829CAAD5840B72C33D67387A1DE12C97828A6E9
hash_ssdeep	3072:7nn6vo3sqtHAVDJ2SQBkLnysQOQ29mjkJzwGtxa/OlV:7nn6vTqtgVDYSxQOQ24SEYx
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	API for MDM Enrollment
meta_original_filename	deviceenroller.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2515 (rs1_release_1.180830-1044)
meta_product_version	10.0.14393.2515
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DevicePairingWizard.exe-E4445E4A56348FF85A9C2F9D5ADEEAE3

key	value
file_name	DevicePairingWizard.exe
file_path	C:\Windows\system32\DevicePairingWizard.exe
hash_md5	E4445E4A56348FF85A9C2F9D5ADEEAE3
hash_sha1	D4FD853DA5BF46DD9592C4C85FC3C4EF17420CDB
hash_sha256	8EB20EBE33E5850DFED3D61EA65794CE40984198002D0A1F4DB53F3748A282CB
hash_sha384	659ADC07C1D08967AC767091FC1BB97115F9D3A244E97586294AD71DEEB2E3C2EB1F8363AE51DB1D0A5D7E08E205261C
hash_sha512	64A28DC76C2981FF88B80E3E2540C94D3684F7643E13AD3EECCED261BD88156F054ADA4B243A3058627F0EFA52838D9412880FDE5D6E4E1B8D429511D7E6B724
hash_ssdeep	1536:Qc7rNy7PUmeHh0ORziE8Ujcd7GtKe9MqZ3qOTj:77A7Pe+ORziE8gcQtr6oj
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Device Pairing Application
meta_original_filename	DevicePairing.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DeviceProperties.exe-C799FC7C577BA8AFF1B73EBD54210C50

key	value
file_name	DeviceProperties.exe
file_path	C:\Windows\system32\DeviceProperties.exe
hash_md5	C799FC7C577BA8AFF1B73EBD54210C50
hash_sha1	C305426E6AF509A34462F8658595CF7093EB3210
hash_sha256	E0197C3F2D9FD1B54E711EC4FD84078E8E809CE3E77A2FA4050C5085F6160FE1
hash_sha384	EF2E3468FD38F81E0BE66A5C5001C60C73B7887F53D8D00C9AAFEC1401A2E56636BAC1C92487085D72E72CA4A574AF28
hash_sha512	0F35C8381AA0608F866B2BC36AC99ECEC78F7061BA217A061C473C09A918A6B5AB8BFA2BBA0B8F795492FB7FA9256CDF6876C42498E761332067F76D6733F5CE
hash_ssdeep	1536:IEwSO2y5nNWLJpBpTybQ74i6u0dw9Wegi85mChdlzwCxi65p:IAO55NOFpTyIcuz9WzF4Chdlzri6n
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Device Properties
meta_original_filename	DeviceProperties.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DFDWiz.exe-72ECFD20DB8AE2C475856699987CADE3

key	value
file_name	DFDWiz.exe
file_path	C:\Windows\system32\DFDWiz.exe
hash_md5	72ECFD20DB8AE2C475856699987CADE3
hash_sha1	513C71900C4F04A2C681D2ED2ED169C3F0D0A3D3
hash_sha256	60CD7954BBE02422F9C28FC95B234426615D3F5DBAF7F7D2B733ADA657C6D406
hash_sha384	F0DAF0EA40008C78C03E000537A8397B2049C7EF206BE435A1A184A75A5D2D6DC279AF77A02E6864444FD9E4472778A9
hash_sha512	08F818FEDF4F2F96FB972869A21CE6E5E2735EA8672FCA3B95D52E14FE1E3E9F8A73FB9295DD718073773B76B430019F56522B38FDB60AAE6ADF20D33880B14F
hash_ssdeep	768:gnm5UETuFLczkNQ9GHQx4oj0GZND7k1Uk9wFO6Omc0G0zmjuHShGF:XS9g9nZDjO6DS0SLhG
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Disk Diagnostic User Resolver
meta_original_filename	DFDWiz.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dfrgui.exe-DE723C6B0D294576C1258CC6925D4E7B

key	value
file_name	dfrgui.exe
file_path	C:\Windows\system32\dfrgui.exe
hash_md5	DE723C6B0D294576C1258CC6925D4E7B
hash_sha1	A19F962C447DE9F0A98360AC3484672A48C33DAF
hash_sha256	D5E151E700B5AC51AC3B0BEC9BA1B8E57DC332E151A6881BF190A41F4149D879
hash_sha384	8CCA1BB676CAFED8C16D609E2A3BB434250F8D52A5F34FF157B2E368C6DDA0A7845192B25B6F10770AC26AB3BC3E325E
hash_sha512	4AAE612BFE7AE9CBEC539CEB204E66A0DAD3193A6CAF950FF2B37383C3D71AB362E50C7BD146AAF0753B1F8A9BBD9758ED11859813B70302F665B0109E49322D
hash_ssdeep	12288:45iMQWh2e8Xu3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7:foWu3/kRc4l6g6gtPbcHn7q
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Drive Optimizer
meta_original_filename	lhdfrgui.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dfsrdiag.exe-F8A3CA53C9A2BDB74B031A11B7ED35E2

key	value
file_name	dfsrdiag.exe
file_path	C:\Windows\system32\dfsrdiag.exe
hash_md5	F8A3CA53C9A2BDB74B031A11B7ED35E2
hash_sha1	ABEE7CDADBD67245F7FEEAE67290B83F5460FC65
hash_sha256	477D379C5C5F3862E6815F741C924BFA24F3A32A0709CF21BFEE45545652FC24
hash_sha384	674815EF34E984E008186DECABB9DCDF2FA913081F27D84E2417043F24CA1C348BFF56FB0D127835E737C02F8644EB9D
hash_sha512	95AF37ACFC6744D1E009426FCFB56410022AD276ED66B39A7DC38FADA516A63924F79789D9B76EF0A35EF9C6163135F0BB9AACFBEA99F3DA0C7DF1AEC6B1CDCB
hash_ssdeep	49152:7l5Bt5M1P5YkK0DtaVBJ10lMuEynUiuSJk/rwjR45P6mxkn:PBt5Y/KOz
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DFS Replication Diagnostics Tool
meta_original_filename	dfsrdiag.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2999 (rs1_release_inmarket.190520-1518)
meta_product_version	10.0.14393.2999
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	[ERROR] Unknown Command <-help> DFSRDIAG - DFS Replication operational and diagnostics command line utility SyncNow - Forces replication over a given connection; ignore schedule for n minutes StopNow - Stop replication over a given connection; ignore schedule for n minutes PollAD - Trigger a sync with the global information store in Active Directory Domain Services DumpAdCfg - Dump AD configuration settings pertaining to a certain member DumpMachineCfg - Dump service-wide configuration of a given server hosting the DFS Replication service StaticRPC - Set static RPC port for DFS Replication Backlog - Display the backlog of replication data to send from one replication group member to another replication group member GUID2NAME - Translate GUIDs to user friendly names PropagationTest - Test replication progress by dropping a test file under replicated folder PropagationReport - Generate a tracking report for the replication progress of the propagation test file FileHash - Displays a hash value identical to that computed by the DFS Replication service for the specified file or folder IDRecord - Displays the contents of a replicated file's ID record ReplicationState - Displays the updates that are currently being transferred on inbound and outbound connections

dialer.exe-52BCE70E1E4701C0113C6A49F6424DEC

key	value
file_name	dialer.exe
file_path	C:\Windows\system32\dialer.exe
hash_md5	52BCE70E1E4701C0113C6A49F6424DEC
hash_sha1	8C56E4914F7A7AD78582329D98D6B6A78E15565C
hash_sha256	4F4BF6FC3338E2BB14CC6814DB8CCD9CCEF1F39938EC051A77DD31F69BADC600
hash_sha384	1A1F8163406590C6299E8C29B160AA279A1153EB0E2A29D0FE193221595452E804C736111B385F088976E7CE0042915C
hash_sha512	3EF881B5C6F6EF31699CD8248B015FF79FBE1D4A582A34F9186345F98AE8B7FC0877429C3A07BCB25457ACA66505C85E997E058269F8BC6680B9B46E86CB4FDF
hash_ssdeep	768:bft/qZZYgutzQN6TP00/SOZpjfZz52ySWDcI6ICRfrid:Lt+WwY0oPl2ySmcI6IUid
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Windows Phone Dialer
meta_original_filename	DIALER.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DIMC.exe-C8462C3F318849C08C28B1E68D24D5BA

key	value
file_name	DIMC.exe
file_path	C:\Windows\system32\DIMC.exe
hash_md5	C8462C3F318849C08C28B1E68D24D5BA
hash_sha1	C09D63EC8EAECE1E9B11059D66780F6C8647DB87
hash_sha256	D9C6DE64B45C3B8657C5DF00813F0EAF3A8B45F3614DD046C5B71DD955567B22
hash_sha384	DB4085984BCAE675127BA87F67FB0CB4AE505CB98C6DE1CFE74E779521A5005E7DC9B4E5F3FFAA64EA4D31791EF5549B
hash_sha512	DB718BD1FAD1AC0E70F77A8CA73D693E15E5848AC901FF696CD25A3CDEA701AF4F7A0A97DDA6C76891FFA39FCF06A825F3139350269A5F5DCD276AB94C9ADB63
hash_ssdeep	384:gdYKO3GR/jE3y7gqn8udp+olZ0KQ+U46C7mYeeCFUO9/0Kh1l2HsedmAzYLMhG4G:gpWXq8u2YZVRz7S3CmkYLMhG40x
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Deployment Initial Machine Configuration Tool
meta_original_filename	DIMC.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	\nDeployment Initial Machine Configuration Tool:\n\nUsage: DIMC.exe -UnattendPath <Unattend_file> -HivePath <IMC_hive> [-SequenceNumber <Sequence_number>] \n\n -UnattendPath Specify the path to an unattend file.\n -HivePath Specify the path to an IMC hive.\n -SequenceNumber Specify the IMC sequence number. This is optional.\n -? Display help. This is the same as not typing any options.\n

diskpart.exe-07B2CEDAADC8202D201A1E8552737BE9

key	value
file_name	diskpart.exe
file_path	C:\Windows\system32\diskpart.exe
hash_md5	07B2CEDAADC8202D201A1E8552737BE9
hash_sha1	EEF86A653F127486C5D1E1468D85CDE2653316BE
hash_sha256	BFD5377E93863AA5CCC8233C09BE14C54CE7731062CBA5BD319B2A1E2955EA1D
hash_sha384	A0EF0E5F8A2ED394EF0F21498171678175DEA8EC6756A41CC534D4FD762FACDB3E007F839C913FD2642875530C27AA92
hash_sha512	F7ECB3946F90DA26B78D7DF0777CD95A66D03582E7F3FDAD4B4B724EC4A8A47792368CADD1D410C663980B09C55AFDBC4265ED6719550A915715833CAD6EFE02
hash_ssdeep	3072:NsJf/qp9FzpbpBogl7WIJ2FO8FzYDdA0WJuTxI5I8q9QxraM:qJXqp9FF9qggFtOdzWJga5cY
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DiskPart
meta_original_filename	diskpart.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft DiskPart version 10.0.14393.0 Copyright (C) 1999-2013 Microsoft Corporation. On computer: default-pc Microsoft DiskPart syntax: diskpart [/s <script>] [/?] /s <script> - Use a DiskPart script. /? - Show this help screen.

diskperf.exe-26FF50708FB975D7DF334460ABE5899A

key	value
file_name	diskperf.exe
file_path	C:\Windows\system32\diskperf.exe
hash_md5	26FF50708FB975D7DF334460ABE5899A
hash_sha1	CC45C6D879622CD9810467930A93684F33952D3D
hash_sha256	BFAA29161F3A1C6B7E427EA7A7BD39FCF47BF84448B3800E2ED686B062453F71
hash_sha384	06A85DDCC755F5B3C2C7E1FFB31529D4CC1D6DAFD058E736F3228F9DE70C11C160885BC62BC400D66DF99E552E7EBCE3
hash_sha512	A10BE643CC0C0A6A8BE85B4D667E502A0B7DF0F03630CBE39B4CB1A339E605BF697022C66275FA37BB96271158C1FEA6C5380F71FDC71D9C93A817C19EAF8DB1
hash_ssdeep	384:79rok9TCGqAaRXvKnORtGbUfjSXRy5goyiOMNbZNisLP9eJ9W8JW:7T9TCGqAQKnORX0iiiOMNzimP9m9
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Disk Performance Configuration Utility
meta_original_filename	DISKPERF.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	DISKPERF===================== Starts and stops system disk performance counters. Used without the command switches, DISKPERF reports what disk performance counters are enabled on the specified Windows 2000 computer. Disk performance counters can be specified to report the performance of the individual physical drives, or the individual logical drives or storage volumes. Note that these two sets of performance counters are measured independently. The user has the option of enabling and disabling them independently using the command line switches. NOTE: This command can only be used to control remote Windows 2000 systems. In newer systems, these performance counters are automatically enabled. DISKPERF [-Y[D\|V] \| -N[D\|V]] [\computername] -Y Sets the system to start all disk performance counters when the system is restarted. -YD Enables the disk performance counters for physical drives. when the system is restarted. -YV Enables the disk performance counters for logical drives or storage volumes when the system is restarted. -N Sets the system to disable all disk performance counters when the system is restarted. -ND Disables the disk performance counters for physical drives. -NV Disables the disk performance counters for logical drives. \computername Is the name of the computer you want to see or set disk performance counter use. The computer must be a Windows 2000 system. NOTE: Disk performance counters are permanently enabled on systems beyond Windows 2000.

diskraid.exe-F416B737B95745072FD5C10B0D97179F

key	value
file_name	diskraid.exe
file_path	C:\Windows\system32\diskraid.exe
hash_md5	F416B737B95745072FD5C10B0D97179F
hash_sha1	A234A13339D4EA894546CFBC9F0415C0DD43FF9B
hash_sha256	7667FE2E4416321EDF29B17DE47E7DE83E2C97F558F5581D50F85EDE0F7FAE34
hash_sha384	4E516F48BF5AB72EBCEA9F45F3103249F34F1567C727FC5554B0F51A7D8A65529C614FFD871D4F58A1F7DC2F982781A9
hash_sha512	93246A6DC25B5A9DACD5E508D8453F201858A7833DEE738A45B8F4890108CFC296BD08BB1EAAEC5150A7EFAD9A7E4423FBF3FEB62971C1C40E7292F8898F2A2F
hash_ssdeep	6144:RvjlYPBi9Lh00wkw/Legq7x/qoRDG6Zsgo4SPVzU:RvjEewJTM1qKD58
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DiskRAID
meta_original_filename	diskraid.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft DiskRAID version 10.0.14393.0 Copyright (C) 2003-2013 Microsoft Corporation. On computer: default-pc Usage: DISKRAID [/? \| [/s <script>] [/v]] Launches the DiskRAID application. /? specifies that DiskRAID should display this usage text. /s <script> specifies that DiskRAID should execute commands from the script file at the location specified. /v specifies that DiskRAID should run in verbose mode, printing out additional information about each command being executed. Examples: DISKRAID DISKRAID /v

diskshadow.exe-5A6926E132B7A3F3319E825A88BCAD61

key	value
file_name	diskshadow.exe
file_path	C:\Windows\system32\diskshadow.exe
hash_md5	5A6926E132B7A3F3319E825A88BCAD61
hash_sha1	93483D6F002E96440D8FC7FA18614FAB20484C35
hash_sha256	8D556F8CA5588872AB80EE7DCF93B0EEE4CD2596A454CC7ADE4EA7CED3F8D7D8
hash_sha384	A2531D1D56EA27159C3D12057217A164616DFFF2FDAFCB696220B17C078F3422CA75E5FD0F946C8907DA3959DBA6743B
hash_sha512	48C5A07C65C6AE2CD49FEA76C1DFD49240A11639C8BDECFB13AAF6FDB876722632EC04FCC92C72E2048DB441E1AD0CD4CE8B182127A50F8C740B003C58B9A381
hash_ssdeep	6144:4+AcTyT0wvhfrLNAId0pDBJPWze96xTj0z5u9lghTk2g:4+AcdoJPOId0pDBJye9A0z5u+g
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DiskShadow
meta_original_filename	diskshadow.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft DiskShadow version 1.0 Copyright (C) 2013 Microsoft Corporation On computer: default-pc, 6/4/2020 4:10:50 PM DISKSHADOW.EXE [/s [param1] [param2] [param3] ...] [/l ] - Runs script mode DISKSHADOW.EXE [/l ] - Interactive mode /s [param1] [param2] [param3] ... [paramX] - Script mode. Include environment parameters in script using %DISKSH_PARAM_1%, %DISKSH_PARAM_2%, %DISKSH_PARAM_3%, ..., %DISKSH_PARAM_X% to reference [paramX] above. /l - Output log file

DiskSnapshot.exe-AA2947CE60C08B3C728994938AD03BFC

key	value
file_name	DiskSnapshot.exe
file_path	C:\Windows\system32\DiskSnapshot.exe
hash_md5	AA2947CE60C08B3C728994938AD03BFC
hash_sha1	F04C0220A87DF743A936D58C4F7C42A3AF0B0CCC
hash_sha256	9F677C2796047B08BDC6EE30FB9DD5C4BB0948726B34D97B880A46AF580D0859
hash_sha384	131399E36947292431036DD66ECDA05E41A50FD2F5A0EACFE252EED9C15BCF81FED9B9D3E6F464B7860A149E6FB110DC
hash_sha512	70CDE99FA111C967FB873528280BB68212BB363DD747A92B26D63540097558F23BBE2FFEAC9CC25B76ACAAE5878578067A14B4E84B545672B1A679466142F821
hash_ssdeep	1536:oUXgqagabifeWsFMtGhynZrsjTD7wObLRaecOPfGeLIcY+xAz4qgfXEGRdx:vGWsFMtGhynZrsjTD7wObLRaecOP+eMy
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DiskSnapshot.exe
meta_original_filename	DiskSnapshot.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	conhost.exe
error	DiskSnapshot.exe [options] -c console output -i (deprecated) detail data to console -s (deprecated) summary data to console -u process large volumes (no limit) -j [config] specifies an alternate config file -w [output-file] dumps MFT to a file (v arg required) for testing or reparsing -r [input-file] parses a previously dumped MFT file -v [volume][path] specifies volume(+path) to process, e.g. "d:" or "d:\foo" -e prints out escalation keywords -p disable privacy

Dism.exe-707C25B81CE66CCBC5112AC07C980909

key	value
file_name	Dism.exe
file_path	C:\Windows\system32\Dism.exe
hash_md5	707C25B81CE66CCBC5112AC07C980909
hash_sha1	77D5C21D5630CF674ECD1AE8C7928CE13B79B40F
hash_sha256	FFA65D0286EF4016CCE89ABDFB5B6CB30996BCC00FE7E8F440B9AF565179E9DA
hash_sha384	DB6851FB21595A48334FCECEDD58D11A8051628B96774FA091DDDBD19633B6CD5BAB6D474240A4B764EF5D2243E9DF40
hash_sha512	A550267DB255D5C9B62867D496C9365EEBDE3D1CC9FBC7D3C00D7430EB6E5F58EE66132462AE03E9E19338946416CD301B8507E2EC8BF945A9FDDBB270F9E570
hash_ssdeep	3072:rzNZ1tcy1sjPuoBI95tHlaTXhdbSr5eWVWtQiZT0i8hBo+ai+4nr54:r5Z3cAsbuoBOMTXCwWi1cBoybr+
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Dism Image Servicing Utility
meta_original_filename	DISM.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Deployment Image Servicing and Management tool Version: 10.0.14393.3241 DISM.exe [dism_options] {Imaging_command} [<Imaging_arguments>] DISM.exe {/Image:<path_to_offline_image> \| /Online} [dism_options] {servicing_command} [<servicing_arguments>] DESCRIPTION: DISM enumerates, installs, uninstalls, configures, and updates features and packages in Windows images. The commands that are available depend on the image being serviced and whether the image is offline or running. GENERIC IMAGING COMMANDS: /Split-Image - Splits an existing .wim or .ffu file into multiple read-only split WIM/FFU files. /Apply-Image - Applies an image. /Get-MountedImageInfo - Displays information about mounted WIM and VHD images. /Get-ImageInfo - Displays information about images in a WIM or VHD file. /Commit-Image - Saves changes to a mounted WIM or VHD image. /Unmount-Image - Unmounts a mounted WIM or VHD image. /Mount-Image - Mounts an image from a WIM or VHD file. /Remount-Image - Recovers an orphaned image mount directory. /Cleanup-Mountpoints - Deletes resources associated with corrupted mounted images. WIM COMMANDS: /Apply-CustomDataImage - Dehydrates files contained in the custom data image. /Capture-CustomImage - Captures customizations into a delta WIM file on a WIMBoot system. Captured directories include all subfolders and data. /Get-WIMBootEntry - Displays WIMBoot configuration entries for the specified disk volume. /Update-WIMBootEntry - Updates WIMBoot configuration entry for the specified disk volume. /List-Image - Displays a list of the files and folders in a specified image. /Delete-Image - Deletes the specified volume image from a WIM file that has multiple volume images. /Export-Image - Exports a copy of the specified image to another file. /Append-Image - Adds another image to a WIM file. /Capture-Image - Captures an image of a drive into a new WIM file. Captured directories include all subfolders and data. /Get-MountedWimInfo - Displays information about mounted WIM images. /Get-WimInfo - Displays information about images in a WIM file. /Commit-Wim - Saves changes to a mounted WIM image. /Unmount-Wim - Unmounts a mounted WIM image. /Mount-Wim - Mounts an image from a WIM file. /Remount-Wim - Recovers an orphaned WIM mount directory. /Cleanup-Wim - Deletes resources associated with mounted WIM images that are corrupted. IMAGE SPECIFICATIONS: /Online - Targets the running operating system. /Image - Specifies the path to the root directory of an offline Windows image. DISM OPTIONS: /English - Displays command line output in English. /Format - Specifies the report output format. /WinDir - Specifies the path to the Windows directory. /SysDriveDir - Specifies the path to the system-loader file named BootMgr. /LogPath - Specifies the logfile path. /LogLevel - Specifies the output level shown in the log (1-4). /NoRestart - Suppresses automatic reboots and reboot prompts. /Quiet - Suppresses all output except for error messages. /ScratchDir - Specifies the path to a scratch directory. For more information about these DISM options and their arguments, specify an option immediately before /?. Examples: DISM.exe /Mount-Wim /? DISM.exe /ScratchDir /? DISM.exe /Image:C:\ est\offline /? DISM.exe /Online /?

dispdiag.exe-2E0521ED2631272D90D5887A7109C20C

key	value
file_name	dispdiag.exe
file_path	C:\Windows\system32\dispdiag.exe
hash_md5	2E0521ED2631272D90D5887A7109C20C
hash_sha1	D7396AD887AEB2DA1D5D1045741CBCFD684098AD
hash_sha256	2FAFF3700BF080D64D0997994C533B57816751E70893A158AF6C7B47D9FD9301
hash_sha384	A3235624D967DF832805EFA3FEA07553C343EF710D8B88DA004CC15E5B301F8CDC2A60F55F1525CBBE9489913298F9EC
hash_sha512	CA3BC7605B220BA691F064F69AF5C794F44C3529EDED9700A905D2BA7BDC1336EAB975A68DAC5EB222D760234C73042A563B3703739132B5F60504A28D002FCA
hash_ssdeep	1536:f+DGiHD+sItZuxWsB81yl/uJkgqQlgzn3/bCZxcd060I+qCIIpX78hWF26Z:fhsBLl/a8z3/bSxcdSINBIpX7iWf
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Display Diagnostics
meta_original_filename	dispdiag.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	Language Neutral
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Logs display information to a file in the current directory. Usage: dispdiag [-testacpi] [-d] [-delay ] [-brightnesslogging] [-out ] -testacpi runs hotkey diagnostics test -d generates a dmp file as well with additional data. -delay delays the collection of data by specified time in seconds. -out path where the dispdiag file should be saved, including filename. This must be the last parameter -DumpIdDiag force Indirect DIsplay framework to dump diag info via WPP -brightnesslogging toggle verbose brightness logging. -ccddatabaselogging <on\|off> toggle Ccd database access logging. -dxgautologger <on\|off> toggle DxgDiagnostics autologger. Requires admin and a reboot. -DodFullscreenupdates <on\|off> toggle if all active display only drivers should process each present as full screen dirty.Output: Name of the saved file.

DisplaySwitch.exe-B1C084BEDCFF3D4AB356687698B1BA82

key	value
file_name	DisplaySwitch.exe
file_path	C:\Windows\system32\DisplaySwitch.exe
hash_md5	B1C084BEDCFF3D4AB356687698B1BA82
hash_sha1	96128150CF6F9EB6E9AE43D4BEE43B2552ED70DE
hash_sha256	94CD03DFB938F5F0A999C77CA7FCC2320F6A8C570AC0F01A99A6DC9440C980D8
hash_sha384	D743933CF1E1544A789D5CCC44C0D501DD7E36121CA97C927F38CC2C223BEB4138E6F4754A02A9F418AF0F6575EC68FA
hash_sha512	B37FE0F7078591824792E9D9D78BB2322EAB626BA053EDB0C1C7812533E8BAEE4DE723B979546113734C33598108267FC4ABE267FC4B3429B390F939857FD0FD
hash_ssdeep	3072:XUG9few5ZOAQuZpxQo4/j5AwR9wqhZsEvkQ86AyLa7eygpPIHl:XUaGw5ZGuxQo4/j5NwqhZLDsqM
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Display Switch
meta_original_filename	DisplaySwitch.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

djoin.exe-111E795B25B9414BE6E43A29093E8C45

key	value
file_name	djoin.exe
file_path	C:\Windows\system32\djoin.exe
hash_md5	111E795B25B9414BE6E43A29093E8C45
hash_sha1	C063495FEF959F6000B0B486AA8A2E7585C03BE1
hash_sha256	FBC1AE96D1EE1A883658C6F9101590777F95F480010ACAC4E7934505B405F507
hash_sha384	6F6A8E24EC115B184FDA07DBF6D725EE9850017F4D1A056FD0083AA929E41FA181DC99E5683B9C953AB6D56CB3054003
hash_sha512	E131E35A133BDF2B6E8926F04413C88C86F1D452F40A26B51C56D1001BD448349C15264F20E7C8A50A6446EEBCA9ED3D2F62A9370E08E328C231F5FB120587B7
hash_ssdeep	768:0E8pWPUVCowgo/fTDGbgNcwYKNgiZcRN5yR/2Ij8FH9Bfv/hX3bfhbj5UmhRQJ6J:D7zzgoTDCUPHZcRiRFGHnvNLfZKCRQJ
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Unattended Setup Generic Command For Domain Join
meta_original_filename	djoin.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Usage: djoin.exe [/OPTIONS]\r \r /PROVISION - Provision a computer account in the domain\r /DOMAIN - of the domain to join\r /MACHINE - Host of the computer joining the domain\r /MACHINEOU - Optional where the account is created\r /DCNAME - Optional to target for account creation\r /REUSE - Reuse any existing account (password will be reset)\r /SAVEFILE - Save provisioning data to a file at \r /NOSEARCH - Skip account conflict detection, requires DCNAME (faster)\r /DOWNLEVEL - Support using a Windows Server 2008 DC or earlier\r /PRINTBLOB - Return base64 encoded metadata blob for an answer file\r /DEFPWD - Use default machine account password (not recommended)\r /ROOTCACERTS - Opt. include root Certificate Authority certificates.\r /CERTTEMPLATE - Optional of machine certificate template.\r Includes root Certificate Authority certificates.\r /POLICYNAMES <Name(s)> - Opt. semicolon-separated list of policy names.\r Each name is the displayName of the GPO in AD.\r /POLICYPATHS <Path(s)> - Opt. semicolon-separated list of policy paths.\r Each path is a path to a registry policy file.\r /NETBIOS - Opt. Netbios of the computer joining the domain.\r /PSITE - Opt. of persistent site to put the computer joining\r the domain in.\r /DSITE - Opt. of dynamic site to initially put the computer \r joining the domain in.\r /PRIMARYDNS - Opt. of primary DNS domain of the computer\r joining the domain.\r \r /REQUESTODJ - Request offline domain join at next boot\r /LOADFILE - specified previously via /SAVEFILE\r /WINDOWSPATH - to the Windows directory in an offline image\r /LOCALOS - Allows /WINDOWSPATH to specify the locally running OS.\r This command must be run as a local Administrator.\r This option requires a reboot for changes to be applied.\r \r Examples:\r \r To provision a computer account in the domain:\r djoin.exe /PROVISION /DOMAIN /MACHINE \r /SAVEFILE \r Note: Other parameters are optional\r \r To request the local machine to perform an offline domain join:\r djoin.exe /REQUESTODJ /LOADFILE /WINDOWSPATH \r Note: Other parameters are optional\r The parameter is incorrect.\r

dllhost.exe-DA63852A2B0340E94D74EAF0CD444979

key	value
file_name	dllhost.exe
file_path	C:\Windows\system32\dllhost.exe
hash_md5	DA63852A2B0340E94D74EAF0CD444979
hash_sha1	0E33FA9CE0074155F361DB9CB36183431C8FC266
hash_sha256	EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E
hash_sha384	62C2F675957F45AD622C9DD1F7E263F5D97B9134BAAD13732684EC09774A4E8090F6B5B3C79E8C755528CE74742F1138
hash_sha512	1E03CD567B070BA34214E653E8F8A7F1607E99FFDB664ABA80E2F672CDA2117FAE6C1179354644AD0B5F949012C10F8E4ED7B00919F0979FC7F580953DEFABA5
hash_ssdeep	384:17GusqDUSr7YVsFW/5WOlRDBRJalkoU66N:1JisiH1PpoP6N
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	COM Surrogate
meta_original_filename	dllhost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dllhst3g.exe-DC9817C8F88FB51BEC1F2A16A2AC5234

key	value
file_name	dllhst3g.exe
file_path	C:\Windows\system32\dllhst3g.exe
hash_md5	DC9817C8F88FB51BEC1F2A16A2AC5234
hash_sha1	2E1A191839B8D8BE20AD3495FD8990DD725E517C
hash_sha256	B9C234164A34312D92034B49BB8BC29C8F676C3CD974375490438120CAFBF6FE
hash_sha384	22C32AF6F32B8EBF1A28D622437AA0D4E01B00A7DA47CD06626B0D90EE39934B98038DF3E86FC46A0D82033F8128CB01
hash_sha512	296392EC2EE5B2EF4504C61F6007017ECFED47FAF527B95EEE425B35DE687B33417B177BA2602934734D33C75C4328FC1826DDA6F61943573723BAAF65EB1749
hash_ssdeep	192:n40Y2eSwWhTWsxDEF+HsaHL010pEBswbWCyW:n40UWhTWs6cWs8WCyW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	COM Surrogate
meta_original_filename	dllhst3g.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dmcertinst.exe-5DEF89906DA4AB4BCBB8B9E48338F7BC

key	value
file_name	dmcertinst.exe
file_path	C:\Windows\system32\dmcertinst.exe
hash_md5	5DEF89906DA4AB4BCBB8B9E48338F7BC
hash_sha1	09F843A5A5E94CDA898CB0C6372BE464653D77C1
hash_sha256	82C85CD40108D5259793AD73B63F25BD734BD75880BD67D226DF76E56C63DBC0
hash_sha384	3B4741E186BBA1E13AC139625749C766271EF433CA4359405F2AC9D4FE23E59C6C03412C8538680C8176DE54A6EA773A
hash_sha512	C29B722AB220A872B15743063C082FC3DE49850AB546BA57DE03292C7317064005424B156AEE23D142D23A6BE291EE95BEBCF6C781728DC1FFE46F02693DD2DB
hash_ssdeep	3072:Bi3pKC/eGfWQbEHAoGFiNt8RXsQUyzWYQOQ2qMxbUUaBJ:Bi3pKOeXEiYRNjfQOQ2vxwUaB
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DM Certificate Installer
meta_original_filename	dmcertinst.dll
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.1066 (rs1_release_sec.170327-1835)
meta_product_version	10.0.14393.1066
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dmcfghost.exe-2F3DE6353E6542ADC3B2B11CDAFCDF7E

key	value
file_name	dmcfghost.exe
file_path	C:\Windows\system32\dmcfghost.exe
hash_md5	2F3DE6353E6542ADC3B2B11CDAFCDF7E
hash_sha1	9DC2A7E8A97ABC8040602F87536928545102FA03
hash_sha256	BBF2CD3259D4EE211F1EC4A0C5F62C5400EE77584AAA1F09E33CD880825528EA
hash_sha384	0B4379075224291ECF09237D0DD71018C763F13B3943555F254EC5BD672D6E93B523DE7BDBE559A60B850CBE80DE6DC9
hash_sha512	D3CB14A4ACC0F15AFD1C99D10E85FC28BEA8D8A69BCE175059B11D3A9B1C4D810D4CD1D35E3C9613E9FDBCF192C56D916D3F6B643920923753D1F30CAC372A48
hash_ssdeep	768:k49Fv2Ei7Y0Dl7IOaojrnNZDahY4owDl0lDGAgkMk57z:rv2Ew0OrnNZDa3D+kAgkT57z
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Host Process for Push Router Client of OMA-CP
meta_original_filename	dmcfghost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DmNotificationBroker.exe-2A3064C51C2187A3587FEE04981BCDA7

key	value
file_name	DmNotificationBroker.exe
file_path	C:\Windows\system32\DmNotificationBroker.exe
hash_md5	2A3064C51C2187A3587FEE04981BCDA7
hash_sha1	A7F5DF9B8BFAAED024A1BCD4333CD9B2F64FADC6
hash_sha256	D012DA52B3A3C739E94AE6A2828BAAF0C9C3AD5FFEDFA14038A9225DD563C256
hash_sha384	588287C0779210482053339FD67A0E58DB6271C0A9810E3D7763698F6028393DDD87D73A8244D350BA6C11E2BFB941EC
hash_sha512	EB8DF7D07B5E2D292747A735F4F52FA805F5DB460405CB3BE2ECB93522FA4C19DFE37396499A5A502809EAA5FAFD35D0A21D3B2265E781553DD703CAA607B9AB
hash_ssdeep	768:9wg2XXdIn24Dzfvv+lj4dhkMl0n5KxxZCs:SNIn24v3v+6diM+n0XZCs
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DmNotificationBroker
meta_original_filename	DmNotificationBroker.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DmOmaCpMo.exe-0EB3D27E3F73231822E8E646028ACB81

key	value
file_name	DmOmaCpMo.exe
file_path	C:\Windows\system32\DmOmaCpMo.exe
hash_md5	0EB3D27E3F73231822E8E646028ACB81
hash_sha1	49A585370FA153E3D088C1509BF24038071945B2
hash_sha256	75D5064A345B0991C2C53A5339BD0D80D7D20FA088E6AAF82FF012AB5C425DDF
hash_sha384	F0CB6570B0668C451223638362895B913F9BDB77583BD3752CEDF7C25F1295C7D7722419850952DA61EA218C883682E3
hash_sha512	15D77C95B8B8C0691B99F544D743530D8E42E7CA053624DFE95C44CA6559F2A120336AA4530C5F1D0FDE0203DE5B643E38548F92FBFDA0BA23765EEA3528EDD0
hash_ssdeep	384:MLxWPh+ywR0bGYid9hpRjrTMCezDi8rVnrMReuU/3upCW6pxeW:9PMywRBPPhpxMX28BnrMLK3omx
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Host Process for OMA-CP Client
meta_original_filename	DmOmaCpMo.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dns-sd.exe-B028C54FA794C275703BF3F3BABDC119

key	value
file_name	dns-sd.exe
file_path	C:\Windows\system32\dns-sd.exe
hash_md5	B028C54FA794C275703BF3F3BABDC119
hash_sha1	4F7DC4A2963A283DF429BB8C751598E415E34B00
hash_sha256	6A27826B490457CCFECEBAF98A01325CC1CCECC81917B156AA1E566D141B520C
hash_sha384	C50C625F60BBF04C8943BF4FF5D3E7D1FD125E376BAF14B4214338DFDB4736CA73C46EECF112FE7CB0CCAAAB5BB5DA5E
hash_sha512	79CA9874EC2B18F70A81A46BC7580786108F329BAB287C0EE4DF30578831A90A40FDFACE604BE8D1AA8738A046F886A610C3FFADAAC48A5164FC7D6004F7CF6F
hash_ssdeep	1536:itKnTo4lhyfVgIqR/z6lFEaXYoeeTOhvU7Cupxrptx1uj9L+4gkF4QSZ:zmfVezaLKeTsvWCKbBWxF4BZ
signature_status	0
signature_status_message	Signature verified.
signature_serial	2B20EB3380792AB011F662C064FDB473
signature_thumbprint	173A28539CA6DAB5AC8C3B995ABAA692F95C5FC4
signature_issuer	CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
signature_subject	CN=Apple Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Apple Inc., L=Cupertino, S=California, C=US
meta_description	Bonjour Console Utility
meta_original_filename	dns-sd.exe
meta_product_name	Bonjour
meta_company_name	Apple Inc.
meta_file_version	3,1,0,1
meta_product_version	3,1,0,1
meta_language	English (United States)
meta_legal_copyright	Copyright (c) 2003-2015 Apple Inc.
error	dns-sd.exe -E (Enumerate recommended registration domains) dns-sd.exe -F (Enumerate recommended browsing domains) dns-sd.exe -B (Browse for services instances) dns-sd.exe -L (Look up a service instance) dns-sd.exe -R [...] (Register a service) dns-sd.exe -P [...] (Proxy) dns-sd.exe -Z (Output results in Zone File format) dns-sd.exe -Q (Generic query for any record type) dns-sd.exe -C (Query; reconfirming each result) dns-sd.exe -X udp/tcp/udptcp (NAT Port Mapping) dns-sd.exe -G v4/v6/v4v6 (Get address information for hostname) dns-sd.exe -V (Get version of currently running daemon / system service) dns-sd.exe -A (Test Adding/Updating/Deleting a record) dns-sd.exe -U (Test updating a TXT record) dns-sd.exe -N (Test adding a large NULL record) dns-sd.exe -T (Test creating a large TXT record) dns-sd.exe -M (Test creating a registration with multiple TXT records) dns-sd.exe -I (Test registering and then immediately updating TXT record) dns-sd.exe -S (Test multiple operations on a shared socket)

dnscacheugc.exe-0E18A714F4532CAA83321D118BB5269C

key	value
file_name	dnscacheugc.exe
file_path	C:\Windows\system32\dnscacheugc.exe
hash_md5	0E18A714F4532CAA83321D118BB5269C
hash_sha1	9D33BFAD9BB96FDE8AF4A5B749E678CFF756341B
hash_sha256	899D181BFBC861C2666E2386113BF49735B1383B5BCF964F1CA1FDF9FA4BAEC3
hash_sha384	606A01D83FA196A91A096A36532B72831149D22C0D7C69DF0D5598C82CAA14DE720AC4AAE6DF2600DF58D437C95602B9
hash_sha512	434FCA561776915641291E732A7256433C98F1A5EA389A48375B93FAA7B79EABA927EBD5720E1DD0FA3BA48892C9981EEF5164A9D48A25E4196071DCF591196F
hash_ssdeep	768:0yziMyvYwaQD8Ck9OP2V1WZnR46iSDSiuy:PziMyn52Vq4qDSNy
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DNSCache Unattend Generic Command
meta_original_filename	dnscacheugc.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

doskey.exe-56BC572C8305144F4C498ABB7E8160A2

key	value
file_name	doskey.exe
file_path	C:\Windows\system32\doskey.exe
hash_md5	56BC572C8305144F4C498ABB7E8160A2
hash_sha1	15E1995CEAC131956607103DB274DE7745AFCAB3
hash_sha256	DBF2E1E11FD57DD0FBB2ACCB08778E6D838F272B3D5E814260044F0B0866B5A1
hash_sha384	136F44DC02EF332B8D24F94CCC477F8892F000844B38303C142F1E28AD6D020D5C1EDBBC7D2517DCAFCA8C7983C537FF
hash_sha512	F9A09DD562580E5440D2A084E1712B97AF804C72DA1B0700AE00BE4DBDBA97BF3012F3706CE2A23D2D6AB2EF8C3069A3D7491A76C032082D5D850BD50954E6BF
hash_ssdeep	384:fvRMoahJprnSidDNEUfXUQp5+5mMV+JUy+t7mPWXiWz:fvRMpfpbSCNPXTIR17m8
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Keyboard History Utility
meta_original_filename	DOSKEY.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Edits command lines, recalls Windows commands, and creates macros. DOSKEY [/REINSTALL] [/LISTSIZE=size] [/MACROS[:ALL \| :exename]] [/HISTORY] [/INSERT \| /OVERSTRIKE] [/EXENAME=exename] [/MACROFILE=filename] [macroname=[text]] /REINSTALL Installs a new copy of Doskey. /LISTSIZE=size Sets size of command history buffer. /MACROS Displays all Doskey macros. /MACROS:ALL Displays all Doskey macros for all executables which have Doskey macros. /MACROS:exename Displays all Doskey macros for the given executable. /HISTORY Displays all commands stored in memory. /INSERT Specifies that new text you type is inserted in old text. /OVERSTRIKE Specifies that new text overwrites old text. /EXENAME=exename Specifies the executable. /MACROFILE=filename Specifies a file of macros to install. macroname Specifies a name for a macro you create. text Specifies commands you want to record. UP and DOWN ARROWS recall commands; ESC clears command line; F7 displays command history; ALT+F7 clears command history; F8 searches command history; F9 selects a command by number; ALT+F10 clears macro definitions. The following are some special codes in Doskey macro definitions: $T Command separator. Allows multiple commands in a macro. $1-$9 Batch parameters. Equivalent to %1-%9 in batch programs. $* Symbol replaced by everything following macro name on command line.

dpapimig.exe-DD32F3C19410E4E7974DBB33229CBD7F

key	value
file_name	dpapimig.exe
file_path	C:\Windows\system32\dpapimig.exe
hash_md5	DD32F3C19410E4E7974DBB33229CBD7F
hash_sha1	073E5BBD34595353510976373C8EDB79511B35F4
hash_sha256	ADB6E4A682D56CEDC4DF75A41271DADC69DDCF0FF03E3AC0F1ECAF6D9E96E48F
hash_sha384	84598CF57B35B705216BD46175AE92725331B7B2E495AB10142D77B87E08E608DE5FFC03A96711896A27A43D80673C6E
hash_sha512	200A8C2DB9D90B7102FC80D00C044A7550BB9772C172D9CF1C5F5296B8AE3AF6E408BB59E63C8415850F89D64CCCBC1763652A3C23B1E7D3015894F68F2904D5
hash_ssdeep	1536:7KLerwUdEMCGGWJ00l3uU1HIED1fCbWpygzU:5rwMeWeSJj16bE
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DPAPI Key Migration Wizard
meta_original_filename	dpapimig.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DpiScaling.exe-C1E219912D2237CB6661F7DAF20CC4DD

key	value
file_name	DpiScaling.exe
file_path	C:\Windows\system32\DpiScaling.exe
hash_md5	C1E219912D2237CB6661F7DAF20CC4DD
hash_sha1	5DF3AFF2960BC56017FF8E417B3C0A99CD7A3F57
hash_sha256	10F1143ABBC80AFB70E08A952525E6B4E89F70606869E2A74C408641C23A107A
hash_sha384	1AF600F971B63552C1D4E5DBCB37BB669DCCE75409E9CEC48A6DD797529AA2EC1ABEFEF53D7A89281F9E05540D730C51
hash_sha512	16C77CE35D8748567FDECC557E91B68088229F9133562B98E64C4A461694F8E04A8468F81EB8D969A8E2E5E49DCE37F586C4490C8D2E6D2F5D062CF7D51FE1FF
hash_ssdeep	1536:biGj91OwxgwYfPSqlGv+BNXNvuZS36EDtAZ7jz6dTdMQiMtYwJjD:TDOwNMSqoKXNvuZAFDqXzlzQf
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Display Control Panel
meta_original_filename	DPISCALING.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	explorer.exe

dpnsvr.exe-1FDE0F80845E978984762574963E18C4

key	value
file_name	dpnsvr.exe
file_path	C:\Windows\system32\dpnsvr.exe
hash_md5	1FDE0F80845E978984762574963E18C4
hash_sha1	9E889FDEA47B5B76738A4A319FEE5B60C65CA6C8
hash_sha256	A6AC48AC5B671C2ACE2D5359EA55E9553EE96C15C0D2004F663AF8F905936B5B
hash_sha384	92420F8AF29FC21CD10E7FCD43114A84DE48B906883DA27FECA87C3E8CCA360E828FAF49915D71E6E0577A18EF48D81F
hash_sha512	DC6D50A2F6BE8BC747FCA4CDE7CC1CF4F9764752FDC950BD840A3A97FEE2BC67275D1D1748FEC02218692AAC085BA052C8890719422159DC5D1C6963002A1855
hash_ssdeep	96:P7PZQ7sNjN/2Qz6A7309WaOMJrPgh2xt51EWauWw9:aImzy32WalogxruWauWE
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DirectPlay Stub
meta_original_filename	wcodstub.dll
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

driverquery.exe-996B3110600838030F16B687267316B1

key	value
file_name	driverquery.exe
file_path	C:\Windows\system32\driverquery.exe
hash_md5	996B3110600838030F16B687267316B1
hash_sha1	82D6F1F5AAF4164A176A6F005E586279E19C53E2
hash_sha256	C201D26820B30BDCA8FCDBA7F043EF5A191F6FA1FF8A82F7A56EA6FE449BA4C7
hash_sha384	438A5A316F7CE4BD789A050126BF26B32304F19CB9AABDD91E3F446F1D4D57CAFB2B1E2AC8D3ED4745433882057D26C5
hash_sha512	6D281F089DF8E262195FB9E4939F2F2A4F44012ABAD8741A2E609E73C6E9EFECD15057AB63FF86507EE5E417AC299C193EB8B6E4D993DFB0EAA97AAFE948E040
hash_ssdeep	1536:G7Wb3B2Zx9F7bEF405V2zfj4qXlOSJRiLxYZG8mmVoxqpXN:AO296uzfj4oELLQoxqP
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Queries the drivers on a system
meta_original_filename	drvqry.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	DRIVERQUERY [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/SI] [/V] Description: Enables an administrator to display a list of installed device drivers. Parameter List: /S system Specifies the remote system to connect to. /U [domain]user Specifies the user context under which the command should execute. /P [password] Specify the password for the given user context. /FO format Specifies the type of output to display. Valid values to be passed with the switch are "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed. Valid for "TABLE" and "CSV" format only. /SI Provides information about signed drivers. /V Displays verbose output. Not valid for signed drivers. /? Displays this help message. Examples: DRIVERQUERY DRIVERQUERY /FO CSV /SI DRIVERQUERY /NH DRIVERQUERY /S ipaddress /U user /V DRIVERQUERY /S system /U domain\user /P password /FO LIST
error	ERROR: Invalid argument/option - '-help'. Type "DRIVERQUERY /?" for usage.

drvcfg.exe-EE71E796775C657612D93A7FB2371A39

key	value
file_name	drvcfg.exe
file_path	C:\Windows\system32\drvcfg.exe
hash_md5	EE71E796775C657612D93A7FB2371A39
hash_sha1	D96BE6C6455BB3B867305740D58FCF0B79270D70
hash_sha256	265931E2682BB0FF454C539034261941A4DA854677B2FFC96EFEC6916FE616EB
hash_sha384	F049FBB72AE2B7F9A1361C6FCF12FCBE2F1E55268E2FE6875771A7C8ADD5344A9BA8B3B1ED435A154F288B6DC64DADD0
hash_sha512	B346A353702D340F185BF6DAC474AE67A5B5574173A97537DFBAD86787080057A440AC8D2F0D0BFA2AA29A0A67975AF206CD6F5F1A6A714C77E762356090A651
hash_ssdeep	1536:s0P8+mKFDtocK42SXxC7+0PfuFWjzm1DDew:s0k10pIwxs3fu2zqDn
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Driver Configuration Module
meta_original_filename	DrvCfg.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

drvinst.exe-188CE3916E9FD3D123F38F01F8F8B93C

key	value
file_name	drvinst.exe
file_path	C:\Windows\system32\drvinst.exe
hash_md5	188CE3916E9FD3D123F38F01F8F8B93C
hash_sha1	8C5B77915FD2F67FB0B45609785AFEF0BFA710F1
hash_sha256	C196086017725E8724DAB1DFDFABA9F4B7CFACD47A885BCC81984F8BC78D9F75
hash_sha384	543123421E13AD4B3398E4AA95440D7F73107A5A8A931D1DB19305311BED47DEEA96CEB518445FAFE79679C1200FE2D2
hash_sha512	6553BD32D33CA3D77DF4A1E6E17E12A4A42EEB3BBF3D642FEABD367508D65721EB802B6CD16E72EF64C0306BD42B3AC3B9A863D7D5D5D89C3F50BFE7DE17B839
hash_ssdeep	3072:ibFtPkdahbAIdY1LdxggXlQYUw/pf1YVI9L50b9yoHO5T4ucsiR:6jkda/Y1RmoUMtOrkLT4ux
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Driver Installation Module
meta_original_filename	DrvInst.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DsmUserTask.exe-9F0CE85E4CC2D3DDDBCD11B391CD801D

key	value
file_name	DsmUserTask.exe
file_path	C:\Windows\system32\DsmUserTask.exe
hash_md5	9F0CE85E4CC2D3DDDBCD11B391CD801D
hash_sha1	BC2A19E20713493269E2C400EDF7ED6AD6007B1B
hash_sha256	E2A467FCA75950B2A72CDFC63E415431DFD15EE5BEA1937EC2ABA640BDDAA638
hash_sha384	63AD817588EBFC1E79438CDC7B26482E41C5B97FB3C18FF7D77D6E7CBAC02F54ED9AAAA0F673A59D8484255E95A59285
hash_sha512	3214A110738DC9D0EE87B2ECD44EE1088123E3D6F3B8BC99461C3C5F485EA2100332AAB4C185C046D4C32D0285C7C6B89D6DECDED2DDA892455918424E5297C3
hash_ssdeep	768:FjptAPEVZZ1rg4OAuHvaJ+LDEzVj9yGb1H:JAPEVZZu3iJ+LkyGbR
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Device Setup Manager User Task Handler
meta_original_filename	DsmUserTask.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dsregcmd.exe-35EC92D9C4435C22AAA0DBA710DBE8C0

key	value
file_name	dsregcmd.exe
file_path	C:\Windows\system32\dsregcmd.exe
hash_md5	35EC92D9C4435C22AAA0DBA710DBE8C0
hash_sha1	55EF3D858682BEBD359C90C7679DDD76CC00C3C8
hash_sha256	55AF68BEEEC8F56F931C497EF876D5E204E55257DCDB8E4FCDE498BFCAEDA0D8
hash_sha384	CB2F0501BC0DB0D16D90CAE75FA4FFCEDB19659F8B37BE42EC904942B0DD6D2442CEC82C3FF6323B5E7CA58F4BD9F0BA
hash_sha512	0309518DA33D6AC9C095882EA8F5A9CF34EDF6392CA960945B3C1FA8AE6D87CFCB289CE4FE372BE9F5382EC774EE9F50636B529120D92D9BFCCF699A6CAF1215
hash_ssdeep	12288:2WDjl+NcT1a7sgc1yhu0z5fkZG0yWzvfmhvjLrgUOv+r/L:ZDUNcZa7sgckhu0lfkZGdWrmhLZOv+rD
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DSREG commandline tool
meta_original_filename	dsregcmd.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dstokenclean.exe-F10F9128C93A79D8D1EDAAB19ADEEF5A

key	value
file_name	dstokenclean.exe
file_path	C:\Windows\system32\dstokenclean.exe
hash_md5	F10F9128C93A79D8D1EDAAB19ADEEF5A
hash_sha1	D55FD012F74C2178375805869EB22CED464FEFED
hash_sha256	700F2DBF378F89BFD9C9378483BE76012326D58F906E83B5996A289EC013C8CF
hash_sha384	96B71E53305D890E326A029AF0C4E2B2354773050046F142AA40C79754DBEA3FDE728D442DD766AA789D8E206660FBBB
hash_sha512	6F8027697D240EEB1514958ACD26925B33E93F1CB46FE9520BC91F50B41839184288B28A409899B8F82C0EDFA4C9310EE3C7CAF9159474012F07E581F03EDB19
hash_ssdeep	192:DuhLbbgVPrmg7dOOaYgeCTM1NS2TkvGSGt7Wd9GXkgDARVsDWzEW:DCHbcRs+xCkNS2Qzq7W/gUODWzEW
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Data Sharing Service Maintenance Driver
meta_original_filename	dstokenclean.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dvdplay.exe-9778532E11E1C71F14659D4F9BDB43A5

key	value
file_name	dvdplay.exe
file_path	C:\Windows\system32\dvdplay.exe
hash_md5	9778532E11E1C71F14659D4F9BDB43A5
hash_sha1	9EDD9109441D50E61E6AD26EF6D410DAF644157A
hash_sha256	0E7099CAE6EFD37BD377E780C6D8FAC60B12531A49F05FEBB263CB8BC2AA7E90
hash_sha384	2EB10511F318ED7A4D2F56D3BB04DC3F430AFD84262D13C78835E7737B07CBC06CA1D8D4F2F109CA407FB55B3DE14D03
hash_sha512	5BAB8BB199EE8B388EC591B7168F8977BEB00D1EC3B77A17313852EFD2EF33AEE5F8893E1EBA9B910D9156FB983DC44C2F517811D675CDBEB8607FD06E3B5C11
hash_ssdeep	192:NgJAPtro6MHwpSOvLIX2PX3vq6hw1ramQmQPjhFioW5ZW:NguhHEOjEM/q628JW5ZW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	dvdplay placeholder Application
meta_original_filename	dvdplay
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	wmplayer.exe

dwm.exe-C89F159A577F19F7F03C73C98D29D841

key	value
file_name	dwm.exe
file_path	C:\Windows\system32\dwm.exe
hash_md5	C89F159A577F19F7F03C73C98D29D841
hash_sha1	DE60075CB979D655256F2DB447A22BD366AAEB6B
hash_sha256	B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408
hash_sha384	BA97E1D3BC49A4863EAB1D12A44DBDB1E746A0E675FEDB283CBC82088335A46631AC289CB6D36CD0C279789E1D134D73
hash_sha512	3C7D4A156D926740200A8DA145B1741FA2974D1F76290D3C9DDCCCEC9DB7B192B8D9BDEF1DC318B34EEAC272A08CC7AE48D5B608AA9B34C46517E3825B1F5A53
hash_ssdeep	768:rXu0S+gTySq24Opa3OXX6pTPBuwsDpCpWxCD6Urgb/ng9h+h4J1xnSVa4:rXu+A1z4negTPxmrb/ng94va4
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Desktop Window Manager
meta_original_filename	dwm.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

DWWIN.EXE-F2FF66DDAD0DE9B65D8C98BF30F69F24

key	value
file_name	DWWIN.EXE
file_path	C:\Windows\system32\DWWIN.EXE
hash_md5	F2FF66DDAD0DE9B65D8C98BF30F69F24
hash_sha1	3979D93574A15B64B5667CD0825B9F6DD9526084
hash_sha256	24BF4EFB1F90427F0A039AB8A8080911EEB2315309D899574611BCDDF7F8E751
hash_sha384	E3D4899E531001358BDBD407EE52472084908C6244E29DEB479B22E2055CC019990A2AE995AFEF9DFE106ED6EB07CF0B
hash_sha512	37D7869829C07F06ADEAD94DA25EE826F900C83791DDECA024AE12937F9A045F6917C56EC958A6A6A6431E0D89C0B6AA6D6465F8BD719F84E1913A15C9A3EC5F
hash_ssdeep	3072:fpXbsYMYi0tBM6SMJdInuOl6r6ue3wrlo60S3zixVNRpcK0f:xXbsGiGK6SMguOlacw69KQNRpcK0
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Error Reporting
meta_original_filename	DWWIN
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

dxdiag.exe-547556E6022C3F8814D5C9D59BE746C8

key	value
file_name	dxdiag.exe
file_path	C:\Windows\system32\dxdiag.exe
hash_md5	547556E6022C3F8814D5C9D59BE746C8
hash_sha1	0C84994C79118EFEA4E9F6C60090841491E05C2F
hash_sha256	D035316F6BDF5009934565079CE30EA49A540492780CA476571C904B18C8518A
hash_sha384	0F9D05101649C5B1A958A4FC9FCA05A653AC354085420A4644D3069847B01AA5490F00C5B7C81B1AA906A7D6BD7F6870
hash_sha512	F75FE41AC3AF2CF38556CE5A7A9BD91E55921EDF921F63EEB0C45276A5D5BC4DD456180D0C67618802CE9545BECA3E6D1943F1AF24C3B615335240A68D35209D
hash_ssdeep	6144:Y4ZDzdsA4+M1gjY/zFB/cNSj96KtyhruJhZ26diFkrWKiwHbgJ6fP:E+nYb/hjsKtyhruJ2FkrWKBP
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft DirectX Diagnostic Tool
meta_original_filename	dxdiag.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Dxpserver.exe-946396A1872AF9A926F1A38E836E996C

key	value
file_name	Dxpserver.exe
file_path	C:\Windows\system32\Dxpserver.exe
hash_md5	946396A1872AF9A926F1A38E836E996C
hash_sha1	D3F9807599C5BC767F8A3693D2FBE24D3E5B88A5
hash_sha256	55B7E34965532077A36B9641C9E8D70AEA2AAE40AFE8D53F56E0CC9B5F36A96D
hash_sha384	CD32D692DB2F56AF48711C5A21F5E66B9CABE1294EFCF67138084A6CFBBD1F6C46FA7F35FF3EED9BF3E0BF53729A6D38
hash_sha512	26B661ECE8F0EAAF9561607DF5C7D5E144173A145A1B522E801E4FB62BC98BFBC8B58BA0778280C82809C07AF4674D2BE67CE537AFFA77AD341DE725FA7E29BA
hash_ssdeep	6144:rqalQGj6XpSsYeMUg0cejAUbGhXGoAA2YoqNdd:rqqQBXvGtGYhokd
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Device Stage Platform Server
meta_original_filename	DXPServer.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Eap3Host.exe-272735F369FCFC4496A6662691DA1D9A

key	value
file_name	Eap3Host.exe
file_path	C:\Windows\system32\Eap3Host.exe
hash_md5	272735F369FCFC4496A6662691DA1D9A
hash_sha1	A45FFFBE536F7C6C556FB97F01EC3549C15C6CD6
hash_sha256	32F8CB599F8C8B15C4371EF30214CB0794B5D0F45CCADC9306026485F7573083
hash_sha384	5BB0AA841D2A051AD387A37F00B62212ABB374325C91E9BBFE16FD9F617D0312C9A49A6132AFEA5551C42800F0B3A5DF
hash_sha512	9B28863A360291477A5D5806E8DADE149924BD969B948612853FA42C6B15C05529581704DEB12A59B9F4C876FBBA2D32025A47164A776683EF29ECE3612F7427
hash_ssdeep	384:NVRA0oogaIknVoVWGsJLlxRw6okaSWNaW:nooYknVoVelRokaJ
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Eap Third Party Surrogate Host
meta_original_filename	Eap3Host.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

EaseOfAccessDialog.exe-6CF3E7D021A16A86178F840D787F2E4C

key	value
file_name	EaseOfAccessDialog.exe
file_path	C:\Windows\system32\EaseOfAccessDialog.exe
hash_md5	6CF3E7D021A16A86178F840D787F2E4C
hash_sha1	04951BC22A668CAE0A494D525DAAC1F0ED4F1820
hash_sha256	3FFAE27251606DB5F1D95A667A39CF775B693342C0C17873CC07357AC4B2E64F
hash_sha384	E86D9F626207559B019C3710A717E6BF2B90747D7B1D9C0132BE73D2CBE496CFE89C3F5A3CD4F76589FD9B89A9380DF5
hash_sha512	D29D972ED47CD4BE3CF93FFEB99D0CF0ED7BF11E38767B0A474B10C4B94F92BE376F629C11E249C807303E99AFFAAC3C33811E46D4998B07DFA3637F38C3DCAC
hash_ssdeep	6144:SZ977j5qOj+jn6uFz2LJGRg4kLNnei36cw:SndiFCdUc
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Ease of Access Dialog Host
meta_original_filename	EaseOfAccessDialog.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

easinvoker.exe-F7C513DF8F3281ACC55ADBABD93B7C31

key	value
file_name	easinvoker.exe
file_path	C:\Windows\system32\easinvoker.exe
hash_md5	F7C513DF8F3281ACC55ADBABD93B7C31
hash_sha1	7BB195EBD1AAEDFB7092C0240F8CD2EAF687E4B0
hash_sha256	6DC05888D8026ACD8EBACDD6A54AD8AD64A49DFD1AF9CB8F360089B8362BD002
hash_sha384	A3340939097D3D5F90C32638918124F1E1ABDDC5AC2494E7DF7FFE67973A65A985E22A051385B8D67D80F857E11BB1D0
hash_sha512	C4315F2FBF18E141DCC01F822367090328FA1972F5AD013A4B77455D731757B2856BD2BE9E108977E6C6AC3F452953F7B5AD2133BF66AB1D4F00E286408331F0
hash_ssdeep	1536:ZW95nI6AueECr3lImy2xXib8wwuY/Y1FaS3r2lCPZF:ZOI6AueECjljy2xXib8wwdY1Fr72oRF
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Exchange ActiveSync Invoker
meta_original_filename	easinvoker.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

EasPoliciesBrokerHost.exe-234553BD86C5A1CEB127D293A9D92683

key	value
file_name	EasPoliciesBrokerHost.exe
file_path	C:\Windows\system32\EasPoliciesBrokerHost.exe
hash_md5	234553BD86C5A1CEB127D293A9D92683
hash_sha1	67245181800F72CBD2C80F4EB44AA20D83445A4A
hash_sha256	DB68BDA5C181983E9A7CD4A1ACF5C4FADEE5A21F050EDE2E8CAD6F21718C9FBE
hash_sha384	BA04DDABC095F341D8F3EE91F4BABB227BA5734A32E9C8565497F0FC7AD50AE2E51794B0E6FBFE3B09430E2C43B37957
hash_sha512	120FAC900D05AE9F3B273D4D43E4A8DCAB2DBDB4BEFE5CDDE4FD0731B14CB94158AB564D397DD8C4E157FA6655335B8525EF5939F6ACA6ABA6C8D1AC578C136F
hash_ssdeep	192:z1Ua5/0LPvIEPv9YelabubslKn88YXQrGQKb91XcKwvjpDKcW6HW:z1Us/0L/O1bcslKl3rbbK8jpDKcW6HW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Exchange Active Sync Policies Broker
meta_original_filename	EasPoliciesBrokerHost.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

EDPCleanup.exe-FAE5D9725F3E1BE1214FBD92A190D01A

key	value
file_name	EDPCleanup.exe
file_path	C:\Windows\system32\EDPCleanup.exe
hash_md5	FAE5D9725F3E1BE1214FBD92A190D01A
hash_sha1	C5435D02FD80890EFAD84EEA799AC0E6E8C64F06
hash_sha256	7868D296AF221FCCF8E704A2053F116CE236270634AE2035F61A0976CA4BCF11
hash_sha384	B3A8C90A50240783F3E9CC2BDD5D5A4900DFAB9C5DB232F87D01E1E8219FDEC6253F648411F3DDCC5CDD450F8724B34C
hash_sha512	9E464E6D0DE7500EC3073B24C3B815D88F55CA39B61A5697C95061F8B59DFF08FA5747B09845AAC1CE9D648F03537FBFD45E59C9BF2692AA247CB736230ABA4A
hash_ssdeep	3072:/dVdJM7wEENSLdeUYmqHWxxefY9dcZiDwXxiHV51dLg1vb:/dVdCoUVqH0oA9dcZwOxi51dLgl
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	EDP Cleanup
meta_original_filename	EDPCleanup.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.479 (rs1_release.161110-2025)
meta_product_version	10.0.14393.479
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

edpnotify.exe-B23E719836D235DE85DE688CBB57511A

key	value
file_name	edpnotify.exe
file_path	C:\Windows\system32\edpnotify.exe
hash_md5	B23E719836D235DE85DE688CBB57511A
hash_sha1	3D198B4F108FA284494C7D9257ED403286372EEF
hash_sha256	CB54139B6F0D7F937376665B76540407E4898303276A55A0740C1D8082EE5BF1
hash_sha384	456D39B51FF5C6B9A8986048791E04746320B2B6AA23CD02DE51E4C0EA38B5F9DBE46079DFC266DD1509515487EE45AA
hash_sha512	FA0334BE639B0AACF071B2AA2481A025B8E18A033A1E962B6FC22561B2E54739E4796868EEA89FF2D7BDB0404A11B668176A953D59E34A7CB2E13128610E4D16
hash_ssdeep	768:w9f+ggq0NmeN0NuIw6NiAaupxo2oiMQn5+VecIom0gijQCVmB6hsEIqeBJ:wrg7AxNlZxoO74VeBomndCV9h1Iqc
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Enterpise Data Protection
meta_original_filename	EdpNotify.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

efsui.exe-6DFA1BBB4D2F89DC46BACABC83B6AB95

key	value
file_name	efsui.exe
file_path	C:\Windows\system32\efsui.exe
hash_md5	6DFA1BBB4D2F89DC46BACABC83B6AB95
hash_sha1	9F6277D1AFA76FEC3C85DFBF61E222E27F106C8E
hash_sha256	1106CE6AE6EDFFA752D71F5EFF9FAAB53360CFFC6B224957760FBDC0A7D4FF17
hash_sha384	0281947DCA5C5B28A34EAA0076C44497A29880CA36B42FD574D1788056FB73E7E1035EA68AF73859CF515818EB2B8644
hash_sha512	0E8B0F2F1058361109BB559FC8329349186E5E5C08C3B72E7BE97A426C664E38EDE86202582CD7C275A7D5A278883148AC9621B217A03F9CFD3C62F5052B98D2
hash_ssdeep	192:QdPeMqG5HPL9S0mnuHyhaz0IDomlOe9fYoMDB669GbGmDmTpWSsRW:wP1d5NtHyUzXDorlBmG7TpWSsRW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	EFS UI Application
meta_original_filename	efsui.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

EhStorAuthn.exe-3A8D87E31C85B5F949BF26436D7DD02A

key	value
file_name	EhStorAuthn.exe
file_path	C:\Windows\system32\EhStorAuthn.exe
hash_md5	3A8D87E31C85B5F949BF26436D7DD02A
hash_sha1	7025E50ABE866CCF577AD19726E39BB838D8F7F2
hash_sha256	04A8D05965B6E408BE13D5D1DD1A3BAE139F6A8B2BF01EFE6DE6822147A9CDE2
hash_sha384	945C1FFEC8D2F95FF9B3EE7855B17BA0951C16051ADF5F0661331AEA388730DFDD76950AFF46BF29F7DEA2011E06CD25
hash_sha512	0E428D92C73E4CD847B7F4206E48D35CA23FF5B4CE84FF7152E72109F8BDAA6FA2F64B41A9D8AB1292859D5F2A6708AA64B4D2B7777804C4D659D36C6AE51F5F
hash_ssdeep	1536:miN4wM7tnzIjFScpLv64BI7NrKxycdDRtqhveomgPHA5kG9mQ7N6wMkNaAYG5n8s:mPtnzWpLvRmGdDRAhvxPxQZDFcZIZ
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Enhanced Storage Authentication Program
meta_original_filename	EhStorAuthn.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

embeddedapplauncher.exe-AFD5EE6B9F8A747C59E3FACD27D9EE33

key	value
file_name	embeddedapplauncher.exe
file_path	C:\Windows\system32\embeddedapplauncher.exe
hash_md5	AFD5EE6B9F8A747C59E3FACD27D9EE33
hash_sha1	D4D691B7FC744E24DD4F1AD7F7DFD86BDD36EB11
hash_sha256	5B02D716DA8ECE83C4260D6ADF64B73522D6D1192AB82954591DC3096ECE0A0D
hash_sha384	2117B00BE90DEC66C42313A61E39F3CE0100BB21D877B7E726AA25CDDE27098CAD5649646350CA8F57EAAEE02D86AB24
hash_sha512	67B8362EA22952A1FD1DE339A7A79CF975A6196DB301106F3188AAA2F5B96B89FE8BD1EA999A8E2F1804B57E5EB543D2F145D78E5CF6A6AE2953E0507F836E0E
hash_ssdeep	768:VNnFc/FIjSAwIA68rx9GHooYJJwzckZzyB0E5ho71Pm1I:7OG22e2UBN5hkPCI
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Embedded App Launcher
meta_original_filename	EmbeddedAppLauncher.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

EmbeddedAppLauncherConfig.exe-586054DE183F14002BA454848B3379C9

key	value
file_name	EmbeddedAppLauncherConfig.exe
file_path	C:\Windows\system32\EmbeddedAppLauncherConfig.exe
hash_md5	586054DE183F14002BA454848B3379C9
hash_sha1	7738DEBE60A11EE5D8DABC154E542A917812CCD8
hash_sha256	EC9749889ECD9F62A46740B022683172A88C736515A89DA3793820EC084288AC
hash_sha384	FC1228303B0032195D5C923E399AEC0928B2A6649DD7C1F6990D78F84ED780A44D15154224BBC44E35ED68EE5A63CF5A
hash_sha512	19DD95FE292F7C199975F120DA6A064318072CD81B87169C686772C73CA62491EFB051A60F9286C38C160F50666C10415DE98BCE6970F5C8C39261FED6B529FE
hash_ssdeep	768:Y3Qswq/TISwkYZqVYhHzn3AmFOFbL1PvMoBLoF:HswqsyBOhz3KFbhPvL2F
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Embedded App Launcher config
meta_original_filename	EmbeddedAppLauncherConfig.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	SLCONFIG: ExePassThrough==> SLCONFIG: invalid parameter, can only use /generalize, /specialize SLCONFIG: ExePassThrough<==

escUnattend.exe-C214508E8CBD209D971284159DC36EF0

key	value
file_name	escUnattend.exe
file_path	C:\Windows\system32\escUnattend.exe
hash_md5	C214508E8CBD209D971284159DC36EF0
hash_sha1	676249B6BD418BEC62C31819622CF85012506F9A
hash_sha256	8683E1A4B7A52DFA6B6EDCA8E16FD5B81667FD7F3F4D18F687759DBA6A7FA40F
hash_sha384	AC2E99A2DBFDC14C735DEE5474C7120871F9B6010609FA36FC75C02E06BE47933151AC33FD2BD7B27297DD91BEC40536
hash_sha512	D413DC83250533F5C794D6027C2711B9B92866D618FC9083E609D278810058741D556039FAB78E97B2D13F6EBECB608D9F53935CDAD4024F08EF7358176571B5
hash_ssdeep	1536:YmJfn5EV1YFxso5nJGz09tXQiIWzHrQFm/mwna/LkCNDb:YKXbgHFCa/LkUDb
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	IE ESC 7.0 Unattended Install Utility
meta_original_filename	ESCUNATTEND.EXE
meta_product_name	Internet Explorer
meta_company_name	Microsoft Corporation
meta_file_version	11.00.14393.0 (rs1_release.160715-1616)
meta_product_version	11.00.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	rundll32.exe

esentutl.exe-D4CD32ECE6D3DC2F2B32A45F828078DE

key	value
file_name	esentutl.exe
file_path	C:\Windows\system32\esentutl.exe
hash_md5	D4CD32ECE6D3DC2F2B32A45F828078DE
hash_sha1	3FCF5E1BEB126A3EF8E0C1C2DAEBA18DB3554A98
hash_sha256	6363FBBDB2E8AA68E11D12CF20EE008A86517D93BA155B1A32B5DC9A7AF61876
hash_sha384	AEAF14AC9AF593695E901839D8C500F2D7FF232674C2618B774B886693493293675C50D7039B5CDEC7334F6082CE8115
hash_sha512	8F5EC082873369D4C9CD46F63676EFACDB2A0C720A9E542986003E4F8179DD673BD04F02E52F964ED64A8C7E99374FAC582B314690D934DFAA1588845A07AD9C
hash_ssdeep	6144:Y4BpxWW2iWcKTBxdw8zbYsqplR2JduRFWG0KI3RVY2:xnxWW29FwMbyplR2dumG07hV
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
meta_original_filename	esentutl.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2999 (rs1_release_inmarket.190520-1518)
meta_product_version	10.0.14393.2999
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	conhost.exe

eudcedit.exe-BE25BBC85EB503BF8128ADAD7D971A61

key	value
file_name	eudcedit.exe
file_path	C:\Windows\system32\eudcedit.exe
hash_md5	BE25BBC85EB503BF8128ADAD7D971A61
hash_sha1	60364017E91E5992769343CD48EAF5491C1A908F
hash_sha256	A3D0B2683FF84CFB46650A67D50E1794C6CF3DCD0CD6CE1B974595F61CCCBD6B
hash_sha384	47DBA09C81B3F802A0B163FBCD83BF57FD0E3AB503E4B8664DEA6770C947BA86310941C59A8EDF7A296D4F24B13230A0
hash_sha512	424D42ABA6586FDD4354E6DD384E7905514E15EED233EF41E86C08191FCD6C39FF97D46FF35BD22A8307D1E49642F6F284AB3483049F6309208887C5E63B69FF
hash_ssdeep	6144:J7wfr3En31gvKzIjhAuymPgpwl4TWxx5tY0Fo+1PZSqtYV:Zwj3EnFu8pwKOx5+u13tY
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Private Character Editor
meta_original_filename	EUDCEDIT.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

eventcreate.exe-1EDA7FDF4B09E1582A7DAC5FEFFE0894

key	value
file_name	eventcreate.exe
file_path	C:\Windows\system32\eventcreate.exe
hash_md5	1EDA7FDF4B09E1582A7DAC5FEFFE0894
hash_sha1	9F442376B6ED94DA2DCB47F1B851153488D0B909
hash_sha256	AD90D99135B3E443F3DEEA5B40199CE5B83CCB0964FD9AC3F11B9224766ED7BA
hash_sha384	A18DAA92750CE6469B345A7E40C70D450240335D3E612F1F6D7541E88CB24D04EDF902057AE685E34BFE1BE54F50981A
hash_sha512	31F345ADEF864E8DB02439CE8191DE06EA924FAD6F3CA040593A9F6275D40D8E758B320C3DC2542A5E5B6C5F911F4A0E0E8AD5B7BE65604872D54BC755BB86D4
hash_ssdeep	768:9I2semKXr+5bjQNAWDnm8pKNtO3VcItPTxlCXHYQNt0y3SJXaT1oA:W2bnrFnpFTP6HYQN6oS5aBoA
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Event Create - Creates a custom event in an event log
meta_original_filename	evcreate.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid [/L logname] [/SO srcname] /T type /D description Description: This command line tool enables an administrator to create a custom event ID and message in a specified event log. Parameter List: /S system Specifies the remote system to connect to. /U [domain]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /L logname Specifies the event log to create an event in. /T type Specifies the type of event to create. Valid types: SUCCESS, ERROR, WARNING, INFORMATION. /SO source Specifies the source to use for the event (if not specified, source will default to 'eventcreate'). A valid source can be any string and should represent the application or component that is generating the event. /ID id Specifies the event ID for the event. A valid custom message ID is in the range of 1 - 1000. /D description Specifies the description text for the new event. /? Displays this help message. Examples: EVENTCREATE /T ERROR /ID 1000 /L APPLICATION /D "My custom error event for the application log" EVENTCREATE /T ERROR /ID 999 /L APPLICATION /SO WinWord /D "Winword event 999 happened due to low diskspace" EVENTCREATE /S system /T ERROR /ID 100 /L APPLICATION /D "Custom job failed to install" EVENTCREATE /S system /U user /P password /ID 1 /T ERROR /L APPLICATION /D "User access failed due to invalid user credentials"
error	ERROR: Invalid argument/option - '-help'. Type "EVENTCREATE /?" for usage.

eventvwr.exe-16DF74906C84D249F47C3709F47DF6C3

key	value
file_name	eventvwr.exe
file_path	C:\Windows\system32\eventvwr.exe
hash_md5	16DF74906C84D249F47C3709F47DF6C3
hash_sha1	59261042EC9AC6995A074C164782559C48E1BCB2
hash_sha256	1501986365AE248C8E4998ECADD52F44ACF9E31D05FA10B0C324DC12D4A5C07E
hash_sha384	C4A2FD7E1BFC2D8C16C21BDD84C22F5FAABCCEB7EFFE20AD3FD9FA30A84DE95CC42A1F5E5033CB8A9B00F4D798AB791E
hash_sha512	C890DACC11422B9EA28C76A42D4E7506C6C1C2CDFF22FA8B76E8527D40E4BAB3FE01131FDBA34E8D73CCE9E326C3F7BA3A34340AA5C2ED4C670EF40F68213EAE
hash_ssdeep	1536:8T4XMjSj5IMfoJUhSU6nPlTggJ2oj71BgR/Vp8dY14:88Z3lhzslTZJ9j7Heb8C14
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Event Viewer Snapin Launcher
meta_original_filename	eventvwr.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	mmc.exe

expand.exe-700328EA375572AA173E72932AAC389E

key	value
file_name	expand.exe
file_path	C:\Windows\system32\expand.exe
hash_md5	700328EA375572AA173E72932AAC389E
hash_sha1	068EA7377D30066A4340F9F7525C56B32F7AA202
hash_sha256	83EA7A5C7634EEA15F4460417658120E1B2FC2C706B0D3468231FD47266086FC
hash_sha384	CD8103889FC4597313F764538B665C88FAA138ACEFB64C431D9075A49E212376C244061D21C447D3E802F2807A07E1A7
hash_sha512	31F03FF8F42F3719BE40EA48B3A68E3D1979A492236C346FC2D8C324F07647AE67E9631799ACDD93E0B3AB4DF8F1C3013E14281DA26B6DE5103EE09EF9ECE146
hash_ssdeep	1536:zXf4VOsHS2ENfKm1TFcdK5fHuYHwrBDn:TQHSHNH1TyeuJn
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	LZ Expansion Utility
meta_original_filename	expand
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	5.00 (rs1_release.160715-1616)
meta_product_version	5.00
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft (R) File Expansion Utility Copyright (c) Microsoft Corporation. All rights reserved. No destination specified for: help.

extrac32.exe-052CB6F7404214AD775D74324E756053

key	value
file_name	extrac32.exe
file_path	C:\Windows\system32\extrac32.exe
hash_md5	052CB6F7404214AD775D74324E756053
hash_sha1	F2A15B3A070B3DF2A2C4ADEF2FD60086BB52B6DF
hash_sha256	2B44ACF71844632F2F24A622EE152AF553AEA63B12A42BB90095111AE13C6913
hash_sha384	5D48FFCAA2ABCB54454E15234F73F0D93E8500FFF4387FDE4E0E34AA1D5D8F587FA1850C4F0EEF02AA82E232F8754FF0
hash_sha512	0C6EE7FBBAAD15EE3EE8DB2AF2AF7962E318187E0279304C0C5445E80C3F14A785DA09CBFE67C2D2E6CEA5589D446B5A5571E7084A9B26CEE65096D209CC92D1
hash_ssdeep	768:yQHk2EjPHGCTK4dhdYHvH9XFoDxeaPGoZw2YJ9cDH:HmHGCXKHvH9XFexeqG3JJ9cDH
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft CAB File Extract Utility
meta_original_filename	extrac32.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	5.00 (rs1_release.160715-1616)
meta_product_version	5.00
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft (R) Cabinet Extraction Tool Copyright (c) Microsoft Corporation. All rights reserved.. EXTRACT [/Y] [/A] [/D \| /E] [/L dir] cabinet [filename ...] EXTRACT [/Y] source [newname] EXTRACT [/Y] /C source destination cabinet - Cabinet file (contains two or more files). filename - Name of the file to extract from the cabinet. Wild cards and multiple filenames (separated by blanks) may be used. source - Compressed file (a cabinet with only one file). newname - New filename to give the extracted file. If not supplied, the original name is used. /A Process ALL cabinets. Follows cabinet chain starting in first cabinet mentioned. /C Copy source file to destination (to copy from DMF disks). /D Display cabinet directory (use with filename to avoid extract). /E Extract (use instead of . to extract all files). /L dir Location to place extracted files (default is current directory). /Y Do not prompt before overwriting an existing file.

fc.exe-4F9FD9C32055BD713F974DF655A1A834

key	value
file_name	fc.exe
file_path	C:\Windows\system32\fc.exe
hash_md5	4F9FD9C32055BD713F974DF655A1A834
hash_sha1	B7DE142BDCF56551C4FA0F20AEF96428F4BEBD45
hash_sha256	FD9E665C2CB62778A6E7AB2C9F3B78700F8C6E16B0555E3AE1E73F3996A23F07
hash_sha384	865923343CE0D0633B490D8DA7AF913D6101EEBD7335F78F880084F9BC8490C23A9470BA31FE759ECAB0941793C64777
hash_sha512	A2B5BA13D42EC3FCB28BAE9EEC38AF857EA9D5131C186C50996F00028E394E6F78A94B658617EE11ACA7D03FEFE342315447CE3169A32BFA4C5A4D15B6E5BD13
hash_ssdeep	384:uuZasabyl+bHLdPGNu59VpoVfO5HyfTC9A8ih8eWrqYW:nasa+l+l2u59oVkyLCFrq
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	DOS 5 File Compare Utility
meta_original_filename	FC.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Compares two files or sets of files and displays the differences between them FC [/A] [/C] [/L] [/LBn] [/N] [/OFF[LINE]] [/T] [/U] [/W] [/nnnn] [drive1:][path1]filename1 [drive2:][path2]filename2 FC /B [drive1:][path1]filename1 [drive2:][path2]filename2 /A Displays only first and last lines for each set of differences. /B Performs a binary comparison. /C Disregards the case of letters. /L Compares files as ASCII text. /LBn Sets the maximum consecutive mismatches to the specified number of lines. /N Displays the line numbers on an ASCII comparison. /OFF[LINE] Do not skip files with offline attribute set. /T Does not expand tabs to spaces. /U Compare files as UNICODE text files. /W Compresses white space (tabs and spaces) for comparison. /nnnn Specifies the number of consecutive lines that must match after a mismatch. [drive1:][path1]filename1 Specifies the first file or set of files to compare. [drive2:][path2]filename2 Specifies the second file or set of files to compare.
error	FC: Insufficient number of file specifications

find.exe-1E16116CCE7317C0E87559DA23A4EAD3

key	value
file_name	find.exe
file_path	C:\Windows\system32\find.exe
hash_md5	1E16116CCE7317C0E87559DA23A4EAD3
hash_sha1	5A27FC19C8D3650727766805E322923E9368D308
hash_sha256	40C0EC6D7371D316BC1F0ABE80D0236F613C9FB88DCE2D9B5D5FD4A1A59E8B49
hash_sha384	312B46906A6018EB473174ED861730201D14A5DDEA772A85563FF70B04339F47EF2E368301C1610CE84772D604DE9CCB
hash_sha512	B208C44FC04033B7012D9B553DB244DC3B052E7166B36AA438324471FDD11FAC46CB310B4AD21D16B3F17141A3CBD18C1964EB95E39AECA6D2CB38EEDB73ED96
hash_ssdeep	384:RCWraD3RofPNirga9u0ODAa7geWFLW9IWf:R9GFofVFNCa7gem2l
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Find String (grep) Utility
meta_original_filename	FIND.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Searches for a text string in a file or files. FIND [/V] [/C] [/N] [/I] [/OFF[LINE]] "string" [[drive:][path]filename[ ...]] /V Displays all lines NOT containing the specified string. /C Displays only the count of lines containing the string. /N Displays line numbers with the displayed lines. /I Ignores the case of characters when searching for the string. /OFF[LINE] Do not skip files with offline attribute set. "string" Specifies the text string to find. [drive:][path]filename Specifies a file or files to search. If a path is not specified, FIND searches the text typed at the prompt or piped from another command.
error	FIND: Parameter format not correct

findstr.exe-15B171EC73E7B71F4EBB4247E716271E

key	value
file_name	findstr.exe
file_path	C:\Windows\system32\findstr.exe
hash_md5	15B171EC73E7B71F4EBB4247E716271E
hash_sha1	C6F01014D0CDCE1D77FC8C2F79447C28D8B8C9AD
hash_sha256	2956F7BC863498DFCC868CE7DF4C9C131A4A5C17B065658456AFEF7566ACE1EE
hash_sha384	262436CD83B35800766C12218A17C397112BB58EC405370867BD7D75E1C79AFD57829C73B3C875B7C3C352D0F9E68A1D
hash_sha512	0CB3F8B77C4CA0AA972A3D46D5C85200C09EFEF454100A4FBC5A3D751483C30F4C32437537387C6F036F81E7D237950C9AD60D4B296A7D119C5C256D21424271
hash_ssdeep	768:fkwYjv0u6An0gwwAX4AwXu3CAXtIcTgVGe1GUR+jKR0TqS92IINKdR:fcbI20gtcXhXtIc8VkURV2TqSAIIodR
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Find String (QGREP) Utility
meta_original_filename	FINDSTR.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Searches for strings in files. FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file] [/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]] strings [[drive:][path]filename[ ...]] /B Matches pattern if at the beginning of a line. /E Matches pattern if at the end of a line. /L Uses search strings literally. /R Uses search strings as regular expressions. /S Searches for matching files in the current directory and all subdirectories. /I Specifies that the search is not to be case-sensitive. /X Prints lines that match exactly. /V Prints only lines that do not contain a match. /N Prints the line number before each line that matches. /M Prints only the filename if a file contains a match. /O Prints character offset before each matching line. /P Skip files with non-printable characters. /OFF[LINE] Do not skip files with offline attribute set. /A:attr Specifies color attribute with two hex digits. See "color /?" /F:file Reads file list from the specified file(/ stands for console). /C:string Uses specified string as a literal search string. /G:file Gets search strings from the specified file(/ stands for console). /D:dir Search a semicolon delimited list of directories strings Text to be searched for. [drive:][path]filename Specifies a file or files to search. Use spaces to separate multiple search strings unless the argument is prefixed with /C. For example, 'FINDSTR "hello there" x.y' searches for "hello" or "there" in file x.y. 'FINDSTR /C:"hello there" x.y' searches for "hello there" in file x.y. Regular expression quick reference: . Wildcard: any character * Repeat: zero or more occurrences of previous character or class ^ Line position: beginning of line $ Line position: end of line [class] Character class: any one character in set [^class] Inverse class: any one character not in set [x-y] Range: any characters within the specified range \x Escape: literal use of metacharacter x <xyz Word position: beginning of word xyz> Word position: end of word For full information on FINDSTR regular expressions refer to the online Command Reference.
error	FINDSTR: /h ignored FINDSTR: Bad command line
children	conhost.exe

finger.exe-FF95B2B128EB6B0BDDDF39CD05C78A0F

key	value
file_name	finger.exe
file_path	C:\Windows\system32\finger.exe
hash_md5	FF95B2B128EB6B0BDDDF39CD05C78A0F
hash_sha1	EA35E56DD787C90E4BAD3DAE3DFD621E6188575C
hash_sha256	DF1AE05C349A5C4E9D3187D0D85BD6172FB131BD5B826A1FFC947DB9A09F3DCF
hash_sha384	037AC29CFF65182A3B83F056C01546BFC4A2E3CF2EB2CAECD05A481CA5CEFBB1BBB42A45F5DA3DB7EEFA6B0C782F7FB0
hash_sha512	0D0B205294C9A79F58C83A870CE32E4EAAB020B3B0726559C01FD6EC16B5D41629C3B2F621570D4ED0320BB7129613A48FFA01F2B8EE959D3530FA4C8EDB9F97
hash_ssdeep	192:EwdcloBqMc+SDPhpT+qcXxmYFrurHF6h+YGkEYou3OD8r1oyW20W:Ewdcl6qM2tJKxmyru8eu3+0W20W
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	TCPIP Finger Command
meta_original_filename	finger.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
error	Displays information about a user on a specified system running the Finger service. Output varies based on the remote system. FINGER [-l] [user]@host [...] -l Displays information in long list format. user Specifies the user you want information about. Omit the user parameter to display information about all users on the specifed host. @host Specifies the server on the remote system whose users you want information about.
output	[default-pc]
children	conhost.exe

fixmapi.exe-E7E5FEE8B81D38D56BB8AA2057D98948

key	value
file_name	fixmapi.exe
file_path	C:\Windows\system32\fixmapi.exe
hash_md5	E7E5FEE8B81D38D56BB8AA2057D98948
hash_sha1	40F14501D11E6FCFAB4F50E40E7E2353D0D6764A
hash_sha256	51A468C99DE946A0FDDA997AEE7D49C330A7EF531BD44F6BDC5BEF5361501FAD
hash_sha384	2E84694BDBEA60E0E4B6D42E7338221340F2BA4A769CB51853D0908C29494EF77BE036394A2B1A2044A2DF166DDED81C
hash_sha512	EDAE19FDC50319EA0D8BED022AB1E3120ECB1222A71A41DB3DEFF4979DD7F000F04AF946568BC845C5BCF688D03026607E08972E1734FEFB96C62F97C8D0252C
hash_ssdeep	384:fqOs9U8XIy7lyHDNjjGgHUekDxmH2VO1znEpGarlfHM4W6nWe:g6rHDNjXHdke0OGcaR/M4
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	FIXMAPI 1.0 MAPI Repair Tool
meta_original_filename	FIXMAPI.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

fltMC.exe-C1FB634109DF6A3E5BB58E09ED31A150

key	value
file_name	fltMC.exe
file_path	C:\Windows\system32\fltMC.exe
hash_md5	C1FB634109DF6A3E5BB58E09ED31A150
hash_sha1	AB05EA4E491945D606A9FED9BF65371CE7E1F1CD
hash_sha256	AECB882985F84A7531A27CF401BF86DBEC9191FDF6993C1317F35BEB1E32EA94
hash_sha384	9CC6C40E56A141AFD05B363159E6CD19B6AC4AD68A6194BB3A748BED1F43F0D16CB13B5054EB42DD0619AFBC5CD5DBF9
hash_sha512	EFD02F8CC732A6FAF0F4778906D5B4CE78459B28A0DB7ED37E8CCA1AD76FBB8651BC9BD52B08BF446BB617D17BDD6BD94E21FF964D29BE81B741568338C55D55
hash_ssdeep	384:woaKAz7gaDjjlbhSsFz3KO91P43Qp3blz9vKsc8e4NdP7SmIdUGsNJdWH9W:woO7g8jjRhT3KOPKQNbNb7B7SGNJy
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Filter Manager Control Program
meta_original_filename	fltMC.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	** Invalid command Valid commands: load Loads a Filter driver unload Unloads a Filter driver filters Lists the Filters currently registered in the system instances Lists the Instances for a Filter or Volume currently registered in the system volumes Lists all volumes/RDRs in the system attach Creates a Filter Instance to a Volume detach Removes a Filter Instance from a Volume Use fltmc help [ command ] for help on a specific command

fodhelper.exe-4679A1966AABBF229FEC12E3D7A323BD

key	value
file_name	fodhelper.exe
file_path	C:\Windows\system32\fodhelper.exe
hash_md5	4679A1966AABBF229FEC12E3D7A323BD
hash_sha1	118DEB6CCC9C61043858AF8D7CD304EF1830A860
hash_sha256	4346962B31D93DD4E8B5164E6167BB030FC0CA7C77EC0BB6AB798A1E8CD9488E
hash_sha384	D089125BC7C3163DE000C7184B7C3C01EBB3A41C82CD5A0E64EC25FFE0703A47D025B46ABE91C6379A3E4490B6E47D07
hash_sha512	B24AA37FBF9FE3FECA838BB9389A2B1FD3873E27C9D4A378509C9C40E73DD0475EDA8C4E420FFDD41768ECD3D1C8118519D63E12D66A15A95003D3629E30E323
hash_ssdeep	768:Mvj4V4fDopm6nh9b/wnbuqLI+2d+czaMl/+X17GS7Nrj0ppJPG8a:k4V2yL1qLIVdrBQXpGS9j+PG5
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Features On Demand Helper
meta_original_filename	FodHelper.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Fondue.exe-F995D2EF9220F33C260425DB39ED05A3

key	value
file_name	Fondue.exe
file_path	C:\Windows\system32\Fondue.exe
hash_md5	F995D2EF9220F33C260425DB39ED05A3
hash_sha1	E52B96C6263BE61D632E87861F052B6DABE392BF
hash_sha256	29A612CAA964CE61D8FFBC2951EC2C1A401AB775C1883782AD83FDE8CFA19DE6
hash_sha384	F6B38EB1BE00D6E4D408CDB2C25C104CB54501206FB12446487A22B7833ACE6494BAC08EC8B34DAF9098ABDFC879583A
hash_sha512	CC630797C013E368CFAB47DB1D643D10E8590F69B09AFB4748D4A1B06F00858231AE41B6F39F81DAB17131311E136114A1E39127B1C9F17298AA7FFB9297A5C4
hash_ssdeep	3072:s4H1bKbEaznWfH22ZsuX2xKwMPTnaSrIrvDi:sobMznWjZnXeKwMLnaqY
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Features on Demand UX
meta_original_filename	Fondue.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

fontdrvhost.exe-208E3D2200E14B480126DBAA08D341A6

key	value
file_name	fontdrvhost.exe
file_path	C:\Windows\system32\fontdrvhost.exe
hash_md5	208E3D2200E14B480126DBAA08D341A6
hash_sha1	4D460CD08289E1D11B587D76659090EB0714987E
hash_sha256	E58A0460B0C64FF8DE25653BAA81C33623856E932B85A3DCA0E3ABC81DD94B61
hash_sha384	F1522A3A1E191AC98FD849A822733F9AD82D82E1C8805541EEC9A50660089353B91C272221B4B622A192959F2B724EB1
hash_sha512	02B0574207F5807F976D2E01A9440826BF417ABBE2BFA32AB68DA6E83F67E68A62A2954530F9FD5D678D5F2C0E4DF9AA7A162A1DAEB09475DA3603E4893D1BFA
hash_ssdeep	12288:yIAvE6t7s+68DI59wtUOYUY1GHYMK/SCGhqRd3uIXTJJ0zOAhpmkcY:ylvE65ns9wtNYHoKlG4uIXTepmkcY
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Usermode Font Driver Host
meta_original_filename	fontdrvhost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3686 (rs1_release.200504-1524)
meta_product_version	10.0.14393.3686
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

fontview.exe-5C122031AF7A1DB1A7172B83A220B411

key	value
file_name	fontview.exe
file_path	C:\Windows\system32\fontview.exe
hash_md5	5C122031AF7A1DB1A7172B83A220B411
hash_sha1	6A963FB24B91A00CFF0D96D5A7AA142ED8A4D97D
hash_sha256	D28FBEDC5DF62C2CCAF452F596DC750FBE3A706463E686428ED036E8471544FB
hash_sha384	6F68E97B2FF239832D04A7D9B03B1ABE47E39A3CE664ED8B7D6FA87D9C80A871223B9047A05C1B39D5D9D5794241C617
hash_sha512	585225919D16DBFF50E7FE6EE4AB26301184A5D0DD9CC6AF7330639654813AE69AC68AEE4214760BB5649E15DC0271B7965C258E72A0EF58AA2426FA98603472
hash_ssdeep	3072:ogsI3cRyfNJjWRkOtHxtt3EOL2QvIsitSYVF:NsY9DWRRZzqGY
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Font Viewer
meta_original_filename	FONTVIEW.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

forfiles.exe-C1597D16DF61070172BFC283C4F3EC82

key	value
file_name	forfiles.exe
file_path	C:\Windows\system32\forfiles.exe
hash_md5	C1597D16DF61070172BFC283C4F3EC82
hash_sha1	83DA939493AE1C44FC0DEE93DD5B8E095AB0C441
hash_sha256	5B2BA93B56D9DA593CBD896FD153414BF6C2C301F5FB034974D1504FA087B955
hash_sha384	9AB8F605385530FE87FD86E7E374C0FBEAAC22C47AAAFAEDD44C3B15ADCAE1824C9BFFCBDA314F9A3CE53046C27794C3
hash_sha512	A16A4BE24D47F5CD59B7F8CA388543632DB1B8DE45D5AF53F5AD1D20F3BA2B91BEE45CB85E7CD9F233DF5E388EFFEE1CDC46AAD4A17433DE1F59D3AD0A80DB3D
hash_ssdeep	1536:3JfxGF15zZseSwsR13mI3SRNok+t6ZVxypHO0:z+1JZseSwsR1RSs0VxypH
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	ForFiles - Executes a command on selected files
meta_original_filename	forfiles.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	FORFILES [/P pathname] [/M searchmask] [/S] [/C command] [/D [+ \| -] {MM/dd/yyyy \| dd}] Description: Selects a file (or set of files) and executes a command on that file. This is helpful for batch jobs. Parameter List: /P pathname Indicates the path to start searching. The default folder is the current working directory (.). /M searchmask Searches files according to a searchmask. The default searchmask is '' . /S Instructs forfiles to recurse into subdirectories. Like "DIR /S". /C command Indicates the command to execute for each file. Command strings should be wrapped in double quotes. The default command is "cmd /c echo @file". The following variables can be used in the command string: @file - returns the name of the file. @fname - returns the file name without extension. @ext - returns only the extension of the file. @path - returns the full path of the file. @relpath - returns the relative path of the file. @isdir - returns "TRUE" if a file type is a directory, and "FALSE" for files. @fsize - returns the size of the file in bytes. @fdate - returns the last modified date of the file. @ftime - returns the last modified time of the file. To include special characters in the command line, use the hexadecimal code for the character in 0xHH format (ex. 0x09 for tab). Internal CMD.exe commands should be preceded with "cmd /c". /D date Selects files with a last modified date greater than or equal to (+), or less than or equal to (-), the specified date using the "MM/dd/yyyy" format; or selects files with a last modified date greater than or equal to (+) the current date plus "dd" days, or less than or equal to (-) the current date minus "dd" days. A valid "dd" number of days can be any number in the range of 0 - 32768. "+" is taken as default sign if not specified. /? Displays this help message. Examples: FORFILES /? FORFILES FORFILES /P C:\WINDOWS /S /M DNS.* FORFILES /S /M .txt /C "cmd /c type @file \| more" FORFILES /P C:\ /S /M .bat FORFILES /D -30 /M .exe /C "cmd /c echo @path 0x09 was changed 30 days ago" FORFILES /D 01/01/2001 /C "cmd /c echo @fname is new since Jan 1st 2001" FORFILES /D +6/4/2020 /C "cmd /c echo @fname is new today" FORFILES /M .exe /D +1 FORFILES /S /M .doc /C "cmd /c echo @fsize" FORFILES /M .txt /C "cmd /c if @isdir==FALSE notepad.exe @file"
error	ERROR: Invalid argument/option - '-help'. Type "FORFILES /?" for usage.

fsavailux.exe-D2B27CA999836FB40CC853504F307676

key	value
file_name	fsavailux.exe
file_path	C:\Windows\system32\fsavailux.exe
hash_md5	D2B27CA999836FB40CC853504F307676
hash_sha1	C18C145185A608E670D14A2AABAE869471406B2F
hash_sha256	4BAA1260926EAC745F874D9A1E6070A37DBF22A741034C429DF42C41DE5E703A
hash_sha384	31FBF02AFF31CB543E5812CED2E2EC4A9C8A27CE75C9E50E4ECC2661B4404D5E141767B6E9EB4A13BDD6EF98A052DD83
hash_sha512	4E4E25CF20F6A66744B65760CF139B6C9BEEBA39D770DD7E2DE71B68DEB9E3D41AC27AFAC9AC63E127A9014F39DF50206E5E2F43522E95C69E2FB3B72FD6D52F
hash_ssdeep	384:TWM7340MBGm9+XszPzQGi0vMbShA+FbK5WgVWW:z73ASgrjhAAbK9
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft\fsavailux
meta_original_filename	fsavailux.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

fsquirt.exe-78D460CCDA4D36835579CD33BD9B9908

key	value
file_name	fsquirt.exe
file_path	C:\Windows\system32\fsquirt.exe
hash_md5	78D460CCDA4D36835579CD33BD9B9908
hash_sha1	B5865CDC2BA3C0D329953AD02A7811FEEFA1EB62
hash_sha256	E967007DA2930D50DEEAF7CA9595485701B11EE9AAD31CC9C4A3116791055BD6
hash_sha384	682899439F56C89EF6CAED8766049421348D1098E8328BE2D7C0EA1F79D6333547BED0096BB040B4C10095641FD23DC2
hash_sha512	124F19D018AB90D8AE4FA2D5F2B9EAF48DBBCD01399CB81E605D031536B7BD5C9A72CF72EE1F8C5AAB40D44DB2AF5C404B03CE233220E6228F5A944CC2FEE5F5
hash_ssdeep	3072:MIOhjFOv5BW1asOO4V1BWyQNq+FbFveIkcUKh:9SAQ1NO3hQN9FbFvv
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_original_filename	fsquirt.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

fsutil.exe-F0098B57C5A1C572EDBA78CECECC8155

key	value
file_name	fsutil.exe
file_path	C:\Windows\system32\fsutil.exe
hash_md5	F0098B57C5A1C572EDBA78CECECC8155
hash_sha1	9FA9BD1C352431F7107558631D93EC86B5B6AE9D
hash_sha256	66A36EFFC1CCAC37A95ED1D268C1E5F92F47707F8E0C8039C2BD8C954C5F4100
hash_sha384	07741A5D78430CDDD4CB7F6D08EF7EB9EE6803C71B95C2CF6A907B540816BC75B65616BDE99A76374F279EBF5FB2AEE9
hash_sha512	FB0DF12C196B3A54BC53D5508B340A3FB0E684F3765E864B4B6461664AB946CA07A068BD3844391B965E1094458F3BBC58AAF3ECE9CB30ED39FE5A876637C0CF
hash_ssdeep	3072:eXpIYba961G6dorepBHV8Vq9CIIVT808tJgDJnVy6Y15+mBt7PlGjbTNyJLNcYBe:eCYba961G6dorepBHV8Vq9CIIVT808tN
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	fsutil.exe
meta_original_filename	fsutil.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	-help is an invalid parameter. ---- Commands Supported ---- 8dot3name 8dot3name management behavior Control file system behavior dirty Manage volume dirty bit file File specific commands fsinfo File system information hardlink Hardlink management objectid Object ID management quota Quota management repair Self healing management reparsepoint Reparse point management resource Transactional Resource Manager management sparse Sparse file control tiering Storage tiering property management transaction Transaction management usn USN management volume Volume management wim Transparent wim hosting management

ftp.exe-8409563436FF19C2446FB43F4A4E2BD8

key	value
file_name	ftp.exe
file_path	C:\Windows\system32\ftp.exe
hash_md5	8409563436FF19C2446FB43F4A4E2BD8
hash_sha1	089D7DED75D46350C8277A06777F3EB3AC870E25
hash_sha256	4D30F463695D25CE3AAF9C51E9B7BE4823FBB79B6E31847DEB2BA1111755B2D6
hash_sha384	5D7510D6E1F531764E38D061FD90BDFFD6A72F86EE46FB2CCFFEF99A4E3D64DDB3E29889D7A967C4F476AED62182B8A7
hash_sha512	60768843E9B62D09F32FB831251D1548EE9112D15ED9CDA377D845B5A37A4225C10D493B585D8B74F3061F236469739A5FBC36F8EA94522C1B5B2DAA8FD23002
hash_ssdeep	768:a4pERzH1GacDuC58ggyVWwP1LDq9euFkWlJsnfk7pqe0t1KCJZSVuQqpwT4Bu9T:lpUKJ5TzrdQB2Ht1ZSV/44
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	File Transfer Program
meta_original_filename	ftp.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
error	Transfers files to and from a computer running an FTP server service (sometimes called a daemon). Ftp can be used interactively. FTP [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-A] [-x:sendbuffer] [-r:recvbuffer] [-b:asyncbuffers] [-w:windowsize] [host] -v Suppresses display of remote server responses. -n Suppresses auto-login upon initial connection. -i Turns off interactive prompting during multiple file transfers. -d Enables debugging. -g Disables filename globbing (see GLOB command). -s:filename Specifies a text file containing FTP commands; the commands will automatically run after FTP starts. -a Use any local interface when binding data connection. -A login as anonymous. -x:send sockbuf Overrides the default SO_SNDBUF size of 8192. -r:recv sockbuf Overrides the default SO_RCVBUF size of 8192. -b:async count Overrides the default async count of 3 -w:windowsize Overrides the default transfer buffer size of 65535. host Specifies the host name or IP address of the remote host to connect to. Notes: - mget and mput commands take y/n/q for yes/no/quit. - Use Control-C to abort commands.
children	conhost.exe

GameBarPresenceWriter.exe-583F959FF2A8D9F9B73E8508AC48ABCF

key	value
file_name	GameBarPresenceWriter.exe
file_path	C:\Windows\system32\GameBarPresenceWriter.exe
hash_md5	583F959FF2A8D9F9B73E8508AC48ABCF
hash_sha1	0904BC0F0A2688DD6DF44CEF747B7CAEC0175AD2
hash_sha256	505280C8EFE3F358F80CED74C1558A132CE85BF2337B0CCC09A47B2C9E9A7EEC
hash_sha384	03FF26ED72C89AD35204787CA3B76EC3F345383D64EAD45183CA05FFCD71100CE026BE2FE809C2F4CF501E261AB8190B
hash_sha512	9C7E07D266F0B62A4DAB7C4DCBF48B10EB91D6689F1DA18CD4A020DB2027141FE7B5FCDDA58CE6564A541E34D0CC43E910A719D99BCA99C79ECECD624D83F731
hash_ssdeep	3072:gWba1t9ZdZqJhf/vFrfyT8kSXiXpEVBuf:gWm1chNjykkpmBu
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Gamebar Presence Writer
meta_original_filename	GamebarPresenceWriter.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2608 (rs1_release.181024-1742)
meta_product_version	10.0.14393.2608
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

GamePanel.exe-FAD9B5F8BE5D0D098994579016A213E9

key	value
file_name	GamePanel.exe
file_path	C:\Windows\system32\GamePanel.exe
hash_md5	FAD9B5F8BE5D0D098994579016A213E9
hash_sha1	A987E5C2DE41324078E9B379C32E180A7D9A3AFC
hash_sha256	F5E3CC2D6B9AD529FAFC3F1F57230036AF5F5933ED4D72EC38B0FC2D5666E312
hash_sha384	C294E44F2A249BFCB785AC802667ED1C6DF5C2B24D90D68B5503DFA459271F3644685B45B784914FCBF567EE148D7570
hash_sha512	A4D15F0729532B6BC8B7947578A60951FE0B045590B21CEB96E2EC48B9690B6948CBDA39B3E452E222302CFD27671FF801961749774C066EAE5614E676E91C5D
hash_ssdeep	12288:1kT/fyVNTfdlAbNY7fgV7u5EPPKTWR9aUPIi:1kjiTf+ggV7u5EPPKyR9aUP
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Game Bar
meta_original_filename	gamepanel.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

GenValObj.exe-8D68C9DCF28F519B0F8268A1D66CF9BF

key	value
file_name	GenValObj.exe
file_path	C:\Windows\system32\GenValObj.exe
hash_md5	8D68C9DCF28F519B0F8268A1D66CF9BF
hash_sha1	FB0CA3DEC249E5E74ACF51D70AEEE0B2C94AE909
hash_sha256	FFC29D1A0B6412AB2519DDCC11B12E2083744178820567D6B2E26EC2122FC0F8
hash_sha384	3E074A8AB81C636CB55FF21B3D9F079549C03E9904823ADB3DDF0567B349E061644EE2985B34E654E182B6482154986F
hash_sha512	1EDA4B1E10375FCB5FF26BEDCFFDEABB3B29BB13950143FDEECA012EC2B905C11F8DA6C5DD0FF278CA6A0697DF6D6234274674C76F802B5B79F4B6DD5B1C0C48
hash_ssdeep	12288:GSjOxIqzk8mJqdZK1UCjFVx5J6QulvdhWcwOr/+EnGdpnrLWyH3xlxTtBn:GStqzk0/KJjFVx2jWlOr/HnGdhKKV5Bn
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Software Protection Platform Admin Object
meta_original_filename	GenValObj.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2273 (rs1_release_1.180427-1811)
meta_product_version	10.0.14393.2273
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

getmac.exe-88A081F2002F826E6B03503DAE39D78E

key	value
file_name	getmac.exe
file_path	C:\Windows\system32\getmac.exe
hash_md5	88A081F2002F826E6B03503DAE39D78E
hash_sha1	92ADE156DFAC19A41A2E8FCE47ADF9E9269C3F88
hash_sha256	3D7AF74B6313751663D28A68084CAD9C1F5E9F82B01FD5352880CBE86A06AAB2
hash_sha384	6ABBA09E84484DAA21823B3726F05DD55AF4EF2A9899A1F61BEDCD1BA5DE51E9E4E33C621C7B1EC649A21073969FBABF
hash_sha512	794C8D7D848FA57AE1E8504F6F39B8EF7D4B35F9188276BE17CD576DFF1B9AA6D4CE3B4930729F58EF2F3A441334F2901DAB3B6BB0C3D8B840B686DF0C95AAB2
hash_ssdeep	1536:dsWiKpuWkdLyfEEWHGiTgmeZEYXGY6zMb+usa6YkR:dDpumf/WvVeZEiRjsaRw
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Displays NIC MAC information
meta_original_filename	GetMac.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V] Description: This tool enables an administrator to display the MAC address for network adapters on a system. Parameter List: /S system Specifies the remote system to connect to. /U [domain]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /FO format Specifies the format in which the output is to be displayed. Valid values: "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed in the output. Valid only for TABLE and CSV formats. /V Specifies that verbose output is displayed. /? Displays this help message. Examples: GETMAC /? GETMAC /FO csv GETMAC /S system /NH /V GETMAC /S system /U user GETMAC /S system /U domain\user /P password /FO list /V GETMAC /S system /U domain\user /P password /FO table /NH
error	ERROR: Invalid argument/option - '-help'. Type "GETMAC /?" for usage.

gpresult.exe-A861D09B9E459FBB2B05CCBFDDAB44D5

key	value
file_name	gpresult.exe
file_path	C:\Windows\system32\gpresult.exe
hash_md5	A861D09B9E459FBB2B05CCBFDDAB44D5
hash_sha1	489EFD87AA1956E1CD5D128CB6B57BCD1BA2D168
hash_sha256	0B50D2EE2453DC08C8734F4B9DE2F4FFFA8DB8BC9C4BEE6741C6F1217A3C3FC6
hash_sha384	32FA0353AC7D54663A87806BFED946DE10417B1DA62CC8F322D0A9A4686B606CE311F743CBA47B1321AFB7128E43DFAB
hash_sha512	82151DEABB04D83FD1D1A0B022E28DFD95E8959D619EBD9BE57FA25185428A289E2222C81FB60BD51C6C799F0A693484B5315D8BA65B21F836F454E0EEB98F96
hash_ssdeep	3072:R2cBypzkFf2mc8jGM5mckdj/6T+JUaq4xWbgEPGuR+l+suXvk15Q9krgSweZH:R2cBCzS5VE/06UaasEP3RSYE5QfA
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Query Group Policy RSOP Data
meta_original_filename	gprslt.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope] [/USER targetusername] [/R \| /V \| /Z] [(/X \| /H) [/F]] Description: This command line tool displays the Resultant Set of Policy (RSoP) information for a target user and computer. Parameter List: /S system Specifies the remote system to connect to. /U [domain]user Specifies the user context under which the command should run. Can not be used with /X, /H. /P [password] Specifies the password for the given user context. Prompts for input if omitted. Cannot be used with /X, /H. /SCOPE scope Specifies whether the user or the computer settings need to be displayed. Valid values: "USER", "COMPUTER". /USER [domain]user Specifies the user name for which the RSoP data is to be displayed. /X Saves the report in XML format at the location and with the file name specified by the parameter. (valid in Windows Vista SP1 and later and Windows Server 2008 and later) /H Saves the report in HTML format at the location and with the file name specified by the parameter. (valid in Windows at least Vista SP1 and at least Windows Server 2008) /F Forces Gpresult to overwrite the file name specified in the /X or /H command. /R Displays RSoP summary data. /V Specifies that verbose information should be displayed. Verbose information provides additional detailed settings that have been applied with a precedence of 1. /Z Specifies that the super-verbose information should be displayed. Super- verbose information provides additional detailed settings that have been applied with a precedence of 1 and higher. This allows you to see if a setting was set in multiple places. See the Group Policy online help topic for more information. /? Displays this help message. Examples: GPRESULT /R GPRESULT /H GPReport.html GPRESULT /USER targetusername /V GPRESULT /S system /USER targetusername /SCOPE COMPUTER /Z GPRESULT /S system /U username /P password /SCOPE USER /V
error	ERROR: Invalid syntax. Value expected for '/h'. Type "GPRESULT /?" for usage.

gpscript.exe-5DD0F13C8A76D57D6B02DD00C645D0F5

key	value
file_name	gpscript.exe
file_path	C:\Windows\system32\gpscript.exe
hash_md5	5DD0F13C8A76D57D6B02DD00C645D0F5
hash_sha1	6DCCA79BEDD6DF2B55CE4A5ADACE7CFF8F7AE210
hash_sha256	57B307144F8ED485DFC4519431131A722DB2E64FF5C8A35E7F1B59663FF1738D
hash_sha384	55244728CD9AA5545DEF38CDD18927E4792FAD302ACD069C05836A36C618C0203A05DC47B6611BC4F61377B468B2D937
hash_sha512	2DF834D675A6C69538528CDEC205E144A1B1BF765A1D4D0BDE7B12E5AF6E395C554B97FD0F36A9771C390CF8C3A89FEE12AE2FB891D03C7A982D058BD8AAB5C2
hash_ssdeep	768:lA1TP7KYN/TlmHlkyJvG35YD8ZCcLl0ex0HhcHytubIQj4Bx9sm:66YNxmHpq5UWCcL+ex0HTtubI24Bsm
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Group Policy Script Application
meta_original_filename	GPSCRIPT.EXE
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2457 (rs1_release_inmarket.180822-1743)
meta_product_version	10.0.14393.2457
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

gpupdate.exe-B476F566E001063D9925348BE8B03832

key	value
file_name	gpupdate.exe
file_path	C:\Windows\system32\gpupdate.exe
hash_md5	B476F566E001063D9925348BE8B03832
hash_sha1	2DD75C0A85741B5E00684E535BC62C842CC581F7
hash_sha256	6DAB84DDD1E1DB2FD7FA7DBA8184A884085779E3ECFE219601C3DB24B550ED56
hash_sha384	A47C23C70FB171C1D11EFC7797C083FD7595C713C0B6BBBEF27B6EE896B1185EBC6B5A367389D94E599A32C569F0D651
hash_sha512	F8FE9342063DB5B6CE5CC0A4B0D188A2866760B200BFDB8FCBBBAE73A181FA761BD134073981817C0C9886ECAE74F94A75CACFA4147782F9588C6E25CABA03FB
hash_ssdeep	768:7PxsJKAaQRRpR9sdneV/6Lwl0iiJlkyg:LgRm10/Ww+iqlkyg
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Group Policy Update Utility
meta_original_filename	GPUpdate.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Description: Updates multiple Group Policy settings.\r \r Syntax: Gpupdate [/Target:{Computer \| User}] [/Force] [/Wait:]\r [/Logoff] [/Boot] [/Sync] \r \r Parameters:\r \r Value Description\r /Target:{Computer \| User} Specifies that only User or only Computer\r policy settings are updated. By default,\r both User and Computer policy settings are\r updated.\r \r /Force Reapplies all policy settings. By default,\r only policy settings that have changed are\r applied.\r \r /Wait:{value} Sets the number of seconds to wait for policy\r processing to finish. The default is 600\r seconds. The value '0' means not to wait.\r The value '-1' means to wait indefinitely.\r When the time limit is exceeded, the command\r prompt returns, but policy processing\r continues.\r \r /Logoff Causes a logoff after the Group Policy settings\r have been updated. This is required for\r those Group Policy client-side extensions\r that do not process policy on a background\r update cycle but do process policy when a\r user logs on. Examples include user-targeted\r Software Installation and Folder Redirection.\r This option has no effect if there are no\r extensions called that require a logoff.\r \r /Boot Causes a computer restart after the Group Policy settings\r are applied. This is required for those\r Group Policy client-side extensions that do\r not process policy on a background update cycle\r but do process policy at computer startup.\r Examples include computer-targeted Software\r Installation. This option has no effect if\r there are no extensions called that require\r a restart.\r \r /Sync Causes the next foreground policy application to\r be done synchronously. Foreground policy\r applications occur at computer start up and user\r logon. You can specify this for the user,\r computer or both using the /Target parameter.\r The /Force and /Wait parameters will be ignored\r if specified.\r \r

grpconv.exe-923442E8D3FC0288782D2945EF0E24D4

key	value
file_name	grpconv.exe
file_path	C:\Windows\system32\grpconv.exe
hash_md5	923442E8D3FC0288782D2945EF0E24D4
hash_sha1	4C572D4C2826530451D374152D3C19D05ADA053C
hash_sha256	DC0F3E3A852BC334B148D5F2F0D9D20E4C99839F81831D42305B455A97D53163
hash_sha384	227AA8BDCCEE400575B0FAB4A997FE3C3DB97682AF9054E8C1B5B289AAC24A60E5E4EF408A18062B3E761BC1F1DA244D
hash_sha512	3F96C76B083CE505F4514075F5CDE3511CAD25945DBC64777BDB669B51B2A7A27E005F394954DC7544ADBFDDD6205A7C551D4B18759E32F7252D21CE1F34F00C
hash_ssdeep	768:cEHjAW5nfyq4m2cQDz/i0pSfU+YOUSSay/+pT2NlVT5RqImK8e7n7GmL:cEHjA+9V2hKZUrT/IQzT5RqI7p7GmL
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Progman Group Converter
meta_original_filename	GRPCONV.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

hdwwiz.exe-1127C71A9213CB60B3F8CF26DF9F2988

key	value
file_name	hdwwiz.exe
file_path	C:\Windows\system32\hdwwiz.exe
hash_md5	1127C71A9213CB60B3F8CF26DF9F2988
hash_sha1	21DD4824D304D79F0D8840A9F6FB51C80E848972
hash_sha256	24169D455F8D4FEF27C1E80CE609A0BF446126153E6F563085CED82E58AD47E1
hash_sha384	AF08F5DB6D9D9C04AF2277D766C361A7B2197D38A0DC37FA2419A56E135BC85E5B44F965FF65EE59B68932D6E174C7BB
hash_sha512	BA1F3290D11CEFE9640E32E01397D5A70316A0E4849B82778E61CF346C8A92918B406800BC47B76DFD28D3E6458F6B7B850F4E56DD6C54EAFA938BF94AB00F61
hash_ssdeep	384:vr4ypercULRjvYU53IKLWFLLu4Eaub/cWByWj4650Ingu+n6aJTIXFJhjhxhWM1l:kvLRkg38BUL/4G0In3BhzhWM1GOVz17
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Add Hardware Wizard
meta_original_filename	HdwWiz.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

help.exe-9D24133A55598199F8C89A45C40102F6

key	value
file_name	help.exe
file_path	C:\Windows\system32\help.exe
hash_md5	9D24133A55598199F8C89A45C40102F6
hash_sha1	6026C6AE15522AC3E52D57928090C920B648FD76
hash_sha256	029DFF1542E2FD42C7F19DCB993F6D2189324C0C196D8B433B5202D782511E4B
hash_sha384	AC723E995F7986DEBC739403A1D86FE4A828F9EC9AC7BE06E0D0C399A6A444D0235277F4433B94335581E30A88E02308
hash_sha512	1DC803AC0E9E9CF22E3A511E2A1BD530BBC76121233B321E1508D432D81A69C9457984FF3967DC6855BDD628D87B985330AEF244A94D7B9E02A43945F928BC57
hash_ssdeep	192:oAg7w0PzAFXZyXZ7/Jx4+nRS9vCto95BGXk4mYWjcW:ob7wLp6bJu+RSooxJYWjcW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Command Line Help Utility
meta_original_filename	Help.Exe.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Provides help information for Windows commands. HELP [command] command - displays help information on that command.

HOSTNAME.EXE-1088BA1BF7CDDFF61ECC51BC0C02FDEF

key	value
file_name	HOSTNAME.EXE
file_path	C:\Windows\system32\HOSTNAME.EXE
hash_md5	1088BA1BF7CDDFF61ECC51BC0C02FDEF
hash_sha1	D2090DA5E0490585AD2D859846E9A371B5E9202C
hash_sha256	B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1
hash_sha384	C88265F17AB6E4592F8AB1D87A80D7BFE27AB41E3FF3942636C1682FA5F55C3DAC3200048C8033FBB611301EC7D90EB3
hash_sha512	531ED60872D48EE8EBB7B61970219790EB110680D22E04BB68FAF7213BC1A2A1B531DD1B74949175B75E656DBA7FA03A85A2AA82B3C5FE4FC6012E8C3C80F14D
hash_ssdeep	192:Eu4QmRVxfP+NhKgrsK+U7yIxESUHfGGg9GXHNyS9dVW26W:Eu4QmnINnRB7vRAftZNyinW26W
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Hostname APP
meta_original_filename	hostname.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Prints the name of the current host. hostname
error	sethostname: Use the Network Control Panel Applet to set hostname. hostname -s is not supported.

hvax64.exe-ED2E8ED83C2517A9BCAD87B57DD56075

key	value
file_name	hvax64.exe
file_path	C:\Windows\system32\hvax64.exe
hash_md5	ED2E8ED83C2517A9BCAD87B57DD56075
hash_sha1	2D570476DB2C923F2436DE1E774E2C1390DF8198
hash_sha256	7805EC4395F258517DFCEEED2B011801FE68C9E2AE9DB155C3F9A64DD8A81FF6
hash_sha384	471FC4ADB97A7BC8D7C945AEB9C0674B12034B5E8325D0BB108E5169A23C019AE63EB973CF32DC75A09884DB25BB9DE3
hash_sha512	A7A535B9B4BC6B050F3740985FCA962FD36F3DE30B66A13F9866F7F4259CD507A06FEFD0C88E96647CDBC24D32B18CFC933520FFEFA841997A906E2BDE3B75F6
hash_ssdeep	24576:lU1hEhLvUX7O4yReHZtc2AE4ejrbi2WqoIYe+/3Nk:oqUX7O4yIP4bW
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Hypervisor V2.0
meta_original_filename	hvax64.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3686 (rs1_release.200504-1524)
meta_product_version	10.0.14393.3686
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

hvix64.exe-1F4E87D63E63C1F3A0869394C46444FC

key	value
file_name	hvix64.exe
file_path	C:\Windows\system32\hvix64.exe
hash_md5	1F4E87D63E63C1F3A0869394C46444FC
hash_sha1	A9C3B305B468B21B2796B75EB30AB40CDA40C43D
hash_sha256	950A0D03B4903D580F691710DE6A83B43545686509B8EE7D350955E5F9425070
hash_sha384	6AAC2F7607D1CB55D1FA6EBDD6C20E6988509B54872E6337AF0A19966501D7DF36FB06292A5C580A04F2273D71809419
hash_sha512	5E6ADC473B2E2D56EF84CC96E7071B521A36F58D14ED9142356C2D3767C18644D8AE9BF8AB020857B65114EE1C15B3EB3647702877311ABEE81E4F1923CBBD04
hash_ssdeep	24576:XCKkQ98oVbthatf6OyzJXqnhzJ+5eKJnR1RqQVC7UDva0H41uoIZ+MscRo:Su8Df6OY6ntRK9JqCBaz1z1
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Hypervisor V2.0
meta_original_filename	hvix64.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3686 (rs1_release.200504-1524)
meta_product_version	10.0.14393.3686
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

hvloader.exe-7E5A06C8F5A7687A08283AB58C52E6CB

key	value
file_name	hvloader.exe
file_path	C:\Windows\system32\hvloader.exe
hash_md5	7E5A06C8F5A7687A08283AB58C52E6CB
hash_sha1	79437BFD933C4806D08C32814E9A8C3C92EF8A32
hash_sha256	E64A0954596AC03BDB45C5616B01F2C834E213326BFE8DC9319A0BC78DD96BA0
hash_sha384	DE3A6D56DCD5C5885AADDEADA64A3AD9088CD30C598E45AF6BAEA8E013BF181DE32B4DB56D69AE7E2FE636A6C3E9107F
hash_sha512	AE8B911E19A554A8A06D701BD05D43AD349EB7EC8DC3BA9DFBC256BDFB25E346F520880D60406A4E7D54CDD5498725F83A739D8ADA6D154829C1202CA29BEBC4
hash_ssdeep	24576:zFR2MZIVWC/Ho/gAQ+z8Om7xu54vrlcxLXoIg:hRpaVWCD+INDlcxc/
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	HV Loader
meta_original_filename	hvloader.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3686 (rs1_release.200504-1524)
meta_product_version	10.0.14393.3686
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

hwrcomp.exe-138DE62F2F6AE9249EA596A8A5F142B2

key	value
file_name	hwrcomp.exe
file_path	C:\Windows\system32\hwrcomp.exe
hash_md5	138DE62F2F6AE9249EA596A8A5F142B2
hash_sha1	0FBCFD4BB74FD9B7567521DD0C02A1D39BB3C42F
hash_sha256	365AD0B7CD24CB91E106B3358E9E099811BAE145338F796A92E11C4952E57787
hash_sha384	2A599E89A0857EFD0DB5015B344CD9F28ED0600DCAB803895D12306EF5B2499B2B37D1E98B726E75C0222994435EE919
hash_sha512	E27961F581625F7C505B075B22AF677CB93741709A7B6C70E98AF024A22F7D30C35B6BDC9C6FF5878CF4B888747DEA9C2463F9112674F75537AE2E889B249A94
hash_ssdeep	768:bT2c85/Y9R1lef/xxu2InDvov3+gnOV04chZWoz9c8o4Jg3Q3dFbcEa424by4:pz9Do/nuXr4+gny0wo9Jgg3dZcEa4Te4
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Custom Dictionary Compiler
meta_original_filename	HWRComp.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Usage: hwrcomp [-lang ] [-type ] [-comment ] [-check \| -o <dictfile.hwrdict>] -check Verify the input file -lang Assign this default language to the dictionary file. Locale is of the form - using ISO codes -type Assign this type to the dictionary file -comment Compile this comment into the dictionary file -o <dictfile.hwrdict> Output to this file name. If this option is missing, use .hwrdict Examples: hwrcomp -check mylist1.txt verifies file content hwrcomp -lang en-US -type SECONDARY-DICTIONARY -o myrsrc1 mylist1.txt compiles mylist1.txt into myrsrc1.hwrdict, assigns language 'English (US)' and type 'SECONDARY-DICTIONARY'

hwrreg.exe-CA884831726320755F49820B9EC85E14

key	value
file_name	hwrreg.exe
file_path	C:\Windows\system32\hwrreg.exe
hash_md5	CA884831726320755F49820B9EC85E14
hash_sha1	7130337984874649218F953EFAC809A98E50EE93
hash_sha256	1179269C2FE5D784374F92138BC0EC960BEDE5833F32655BC8AFEE1A4A980E3D
hash_sha384	ABF4E920A5A097A9EF4D68D839BCF6ADDA8EE564BE64151DB2CF9213EAACD691BA9A6003B83FA33047A8B4371C4B7301
hash_sha512	6A3BE37B55B4AD58648F0FA991CBC06A10C3B2BDC740481562B5CD03D4BD2734588E541E55BB198BCF0904B106C363B224000491387112539A8564654C7184B7
hash_ssdeep	3072:9chRQFLQSXRKC9TPN/cVRZl31qbydPlJReBrYWQgbmpQJ5GtCmY2lZmVC:rRRh1uLZLcydPlJReSr45J5G1Y
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Custom Dictionary Registration Tool
meta_original_filename	HWRReg.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	USAGE: hwrreg [-check] [-lang ] [-scope {all\|me}] [-noprompt] <dictfile.hwrdict> -check Verify dictionary file and show its registration information -lang Assign this language to the installed dictionary. Locale is of the form - using ISO codes -scope {all\|me} Install for all users on this machine or just for me -noprompt Don't prompt for confirmation Example: hwrreg -lang en-US myrsrc1.hwrdict installs myrsrc1.hwrdict with language 'English (US)' and default scope 'me' Usage: hwrreg [-lang ] [-scope {all\|me}] [-type ] -list \| -remove -lang List or remove dictionaries registered for this language. Locale is of the form - using ISO codes -scope {all\|me} List or remove dictionaries installed for all users or or just dictionaries installed for me (default) -type List or remove dictionaries registered with this type -list List all installed dictionaries matching the other options -remove Prompts for removal of any dictionary matching other options Examples: hwrreg -list -lang en-US -type PRIMARY-DICTIONARY lists dictionaries installed for me with this language and type hwrreg -remove -lang en-US -type PRIMARY-DICTIONARY removes dictionaries installed for me with this language and type

iashost.exe-366568E9B5FA798822BBB64615947495

key	value
file_name	iashost.exe
file_path	C:\Windows\system32\iashost.exe
hash_md5	366568E9B5FA798822BBB64615947495
hash_sha1	50E4AF9AF08C99F1640EC120A47AD6D3EB5636EE
hash_sha256	5C53AD612CF744C692739BEAC5A5554E0511872C30591329BD1B8CE98A32E58A
hash_sha384	047666A660A06067C5C5239B6BFEEE62415B9F0C8DCC18520B01EAF262302C4EE4495D27E39D4F196B857CCAE7FE503C
hash_sha512	E10C96A5E57A7AEE50C3458B1D55D39377B4926EDDAD85CD4EB5ECAF80DEC8A95C1A2321415AF7A1877D00E35ED4A0F56D3D6CFB9667D9B0EE33B19251314BFD
hash_ssdeep	384:j5WCUR7Lm5oCWcafg5q7QMGmHzke2UMMAmF3wHpm/CHZXhti1W/uW:jkhhKcf7QP6zkvMAmVwJm+XuC
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	IAS Host
meta_original_filename	IASHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

icacls.exe-0F7E1625009A0C00A9D9809694FC5831

key	value
file_name	icacls.exe
file_path	C:\Windows\system32\icacls.exe
hash_md5	0F7E1625009A0C00A9D9809694FC5831
hash_sha1	8291754C0A2A2C886BBB2B56D85CBAC3968E3BD2
hash_sha256	0CA4AFF87EED104E2277C0E38B292CD32950DAD6A233C791F798EA75AE28DEEC
hash_sha384	B605BA31842BBF6A91F85E73E42D93D366E7C7F42AEC1A27992FF5F705BEF1B364F7771CBD51390E9F94179D3E7C859C
hash_sha512	0E39026BC14442DCBE3E34BBF7B3290E1CE799F99CDAC0450EA3B79EF87B7AAFE77906BAE060076E1121F6EA5D062574F6EDA64DCB28632BE75F1C42C954A304
hash_ssdeep	768:DXVMnhAJWCVG03uvj98+0K+sw+DBthirUksD3u99JgoUFEOLk4ZY:DXVsSYS+/DXhirU5TC9JgomEOLxZY
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_original_filename	iCACLS.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	ICACLS name /save aclfile [/T] [/C] [/L] [/Q] stores the DACLs for the files and folders that match the name into aclfile for later use with /restore. Note that SACLs, owner, or integrity labels are not saved. ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] applies the stored DACLs to files in directory. ICACLS name /setowner user [/T] [/C] [/L] [/Q] changes the owner of all matching names. This option does not force a change of ownership; use the takeown.exe utility for that purpose. ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] finds all matching names that contain an ACL explicitly mentioning Sid. ICACLS name /verify [/T] [/C] [/L] [/Q] finds all files whose ACL is not in canonical form or whose lengths are inconsistent with ACE counts. ICACLS name /reset [/T] [/C] [/L] [/Q] replaces ACLs with default inherited ACLs for all matching files. ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g\|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [/setintegritylevel Level:policy[...]] /grant[:r] Sid:perm grants the specified user access rights. With :r, the permissions replace any previously granted explicit permissions. Without :r, the permissions are added to any previously granted explicit permissions. /deny Sid:perm explicitly denies the specified user access rights. An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed. /remove[:[g\|d]] Sid removes all occurrences of Sid in the ACL. With :g, it removes all occurrences of granted rights to that Sid. With :d, it removes all occurrences of denied rights to that Sid. /setintegritylevel [(CI)(OI)]Level explicitly adds an integrity ACE to all matching files. The level is to be specified as one of: L[ow] M[edium] H[igh] Inheritance options for the integrity ACE may precede the level and are applied only to directories. /inheritance:e\|d\|r e - enables inheritance d - disables inheritance and copy the ACEs r - remove all inherited ACEs Note: Sids may be in either numerical or friendly name form. If a numerical form is given, affix a * to the start of the SID. /T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /C indicates that this operation will continue on all file errors. Error messages will still be displayed. /L indicates that this operation is performed on a symbolic link itself versus its target. /Q indicates that icacls should suppress success messages. ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants perm is a permission mask and can be specified in one of two forms: a sequence of simple rights: N - no access F - full access M - modify access RX - read and execute access R - read-only access W - write-only access D - delete access a comma-separated list in parentheses of specific rights: DE - delete RC - read control WDAC - write DAC WO - write owner S - synchronize AS - access system security MA - maximum allowed GR - generic read GW - generic write GE - generic execute GA - generic all RD - read data/list directory WD - write data/add file AD - append data/add subdirectory REA - read extended attributes WEA - write extended attributes X - execute/traverse DC - delete child RA - read attributes WA - write attributes inheritance rights may precede either form and are applied only to directories: (OI) - object inherit (CI) - container inherit (IO) - inherit only (NP) - don't propagate inherit (I) - permission inherited from parent container Examples: icacls c:\windows* /save AclFile /T - Will save the ACLs for all files under c:\windows and its subdirectories to AclFile. icacls c:\windows\ /restore AclFile - Will restore the Acls for every file within AclFile that exists in c:\windows and its subdirectories. icacls file /grant Administrator:(D,WDAC) - Will grant the user Administrator Delete and Write DAC permissions to file. icacls file /grant *S-1-1-0:(D,WDAC) - Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file.
error	First parameter must be a file name pattern or "/?"

IcsEntitlementHost.exe-E7F16BEB428C7D3A9DDFD562BF5C04E5

key	value
file_name	IcsEntitlementHost.exe
file_path	C:\Windows\system32\IcsEntitlementHost.exe
hash_md5	E7F16BEB428C7D3A9DDFD562BF5C04E5
hash_sha1	B8DDFBBA4F8BED07B649745423B40903F4C29878
hash_sha256	E0AEB4758BD99D1EE66E38BB457638ACD6750A01C2CD5A32ABBBFE00EBBC2F5A
hash_sha384	E453F0A7E236B4354922718A36C28CECBF065135F70CE5CAAED72B2234DECC9B33745A455B960BFDA7E2D6F8E93DFD47
hash_sha512	4BFE9107076C542949B79B084FE7ABA25C77BB083B9DEBCC48C3701EE928F63892D8949DC99A373FA5A321889B0A3BC310D75644FD21611F1C2C51F0481B1D6D
hash_ssdeep	384:r6VhHWwJlubdFZGMe9wjdBZNKrIwPqP1OQZJTsmrRsltbrWzEsdW:GVdWWuYMe9e2I4ssltyEs
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	ICS Entitlement Host
meta_original_filename	IcsEntitlementHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

icsunattend.exe-D3689BFEBFAAC10BC59189C80E27F026

key	value
file_name	icsunattend.exe
file_path	C:\Windows\system32\icsunattend.exe
hash_md5	D3689BFEBFAAC10BC59189C80E27F026
hash_sha1	2592FA8AC3631706ED371DD9C9C2EE37A48205F9
hash_sha256	921ABB7221AA090479CD6A9739B57B37E096B999BBC2D87C22E9E6A3E57B5AA2
hash_sha384	2323B72864A15B104149F38965CD4336D32E556BB2D4FDB087EE04F3F11BAEB011A757B3ED06CE1FDF6D97CEA07F0D2D
hash_sha512	D0677238A700CBEB2F027AFB346B844A0D653BB67791FD986E336FAFE3D3DFE6F476853DAC3CDC1658B7B9AE5DBFCAC940248C2DE2BACB7832DC0E1272DEFD12
hash_ssdeep	384:FASFRFkWUHqSrEdJVKC6tiTmiClgnyck4ToTg1zPWZRW:FAaIEFKTLiF9k4sTg1zu
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	ICS Unattend Utility
meta_original_filename	icsunattend.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

ie4uinit.exe-8450580ADC40581006B7233F2B2803EB

key	value
file_name	ie4uinit.exe
file_path	C:\Windows\system32\ie4uinit.exe
hash_md5	8450580ADC40581006B7233F2B2803EB
hash_sha1	4847B6EC7851126774037130C518B377F454D1D3
hash_sha256	DD7FE0DBD6BD3B66437C093B707D1B2CA8AC72E4671B88829A4327FA6B8A00BD
hash_sha384	6B86056EE2FC3DF835CF06FAACE0EA8C7CD5311C0E5FFD0FD0A5F3A9911C1D1BD2EB168BB44F08BDEA3E8371AB0672E8
hash_sha512	1FC29268C19E1076EC16A36536A434AE51E25F53DD98173F22365D3C94B2DDE7FA477F90449FD189BDDF3E4507590386265127BFE5B67D07EFA43C59EBD08A77
hash_ssdeep	6144:M22QSvNlvMQBGwGk2FBSKrzise1JMQiGK4trw:rSn21d4uorw
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	IE Per-User Initialization Utility
meta_original_filename	IE4UINIT.EXE.MUI
meta_product_name	Internet Explorer
meta_company_name	Microsoft Corporation
meta_file_version	11.00.14393.0 (rs1_release.160715-1616)
meta_product_version	11.00.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

ieUnatt.exe-5B14465BAEC054DCFB21F89EB01F4199

key	value
file_name	ieUnatt.exe
file_path	C:\Windows\system32\ieUnatt.exe
hash_md5	5B14465BAEC054DCFB21F89EB01F4199
hash_sha1	2B92A04F72B0B7282F10FA2A6A65316DB99DF90E
hash_sha256	ECC16CF9654A9981132FF199D4326C679CD3C61670F6B5CCB1CE17616EFB58FD
hash_sha384	B5D3A0352BCA8C479E59C21B64DCF12DB9A8112CB9D9D08A97E051912F213DC2A5D5DD879C4097E92549E4A3AA65F806
hash_sha512	71C0C5C6A11C56009735A67BB5869A6104F17913D0AC40A24B29DC6AD7BFBA4D28AFA3893809898579C7883D1D0AC6B19BC6C0BE343915CD77A38B44D3AAED8A
hash_ssdeep	1536:/N8n1wo/WMXtpngisE65r3yj4bNKaAtJoqu0EUCmAuSs8M6Bmrp/mKz0u0EUCmAO:/awP9u1JDrAn1p
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	IE 7.0 Unattended Install Utility
meta_original_filename	IEUNATT.EXE.MUI
meta_product_name	Internet Explorer
meta_company_name	Microsoft Corporation
meta_file_version	11.00.14393.0 (rs1_release.160715-1616)
meta_product_version	11.00.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

iexpress.exe-F2B70A9C54BC8ECC299942E718ACB785

key	value
file_name	iexpress.exe
file_path	C:\Windows\system32\iexpress.exe
hash_md5	F2B70A9C54BC8ECC299942E718ACB785
hash_sha1	72F6CD10F57CC5588A26B64DF92E0209A2C4BAC6
hash_sha256	BDE274C0E0AD135062E7746842D79EC34C9715608266D6FAA1400158EC0989FF
hash_sha384	1D5F6368344A3C76B4AA52461836EB52463EEF6CD819320C3CF3917F99FFF35F145AD75CADC76CD660D611939F2986D5
hash_sha512	DCBD6E2A7BAC301EA1BC901DF87EEDF758C7B0C49D70FD5DA50D88737694C9972FBD0AC1DC3A8D1C0C1B718B80F3134BE8259B80DBB640D82CF415478AD20EFF
hash_ssdeep	3072:rSu3CErr/G0r16YNDnGOb+ahXNqJohePnq45L84I:5SElfNDGOb+asEwv5L
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Wizard
meta_original_filename	IEXPRESS.EXE.MUI
meta_product_name	Internet Explorer
meta_company_name	Microsoft Corporation
meta_file_version	11.00.14393.0 (rs1_release.160715-1616)
meta_product_version	11.00.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

iisreset.exe-D09D9DAD407B4A61CCB96EA5974AEFEB

key	value
file_name	iisreset.exe
file_path	C:\Windows\system32\iisreset.exe
hash_md5	D09D9DAD407B4A61CCB96EA5974AEFEB
hash_sha1	63A0ADA875FE271DC6AC746CB61B55C1F917A5C5
hash_sha256	EDA5883BD414852613CA4C25B4CAB15197DA73C3DAC182F7876A27BAC9DCDE23
hash_sha384	6240FA5A79EF5B9CA1DE30A0C9339FBF07FC69C28DE13D3296178F71515571636968C4F17251881AC798BEC46B503CF4
hash_sha512	8DE4CC8CC09FA56C65D713176A2B2C9BA1AC9277167AD83F5FFD7AF1A8569A6FE300F6EF837B322FE685D5998C1687AC5755F564968459B60115406B0834A2A4
hash_ssdeep	384:1rfAz/f54lG6A0O3yc7tGlps62gy8HDExabCviEgQBIbW0:ZG41A0O3bEl9H/WvijQBIz
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	IIS control command line utility
meta_original_filename	iisreset.exe.mui
meta_product_name	Internet Information Services
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	Language Neutral
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	IISRESET.EXE (c) Microsoft Corp. 1998-2005\r \r Usage:\r iisreset [computername]\r \r /RESTART Stop and then restart all Internet services.\r /START Start all Internet services.\r /STOP Stop all Internet services.\r /REBOOT Reboot the computer.\r /REBOOTONERROR Reboot the computer if an error occurs when starting,\r stopping, or restarting Internet services.\r /NOFORCE Do not forcefully terminate Internet services if\r attempting to stop them gracefully fails.\r /TIMEOUT:val Specify the timeout value ( in seconds ) to wait for \r a successful stop of Internet services. On expiration\r of this timeout the computer can be rebooted if \r the /REBOOTONERROR parameter is specified.\r The default value is 20s for restart, 60s for stop,\r and 0s for reboot.\r /STATUS Display the status of all Internet services.\r /ENABLE Enable restarting of Internet Services \r on the local system.\r /DISABLE Disable restarting of Internet Services \r on the local system.\r
children	conhost.exe

immersivetpmvscmgrsvr.exe-38FECB8EEB0F7014F23008DDE65CC789

key	value
file_name	immersivetpmvscmgrsvr.exe
file_path	C:\Windows\system32\immersivetpmvscmgrsvr.exe
hash_md5	38FECB8EEB0F7014F23008DDE65CC789
hash_sha1	F41986E642D1B287FD11DFAFB39CFC16959431E9
hash_sha256	703A98A8AC4B66063BA7C899B56625DD91A41AAA9C332EAD121030F18EC3CA65
hash_sha384	DC44F2F78A2AA28031E081922CCA0D9CD1D2137A32DA45B93B9418DE52FD7ADF279F73D6205D81DC0F2902A22E8549F5
hash_sha512	CD2C7AC211957D8C811245F29A704C96F521E87E2D014BA95881F98D1D335E14B4E2F4F40FD55CDFD08418812FC99EA5E165D22634DADFDBE84D8BC070D487B8
hash_ssdeep	3072:blfd1OmDDRu2ThFOqkHaBJA+ZwtyYOwVrIAcCR5yqqlOEwL:Nd1OURzzOAAywtyYLpqqqYEw
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Immersive TPM Virtual Smart Card Manager COM Server
meta_original_filename	ImmersiveTpmVscMgrSvr.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

InfDefaultInstall.exe-6E4ACBE95965D394FE042E1C0B5D7206

key	value
file_name	InfDefaultInstall.exe
file_path	C:\Windows\system32\InfDefaultInstall.exe
hash_md5	6E4ACBE95965D394FE042E1C0B5D7206
hash_sha1	4BB46BD42846A347C5DEB0479F692824846FC809
hash_sha256	84FCF22D7086A99B436BA4A39E61318881B8CA544D30D2E93412DAA49795D8C4
hash_sha384	8B309BE652F8383D9E01DA7C8564D018329371D1B7FDEB667E35994423AE239FA4B338AB8F006C60616C3255924A425A
hash_sha512	16B2CA778A6C710B681AC8051E1C722C45D5E21952967DC54696E7F505884BE3B707AE5092A7A8F07825AE157EC6F7866594D6B1660769673A662E6FC72C9CA5
hash_ssdeep	192:PY5Y0PDblClcp1IvCg+7RSBGzZzdBgW6U19wzs9aW/GW:PY5YUx4o1kCrNsGx7gWCzcaW/GW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	INF Default Install
meta_original_filename	InfDefaultInstall.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	5.2.3668.0
meta_product_version	5.2.3668.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

InstallAgent.exe-CB4C493005600B466808E7A717FB5DA4

key	value
file_name	InstallAgent.exe
file_path	C:\Windows\system32\InstallAgent.exe
hash_md5	CB4C493005600B466808E7A717FB5DA4
hash_sha1	9DB76D1BD4D873B284A068E40D9EFA821939CDE8
hash_sha256	A20E2D63FB201564B95208593DFE105650E3FB8CA89FE2D417EBDA8A5D27F361
hash_sha384	D51814043D84ACC1A08B656A43D8F29A6A112A619BDC84E82634B70118FEC5055B1FF778E7ABB19D2AAC86162183CFB6
hash_sha512	6AC36691C44067685B499AB70F0C0B9017E99288AAF7EEBC8FD06B02EE659C00725ED42D856E645F7BC91DA52B7F240E1D8BDC8515794376C0E2D65AF963C17B
hash_ssdeep	6144:ccA+cNOWNnPGH+OnT6EZOeY7HvW7QOQ2Ll6/1:ccA+cNOWZ4nWEZOeYjkl6t
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	InstallAgent
meta_original_filename	InstallAgent.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

InstallAgentUserBroker.exe-D8D0FFD2C9433F552C840820DD1A07BA

key	value
file_name	InstallAgentUserBroker.exe
file_path	C:\Windows\system32\InstallAgentUserBroker.exe
hash_md5	D8D0FFD2C9433F552C840820DD1A07BA
hash_sha1	73D45D77D9C9CD6832A5AEE13E89E82ED8CFF0D4
hash_sha256	319BC440F8E272CDCA6E557433FC646302408FB16A2F7CE282E4DBDD0A8DD187
hash_sha384	FD0B1E8DC4C16F88060F0ECC8CA6BD84BA19DA98136D1D926DA3B461A458FFA498BCC5D47A0FA4A6753D9FAD6B5CAE0F
hash_sha512	3A5C847092625C1AE1F2234BE3A6FFD2343B15137A5740D6246DD82C01F33AEBE2A8607B6233EFE6216584460C3D7F2FBD0D766C302C3D80C470F096B6E014D8
hash_ssdeep	6144:SkYl1yUHxDUQPDctrkcTHTRviQOQ22UF5:SkYl15Jrcucy5
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	InstallAgentUserBroker
meta_original_filename	InstallAgentUserBroker.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3686 (rs1_release.200504-1524)
meta_product_version	10.0.14393.3686
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

ipconfig.exe-29916DCEA5377C19996B417D9235F42F

key	value
file_name	ipconfig.exe
file_path	C:\Windows\system32\ipconfig.exe
hash_md5	29916DCEA5377C19996B417D9235F42F
hash_sha1	A95BEAA8B81FD799DB6051A79D959908FFBDB22F
hash_sha256	5EE3FD7CA1AC876D0DE539D469BFC333594FCA3DF9F377CC96C756D9648697F1
hash_sha384	D5EDCDE639AFE00BE297ACFA1B96BDB292C757E9139F73647C092A01BD3C5C6410C04A0F6CCA8A0A5EC7AF08712D37A7
hash_sha512	805C3BF8252BD90795E3D9C481686041A343BD5F805A8E16127529A3DF860AE45322C4DDD1CDD8F35E70E0FA7D1D98AF28D7B40F1F9FA711ED5B5CD149FC67B0
hash_ssdeep	768:e+7E/DIclS42UY4KN7afkCUeyBJD1eav8UyrdbK:nk1lEH+lUeyBJDhExrdW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	IP Configuration Utility
meta_original_filename	ipconfig.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Error: unrecognized or incomplete command line. USAGE: ipconfig [/allcompartments] [/? \| /all \| /renew [adapter] \| /release [adapter] \| /renew6 [adapter] \| /release6 [adapter] \| /flushdns \| /displaydns \| /registerdns \| /showclassid adapter \| /setclassid adapter [classid] \| /showclassid6 adapter \| /setclassid6 adapter [classid] ] where adapter Connection name (wildcard characters * and ? allowed, see examples) Options: /? Display this help message /all Display full configuration information. /release Release the IPv4 address for the specified adapter. /release6 Release the IPv6 address for the specified adapter. /renew Renew the IPv4 address for the specified adapter. /renew6 Renew the IPv6 address for the specified adapter. /flushdns Purges the DNS Resolver cache. /registerdns Refreshes all DHCP leases and re-registers DNS names /displaydns Display the contents of the DNS Resolver Cache. /showclassid Displays all the dhcp class IDs allowed for adapter. /setclassid Modifies the dhcp class id. /showclassid6 Displays all the IPv6 DHCP class IDs allowed for adapter. /setclassid6 Modifies the IPv6 DHCP class id. The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed. For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed. Examples: > ipconfig ... Show information > ipconfig /all ... Show detailed information > ipconfig /renew ... renew all adapters > ipconfig /renew EL* ... renew any connection that has its name starting with EL > ipconfig /release Con ... release all matching connections, eg. "Wired Ethernet Connection 1" or "Wired Ethernet Connection 2" > ipconfig /allcompartments ... Show information about all compartments > ipconfig /allcompartments /all ... Show detailed information about all compartments

iscsicli.exe-5D9CE9006FDE6D04DF8A589897844D4E

key	value
file_name	iscsicli.exe
file_path	C:\Windows\system32\iscsicli.exe
hash_md5	5D9CE9006FDE6D04DF8A589897844D4E
hash_sha1	5779EE47F57709B95147AFDFAEB3E2CAE4132532
hash_sha256	CE3228CC8F46D84800D99D569A1261D70FD56873C63F5E75B24B3FE02C53A9DD
hash_sha384	5CA9770E6C1E79BC3DFF7B7F93E9D01F184F31104B30AE64D215804042E7BB10F7B63C4F7475C19CC9E6D8FA8A779184
hash_sha512	748F0BC8E703B56437A8A8D336DF3960A06B2355EE6C4443A62E2DBB901C0A213B5A7BDA8D48FD869A6FD3079F319A5229ABFBC7AB7647083073B0E5F619AEAD
hash_ssdeep	3072:iRvS6Ny1iqELm3ynAICgKOKaeqUKOpVk/qfWJTfS1n37M:U6+pm3kKRaeqUp3WJrM
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	iSCSI Discovery tool
meta_original_filename	iscsicli.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft iSCSI Initiator Version 10.0 Build 14393\n\niscsicli\n\niscsicli AddTarget \n \n \n \n \n \n ...\n\niscsicli RemoveTarget \n\niscsicli AddTargetPortal \n [HBA Name] [Port Number]\n \n \n \n \n\niscsicli RemoveTargetPortal [HBA Name] [Port Number]\n\niscsicli RefreshTargetPortal [HBA Name] [Port Number]\n\niscsicli ListTargets [ForceUpdate]\n\niscsicli ListTargetPortals\n\niscsicli TargetInfo [Discovery Mechanism]\n\niscsicli LoginTarget \n \n \n \n \n \n \n ...\n\niscsicli LogoutTarget \n\niscsicli PersistentLoginTarget \n \n \n \n \n \n \n ...\n\niscsicli ListPersistentTargets\n\niscsicli RemovePersistentTarget \n \n \n \n\niscsicli AddConnection \n \n \n \n \n \n\niscsicli RemoveConnection \niscsicli ScsiInquiry \n\niscsicli ReadCapacity \n\niscsicli ReportLUNs \n\niscsicli ReportTargetMappings\n\niscsicli ListInitiators\n\niscsicli AddiSNSServer \n\niscsicli RemoveiSNSServer \n\niscsicli RefreshiSNSServer \n\niscsicli ListiSNSServers\n\niscsicli FirewallExemptiSNSServer\n\niscsicli NodeName \n\niscsicli SessionList \n\niscsicli CHAPSecret \n\niscsicli TunnelAddr \n\niscsicli GroupKey \n\niscsicli BindPersistentVolumes\n\niscsicli BindPersistentDevices\n\niscsicli ReportPersistentDevices\n\niscsicli AddPersistentDevice \n\niscsicli RemovePersistentDevice \n\niscsicli ClearPersistentDevices\n\niscsicli Ping [Request Count] [Request Size] [Request Timeout]\n\niscsicli GetPSKey \n\niscsicli PSKey \nQuick Commands\n\niscsicli QLoginTarget [CHAP Username] [CHAP Password]\n\niscsicli QAddTarget \n\niscsicli QAddTargetPortal \n [CHAP Username] [CHAP Password]\n\niscsicli QAddConnection \n \n [CHAP Username] [CHAP Password]\n\nTarget Mappings:\n is the LUN value the target uses to expose the LUN.\n It must be in the form 0x0123456789abcdef\n is the bus number the OS should use to surface the LUN\n is the target number the OS should use to surface the LUN\n is the LUN number the OS should use to surface the LUN\n\nPayload Id Type:\n ID_IPV4_ADDR is 1 - Id format is 1.2.3.4\n ID_FQDN is 2 - Id format is ComputerName\n ID_IPV6_ADDR is 5 - Id form is IPv6 Address\nSecurity Flags:\n TunnelMode is 0x00000040\n TransportMode is 0x00000020\n PFS Enabled is 0x00000010\n Aggressive Mode is 0x00000008\n Main mode is 0x00000004\n IPSEC/IKE Enabled is 0x00000002\n Valid Flags is 0x00000001\n\nLogin Flags:\n ISCSI_LOGIN_FLAG_REQUIRE_IPSEC 0x00000001\n IPsec is required for the operation\n\n ISCSI_LOGIN_FLAG_MULTIPATH_ENABLED 0x00000002\n Multipathing is enabled for the target on this initiator\n\nAuthType:\n ISCSI_NO_AUTH_TYPE = 0,\n No iSCSI in-band authentication is used\n\n ISCSI_CHAP_AUTH_TYPE = 1,\n One way CHAP (Target authenticates initiator is used)\n\n ISCSI_MUTUAL_CHAP_AUTH_TYPE = 2\n Mutual CHAP (Target and Initiator authenticate each other is used)\n\nTarget Flags:\n ISCSI_TARGET_FLAG_HIDE_STATIC_TARGET 0x00000002\n If this flag is set then the target will never be reported unless it\n is also discovered dynamically.\n\n ISCSI_TARGET_FLAG_MERGE_TARGET_INFORMATION 0x00000004\n If this flag is set then the target information passed will be\n merged with any target information already statically configured for\n the target\n\nCHAP secrets, CHAP passwords and IPSEC preshared keys can be specified as\na text string or as a sequence of hexadecimal values. The value specified on\nthe command line is always considered a string unless the first two characters\n0x in which case it is considered a hexadecimal value.\n\nFor example 0x12345678 specifies a 4 byte secret\n\nAll numerical values are assumed decimal unless preceeded by 0x. If\npreceeded by 0x then value is assumed to be hex\n\niscsicli can also be run in command line mode where iscsicli commands\ncan be entered directly from the console. To enter command line\nmode, just run iscsicli without any parameters\n\nThe operation completed successfully. \n

iscsicpl.exe-42D0FA9084EDF93DA5FFEC1CFBF18410

key	value
file_name	iscsicpl.exe
file_path	C:\Windows\system32\iscsicpl.exe
hash_md5	42D0FA9084EDF93DA5FFEC1CFBF18410
hash_sha1	3FAE4A309F3A17ED4FABD259E4503FF590D2F1C8
hash_sha256	F172D2F71EB88FD70F1BDBF2F2BFEFFD8C09BA03DAEE8A182C47AE77DB1A4DDA
hash_sha384	C582BB2EE3F24501DA921E74F65FBC306D9A98A30639D84DDA6A0088A1AD76E782A65DB6491B925A63880DF4B122F55E
hash_sha512	B76857D9006B6471AD9CAFDD2E68EEA08F10B2AEF4AFE424C712E42E0EC4D5E580314491D420D133F2CC4A69F3C71DAEF505D5B27D67ECCD994D68BD4C4AE430
hash_ssdeep	3072:STmFAEM82n7GC2jctoKpsusT2rEFpeoIUpZ:SRX8I0jct5rEJdp
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft iSCSI Initiator Configuration Tool
meta_original_filename	iscsicpl.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

isoburn.exe-13D374B961671151002FD0BC062621EF

key	value
file_name	isoburn.exe
file_path	C:\Windows\system32\isoburn.exe
hash_md5	13D374B961671151002FD0BC062621EF
hash_sha1	3D3D775CD42A007CAE04E9EB5E9A4705A421C171
hash_sha256	AE82EEBA17FA923A7C1535F32FCBB3A26BA7F737B6CD1168FBDC84324F120E3F
hash_sha384	E2651A51377C8A0C82D9DE344C4356D2FC0B5C7AF360F9273F9150027DA7C2BECA6F051671D827F177B0CD569083BF12
hash_sha512	6539D748DD04C22983BBFB9F1FD359A3E58AE6EAAE5BCFA76F6E5B3B78D82CBFCA3AF8DA38578EA671FA6F33722F7CF991713EC3665B10377187E62A4C3A09D5
hash_ssdeep	1536:WYPuVbEcc4iuqPf4yvYGojUrYiHOiHBWqTAll9Q+KAbeHZrQqf:3Ogch8PMGo4rY0vfTAl3jNeHd3
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Disc Image Burning Tool
meta_original_filename	ISOBURN.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

klist.exe-1B4E8E3355E782F088EE2A2F54CE7D49

key	value
file_name	klist.exe
file_path	C:\Windows\system32\klist.exe
hash_md5	1B4E8E3355E782F088EE2A2F54CE7D49
hash_sha1	0212B9B929CD5224B181081EEFAEAC5BE04038C4
hash_sha256	4E05E47D6344D8693CF95B1B2F74FD0D372E054485924E8917E9A38A78505B11
hash_sha384	914DB5757A25AE597B8F33B017A1790CD23F92B8452EBA7697997FE7F759C735DD98CC42A0C9D7705B32FC77E0277979
hash_sha512	319601AF797016FCBAB56DDA173E5C610D9383D0059A9D71BE5AD93C4D31936455C9B7DBBA76FAD2625CD3476CBB5A89275E0D4AEBEE716032A449D02039E426
hash_ssdeep	768:3Kajkfz/QQCxSTDYlx0lSz4XNCLU4ZQ8Fci4n8D1cDxN6qvLmV/n:axfz4i4PLUVMqvaV/n
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Tool for managing the Kerberos ticket cache
meta_original_filename	klist.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Usage: klist.exe [command] Command list: [tickets] [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] tgt [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] purge [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] sessions [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] kcd_cache [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] get [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] [-kdcoptions ] [-cacheoptions ] add_bind query_bind purge_bind

ksetup.exe-DECEF3E5B16A811A8EDC76DCCE6D7182

key	value
file_name	ksetup.exe
file_path	C:\Windows\system32\ksetup.exe
hash_md5	DECEF3E5B16A811A8EDC76DCCE6D7182
hash_sha1	0C4079A451D4EAA012C4611C307CA9A4D7E94B52
hash_sha256	D84EC1FCB3AB841C32EFEA8A3C821FDD7ADDBCAFC678D26620479D8C5679D2FA
hash_sha384	74F8B7B5618A88706CE926199450AD18E59333A0F255593D12AC0C5B32FC74D27C6121AB06445FCCE947A9F39E2BAE2B
hash_sha512	70EDC3CD7A30479A243E0E77A684633E1B6E1F315B205BAE0B948321A0E2849508C15DA3CB7083DFFB4F1B8E1DB912CA9F50AB08CCDF537D4357985BAFB3C23B
hash_ssdeep	768:UDgasMQOobn/BXxDvwiIHEFAQDcv1QU+bbwLYBdBVMzdLE:aoDvNcL+bgKLVWdLE
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Kerberos Setup tool
meta_original_filename	ksetup.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	USAGE: /SetRealm Makes this computer a member of an RFC1510 Kerberos Realm /MapUser [Account] Maps a Kerberos Principal ('' = any principal)\r to an account ('' = an account by same name);\r If account name is omitted, mapping is deleted \r for the specified principal /AddKdc [KdcName] Defines a KDC entry for the given realm.\r If KdcName omitted, DNS may be used to locate KDCs. /DelKdc [KdcName] deletes a KDC entry for the realm.\r If KdcName omitted, the realm entry itself is deleted. /AddKpasswd Add Kpasswd server address for a realm /DelKpasswd Delete Kpasswd server address for a realm /Server specify name of a Windows machine to target the changes. /SetComputerPassword Sets the password for the computer's domain account\r (or host principal) /RemoveRealm delete all information for this realm from the registry. /Domain [DomainName] use this domain (if DomainName is unspecified, detect it) /ChangePassword Use Kpasswd to change the logged-on user's password.\r Use '*' to be prompted for passwords. /ListRealmFlags (no args) Lists the available Realm flags that ksetup knows /SetRealmFlags [flag] [flag] [...] Sets RealmFlags for a specific realm /AddRealmFlags [flag] [flag] [...] Adds additional RealmFlags to a realm /DelRealmFlags [flag] [flag] [...] Deletes RealmFlags from a realm. /DumpState (no args) Analyze the kerberos configuration on the given machine. /AddHostToRealmMap Adds a mapping for to to the registry. /DelHostToRealmMap Deletes existing mapping for to from the registry. /SetEncTypeAttr Sets the encryption types trust attribute for to (multiple types should be separated by spaces).\r Supported encryption types are:\r DES-CBC-CRC, DES-CBC-MD5, RC4-HMAC-MD5, \r AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96 /GetEncTypeAttr Gets the encryption types trust attribute for . /AddEncTypeAttr Adds to the encryption types trust attribute for (multiple types should be separated by spaces). /DelEncTypeAttr Deletes the encryption types trust attribute for .

ktmutil.exe-E1E323995AAB4B9491F326F15A067748

key	value
file_name	ktmutil.exe
file_path	C:\Windows\system32\ktmutil.exe
hash_md5	E1E323995AAB4B9491F326F15A067748
hash_sha1	D4C9BB80E016DE127287B3C84F81C37AF38A5564
hash_sha256	8567448C90730513C238D6EFB0350E0A645EBC23CBC4A69E88AD78CD5F70CDEB
hash_sha384	CB7B8929F1B9D34C7395A68ACE2163ACF97D406351CACBAA6DF1DBE7062D999C44ACCB1F29659C9E0942E3D5EBA87067
hash_sha512	6FB2BC407014FE3F6E03431F6A1DE4F00158C1B0C7D9E108DF3BC09D95323994FADF555CFAA16BAD30EFB318F53849B17E092F135D261B02ABBD8B13BEBC3318
hash_ssdeep	384:qbzPHplMV00/RJWZtq6Ext6+NQfA+D2XSPf+mW8jW:qbDzMVPQZjEvNDI2CP2k
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Kernel Transaction Management Utility
meta_original_filename	ktmutil.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	-help is an invalid parameter. ---- Commands Supported ---- tx Commands related to transactions tm Commands related to transaction managers

ktpass.exe-847F918DCAC5FD0E3162290C5ADE2F2A

key	value
file_name	ktpass.exe
file_path	C:\Windows\system32\ktpass.exe
hash_md5	847F918DCAC5FD0E3162290C5ADE2F2A
hash_sha1	F4CDDF83A3EF0909B3569C256DBC96D3DF887728
hash_sha256	2AF1FE66D0A9181F8BEDAF83DFF3AB7D58D36490355147A69047F240BCDBDACD
hash_sha384	A5638F3FF10EBAF17244BE6CD882AC420CCD898296D682AF4F38B77CFD9B09BB94CF8C1E8B281910C5AFAB137FC7DF01
hash_sha512	32CEDA70E9257BE9BFB1AA42810951691DA9A6927D8FD75B31414FA8CA1FADB28ED02F897EBE4D7EC6AF9E2BF05C39E5094C42515B60D8FA9584427524AC00A4
hash_ssdeep	768:a26UJ2jK/o47bxidpPfZbSvKz5XVvvSvIPRmFx6U2eFDw0LOhJVoUw:Uu7XoPsvyZQ4U2elRGJVjw
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Kerberos keytab tool
meta_original_filename	ktpass.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
error	Command line options: ---------------------most useful args\n[- /] out : Keytab to produce\n[- /] princ : Principal name (user@REALM)\n[- /] pass : password to use\n use '*' to prompt for password.\n[- +] rndPass : ... or use +rndPass to generate a random password\n[- /] minPass : minimum length for random password (def:15)\n[- /] maxPass : maximum length for random password (def:256)\n---------------------less useful stuff\n[- /] mapuser : map princ (above) to this user account (default: don't)\n[- /] mapOp : how to set the mapping attribute (default: add it)\n[- /] mapOp : is one of: [- /] mapOp : add : add value (default) \n[- /] mapOp : set : set value \n[- +] DesOnly : Set account for des-only encryption (default:don't)\n[- /] in : Keytab to read/digest\n---------------------options for key generation\n[- /] crypto : Cryptosystem to use\n[- /] crypto : is one of: [- /] crypto : DES-CBC-CRC : for compatibility \n[- /] crypto : DES-CBC-MD5 : for compatibility \n[- /] crypto : RC4-HMAC-NT : default 128-bit encryption \n[- /] crypto : AES256-SHA1 : AES256-CTS-HMAC-SHA1-96 \n[- /] crypto : AES128-SHA1 : AES128-CTS-HMAC-SHA1-96 \n[- /] crypto : All : All supported types \n[- /] IterCount : Iteration Count used for AES encryption\n Default: ignored for non-AES, 4096 for AES\n[- /] ptype : principal type in question\n[- /] ptype : is one of: [- /] ptype : KRB5_NT_PRINCIPAL : The general ptype-- recommended \n[- /] ptype : KRB5_NT_SRV_INST : user service instance \n[- /] ptype : KRB5_NT_SRV_HST : host service instance \n[- /] ptype : KRB5_NT_SRV_XHST : \n[- /] kvno : Override Key Version Number\n Default: query DC for kvno. Use /kvno 1 for Win2K compat.\n[- +] Answer : +Answer answers YES to prompts. -Answer answers NO.\n[- /] Target : Which DC to use. Default:detect\n[- /] RawSalt : raw salt to use when generating key (not needed)\n[- +] DumpSalt : show us the MIT salt being used to generate the key\n[- +] SetUpn : Set the UPN in addition to the SPN. Default DO.\n[- +] SetPass : Set the user's password if supplied.\n

label.exe-83D46B267C8068566557E8A3DF7CEEA0

key	value
file_name	label.exe
file_path	C:\Windows\system32\label.exe
hash_md5	83D46B267C8068566557E8A3DF7CEEA0
hash_sha1	9085903E1952D7A815B554104C05AA1510D2A4B4
hash_sha256	5BB47AE58EEABAD359B2911CB773C6D0AF2C2027BC5D9097534F6C1E308E9FF3
hash_sha384	E5B2049EF794395F64CCF689F4FE6A9C53F5C301E2B03461682E82145A7D69E7D1CCAEFEB006CCB19EE5B41CA3D49922
hash_sha512	F77A79CDA2D1407D52D5A9FACA44237CEEBBC783AC500D55CFF82AFED28A5BDCE3861F686C88B012066349BC0A20EFA820B56C44935C9AE859EE11B23322DF42
hash_ssdeep	192:A0p63NlEcrV7KGYJ4iJi4tlIWP4UBmai4cDWMMsWPXohMWyi4oIGdhVV/19ZmQWx:A0pUV7hYeWfki04EWe4FPvCMQWSpjW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Disk Label Utility
meta_original_filename	Label.Exe.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Creates, changes, or deletes the volume label of a disk. LABEL [drive:][label] LABEL [/MP] [volume] [label] drive: Specifies the drive letter of a drive. label Specifies the label of the volume. /MP Specifies that the volume should be treated as a mount point or volume name. volume Specifies the drive letter (followed by a colon), mount point, or volume name. If volume name is specified, the /MP flag is unnecessary.

LanguageComponentsInstallerComHandler.exe-43134EFEE38C960E4267E2F1550A9BDF

key	value
file_name	LanguageComponentsInstallerComHandler.exe
file_path	C:\Windows\system32\LanguageComponentsInstallerComHandler.exe
hash_md5	43134EFEE38C960E4267E2F1550A9BDF
hash_sha1	4A4F6412E5818FDB642CBE1B2369BB837AB77C1F
hash_sha256	B1B2FEDBF7FD7F584F0EE0A3DC4FE1179802BBEC18962957BA29276CDDBD58B2
hash_sha384	0DE597AE8DE95B89F2EF1F6EDE2DCC5FD9AD2E5A8DCF92E1400ACCCD891A7D0FE29F62EBF6A19FA924F6ACB16EBBB7E8
hash_sha512	AD040FFF429F2311AD546FEFEFE3F3BEE5326851DA02CB8A6BE0BE970B54F4BFE7DBAA1456393AD65536794D04778033BADB787CA772162F95C09151311D2470
hash_ssdeep	1536:O9OM0ukdc+pC1QunQVVVbl+s7r4gCZ2+uO:QOZdT41/nQ/Vh+xZTu
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	LanguageComponentsInstaller COM Handler
meta_original_filename	LanguageComponentsInstallerComHandler.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

LaunchTM.exe-E40B4BED011FA2AF5AC660E620E3F887

key	value
file_name	LaunchTM.exe
file_path	C:\Windows\system32\LaunchTM.exe
hash_md5	E40B4BED011FA2AF5AC660E620E3F887
hash_sha1	A6A64CC07500E327970D2FFAFBBF6F70855F9419
hash_sha256	028E02A7F698150DD9F2CF8A98143F9C67268D1494EFE3AEF0B950D02A4A58DE
hash_sha384	43FC8A18F95592A143B596059934587368BB852BEB594C6B6EDAB379BD5C95104916E98D9D7DD8FDFA1137153C51BEE5
hash_sha512	A69A1390C88319820427E8D21153FCD5C0F8CD6007E5368C08C655D1B6415B2C92551D2D5FF1D67A62461C40A03BA887DA8E70C8AC3A71C9D5A7615E305B4644
hash_ssdeep	1536:CSSlMm8UngMCw2I8FXmzOGDBdpunOl1UIHmejrDwkKgT43FVkXXPKedjXfaW:AlOeCO8FXUO0iOlCIHmeRKPKk
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Task Manager Launcher
meta_original_filename	LaunchTM.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	Taskmgr.exe

LaunchWinApp.exe-3AB074C43F1CAF880D984B2E98464048

key	value
file_name	LaunchWinApp.exe
file_path	C:\Windows\system32\LaunchWinApp.exe
hash_md5	3AB074C43F1CAF880D984B2E98464048
hash_sha1	35331EC6DE56699E4CE32AA37C6B710747E7EB8F
hash_sha256	477B19B706FAB3C1E565B33741ADBAE8016699F0759C771AE1B8F47CD08798BA
hash_sha384	60774674F3ECF8A7E00A643A179DE5F94739805D1B7D52E78BA6B2FAB70BBCCFCD8DD9A354091065E8167483F8D762BD
hash_sha512	3B84AD4D1AF5E604637448F20D0AB16B670966D8BBE9BCA093711AC7C592204CC1D220CA801BE2D5F23D2D6F1AF421003095919895E4ACF126E28BE000B33764
hash_ssdeep	768:XLpiISO2qrX9xnSe0xY3FobomUSzzTQTJs6gnRwl0O/qgelxGNIGjkKnvw:XteqrDRFGoXyPEJf+O/lNIGjxY
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Launch Windows App
meta_original_filename	LaunchWinApp.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3686 (rs1_release.200504-1524)
meta_product_version	10.0.14393.3686
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

LbfoAdmin.exe-86D331A0F698EEA7CEF552C1EF7F4E82

key	value
file_name	LbfoAdmin.exe
file_path	C:\Windows\system32\LbfoAdmin.exe
hash_md5	86D331A0F698EEA7CEF552C1EF7F4E82
hash_sha1	31E78BF1329B81F2AC50B8A62354420062172E02
hash_sha256	7B07A154C26EAB7A0086BD8D0288061CCEAD92787FD175DB3FBC1F844AF954E9
hash_sha384	C8732949000F2FF8BDA00E6F6DBF39AC816EF4592AC8A11A305DCD45EB37DE8D78AE048CBE1EF82357DE51E11A6230D5
hash_sha512	868A972C04DC6829E040962B60E9CF24F219872CC90B97E2408D83B5077A84C1971DA796562EE3FACDAE7CEA76D8DEABFEF96F86BC327BA23D8A87D3BD5D6AF9
hash_ssdeep	1536:5tVcjj4PBuhUYXH1VydQShStyJPnqbye86opC3M/EgmnryqPbvAWc14zUWJGCTBD:lxP8hUYXH1+mty9quegO7jS4VzT5
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	NIC Teaming
meta_original_filename	LBFOADMIN.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

LegacyNetUXHost.exe-5B7F8034C0FD0327884BFD06B7F5760C

key	value
file_name	LegacyNetUXHost.exe
file_path	C:\Windows\system32\LegacyNetUXHost.exe
hash_md5	5B7F8034C0FD0327884BFD06B7F5760C
hash_sha1	598F2C8F104668F6B85DB529B08AC4DC2C172769
hash_sha256	CD0E6E0B017130B980ECA23538518C50AEAE11CB97D401372D4DEC7B6F0C5E17
hash_sha384	EEAB8D0DBDB006CD1B323CE7AFA794485B1A9B52152721AA1240ACC5D8F2C6E51E3AE1252939EED186E41E29C82B20BC
hash_sha512	47BAE0234C6FB24121861EC576E9A4BAB8322506BB0835632D547E5FC64201B22408BA6089A7FC83FE5E6AFA5B0CEACDEC01F1D0E00AF7C0D11B5BE826302D0C
hash_ssdeep	3072:+9mlDBGVYt+uIc2pC5Akvxw8nobS+Z829rt/0uc6RMNS:+9SD8VYRInIBoufuaucCMN
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Legacy Net UX Host
meta_original_filename	LegacyNetUXHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

LicenseManagerShellext.exe-6290371174BD6A21DA88BD2CA14026F9

key	value
file_name	LicenseManagerShellext.exe
file_path	C:\Windows\system32\LicenseManagerShellext.exe
hash_md5	6290371174BD6A21DA88BD2CA14026F9
hash_sha1	E15588231E7C4D5239BB4D17F5AC776893391B36
hash_sha256	24BC3C78E92B7041566302071855128FD2A9D07675576F1010EBE00BD31151BE
hash_sha384	24348C7DB160EAC2DBCFAA26F2C060E82F03743E284EB4185B20EF09D7D9D0E715F09C66ECD832EC49161EB69B6F4454
hash_sha512	2DAE570B4B7E6DB750887F6DB02ABA06E76FF0E5300367C67D1C6DFC9FB683F2D95E782B7A528ABA539037604AD571947997329D8A3EA1DEF5E171C8A3B97C3C
hash_ssdeep	384:dm8NFFDaXMl3DQUtb9CaRTXWmHcc1NRlFIq+QdldDuedzQKFd6mgdZHfOW9qWwX:08NFFZQUxZccDOq+QdyexQKymg7F
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	LicenseManagerShellExt
meta_original_filename	LicenseManagerShellExt.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

licensingdiag.exe-58DC7B96D334B2F47380224A93610B56

key	value
file_name	licensingdiag.exe
file_path	C:\Windows\system32\licensingdiag.exe
hash_md5	58DC7B96D334B2F47380224A93610B56
hash_sha1	1BF838884A8CD0F94BA1BBE7DCAF76EF8BB9AED1
hash_sha256	1A7DD1CE81B334BA211E0EEC122855ADD5321BD3D30D4A851DD5A0CC5AF22959
hash_sha384	C4083D14F105BD82E7A5D70CE1A380C2EE95F8D97B4E71D4851F1F299F7AE6D71CA92FEF79F6DCF3D2B42C1CD1B9FB10
hash_sha512	822ACB7930F85B9902D3394E9C7180703B678B4DB9E0E4DA8AA02490182422B1A847CE57B4B9306C282103423C3BFE29FC354D7814F652EEFEC4D6A5B8C4FEB5
hash_ssdeep	1536:BIl84wWlkIGxab8nuviEHeobh2ejgy3VTVuaxpvE:BdxawW7eC8u3h0aT8
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Licensing Diagnostic Tool
meta_original_filename	LicensingDiag.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
children	conhost.exe

LicensingUI.exe-FD591AF9E78ED65C96A736507780C5E9

key	value
file_name	LicensingUI.exe
file_path	C:\Windows\system32\LicensingUI.exe
hash_md5	FD591AF9E78ED65C96A736507780C5E9
hash_sha1	BA9C7ED57D6F67AFF5A4F0A30781A06E42E617B1
hash_sha256	7A4E307A372D56387AC61870E770EB0097A12C26FE2C470D14D41EE76E3C0779
hash_sha384	97587464F2E841482F2DC47414BCF4DD9B42DDF1766385BA656E55B6726B25526496C42C2663FA4FFF692A3B56FC674F
hash_sha512	97D89217BCBD14DB4936A3A885F1FEBAD9E87AF85BCB759104854990BDAC05438823E0A02113359447F21957DCFECCD53751F7CEDA9E8EC8063A3AE15CAC94B1
hash_ssdeep	3072:ebazxnZ1T2lNznF8kF8jrWZ1LW5NuyN3whWAgiJTdDf/Wvkaf14REt1f:rz9ZV2vR8kajSZ1LW5NrdwhWAFKrwEf
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Licensing UI
meta_original_filename	LicensingUI.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

LocationNotificationWindows.exe-5313F9A0C940970D5491E00C19EF074C

key	value
file_name	LocationNotificationWindows.exe
file_path	C:\Windows\system32\LocationNotificationWindows.exe
hash_md5	5313F9A0C940970D5491E00C19EF074C
hash_sha1	D443BE0BCB6895908CD9B6DF4787CEAD208331C8
hash_sha256	52A028416FBE7FF2FF1936CFFDC59082A1EBBB7E100BFBFC0E7E79E89E983BCD
hash_sha384	ECF4FE63A7A01E51A3E0D85A1356D9B45FDF8165929D75ED213E47D10A2C1168567554132B91BA6C7CC1821B64F0C021
hash_sha512	A765B5440630BF14C1E11ADA5127E15A0E2E06CAD120B44A5E9806BCF4EA2F70BBDC7473A678B380B5781BFE676443235D17DAC13C57F4E824B1F836BC727CB4
hash_ssdeep	1536:AGiirUZv/AsPfwmFGaHp8ZYBOA/wb0vBRwOKGpL:AGiXVfwpaJ8Zu/wb0ZRwwpL
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Location Notification
meta_original_filename	LocationNotificationWindows.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Locator.exe-109C1D609951E886D3643B15C1EDD1C2

key	value
file_name	Locator.exe
file_path	C:\Windows\system32\Locator.exe
hash_md5	109C1D609951E886D3643B15C1EDD1C2
hash_sha1	20E9173558D9B594D40D5EBB4A7C4019BFF0BF3A
hash_sha256	347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA
hash_sha384	985B85F8B137025A33F89F26CA001AA51E95A1AEF3B864DEA3DF7686E8A2D211237A2EF5599E1ABC18363B86E72E5AE2
hash_sha512	3F723B2A46F45469B76AC9B75D6D4AF5689167139720D14534AB64ACD58493A19CA40F12CEFA71ABAC6E14AE298C43A802002E06FB6C24880E35E1F3320E0A46
hash_ssdeep	192:h+KPfrjBKb15VbkP1NC+XwkKjGLIIQG5Va1F18oDkoJeumD6WrlW:Zvgb3w1Y+gkKjFIQuk/1Zk1rD6WrlW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Rpc Locator
meta_original_filename	locator.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

LockAppHost.exe-CCC6C8D3FF120D250F724629C263FA8D

key	value
file_name	LockAppHost.exe
file_path	C:\Windows\system32\LockAppHost.exe
hash_md5	CCC6C8D3FF120D250F724629C263FA8D
hash_sha1	2FC2230B7024F558D68C4FA543C9FC6415E00BC5
hash_sha256	84E652597EE67BAC3A3A8D51523009089027C387F190542E1A9DFE9678D755F2
hash_sha384	55CB86368E714B43397C5D869AA85B873438300C26C468AE8CADEAD6DA8487B5D1124231C0C89C7611A86F46A42BF853
hash_sha512	B2A47A979F8513EFBBF4BA4C08BD3F98E4E4FD5020CC69BE65536353650E03532137BD0095935CA7D269954642EA3E630C05385B0C273A8AFB9230A7D22EC3E1
hash_ssdeep	6144:V80LhMUpyhl3T804SLVSjYSLLGPTeYusbpfxVHM91FOvednwaHq9ow:V80lM4cD8XYSPiSYusFxSxhKL
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	LockAppHost
meta_original_filename	LockAppHost.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2457 (rs1_release_inmarket.180822-1743)
meta_product_version	10.0.14393.2457
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

LockScreenContentServer.exe-074886F1102550E0B30F22806A33681E

key	value
file_name	LockScreenContentServer.exe
file_path	C:\Windows\system32\LockScreenContentServer.exe
hash_md5	074886F1102550E0B30F22806A33681E
hash_sha1	C42677B20D3474F4EF6441859645FDFC628F95F1
hash_sha256	DF1E8AA50DF4A2EE02220D8466207462B3C56846731748EE33321DF4FDB32D2B
hash_sha384	FBED1C39D98F37C10F998D3AFACED3F80B8CCF77DA2E6BD7F95090C063EC0DEF6B72E120BCF0064F92A4A16C3C4276D1
hash_sha512	1EDE585D95D966C539EE17E9647E1EAFC7D36C2183DEB1E357A9E41D419A66292763B0F466E7921ED348068BD94F34A94DC10884FB898BB83FB377E158683102
hash_ssdeep	768:oangc4hQ7u07x8jBmu5kuWHtFHl9rG9GO1pP1PM10d:9gxKVFwjVWHvHHrG9GwpNPg0d
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	LockScreenContent Server
meta_original_filename	LockScreenContentServer.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

lodctr.exe-F4436EB15113D5872A1ED801FFF738CE

key	value
file_name	lodctr.exe
file_path	C:\Windows\system32\lodctr.exe
hash_md5	F4436EB15113D5872A1ED801FFF738CE
hash_sha1	47CC7447F9165129E59F3D89F9F0E352D909A807
hash_sha256	AEAE0D1EDC73E853A73FA9BC1A0836557E05910E777682D9B80E516B9C9E874D
hash_sha384	FB66E330A7F2CDFC6DEA7340FB4F83CBEBF23ACB18402BFE15F048AFB8602D58E2408F9A164358F3DDDFCD8EBB68294D
hash_sha512	88DB51E791A6BB065181DE42A87B727F34214D5359A1607B6136FADCB0CEAAC8CD0FDB34534611F260E8B42626371F3DD74A05551D145EBA5BFA3ED0C39D13B9
hash_ssdeep	768:R5tugiyl/yPYp8yaigwZXbLsWwPN9s9aJuQrt8bplMcpvX/QxQb10Bxk:sxyUiRjwg9azYlMcBPQxQbmBxk
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Load PerfMon Counters
meta_original_filename	LODCTR.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	LODCTR Updates registry values related to performance counters. Usage: LODCTR INI-FileName is the name of the initialization file that contains the counter name definitions and explain text for an extensible counter DLL. LODCTR /S: save the current perf registry strings and info to LODCTR /R: restore the perf registry strings and info using LODCTR /R rebuild the perf registry strings and info from scratch based on the current registry settings and backup INI files. LODCTR /T: set the performance counter service as trusted. LODCTR /E: enable the performance counter service. LODCTR /D: disable the performance counter service. LODCTR /Q LODCTR /Q: query the performance counter service information, either query all or specified one. LODCTR /M: install Windows Vista performance counter provider definition XML file to system repository. Note: any arguments with spaces in the names must be enclosed within Double Quotation marks.

logagent.exe-6C62CC5322D36EC0B180DD40DB67C2E1

key	value
file_name	logagent.exe
file_path	C:\Windows\system32\logagent.exe
hash_md5	6C62CC5322D36EC0B180DD40DB67C2E1
hash_sha1	2705CAC8ADC3E8523B943B495D46700374C577FB
hash_sha256	19D88CDACE7D668D56EC843A4EC09B5F140AB2DECDBAD340D2C565E7B62E3335
hash_sha384	C67A07CF9EA42AA0EFCB28D37C25E4400AB308443A4EB53E66799A21FC5207E91CB8FCEB91EAF90EF291EAFD7311515B
hash_sha512	C1EFDD0FEBC6F5D95954D2D86B06F7513ADEB50ADA4BF20565593755E76D18147369F04999D4475BA3993683DB6669EF83BFA00AB83115E1C96D2711D5A10150
hash_ssdeep	1536:YSA8y59/iay73JyUzq3s/JJPjE2Ce87O1XqSQVfYWlC17ygPG8Tm0Okz89TWr1F:rmKY3yJbE2T87O1p4lCNYJkgdWrr
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Media Player Logagent
meta_original_filename	logagent.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	12.0.14393.0
meta_product_version	12.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

logman.exe-16F3C9E88811A304E23C2A8B0B9618ED

key	value
file_name	logman.exe
file_path	C:\Windows\system32\logman.exe
hash_md5	16F3C9E88811A304E23C2A8B0B9618ED
hash_sha1	3312004370A3A05F70EC2DF7F242FBA50BA75321
hash_sha256	58BF717313D23FFF632B6E8D8BB58A96DF2489C80F6FC2D4C8BFE499275FB483
hash_sha384	AB9F3BAC2217E95CA00C1CE10043B6D7BFE5E88DC6A8D03209E68CB4C3645C29BEB3318C3184A7609242D5A7127E0E77
hash_sha512	5DBD02D00AD3B81E97D3310B133ECD05F97B70719740032DBD3A9A37924B4081D43BA355B194A19A5AE06FBDE2D792239DE2A5518FB408CC669EBB40AE8AC96D
hash_ssdeep	1536:O1gLO54vPgHQYpWSg2AoRv8S+GgTI8mHuYHwQsjXK25apHm:5LOevPgVUSxAoXBKlxeGjX75a4
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Performance Log Utility
meta_original_filename	Logman.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Microsoft r Logman.exe (10.0.14393.0) Usage: C:\Windows\system32\logman.exe [create\|query\|start\|stop\|delete\|update\|import\|export] [options] Verbs: create Create a new data collector. query Query data collector properties. If no name\n is given all data collectors are listed. start Start an existing data collector and set the\n begin time to manual. stop Stop an existing data collector and set the\n end time to manual. delete Delete an existing data collector. update Update an existing data collector's properties. import Import a data collector set from an XML file. export Export a data collector set to an XML file. Adverbs: counter Create a counter data collector. trace Create a trace data collector. alert Create an alert data collector. cfg Create a configuration data collector. providers Show registered providers. Options (counter): -c <path [path [...]]> Performance counters to collect. -cf File listing performance counters to collect,\n one per line. -f <bin\|bincirc\|csv\|tsv\|sql> Specifies the log format for the data\n collector. For SQL database format, you must\n use the -o option in the command line with\n the DNS!log option. The defaults is binary. -sc Maximum number of samples to collect with a\n performance counter data collector. -si <[[hh:]mm:]ss> Sample interval for performance counter data\n collectors. Options (trace): -f <bin\|bincirc\|csv\|tsv\|sql> Specifies the log format for the data\n collector. For SQL database format, you must\n use the -o option in the command line with\n the DNS!log option. The defaults is binary. -mode <trace_mode> Event Trace Session logger mode. For more\n information visit -\n http://go.microsoft.com/fwlink/?LinkID=136464 -ct <perf\|system\|cycle> Specifies the clock resolution to use when\n logging the time stamp for each event. You\n can use query performance counter, system\n time, or CPU cycle. -ln <logger_name> Logger name for Event Trace Sessions. -ft <[[hh:]mm:]ss> Event Trace Session flush timer. -[-]p <provider [flags [level]]> A single Event Trace provider to enable.\n The terms 'Flags' and 'Keywords' are\n synonymous in this context. -pf File listing multiple Event Trace providers\n to enable. -[-]rt Run the Event Trace Session in real-time mode. -[-]ul Run the Event Trace Session in user mode. -bs Event Trace Session buffer size in kb. -nb Number of Event Trace Session buffers. Options (alert): -[-]el Enable/Disable event log reporting. -th <threshold [threshold [...]]> Specify counters and their threshold\n values for and alert. -[-]rdcs Data collector set to start when alert fires. -[-]tn Task to run when alert fires. -[-]targ Task arguments. -si <[[hh:]mm:]ss> Sample interval for performance counter data\n collectors. Options (cfg): -[-]ni Enable/Disable network interface query. -reg <path [path [...]]> Registry values to collect. -mgt <query [query [...]]> WMI objects to collect. -ftc <path [path [...]]> Full path to the files to collect. Options: -? Displays context sensitive help. -s Perform the command on specified remote system. -config Settings file containing command options. [-n] Name of the target object. -pid Process identifier. -xml Name of the XML file to import or export. -as Perform the requested operation asynchronously. -[-]u <user [password]> User to Run As. Entering a * for the password\n produces a prompt for the password. The\n password is not displayed when you type it at\n the password prompt. -m <[start] [stop]> Change to manual start or stop instead of a\n scheduled begin or end time. -rf <[[hh:]mm:]ss> Run the data collector for the specified\n period of time. -b <M/d/yyyy h:mm:ss[AM\|PM]> Begin the data collector at specified time. -e <M/d/yyyy h:mm:ss[AM\|PM]> End the data collector at specified time. -o <path\|dsn!log> Path of the output log file or the DSN and\n log set name in a SQL database. The default\n path is '%systemdrive%\PerfLogs\Admin'. -[-]r Repeat the data collector daily at the\n specified begin and end times. -[-]a Append to an existing log file. -[-]ow Overwrite an existing log file. -[-]v <nnnnnn\|mmddhhmm> Attach file versioning information to the end\n of the log name. -[-]rc Run the command specified each time the log\n is closed. -[-]max Maximum log file size in MB or number of\n records for SQL logs. -[-]cnf <[[hh:]mm:]ss> Create a new file when the specified time has\n elapsed or when the max size is exceeded. -y Answer yes to all questions without prompting. -fd Flushes all the active buffers of an existing\n Event Trace Session to disk. -ets Send commands to Event Trace Sessions\n directly without saving or scheduling. Note: Where [-] is listed, an extra - negates the option. For example --u turns off the -u option. More Information: Microsoft TechNet - http://go.microsoft.com/fwlink/?LinkID=136332\n Examples: logman start perf_log\n logman update perf_log -si 10 -f csv -v mmddhhmm\n logman create counter perf_log -c "\Processor(_Total)% Processor Time"\n logman create counter perf_log -c "\Processor(_Total)% Processor Time" -max 10 -rf 01:00\n logman create trace trace_log -nb 16 256 -bs 64 -o c:\logfile\n logman create alert new_alert -th "\Processor(_Total)% Processor Time>50"\n logman create cfg cfg_log -reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"\n logman create cfg cfg_log -mgt "root\cimv2:SELECT * FROM Win32_OperatingSystem"\n logman query providers\n logman query providers Microsoft-Windows-Diagnostics-Networking\n logman start process_trace -p Microsoft-Windows-Kernel-Process 0x10 win:Informational -ets\n logman start usermode_trace -p "Service Control Manager Trace" -ul -ets\n logman query usermode_trace -p "Service Control Manager Trace" -ul -ets\n logman stop usermode_trace -p "Service Control Manager Trace" -ul -ets\n logman start process_trace -p Microsoft-Windows-Kernel-Process -mode newfile -max 1 -o output%d.etl -ets\n logman start "NT Kernel Logger" -o log.etl -ets\n logman start "NT Kernel Logger" -p "Windows Kernel Trace" (process,thread) -ets\n

logoff.exe-63DAFD4EB9CF5D5BAD52B2F78C9C3DDD

key	value
file_name	logoff.exe
file_path	C:\Windows\system32\logoff.exe
hash_md5	63DAFD4EB9CF5D5BAD52B2F78C9C3DDD
hash_sha1	54128FE2F1E8E2E325F73000E78D321A6C84D1DE
hash_sha256	EC35AEEDEDEAD912B65247BEBF6B87D010182ACA99EA78B6EE2D80BD267FBD40
hash_sha384	5D424FD643753FA6842994CB9B601E43F9C7F0FC6561368D89BB9EA390B7926468C8BCB9B082D311FEF8FFD878C04320
hash_sha512	782724E112FBF327DD170957819C329B9E2A63CA2FC828ACD76337A23E8C4CB288AF8E0D9C92A0E93D73DC85D58BBF1B4EEC7AF7D8F8FF3C996CFC7EB80A8617
hash_ssdeep	384:jrh2V3nRO3qQRC9QgstQrldEg55M2ID2/GFtR+nzn5mocyGMrUvbzCW37uW:jrhEYdLaRlmh3Qz5mxvbz/
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Session Logoff Utility
meta_original_filename	logoff.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
error	Invalid parameter(s) Terminates a session. LOGOFF [sessionname \| sessionid] [/SERVER:servername] [/V] [/VM] sessionname The name of the session. sessionid The ID of the session. /SERVER:servername Specifies the Remote Desktop server containing the user session to log off (default is current). /V Displays information about the actions performed. /VM Logs off a session on server or within virtual machine. The unique ID of the session needs to be specified.

LogonUI.exe-B38DFCF985D8AE5B1A17C264981E61C7

key	value
file_name	LogonUI.exe
file_path	C:\Windows\system32\LogonUI.exe
hash_md5	B38DFCF985D8AE5B1A17C264981E61C7
hash_sha1	D14F98FA954E585672D8505DFBB1F8240C49EDA1
hash_sha256	AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5
hash_sha384	0DEF752E3AD60FE1CF9E27FC1640CF7B73FDEE05D39370B9909603ED20310AED045DD38C116A54CDB2BB6B3897839BA8
hash_sha512	7B16787E8C4A5197D0E904C73CD256BF02E646B4C65013668161D00A193314E14270F4A5756D85E1562E990B197441A2A53D17297FF4D03F08A13C3FCB8326EE
hash_ssdeep	192:wPQ3DcPYDUfHqlZubjq4jrzCEqXVdQ9GvGHsl2WnUW:bDUfwgbLjreEOXGHsoWnUW
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Logon User Interface Host
meta_original_filename	logonui.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

lpkinstall.exe-DE7C9EF49B7C0DFECC0D535A11607AB2

key	value
file_name	lpkinstall.exe
file_path	C:\Windows\system32\lpkinstall.exe
hash_md5	DE7C9EF49B7C0DFECC0D535A11607AB2
hash_sha1	DA08D0492CDF53680D06408FD48FC1F4835F0D2F
hash_sha256	6F15E80B4E9CBD7741C129B68F15F6400F10DF9A4474DC48104C09FAB182E63B
hash_sha384	7F72B97F976CACF028AE78F9495760C994164F70190CE00073434F223E381E3B6F782EEE4B3DB98F60439CCDE24A3402
hash_sha512	F03207207EEC93CFEE5E972ACB228C26CF4FE4162244C8149263EE7D84C9C2A1D472F17447ABCF018F72FA4E0513BA0D21D03C692CEB958A7DED6CB9D1E63163
hash_ssdeep	768:v0Cuho104bqSjm4PoNHi0tRlhl0VNbT6WniSHUPzBa:vPaoBbqGm4wD+VNbTJiSHUPNa
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Language Pack Installer
meta_original_filename	lpkinstall.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

lpksetup.exe-170343B59D2A8607C7106ED63E524AE3

key	value
file_name	lpksetup.exe
file_path	C:\Windows\system32\lpksetup.exe
hash_md5	170343B59D2A8607C7106ED63E524AE3
hash_sha1	848FC2AB03F982B442C9F04C26677413CC90121F
hash_sha256	D374DD6E68F5CA40B3A86B6E32946019DAEBD2E24A48CD43D0D01074CFE26681
hash_sha384	55FA09FF17501C54E468F96F81272FB4BE7B2B8799F4D0D08102AD4EA01E6D0A18742B263CA89F9F86FDE56097B737C6
hash_sha512	12A0D2032FB87EFCE81AF03DBD47A3C3555FBE177EE547D77525419BB9DF334E529CE245F4D4F413A5C688700B948B897BB6052E456B4BFD1EA3620F4B2C44EC
hash_ssdeep	12288:PQGXMy8IkciS00hDrydajNts6T8doqyKJjmReMNOtNQWggQVqtDx2/D6yfndmLh:PlX8IkciLEZnrT8OsmIWOtNQkQVIDw/a
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Language Pack Installer
meta_original_filename	lpksetup.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

lpremove.exe-DC79517FEBFB066CEA6BDBD376DA9C08

key	value
file_name	lpremove.exe
file_path	C:\Windows\system32\lpremove.exe
hash_md5	DC79517FEBFB066CEA6BDBD376DA9C08
hash_sha1	7BF2B7FFD9BEBD13162AB7D8ED19FC0956D32C9C
hash_sha256	1422EAB9650F4D37D496BD0EFB976628E4336D2BD7FF1B4864D6E8E073300C5F
hash_sha384	D4A6BFE98C442F85E0A12CCD1BFECCE9F4E242B68147511855970C2A2C497E763ECF3B78C8EBF921CEB35518C832162E
hash_sha512	E0FC36EDD812FBB237FBBF3FD34EB4ACFFA975E96A66193CC5F3F7A2FF71A5409929FE9A10C3EF416EE63AAC8B03378A5B5FED0429351DA782284474C9A71D86
hash_ssdeep	1536:QIZ20erN5lWs8gReESH2treCUp0slvcykxNSiAg:3XypWUReESH2hKPvYxkI
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	MUI Language pack cleanup
meta_original_filename	lpremove.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

LsaIso.exe-BE793A4B6179CA7D380CA168344E0FD1

key	value
file_name	LsaIso.exe
file_path	C:\Windows\system32\LsaIso.exe
hash_md5	BE793A4B6179CA7D380CA168344E0FD1
hash_sha1	A0CA299EB5904C03889CAE33C2B13007CC069F5C
hash_sha256	06F7BD6FE8ECE75B38E6CDBFE8D7CA9767FE1AD638A82671D6A4C855FD538BB6
hash_sha384	48DDCA0AC83252552405895C01ABAC8A69D1A047E8D7F41BC3ED0A751760A2CFE8B574B51933627A9A9172BA6836CF0E
hash_sha512	E6AEDC6933727A5EA62EEF249DA6BDD481A0D407C8F701F6CC0C5BD02DB7B9F35BCCC4A913AFD3296B9DEAEF1108784C61D8F37B1A8AC83A0F24B06BF77A1195
hash_ssdeep	3072:aD0pGEPBmKdDxPPqmpax5FN27JzWpaQmTs3vIAqazg3o243NmaW9j+vS:aD04EPB9DEmsx5FWzWpvqyvIuB09n
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Credential Guard
meta_original_filename	LsaIso.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3659 (rs1_release_1.200410-1813)
meta_product_version	10.0.14393.3659
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

lsass.exe-5AE8589CDDE46ED132AEF8280BC8894A

key	value
file_name	lsass.exe
file_path	C:\Windows\system32\lsass.exe
hash_md5	5AE8589CDDE46ED132AEF8280BC8894A
hash_sha1	20A244C0440ED0B418F454F8A12ED0DE6A8BD6D2
hash_sha256	D957A03C6EA35CBF0C90B0B088DF07E7803A1A3EEB4BA889038F88DB066BBDC4
hash_sha384	A2A00CB7709B7E90EEA20781D3E156532D69265E7C1430C613A3ECA4AB214A556C484A6663C7494B97EBF678D14A761D
hash_sha512	E8949C6EF0D5DAC5A89536734305AEE0CD1F28055B77367981EB065CA967AA391FDC9C14C634DE5119D7719BCA36A10B2B079ADF9E705028F9C0A706F202F077
hash_ssdeep	768:xorvR2Fw+l+EPbRXFk5sM9cxTS3Pgez2F6zHoeTosKzls65ztMIrJ2fy1PTSi:xTFw+l+Azk55zV8eTY5JJGiJ2qPTSi
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Local Security Authority Process
meta_original_filename	lsass.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.2580 (rs1_release_inmarket.181009-1745)
meta_product_version	10.0.14393.2580
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Magnify.exe-88156DA1B88F03E6591359587F3FAF2C

key	value
file_name	Magnify.exe
file_path	C:\Windows\system32\Magnify.exe
hash_md5	88156DA1B88F03E6591359587F3FAF2C
hash_sha1	3E44758C3140A0129700DDAE611F70D3492E5C39
hash_sha256	82EA54BB8C1A96AE09CB240BB14CFF8A6A6E612F76FBB0AE39A4A10E2E3CB318
hash_sha384	69451F3B26743B2DB192F5057994FE127599723E1F7447E6369F16776165CE325D6877A67FDE59158AB30D3E9CDCBCDA
hash_sha512	60A297B4656CCA770C81E6FD09927DFECA51383DA9809565E5E5F428F85494BEB711A6604FE2372896D5F0B805CC3FAC0F5022227D79012D6D50AB5B52889EC1
hash_ssdeep	12288:t4ZkNIN03Ps/n6Vpt8XB04dDuc/04dDuc/vq:t4boEgp/4xI4x7v
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Screen Magnifier
meta_original_filename	ScreenMagnifier.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

makecab.exe-B51BF14D7B1D6B5CEE13E90B86A99645

key	value
file_name	makecab.exe
file_path	C:\Windows\system32\makecab.exe
hash_md5	B51BF14D7B1D6B5CEE13E90B86A99645
hash_sha1	F5ADC20E1674DD99923909A66C64FCCD51C29672
hash_sha256	E73754E12402679C921E4903C4E1130DCA6A3714FF7A42866AA38692AD0874F4
hash_sha384	558F5264B0BAC8832EF96A240B994BD15C4656C6C8AE9128EBBD54EE23016B7A1BCE708C99B05B7ED8E95CDB361F6625
hash_sha512	21E8CBA2DB8686EAE37AB9C80E80230874E94CFF39CBF3343B087F57F9559CA34CA477E65ECCF593310A1F6DD0287A54B4C0624D9FDA83CE548D9AC52A66413F
hash_ssdeep	1536:2mTPqowqJjEfy8gH+EzP8+ZdfnCNgIT2v+N2iHhHdZYsq3EDrxYS0vJd:JTTNjEfy8ge0t3fnExiv+NnHdWDEDrxq
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Cabinet Maker
meta_original_filename	makecab.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	5.00 (rs1_release.200407-1730)
meta_product_version	5.00
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Cabinet Maker - Lossless Data Compression Tool MAKECAB [/V[n]] [/D var=value ...] [/L dir] source [destination] MAKECAB [/V[n]] [/D var=value ...] /F directive_file [...] source File to compress. destination File name to give compressed file. If omitted, the last character of the source file name is replaced with an underscore (_) and used as the destination. /F directives A file with MakeCAB directives (may be repeated). Refer to Microsoft Cabinet SDK for information on directive_file. /D var=value Defines variable with specified value. /L dir Location to place destination (default is current directory). /V[n] Verbosity level (1..3).

mavinject.exe-3196E7F92E0B4367444A185B5A4E757D

key	value
file_name	mavinject.exe
file_path	C:\Windows\system32\mavinject.exe
hash_md5	3196E7F92E0B4367444A185B5A4E757D
hash_sha1	34A26DEA01EA4A421F5512D1DEED5CDD0A4CCE59
hash_sha256	CFBCA5DDE322DD0CC6DD07412589B532B59302D4D7B1739BE248F9CDD24CD8E6
hash_sha384	6F1A5D44FFF031E592DD685D3A4E6CA141AA7E471CFEA8D17BCFC7D9B9BA6BA90B13B2819A688056A0478F39FB5D4726
hash_sha512	AE0D34ED7377C22715E620C827FAB62801234EC687294BF29BAE2BDD2126BED14464984F197ED70CD3372B3BFA07DFC213C2A6DEF250F0D5E8DEB4AEB0BB9899
hash_ssdeep	3072:1u/7/Qapj1CpO3KTWGNU6ITT9KoN7Dq6DUv:1KQapJCpO4WGNU6ITT9KG0v
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Application Virtualization Injector
meta_original_filename	mavinject64.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3659 (rs1_release_1.200410-1813)
meta_product_version	10.0.14393.3659
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

MbaeParserTask.exe-77B6CB827F0132F41C85EE81B268F6FA

key	value
file_name	MbaeParserTask.exe
file_path	C:\Windows\system32\MbaeParserTask.exe
hash_md5	77B6CB827F0132F41C85EE81B268F6FA
hash_sha1	3C02C7BC78B70D5BDE152DE97FE6B31EA1FBEAF9
hash_sha256	3D5453FF03CA435AC1196D13F2F3EA0EC17159F02777066E910A8DB17A288B67
hash_sha384	F2F31923630A92AEA458C0CE8B5E64C7A324EFAEFF4921134C3F2DB23F3E751160DEAC6BAC3396D2A1EBA667B98A284C
hash_sha512	6EC96DE7330B376258765258DBEDBB1D83E54A5B92B5FF143129D5AF4B7B4F623877817694AB39AE618176D2018E92FB24913C113B80FC262EF8EDCCB3D5D51B
hash_ssdeep	1536:X7KTL3NOpVnehHjUWiApZ8z4My7KjGoiuzS7aVH8J/P+pbv:X7KFOpchHiApU45+jGolzS7aaZP6v
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Mobile Broadband Account Experience Parser Task
meta_original_filename	MbaeParserTask.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

mblctr.exe-0EC4ADC3149C9F85BF96B83C6AD174F5

key	value
file_name	mblctr.exe
file_path	C:\Windows\system32\mblctr.exe
hash_md5	0EC4ADC3149C9F85BF96B83C6AD174F5
hash_sha1	F053C88F40E68BEA6442E384429963CFDBA4F4BB
hash_sha256	8232A606889BBE9719ADE8104CF314596CFFBC8A28060D27373C527DA83C340C
hash_sha384	FAFB79478C369E67D25994B348B9C60EB18F6CA37F95FC0D9C5344071FD8B45894F838076C24E96C9A2B155979D3A1B9
hash_sha512	3F8895EEF6BC42020C05CEBC130D907BEB59A69913C4B2422ED35718E31289B67355F6F90B05417D667E77AA071B8D6D7A0F587FEB4A7A1012E161E460948CD3
hash_ssdeep	12288:TGkJjCh6BMZLpgdc5geSMO4nu451qviizQBODAKylkm5ZUxXrc5Zh5ZG5Ze:TjMZLp4cq2u45kRzAKcjY8poA
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Mobility Center
meta_original_filename	MBLCTR.EXE.MUI
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Copyright (C) Microsoft. All rights reserved.

mcbuilder.exe-7D98FCF7C13D3E0C5D341907161B2DA8

key	value
file_name	mcbuilder.exe
file_path	C:\Windows\system32\mcbuilder.exe
hash_md5	7D98FCF7C13D3E0C5D341907161B2DA8
hash_sha1	CBA8F960DD78905D5AA821A2210300EC99A22EAD
hash_sha256	A6AC534E69E316145CB54B31D0D9DE4ADDDD471D790FB031C85D3F3EF61AAA8F
hash_sha384	A0F2EC871C30703A5C1010BC621992B374E19834918E8929941107CF1E283685BD51F8736C04970B342619D462927F6F
hash_sha512	A90EAF85B45513AD7992664685F7E663FC19287084979A6C988994FA490845ECBDD4105DB579EE6AA68921606A7C7BA4D752218225F4EE8C77D0332532254601
hash_ssdeep	6144:XIrxeHSMzn7EOZbY0iyl0vl+fRE85RUV3Ktnz9:4rwyMD7EOZTiRqE866
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Resource cache builder tool
meta_original_filename	mcbuilder.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.3659 (rs1_release_1.200410-1813)
meta_product_version	10.0.14393.3659
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

MDEServer.exe-CD44AD4416345E4D5D2674BD1218B7E2

key	value
file_name	MDEServer.exe
file_path	C:\Windows\system32\MDEServer.exe
hash_md5	CD44AD4416345E4D5D2674BD1218B7E2
hash_sha1	C9904F93953BC8CA2851099DEA0F88DCD35096BF
hash_sha256	5C6F11BE84A35C3CFB81B56B666C9BCB63D79F8F7E7347F3BD4F3449020C8C6B
hash_sha384	66876C3597740311D10879EC48F9405D9C69924056CFF35F777F96987965788DC31D08095455A9EE021CA1983721F5D8
hash_sha512	FA3808DB2EBB8087860D9AE28519EAF453F52C16076CF8450628B1D2BCB98D052FB6188D861E2E57E991662AFF8D21927AF35CC4CB3890FEAA9ACEBB8E7BDE4A
hash_ssdeep	12288:9HXl00Mr7irR/IhDGxGs8HI1hata9AgiLVZ4Yye:ZXl00Mr7irR/Ih9s8o1hcLLVZ4Y
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Cast to Device Server
meta_original_filename	MDEServer.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

MDMAgent.exe-2C811E73970DB48719FA766460A912EE

key	value
file_name	MDMAgent.exe
file_path	C:\Windows\system32\MDMAgent.exe
hash_md5	2C811E73970DB48719FA766460A912EE
hash_sha1	3049A84858396494549E52EC63646EDE40B20DEF
hash_sha256	5808752D94BF981798DABAE8B46DFD2A849B7A889724921A505FEE5FE7FD97DD
hash_sha384	EE22BE2CAE3CC81CF7DD5323D3C1B17D23583DFE84E340A8291D0D64F6A3237790DF4DC234606D42CA3372C241BD5678
hash_sha512	B33281E081BD8620DC2FA2122A801093348B179A4AED6C4707A668464332D631F32946ECB041E8C9406656A382F43487664318B395C1FC11DB9CA00FA3F32E1C
hash_ssdeep	1536:TqPrcMDJopBgIiUaKVunZueH93kHuc4SoZ:WPmpBb3unZuK93kOqG
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	MDMAgent
meta_original_filename	MDMAgent
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.1794 (rs1_release.171008-1615)
meta_product_version	10.0.14393.1794
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

MDMAppInstaller.exe-036D826413ED8690A0F944CEDA444403

key	value
file_name	MDMAppInstaller.exe
file_path	C:\Windows\system32\MDMAppInstaller.exe
hash_md5	036D826413ED8690A0F944CEDA444403
hash_sha1	5893DC2F3BD01CE598B53E84D41F04F32AF4B440
hash_sha256	5891ABBAC0E2DB865F9422881B2F861F3C226E4A0470E5596A95170E3CDBE3DF
hash_sha384	9873D2DFDB3B14BAA18B99C467B8A70851CD8BCD81DEC23A4EF7AF83A00D4555E6D7FD2DC1A8D1854E65E3C4FCA1C178
hash_sha512	68DAFB96EA42EA3646DF241C95B7656A8A0BF85E990CE912E3C4C1071DD08EBCE6C5B84EA6F6AFB0C54787394E69834BB55B9C4915480681CD69EB7749EC9BCA
hash_ssdeep	1536:sI3kpyD3l8394t9PNMqb1r5PAXQvu9fiA0++fofBOm7xNng7qo1e+w/P:sj+3tDVru9fiA0++AfBz7xan1eH
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	MDM App Installer
meta_original_filename	MDMAppInstaller.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.351 (rs1_release_inmarket.161014-1755)
meta_product_version	10.0.14393.351
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

MdmDiagnosticsTool.exe-A3EBBF477473AF06EE428238AAB8AB57

key	value
file_name	MdmDiagnosticsTool.exe
file_path	C:\Windows\system32\MdmDiagnosticsTool.exe
hash_md5	A3EBBF477473AF06EE428238AAB8AB57
hash_sha1	6F6C663C898410015EA2C3977E11B3EA7C824F9F
hash_sha256	8CF005FB0DA8911C05920F8AB485F92FADDF74251E63550F2D02863D8BDF4138
hash_sha384	59C58B34177757D3337BF056F3D020CF07C2EBA83623F235CFD60AF774423C339F75926076C2BE5A7D90AE2DCE0FE30C
hash_sha512	3E045B4249354AF6781D1B0B703A8875601F206B857CB66EE19C068542EE50DC254BAC3C8FFED20142B051E59293AD7B120D7EAF86A2286E5612E827EC13C1DB
hash_ssdeep	384:cOvq2p3sGLXV1WR31AHZqOmzvl2RygjWQGBrWSi1Wm3:c897VA8kjl07jxGg
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	MdmDiagnosticsTool
meta_original_filename	MdmDiagnosticsTool.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.
output	Report location -help

MdRes.exe-65AA6B6B47D01BF36898D5D06617C623

key	value
file_name	MdRes.exe
file_path	C:\Windows\system32\MdRes.exe
hash_md5	65AA6B6B47D01BF36898D5D06617C623
hash_sha1	D556B77A69583447BD45FC7D9BD369EDC213F8F5
hash_sha256	5F81350F8147E8632C6514F06F4487DAAEE7CE2FF1EC53B821D14D862C21A08E
hash_sha384	C9D630960BD54483BB3EF6C8755FF104C1BFC4A03E456D61C9A7E538AE2E02228CE38C9C9AF4F99EF641F8A958AF8846
hash_sha512	CEA0D2B7F4EE529994EB0CF955B4F969D22D5A5487B77DB50C043576AE6CF6500914D682380C99C9FA24663F88BAAC1AD4595F9100BE8CE56794333AC9C3FB22
hash_ssdeep	1536:rZ9Hurm+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:rZ9Ore/FO+VQDUcUNWs+jm6
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Memory Diagnostic
meta_original_filename	MdRes.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

MdSched.exe-8F8886C005711C2EAA283E3DF2CE01EC

key	value
file_name	MdSched.exe
file_path	C:\Windows\system32\MdSched.exe
hash_md5	8F8886C005711C2EAA283E3DF2CE01EC
hash_sha1	DC1DA6F30F6347024161C210BA6CFC96C7DF8843
hash_sha256	071A7027621AFFE293F6C99AF0700CC26BEEBF0974DC864AB5C9A1A6751CCA2F
hash_sha384	F75C4B32D8BE04B4410BD6326220D2BA05A53792F72E135896040D856C5B264C632DB5549A0F149531D0E66A98FCFB6B
hash_sha512	291659582BADB57E1375E3FB1CAD8D9C9C79C207CD86C3A6BD8CDA269D00394201D9C95BE7D94D59EE585E6E2811D0A1E1B765D17CD3FACCA56EADF03A9B3084
hash_ssdeep	1536:XCuhL13HwZEUm+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:txNSEUe/FO+VQDUcUNWs+jm6
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Windows Memory Diagnostics Tool
meta_original_filename	MdSched.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

mfpmp.exe-CBF29D5D2704D2514ECB322A28011D22

key	value
file_name	mfpmp.exe
file_path	C:\Windows\system32\mfpmp.exe
hash_md5	CBF29D5D2704D2514ECB322A28011D22
hash_sha1	11967FEDF6D29ECDBDE289E5719FF636E0AD677A
hash_sha256	178F0164D541B1B178AB3A35A07E924E4C109E09432D2E93556BE4755AD550DE
hash_sha384	166329D0DC1EFFD09148677B039DF586E56020DBEB95F4E4952B544527D54B139C173DF5F27F3D0E427B5329DC316E86
hash_sha512	F0A3C57B130448010D79C00401B04FD0483683A7814F6D42A6B534CB5A4DAC195F48093C979EA4D405577A71453B5845707C5A76289F91BAB35388C03DDB92A0
hash_ssdeep	768:ei/puqUXX+8Uk6lKjZJyI+2toXnHAhLZvqDaI1PK:n5kDB2sZJy2oXHAhLIHPK
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Media Foundation Protected Pipeline EXE
meta_original_filename	mf.dll.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Microsoft.Uev.CscUnpinTool.exe-5CBDBAB87879659E797E7447521515A3

key	value
file_name	Microsoft.Uev.CscUnpinTool.exe
file_path	C:\Windows\system32\Microsoft.Uev.CscUnpinTool.exe
hash_md5	5CBDBAB87879659E797E7447521515A3
hash_sha1	5F97A5141F403423C13D8DA91EF523791DC03333
hash_sha256	F6E9CF309867A8BDC0FBE9DBC609D7EDADF2B998379E85BE07E7A863C622B133
hash_sha384	DEA3205DCAF65F780F7CBE20BAB18D5F86DC144707E33F2FB15AFFE9C3B39D362EBF4DF4CF3A909198F3170DD8125A87
hash_sha512	F11B61A6428CD3077FDA6CA0EF3D0B0D473165FA13BE400D8E6AA1371BEA2FBA01C902BA5F5E62975F57078A0468CB5C9CEA5AC1B2A74B7AD43769497FECE166
hash_ssdeep	6144:0dtS539T3jy8gKfGA6RxeWB9O/vUihadxdZgIxb+w:OABZ3jbge6jR/O/vUisN
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft.Uev.CscUnpinTool EXE
meta_original_filename	Microsoft.Uev.CscUnpinTool.exe
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.1737 (rs1_release_inmarket.170914-1249)
meta_product_version	10.0.14393.1737
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

Microsoft.Uev.SyncController.exe-E0C7CE7B684529C73B6FC6E679611C9C

key	value
file_name	Microsoft.Uev.SyncController.exe
file_path	C:\Windows\system32\Microsoft.Uev.SyncController.exe
hash_md5	E0C7CE7B684529C73B6FC6E679611C9C
hash_sha1	8BB57BCD4118A30AF1A4DAF541386B94CF9EF823
hash_sha256	51960801B7E5B6EE0E97DE9F12A9602DD01112C09FEBAF06568EFF5EADC62745
hash_sha384	D6FAA1F9FB4674E76B45B0ED8E8D8CF06EE03EF98B82449E1E7DE1C0D75455FDFD0BBD0E003EEA44F9B2A2B7046239EF
hash_sha512	1EB50F2215E780B1FAAA122165038A311C0E7F7CB14CE9627E0C4C5EA1F3A71ED0614441902D363B1E2BC946F4EEDD866709E518AC751F6691013C2637DA7DAD
hash_ssdeep	1536:1mOzYulqCAV/Qkd1sTNe+6NwiKE10DHlG:zYoqCAV/Qkd1sTNGBl10A
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000001733031072665B8B9B3000000000173
signature_thumbprint	14590DC5C3AAF238FCFD7785B4B93F4071402C34
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description
meta_original_filename	Microsoft.Uev.SyncController.exe
meta_product_name	Microsoft (R) Windows (R) Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0
meta_product_version	10.0.14393.0
meta_language	Language Neutral
meta_legal_copyright	Copyright (c) Microsoft Corporation. All rights reserved.

mmc.exe-E1328E5A4A87C376927DB685110F8D6F

key	value
file_name	mmc.exe
file_path	C:\Windows\system32\mmc.exe
hash_md5	E1328E5A4A87C376927DB685110F8D6F
hash_sha1	F11E8FAACF669160579A32A38146C89F61F9E081
hash_sha256	6BC24C0694AFBC40256239F3C3A9AB1F99D76A7A00E683E53E079BB903149A50
hash_sha384	B3D0D5A2325D5BB7B2249EE71214E679CB3FDA7F107D1B21AB4922209DA671B63AF99AFF8E4E4212508A0735E1FBEF8F
hash_sha512	B456EB3AE3B9B749D63E473689C2C0E9BC99C8E32C52F736619962C8F9D63AA631A2997A1BF6659EF94E4882061811F1F8FA10D2E6B31F0F14950A5B30BF2E83
hash_ssdeep	24576:GIuLp3nX9Ofk2Q6uVzpmMIm1YJ5J1q9gtJxEIMo7wMo7DH:GF3tO82Q64pmMH1YdRtH7e7DH
signature_status	0
signature_status_message	Signature verified.
signature_serial	3300000266BD1580EFA75CD6D3000000000266
signature_thumbprint	A4341B9FD50FB9964283220A36A1EF6F6FAA7840
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Management Console
meta_original_filename	mmc.exe.mui
meta_product_name	Microsoft Windows Operating System
meta_company_name	Microsoft Corporation
meta_file_version	10.0.14393.0 (rs1_release.160715-1616)
meta_product_version	10.0.14393.0
meta_language	English (United States)
meta_legal_copyright	Microsoft Corporation. All rights reserved.

mobsync.exe-99C4EC4CA3E1A91B3F2D3969BB41E6D8

key	value
file_name	mobsync.exe
file_path	C:\Windows\system32\mobsync.exe
hash_md5	99C4EC4CA3E1A91B3F2D3969BB41E6D8
hash_sha1	A50C03CAE987919BCEE5ADC9C63FDDF9ED8102F5
hash_sha256	65C2A4AD1E69454BAD5C2BE41828E0025749F132786F394F0D38679EA0C68931
hash_sha384	981A4C947B83801781A974DA8C169F2D04C59E1FCF66D076A050B294D7C9403F9AB0F5D3DA1E7BFACBFDBB9DA3F99A08
hash_sha512	906AE5A145A4BD1ECFAF1DC19C0BABA1E3B70871ACA7EB943BFDD92F318D592DF7A49F3660170AB352A3E95A72E462BF6A691303A44F0759B9F56B118759E2E6
hash_ssdeep	1536:1QxE7Zqq8NUfzZGoeWGPoCGVjGWmt8CXZ+63x+w4JD+0NL+fK:n7MTUf0jWGPo9St8WHxSD+09+S
signature_status	0
signature_status_message	Signature verified.
signature_serial	33000000BCE120FDD27CC8EE930000000000BC
signature_thumbprint	E85459B23C232DB3CB94C7A56D47678F58E8E51E
signature_issuer	CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
signature_subject	CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
meta_description	Microsoft Sync Center
meta_original_filename	mobsync.exe
met