-
Notifications
You must be signed in to change notification settings - Fork 45
Home
strontic edited this page Jun 6, 2020
·
3 revisions
This wiki page is automatically converted from the strontic-xcyclopedia.json file.
key | value |
---|---|
author | @strontic20 |
website | strontic.com |
github | github.com/strontic/xcyclopedia |
synopsis | Gather metadata of executables |
license | MIT License; Copyright (c) 2020 strontic |
rundate | 2020-06-04 |
key | value |
---|---|
file_name | acu.exe |
file_path | C:\Windows\system32\acu.exe |
hash_md5 | 5A62052F6F1D9E8B5BD1485ADD99E5A0 |
hash_sha1 | C9DD6471F40307D2014DF8EC5F6DDD1E1F7978A4 |
hash_sha256 | 02C641F75E43000FD19A82BF12949C40F0E4AE4C7C8A9BBB3725B1537187AD69 |
hash_sha384 | 1B774ACFC98ED1663CFB2947E6E464A6CE4886004CADA3CF7E816E338C7211C3E096D4F9D831B2422CC2F65A00E70A49 |
hash_sha512 | CD28F6D7E513A0FEBCE3048A118D3094EFDB75EAB0638485D71C5A7D6BE0CFB6735AE72377574624BE59E3D78D80743B58966D255331CA2F8CC6A4C7908380E6 |
hash_ssdeep | 384:Xy2s+fssUg+OSxhDs9W9DA+YvrQKahZNisVUmDsVltVk0dvaeT7QCbmwDV7wJ/Wk:Erw2dYsbRnlDsV7gewKrPOwR |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | ACU |
meta_original_filename | acu.exe |
meta_product_name | Microsoft (R) Windows (R) Operating System |
meta_comments | Contains the Application Container Updater |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 |
meta_product_version | 10.0.14393.0 |
meta_language | Language Neutral |
meta_legal_copyright | Copyright (c) Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | AgentService.exe |
file_path | C:\Windows\system32\AgentService.exe |
hash_md5 | D9546C1D46352D55704A3696C8DFF19A |
hash_sha1 | 7A9B1728983B37EE2BF4C5ABE28EC271390EC59E |
hash_sha256 | BF7B512F54AE828774094ECA9AA39D50FD5FF9511CA1D140102995C8EC468B11 |
hash_sha384 | EF596A10ED4D3A7D7F4C9DBC2B21792931C7F098E16D4928EF8C2ECE6305E0B985CA883D0BF4EDB59470112FCA9110A3 |
hash_sha512 | DFD0808A5C40DB6DB6A304952878EEC04F3E3C5FFC163315D0C43626B1EBE437960F9FEE6811BCCBC8EB56FAA43CD5E19FC26B713307AA5A982BFBBE85C221C9 |
hash_ssdeep | 24576:CwYF+IB16g77Rv8ik9qpAv59GlSvBnKouO+1WaZUDJk9X:CwYF+IyI7x4OK59GEKSDJk9 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | AgentService EXE |
meta_original_filename | AgentService.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | aitstatic.exe |
file_path | C:\Windows\system32\aitstatic.exe |
hash_md5 | 901E2BAC6E0292AD04CA8423A3A2C384 |
hash_sha1 | 65865A3112D6E5BD3444FC5E2995DEE9858E5ED6 |
hash_sha256 | 19D82DCD19879F157FCDF7FA2380B90A89B8EB09B8ABC732F911032EFEE29FDE |
hash_sha384 | E7F5A07EDC83DA5FDA050A4B46FF22A733D72A7A505FF7CDC8DB0B16760DB436C439B05B191346A69CD59A589A0DB753 |
hash_sha512 | DC331F9E98BAED6A34A019171C4BCFEDE22C40F78A930E9AB1984E6BB241885EB98EB5987FED663969746AADBC62CA967A042CA9D7AD9A8784D97F4AA7EEB937 |
hash_ssdeep | 49152:IabKOtEZWV6N82RyvoQ4Q4ullYF5svlRlZaAoTMZmhJv3eEkF/LX:IyKNNYtaAIrAoTMgJvuLX |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Application Impact Telemetry Static Analyzer |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.18362.1035 (WinBuild.160101.0800) |
meta_product_version | 10.0.18362.1035 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | alg.exe |
file_path | C:\Windows\system32\alg.exe |
hash_md5 | 8FD51B3B35707A66080D7C8CB05E792D |
hash_sha1 | 7D3F39EDAB05CD0C3CF112D47008116BCB306B92 |
hash_sha256 | FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B |
hash_sha384 | F20B9BDB519E11D51948CD1E13D5EDD738729B989651F673F063D2FB1918740439970D8749AE8837E4231CC5360CE0A4 |
hash_sha512 | 05C8E010B82250BD40D66F62CFD514B10257D8FCAD2F399746D28DB094BBE66ED5A053F23F84FCB34C9A5225EDFB897F16C7FB05E9B2324F9A0A95E76A4452AA |
hash_ssdeep | 1536:DHAOeXaumt+SUcoCL74fzD72RSz5q91F80AfvHK4oismH3:DLfumt/YCLcfPz091FcvqN |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Application Layer Gateway Service |
meta_original_filename | ALG.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | AppHostRegistrationVerifier.exe |
file_path | C:\Windows\system32\AppHostRegistrationVerifier.exe |
hash_md5 | 349A75331035C5266DA27BC3AFC552CC |
hash_sha1 | A3E21C10B33DA06D01A81CCED190D0604988A602 |
hash_sha256 | 3D134E850306AE1DFBCC84F01503A8B63438CE72AAC1C62B9DF420DB28100114 |
hash_sha384 | 57C8065D4C70FCA582607B976853998E86C21282E005CE26DA1225FD1ADEFF51136051D08DB025BE7ED01B234E42B9E3 |
hash_sha512 | 927CD86C6ACC82FA508DAED2102BFCD6848843488F376929E5ABA0DE4E386419323761E34D24F639A75EDB9B8D9656FFBAEBF38A32C47E7FFB4450B074BF240B |
hash_ssdeep | 3072:hExf1PZ2cMzr10kgcye+fP5hP4mxZKG9W:hExfFMnzye+zP48 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | App Uri Handlers Registration Verifier |
meta_original_filename | AppHostNameRegistrationVerifier.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | appidcertstorecheck.exe |
file_path | C:\Windows\system32\appidcertstorecheck.exe |
hash_md5 | C90A66F047631C13630C1891500C9C45 |
hash_sha1 | 50D8EB1A7C1C450FD7F9CF6789B6BB84A80F04B7 |
hash_sha256 | 90BE9841349DF2465522A3B8F1404CA886E227C87BB9C986DBF98935CC72B5DB |
hash_sha384 | 7899AB18CA20C9EC10F76FCE916C4B31A9FE2649D9911C4CDCF3EFAA026B7D4CC90D875F6A0BD2FC61585F9D143056ED |
hash_sha512 | 280FBFDCF0C235B30E9BDC7052AB86D77CEC914E39B5CC183A8B45BD429FA3E983D59F7DFFFB1B1B79D6999D9B24E0A8C0676B7A03DD01A8B247C3967FBB71BE |
hash_ssdeep | 384:o2PV3ZVoFGq0kYg23HdRoGPYMOvUVXUQ32MOX4xxBPD+9BqWbaK1W:o8VpVoFGq8hRoYOzE24zPDqBPaK |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | AppID Certificate Store Verification Task |
meta_original_filename | AppIDCertstoreCheck.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.1198 (rs1_release_sec.170427-1353) |
meta_product_version | 10.0.14393.1198 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | appidpolicyconverter.exe |
file_path | C:\Windows\system32\appidpolicyconverter.exe |
hash_md5 | 5207A6FB31CAF328C3461DA0D7AD01E1 |
hash_sha1 | 9AB86C353D5B46906EAE90E1EF6003B82EAC6CD0 |
hash_sha256 | AB4692F6CCACF20BF82675AD415A5E3AD1C3FD0C5526666661E060835EDCC33F |
hash_sha384 | 9BE17CC2FFB1BBF344E798C682188076054A71398A53BE4BCE879074C92FE193BDF52AC786D8BDA22B205FCB013A91E9 |
hash_sha512 | 45A0A6650600A9D992C14369AD5FF173C3C8C5618F3D1C1A0130DABA25D5D2A0BB4180F11EFBAD2E9ADA7F61F4F85BCAE37C0FF238972D4924EEE2A31AF3CD08 |
hash_ssdeep | 3072:Z5i7J6W7X30gb8Z6Q3jT2Um1QVzeebBLN4VocqnwBg5RFuhBkCyN:ZkBn0gRb1yjbBZ4Vo0gbAhBkC |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | AppID Policy Converter Task |
meta_original_filename | AppIDPolicyConverter.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | appidtel.exe |
file_path | C:\Windows\system32\appidtel.exe |
hash_md5 | 3A28AC2A5D214F9F8071D094045DACDC |
hash_sha1 | DD5B6632C3ED0AFBA5EDFAC323A0699EE8AE5851 |
hash_sha256 | C8F93FFEE5E0E267E1D2225EF73D6B6B938CC7E6A0907645CF955EBE6163EDC8 |
hash_sha384 | 2BF2BDBC7D9D8A590E1F648E6EF3D8DD5060429D85909622519D9E3BAB5DC358E64A08F6D81EC77483C632DB2ED55196 |
hash_sha512 | B8BBEDBAE100ABA4C05ABEDF3EC83C3B637A736434039508B5B4001ACD9D6B47D7A9C5A3C9D80F16C32728763197B67194944826A238385703CB18499443EC5C |
hash_ssdeep | 384:qnWST+GxWkh9zKf77M3I5TaC1oAD7v/F4TzIpncul2R5FSWrMF1u3+4KQTge0Ws1:AT+qv8779513v/Gzml05Fo3L4bq |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Initializes Appid ManagedInstaller and Smartscreen Telemetry |
meta_original_filename | APPIDTEL.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 1.00 (rs1_release_d.170807-1806) |
meta_product_version | 10.0.14393.1613 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | ApplicationFrameHost.exe |
file_path | C:\Windows\system32\ApplicationFrameHost.exe |
hash_md5 | 654D3D69623B9DD7AF410C360AB12136 |
hash_sha1 | 0C2FE933ABB71C8D97082AE6D732D49B0B01BE15 |
hash_sha256 | 1149BA08C3C39E66F8D56898C809FFF97AD5693C686D820FC5301F6113ED9B9B |
hash_sha384 | 73104E7153810897F799E53BDF1AD9895EE153BA43EE47AEF578B1322C020E671682CEF25194DC3915FC5840BE531190 |
hash_sha512 | 97F180AD8A669F4C1371661CDB2BA17CCD6432A5A87350D8B7D3681A715F1F77955109A03F3B0A252AD54D350112DC4D12597D97EBE1DD2CABEBC08CFA8CBFA8 |
hash_ssdeep | 768:x5QhpssSBRpXH769rXsAq9COl0DOg6LtseT2OwRX1PCarx:xwp3sXHI5O+DnCtsevwRlPnrx |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Application Frame Host |
meta_original_filename | ApplicationFrameHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | ApplySettingsTemplateCatalog.exe |
file_path | C:\Windows\system32\ApplySettingsTemplateCatalog.exe |
hash_md5 | 6E5E4A7013022C59461E01487487AE39 |
hash_sha1 | 4C9E02ED058D5DD1FF8790C6669BF73A3687E8F2 |
hash_sha256 | A6B2BC0DE4FA4DB587FE4FA0B9BA368904BA14508D61802988F5933CE4678671 |
hash_sha384 | BE331C1C2C04238495192D8A37006E6AF46331315070F37C45E55C9BD21B12C5231AEC1950670DA619DD6047263BF99E |
hash_sha512 | 2B4FED15EA38EAEC61A57CE0D8872F310297B059AA6E6FDDDEB49BB014FF82B5474BE2F528603E4CA32002703A1D906FCBBC8879284CBF38237FB23858B740E5 |
hash_ssdeep | 24576:X0KdFOSqr40VzK9a8C5vtsBQlU8STQ/jTuI8G26crjGEzq9yiXlM:RfOSqFZK9St47q3Xl |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | ApplySettingsTemplateCatalog EXE |
meta_original_filename | ApplySettingsTemplateCatalog.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3471 (rs1_release_1.191218-1729) |
meta_product_version | 10.0.14393.3471 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | AppVClient.exe |
file_path | C:\Windows\system32\AppVClient.exe |
hash_md5 | 6D386C4567836ED0F6188419C653F46C |
hash_sha1 | FBBBF818FE872F537CC6A453F726B5514591C37C |
hash_sha256 | 51E3B575FB7A4D6469D4217399118414C8F377A03FC7FEF715AF90612144DBD8 |
hash_sha384 | 7CF52A43FF1DDF6CE8B2DA2657E452CC07D0668E884326D62AFA319536BCB66A432C86C02721960EADC55651D91E7355 |
hash_sha512 | 037DD28D3FD02063E074347C64B8642A00308683B68B38708DA5410BA26B0FCB58CC28A04DD506DA393FAE13C3C33D827993CCEB988AB563A5343B9BA9B0D111 |
hash_ssdeep | 24576:DSXrvk0fpTNboKb1uNclDsaefhjKWN3mlt9NcGXWbDyLM6a6hpf2:Dwrvk08WNlwaahjKWNc9NcGXWfyL7LpO |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Application Virtualization Client Service |
meta_original_filename | AppVClient.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3471 (rs1_release_1.191218-1729) |
meta_product_version | 10.0.14393.3471 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | AppVDllSurrogate.exe |
file_path | C:\Windows\system32\AppVDllSurrogate.exe |
hash_md5 | 2F1282C7BF27495D921F702C81958F10 |
hash_sha1 | CEA6A8C6759014E1F3F36396D4137452F7369D8D |
hash_sha256 | 01A9FDC4BC9B4571EF8019569903893604053CCF5A639D65DEC5CE2A3AF4D5C0 |
hash_sha384 | 7FC9622B9C963E0C3A58E98315A4CD1065704F78B771F8F8FA016C213990A7672294A1695E3F073074008FC68E040642 |
hash_sha512 | E4B7050515D1BDB5FC8D7066070478609498A81F43028F3086C3AA9B2C6ABFBF0835E1128306632D95CA1229375C36CA2E645E76C16B369DA97DD5ABFA6EBE1F |
hash_ssdeep | 3072:tKHXk8OYtTt+8qFrrz7YLriqWGNU6gTLe7Thec7d77:t3YbZqFrrz7cWGNU6gTLep/N7 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Client DLL Surrogate Host |
meta_original_filename | AppVDllSurrogate.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3659 (rs1_release_1.200410-1813) |
meta_product_version | 10.0.14393.3659 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | AppVNice.exe |
file_path | C:\Windows\system32\AppVNice.exe |
hash_md5 | 23AFC486E58A3841A015F2F45E34F781 |
hash_sha1 | 73B7398DCF42D86BF58C7C2E8ADD6A35E4B42832 |
hash_sha256 | A4E48D641C9F227BD0C8F1BB90414655AD2C28D91E5D1D3A2FB0DE492983BFE5 |
hash_sha384 | 3A5F5D46990E75B500A1B8593BA796F2B4050DED97C7D0E89BD4CFF224D31796E9571B822C4BF93463DED4802B1C4132 |
hash_sha512 | 7DB14AFDD75FAA32CD02E062845B6D3B443828BD5CB91F8A1E26DA6513CD5252ABBC73C0FA2CE6427549BC2379D90FFACE6863E01C34490244F91EBB84BA105B |
hash_ssdeep | 1536:wKYbc2+xsCvof6N/uYhjaPCbLqt/6QWSfKYbkkbsFDfSIT0nJ2QC7pFJan1ZQnBF:wncxsCR/hjbqhPWONU6ITLJJk16nBLR |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Application Virtualization appvnice |
meta_original_filename | appvnice.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3659 (rs1_release_1.200410-1813) |
meta_product_version | 10.0.14393.3659 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | AppVShNotify.exe |
file_path | C:\Windows\system32\AppVShNotify.exe |
hash_md5 | DAFCE696CFDFEA5F622F16CC2376972B |
hash_sha1 | 66DCDA15B8A56E67929112BDC79AD81B38E66787 |
hash_sha256 | FEEDF7E94B5F6079F8154DBE53299D483246986AC06A64C7BE2AE63C3CBF55AC |
hash_sha384 | 419B84F18F5154C5D3B9F656D2EE151D8F58287775568A19E687960BCE2E108A15030649FC3E4094ED0C1F7EFDFAE171 |
hash_sha512 | E4C2E1F645870CE91D37CCC183AC449CA2D9A718E8EA1EBA63C0BA61D42F63FB6E5B86DE7F25AF3016C8760DD1596A95B4B83A69ED5B561F9FBF074A3F13E8D8 |
hash_ssdeep | 3072:k/ZPeVGFGmT0bbplXIP9rRnWwDyJLt6bWfNU6ITLn3CJ+eqGm41ArZKarG:k/ZqQ2/IP91ZDIhYWfNU6ITLnSvYdrZG |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Application Virtualization Client Shell Notifier |
meta_original_filename | AppVShNotify.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3659 (rs1_release_1.200410-1813) |
meta_product_version | 10.0.14393.3659 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | AppVStreamingUX.exe |
file_path | C:\Windows\system32\AppVStreamingUX.exe |
hash_md5 | 71F4D0AC9EB0985E1F01EB8FAFFE7220 |
hash_sha1 | 9BFBA2FE9AA0C62E24F1728F7AC1840E6BC99B46 |
hash_sha256 | EE3F5047C9B9031A8FA2AC6AACA1B8CCA67F386A79EAF6FAC83AE82A2EFE2554 |
hash_sha384 | 0F4C2B93F13BD2138BBFCBA65366D7A0A69EA2C6DB39F22D4777ECD3F66107EF7C78AD500665B4DAF13514350C5F4DCD |
hash_sha512 | FF66942988074BCC322275DAC72BB561C161FD2B75E3E1BBB6D2343EF4035BEBC248BDE11843F199B88786C8305D784D6ADFF2510874840E5284697A001D3A19 |
hash_ssdeep | 3072:yXCLn5CZiLwhrwZ/kEUIXtrVjMqVVdmabWcONiHNp6ei/EzVHMqVVdmabWcONiHy:isC4whrwbCaqg6RcnCaqg6R8KD |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | |
meta_original_filename | AppVStreamingUX.exe |
meta_product_name | Microsoft (R) Windows (R) Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 |
meta_product_version | 10.0.14393.0 |
meta_language | Language Neutral |
meta_legal_copyright | Copyright (c) Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | ARP.EXE |
file_path | C:\Windows\system32\ARP.EXE |
hash_md5 | 1E065F9F13F4A59292BE9B2EC513D7A6 |
hash_sha1 | E785019523B22DBDEEA30179FB4FC80877B593A6 |
hash_sha256 | CCA1F962F9435330C556F07A1745D743AD7ACAD7561C4C79420B0BF16C8E1D0A |
hash_sha384 | 87AECC4A3D25EBF019CCADCE6B048B252F49CD21A281EEACE063E55EBB8B27FF86C31A98CFE673F5B7759870BA155D7A |
hash_sha512 | 019E96D0AB6A198EEB0351A5A4F169B6DDD8B8773B91C26930264D90D0CCE220A52414E5816F58F113D2683B408FD812ED140598896A6FD78455F480D1651CD8 |
hash_ssdeep | 384:IopBYhDEmOoFIXanzv2jWL7pU6O04mpIxEhTVIMSnh7mC37PuIub2LWSOmW:Io4hDEWniO7pU6O3u0nhTPutb/ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | TCP/IP Arp Command |
meta_original_filename | arp.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Displays and modifies the IP-to-Physical address translation tables used by address resolution protocol (ARP). ARP -s inet_addr eth_addr [if_addr] ARP -d inet_addr [if_addr] ARP -a [inet_addr] [-N if_addr] [-v] -a Displays current ARP entries by interrogating the current protocol data. If inet_addr is specified, the IP and Physical addresses for only the specified computer are displayed. If more than one network interface uses ARP, entries for each ARP table are displayed. -g Same as -a. -v Displays current ARP entries in verbose mode. All invalid entries and entries on the loop-back interface will be shown. inet_addr Specifies an internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -d Deletes the host specified by inet_addr. inet_addr may be wildcarded with * to delete all hosts. -s Adds the host and associates the Internet address inet_addr with the Physical address eth_addr. The Physical address is given as 6 hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies a physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. Example: > arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry. > arp -a .... Displays the arp table. |
key | value |
---|---|
file_name | at.exe |
file_path | C:\Windows\system32\at.exe |
hash_md5 | 8C4291D714DDDA7EF9786CB7686E8B20 |
hash_sha1 | FE26135A938F4058F60106346833D1C3A25E7479 |
hash_sha256 | A60D4E00E9DF07AC09C8C607239DB08BB7D167299572E4436A5B14CC2BF2AD26 |
hash_sha384 | A8B86C450DEB438E4D6D09FED78DAA31624B8EF21FAD67D9623EF4CC2C7039467EBEA2A3D38CBA7679FCAB24DF657CB0 |
hash_sha512 | 86AF53290DF291DB062AA0C51F4EC968DDC1F7E802A2504190B3FE25296F687CC50B4EFF6D6C590582863B5EDC40C6CA1A66A9B994E6A687FE0622EC9CE03B1A |
hash_ssdeep | 768:Cdagjj8+Dno7dR7gi8mAShL74iAeXuUjn/p:kWRxn8ZSiIug/p |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Schedule service command line interface |
meta_original_filename | AT.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | The AT command has been deprecated. Please use schtasks.exe instead. Invalid command. The AT command schedules commands and programs to run on a computer at a specified time and date. The Schedule service must be running to use the AT command. AT [\computername] [ [id] [/DELETE] | /DELETE [/YES]] AT [\computername] time [/INTERACTIVE] [ /EVERY:date[,...] | /NEXT:date[,...]] "command" \computername Specifies a remote computer. Commands are scheduled on the local computer if this parameter is omitted. id Is an identification number assigned to a scheduled command. /delete Cancels a scheduled command. If id is omitted, all the scheduled commands on the computer are canceled. /yes Used with cancel all jobs command when no further confirmation is desired. time Specifies the time when command is to run. /interactive Allows the job to interact with the desktop of the user who is logged on at the time the job runs. /every:date[,...] Runs the command on each specified day(s) of the week or month. If date is omitted, the current day of the month is assumed. /next:date[,...] Runs the specified command on the next occurrence of the day (for example, next Thursday). If date is omitted, the current day of the month is assumed. "command" Is the Windows NT command, or batch program to be run. |
key | value |
---|---|
file_name | AtBroker.exe |
file_path | C:\Windows\system32\AtBroker.exe |
hash_md5 | 8507D8A98EFA12F285A504DAEF14A0A5 |
hash_sha1 | 333AC42FFA0A3294CF9EAC36AB8026DFAE8D8D2B |
hash_sha256 | A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4 |
hash_sha384 | 27E4555BC3BA6EDE958D170147A88D1753362588C58BBC902AB1BF75BB4C03A2A58FEA1F23BC542C2A15161C181E7EAF |
hash_sha512 | 29C494ED047CEB2A2CB27546C666A5D268B1215FEDCB674A810B27EF50EAD84E44E18F4073F73F88C3CE8797D5674021292442060FDB53DE7CE73847D2CDB507 |
hash_ssdeep | 1536:+5uYU9BH7oTzrD1TSDXJPMIUcS3ABteD8WlGxnIM:+5uczrUDsV3AidlGxnIM |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Assistive Technology Manager |
meta_original_filename | ATBroker.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | attrib.exe |
file_path | C:\Windows\system32\attrib.exe |
hash_md5 | E2B44D665E20F6FF5C453E0BD450D6FB |
hash_sha1 | 3A5684E9496357F7A2AAD5ECB175C3DC99C1D7FC |
hash_sha256 | F9F41EE710DCA39EFF229F5277AF4E3A24EDF7ECA6DFB2627AC3FEFC934907B2 |
hash_sha384 | B86F9206323866A0079629C0EEB01903C81DCC57F13F705D6DFF82835D83327779E80AF39175EF25E9A13AF5FC764A9E |
hash_sha512 | 32974CCC40AE7490FC51CA529AAB40EBC8CF6B7873DE845875EFD3FA0631637984AD50215C9F1C418ACCCAD8EF5E8C1129B4DFE63E3B40C84BB9BFDB0F4BCFAB |
hash_ssdeep | 384:hkOm9rkgs4iO70XbuqT5m/yDfqBZSFwWPW8tW:hyrkt4ibiqeyIZSFR3 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Attribute Utility |
meta_original_filename | ATTRIB.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Displays or changes file attributes. ATTRIB [+R | -R] [+A | -A ] [+S | -S] [+H | -H] [+I | -I] [drive:][path][filename] [/S [/D] [/L]] + Sets an attribute. - Clears an attribute. R Read-only file attribute. A Archive file attribute. S System file attribute. H Hidden file attribute. I Not content indexed file attribute. X No scrub file attribute. V Integrity attribute. [drive:][path][filename] Specifies a file or files for attrib to process. /S Processes matching files in the current folder and all subfolders. /D Processes folders as well. /L Work on the attributes of the Symbolic Link versus the target of the Symbolic Link |
key | value |
---|---|
file_name | audiodg.exe |
file_path | C:\Windows\system32\audiodg.exe |
hash_md5 | B6AD9EA14ECBA405C88628BC78282710 |
hash_sha1 | 87A17FA486A5C143EEB6F1C848E1334ECBB57B55 |
hash_sha256 | CC23EC7F03AF7C2B27113C71BEB978BBB3C833CC1074478D57852DB21A769AF9 |
hash_sha384 | A7F0532A2701E563D88CE0D5613DBF6E2E6287D2546B18288F4DA80958718F2C2AC989E411F88EAB5B59EE221718E2CC |
hash_sha512 | E50011ACEA13FBD19A78FA0951A8BC5A364B62876748FD99CB2D438570496158891571835D2B62FF06CC53A5FB58E2E8CA6AA54FB6B2908F1BBE001DB87E09B8 |
hash_ssdeep | 6144:inVW0hJZ8U/7+z5e6JuHspYbrj6T0ThjjhYE+JrJf:4JZ1SM6JuHspYXBKFR |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Audio Device Graph Isolation |
meta_original_filename | audioadg.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | auditpol.exe |
file_path | C:\Windows\system32\auditpol.exe |
hash_md5 | 3F7C7B2CE3E905ED4868DEBB640A5234 |
hash_sha1 | 9D0F2C4224F780847E0D1AC6C21C11A0CDCE7EEF |
hash_sha256 | 91278DA04F3A40DA84CD151D3E69A4F39EEF82BD7F7F3A238DD5E3C224CAA33A |
hash_sha384 | 36460CFBDB2ECCF1691C54A95DAD1222F028FB901C7FE55E39815275E3DDBA12BD3DF23468AC10AFAC51886FE5D446A2 |
hash_sha512 | 8755396F0E01859C938D5D6E2B0155F0A86E52BE1B14742DA97C71B1A0C002FCCABD3C3628BC55E96E07E9B1320FE3465E7115F3B1295456B831C012954DD0E6 |
hash_ssdeep | 768:k/5zR9nJTTUb0HRh03+pIh7zokpKLBSlLv0U0pv5ar:8RkQzy7zzpKLUlLcU0pv5ar |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Audit Policy Program |
meta_original_filename | AUDITPOL.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Usage: AuditPol command []\r \r \r Commands (only one command permitted per execution)\r /? Help (context-sensitive)\r /get Displays the current audit policy.\r /set Sets the audit policy.\r /list Displays selectable policy elements.\r /backup Saves the audit policy to a file.\r /restore Restores the audit policy from a file.\r /clear Clears the audit policy.\r /remove Removes the per-user audit policy for a user account.\r /resourceSACL Configure global resource SACLs\r \r \r Use AuditPol /? for details on each command\r |
error | Error 0x00000057 occurred:\r The parameter is incorrect.\r \r |
key | value |
---|---|
file_name | AuthHost.exe |
file_path | C:\Windows\system32\AuthHost.exe |
hash_md5 | FA740A5A8260D95D953A2F6F49558CEF |
hash_sha1 | 3ACB1F41715EDEF39AD17BF463BA08DA4CA3C31F |
hash_sha256 | EB526FCFBA01CB683AFE421FFDB38BE6E2633003C96BC193CA5BAC71E418C613 |
hash_sha384 | 484ACBA4FBEE306BC20DC77051731C2705F65B5E31C869030656FDF7D2C0FF946A7EDEDD604AA999B93951F6D6E89131 |
hash_sha512 | 89F28DF67B7DA680A3F8EF216D5D2AE0A1A866C96F3F566EBBA9CC224A89AD61141A4736B021BC685B6591A8F496516411063B292F2AF701CEE4C8BF5B2FAA68 |
hash_ssdeep | 3072:zTiePil36/JNQlwxyB6cs7gZUI+b+scRil3pOS:zTiePKvlYKsh5cK3US |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft AuthHost |
meta_original_filename | AuthHost.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children": [ | |
iCloudPhotos.exe | |
iCloudDrive.exe" |
]
key | value |
---|---|
file_name | autochk.exe |
file_path | C:\Windows\system32\autochk.exe |
hash_md5 | 33900CEB40D3ECD3504F1DD287428B49 |
hash_sha1 | 530FB3D624E14DDB4B11B561E274944C4C54E82C |
hash_sha256 | A279FC9CECA961D9040AA69F06A0A78B530E21C788C7D7590E866EFC447E979B |
hash_sha384 | 1A9EFA89B96A4E42C3ED132883ECDCCDCCD243E51EC638313DD8288243D7C36D35AA6361188E48DE7A2D02A010DF0BF0 |
hash_sha512 | 406A55278AFB5BCFD70FF8C84B60AD93E427DEF558FF651E72E966A5E4BF907DAF333AC7B270F7F3D9A1ED4A54BBA748CDB6BD5A86A03DF492038732A5AEDC05 |
hash_ssdeep | 12288:kEOVuzEjiPvADKg2ALAR3q/jiVO8dFeSoDTUm/Zg1X:bquQjHDKg2A0Ra/jedJ09/W1 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Auto Check Utility |
meta_original_filename | AutoChk.Exe.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.1532 (rs1_release_d.170711-1840) |
meta_product_version | 10.0.14393.1532 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | autoconv.exe |
file_path | C:\Windows\system32\autoconv.exe |
hash_md5 | 0BCE6022D8B46680FF8FA1FC2DD409A6 |
hash_sha1 | 32E731935BED82384AEDE89CE879A6DA05B7B1A0 |
hash_sha256 | 3A2ED5EBD7D053C3328ECFFA4FC7D8A9608329B21449AE901D18BCF5034D5DE5 |
hash_sha384 | E970427F69E16FC09C29C1655FE30BF2C0F8B39B3DED587D4F6BAEE4AD57D678FEE86B356F18563025271BC5B27D0EBE |
hash_sha512 | 064CF0A6B5D8A0ED91E900952792EC256DE5305D3CB7D0C3535F60620A10219D6266873027C28D5D4202C2392596157F94FA713AAD0B6F3902AD8C46B0CD3F34 |
hash_ssdeep | 12288:/u58hRuHsVJ8ENoekZ88Z+IdU8gu3Z4ERetAbbJ5UCYD1X:/u5+RuMVTfkZ88Z+Idr3D6YfUC81 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Auto File System Conversion Utility |
meta_original_filename | AUTOCONV.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.1532 (rs1_release_d.170711-1840) |
meta_product_version | 10.0.14393.1532 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | autofmt.exe |
file_path | C:\Windows\system32\autofmt.exe |
hash_md5 | B2CA009AF6A907269E340AFDC1AC7D1D |
hash_sha1 | E33441C047771C13A84F09C46795CB70FADF6151 |
hash_sha256 | 8E17300288E2844D0DD1B0B0C1B2D1F31C3016EDA1922F88BB423F44368B946A |
hash_sha384 | E09E3BA5E9A3D81EC2CED979C2EDE3B50DDDFE548730079F0981FFC8FAF7B2847C03214734F49C187B2C540DFD9C72DF |
hash_sha512 | 72707B630C48FB7E476CD38BBD7C3FBBD3EF37BF803A4355AE5064794EEE11BDEA43A6F52168A47345BFA7DA3B6F7816A8B85B5EE64CC2522E55BFAEAF17DD6A |
hash_ssdeep | 12288:k7Y6yPHxGm/dSjZGDlGdcI6qdo0qWTyc3OF3xL2l5z1X:k7YNPRGmlSj+lGdWUxTbOvc5z1 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Auto File System Format Utility |
meta_original_filename | AUTOFMT.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.1532 (rs1_release_d.170711-1840) |
meta_product_version | 10.0.14393.1532 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | AxInstUI.exe |
file_path | C:\Windows\system32\AxInstUI.exe |
hash_md5 | 04D542885F20AADF19D2D2C3464B4835 |
hash_sha1 | 91ACAA0BB83CEC34D6641660D34C48BFFF2551B7 |
hash_sha256 | 4974A7203DECD230B06935A9F76DA8CBBE4291F398E6256201F7EE6DBD2FA68B |
hash_sha384 | 712665C15752FCAEC9C925802A4176F7E8C8BB0018D87E100E02F6C4AA6397CCADE7DD03528BBA7282AFC795ED8C1C34 |
hash_sha512 | EC7D923E1D01ED3A6FDEBF00DB322ED11B4FCFA3B936B3DC3017187B42E603799B9EF916853179C8B57EED678320DFAD33143D69F57CD656E26645E0F37A123D |
hash_ssdeep | 384:qfoN1CWpDLEFV553RCoB1GM4+1xq3UZU9a1xq3UZU9iWmIW:qoNk8m5hCS1GM48ZU9QZU9q |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | ActiveX Installer Service |
meta_original_filename | AxInstUI.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | backgroundTaskHost.exe |
file_path | C:\Windows\system32\backgroundTaskHost.exe |
hash_md5 | 0601F285DCFF75E679BD91E39B6EBDBF |
hash_sha1 | 8B4E7D875398E67D5277D9C8C9BFA027F9705EDC |
hash_sha256 | 23A80E09DAE6DB17909E81B1CA7E9BF43158BDEE69C1646125FC62E6BFE2745B |
hash_sha384 | 4A3D32544D52B06EE0E98CBE2694E83B2AEA205D89DCDB0642D54B7967E538752D8AF867620F839AB099AE3E0A54F270 |
hash_sha512 | D9400D7261F929CF0AD2B366DD6A6352D15D398789EE416D3255C0910A5A4720D9F6319FCB7334AB46514AC0F5D78672A328791C30B023944FED68CDF5FD40D3 |
hash_ssdeep | 384:WWXMoCedanirwMOe7WhGWTlRDBRJB2GolghvJO:FXMyZOeCz1PXVJO |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Background Task Host |
meta_original_filename | backgroundTaskHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | BackgroundTransferHost.exe |
file_path | C:\Windows\system32\BackgroundTransferHost.exe |
hash_md5 | 1D6D710DFF26D49BCE1023D5AE2479FF |
hash_sha1 | 4E38115E5D040AEB4B91A6CA466A425D4A5DD188 |
hash_sha256 | EE406F94F5E8E4DB280DFA70A77B7CC3AB53D1B11D6A52566A5CBCAA70D9EABC |
hash_sha384 | CC6401EA16EA28D6FCA7382DE1EB3442DFF782303B2A33D6B436C26156031A72DF1374D040FEA46C11DBD1568B8F86E2 |
hash_sha512 | 77BD2C36FDDCEAFF4162D67987000309765BAE1AB98002E5BB4471D64B4B5A7A52AEAD59A6028C54C366111A0DE368C6A0EF0CF066534B96FE522F2DFAD86C0E |
hash_ssdeep | 384:P26LrFHXUgU8g/LDBDKj+ZAWRIjRgpQNQpdRsp2TI0ToSxW0fgWkvE0g7QmmrIPh:+6vFFU8g//BW4AZ1NeI0jDN03A |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Download/Upload Host |
meta_original_filename | BackgroundTransferHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | bcastdvr.exe |
file_path | C:\Windows\system32\bcastdvr.exe |
hash_md5 | 31C322433B3292783E839BC83493C399 |
hash_sha1 | 87DACAEA1EF2AC5D62B6020636989B871B4121BF |
hash_sha256 | 83E69C2AC58782B5A3FA484ED80F9BAB8C0C47F72EFF02C2B1C7D687CEE7BE3A |
hash_sha384 | 4E27160E882DD04B90B2594B2E530BE0F4FE183737B12B188C1A11A3A86C459939FE13CD570D4FB9831A38AC27767F82 |
hash_sha512 | E4188C7A75C14DD872326162B1384DE7AA18112EC766CB371A28CB9356745B983F75F0456D9D1BCACD51315BB850E4D90B74F859E64A3583E05DE9D3E9C67A4B |
hash_ssdeep | 12288:ElJpdpzZQmTiVXGUSXgFBgi1BD8t1cbV:ELVZVTJXDcBD8sb |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Broadcast DVR server |
meta_original_filename | bcastdvr.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3686 (rs1_release.200504-1524) |
meta_product_version | 10.0.14393.3686 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | bcdboot.exe |
file_path | C:\Windows\system32\bcdboot.exe |
hash_md5 | 728818E7BC00EF3333A3D23C7FF6AFA8 |
hash_sha1 | 42A50C87008B7EECA9918F47471C74AA2B065D5F |
hash_sha256 | 6FCE4D0E7A0C3A0D051EFB61CA5AD1E30AF75BCCA01DCD42CD3F49A105F34FFE |
hash_sha384 | 062187D0487EE03AE1CF82D50C2966FCAE78D3C291943050639DBA3ED36E4DDAB91E06754F059A280D67017D4EB9DB0E |
hash_sha512 | 24A61D11977F8FCE680F6F2DA80FE354FE8CBB5303E0F01AA162F900B7FA114E6743552D97EA05B6A25873CD2EA375E85A9DF46D3C2B47EC6BB886C4DA276421 |
hash_ssdeep | 3072:BohQoV9ohKGp0qe9kzMVjS5EVk/R6iPeW+cUfbdQ:BohQoVGhKE0qt49Sak/0Dd |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Bcdboot utility |
meta_original_filename | bcdboot.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Bcdboot - Bcd boot file creation and repair tool. The bcdboot.exe command-line tool is used to copy critical boot files to the system partition and to create a new system BCD store. bcdboot |
key | value |
---|---|
file_name | bcdedit.exe |
file_path | C:\Windows\system32\bcdedit.exe |
hash_md5 | 38F0419E6AC1A5B7A30438426C5D03AA |
hash_sha1 | 05144616817F67849B4454AAD14F857EAF12FE7D |
hash_sha256 | 7202B952F1456DBE5C75B19BFE2B8BD37F40384007F1E51FD632EAD10F1EEACC |
hash_sha384 | 92220B32026C9555550157667EADC8B087B7A1A203EB5C036173AB7CCBE0743C38F0CC12F9AF3D9CCEA47ADA13F95246 |
hash_sha512 | 6683C28E3858106DEE3AF793C531B239E21F382568048A5AADCEFC423448B05952EF97A3777CD2BC49ABD77DDF70508DF8ED6565230FB94F18755FDF23EF7D5D |
hash_ssdeep | 3072:f3c6plKHsrMQg0bkZ61YM+ukyvNB4bduMafEh74MeUAOREquXg7PeYhuJ/XBMhdY:Pc6pgswQgY1YM+p8NB6IfECTTfYuJ/T |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Boot Configuration Data Editor |
meta_original_filename | bcdedit.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
BCDEDIT - Boot Configuration Data Store Editor The Bcdedit.exe command-line tool modifies the boot configuration data store. The boot configuration data store contains boot configuration parameters and controls how the operating system is booted. These parameters were previously in the Boot.ini file (in BIOS-based operating systems) or in the nonvolatile RAM entries (in Extensible Firmware Interface-based operating systems). You can use Bcdedit.exe to add, delete, edit, and append entries in the boot configuration data store. For detailed command and option information, type bcdedit.exe /? . For example, to display detailed information about the /createstore command, type: bcdedit.exe /? /createstore For an alphabetical list of topics in this help file, run "bcdedit /? TOPICS". Commands that operate on a store ================================ /store Used to specify a BCD store other than the current system default. /createstore Creates a new and empty boot configuration data store. /export Exports the contents of the system store to a file. This file can be used later to restore the state of the system store. /import Restores the state of the system store using a backup file created with the /export command. /sysstore Sets the system store device (only affects EFI systems, does not persist across reboots, and is only used in cases where the system store device is ambiguous). Commands that operate on entries in a store =========================================== /copy Makes copies of entries in the store. /create Creates new entries in the store. /delete Deletes entries from the store. /mirror Creates mirror of entries in the store. Run bcdedit /? ID for information about identifiers used by these commands. Commands that operate on entry options ====================================== /deletevalue Deletes entry options from the store. /set Sets entry option values in the store. Run bcdedit /? TYPES for a list of datatypes used by these commands. Run bcdedit /? FORMATS for a list of valid data formats. Commands that control output ============================ /enum Lists entries in the store. /v Command-line option that displays entry identifiers in full, rather than using names for well-known identifiers. Use /v by itself as a command to display entry identifiers in full for the ACTIVE type. Running "bcdedit" by itself is equivalent to running "bcdedit /enum ACTIVE". Commands that control the boot manager ====================================== /bootsequence Sets the one-time boot sequence for the boot manager. /default Sets the default entry that the boot manager will use. /displayorder Sets the order in which the boot manager displays the multiboot menu. /timeout Sets the boot manager time-out value. /toolsdisplayorder Sets the order in which the boot manager displays the tools menu. Commands that control Emergency Management Services for a boot application ========================================================================== /bootems Enables or disables Emergency Management Services for a boot application. /ems Enables or disables Emergency Management Services for an operating system entry. /emssettings Sets the global Emergency Management Services parameters. Command that control debugging ============================== /bootdebug Enables or disables boot debugging for a boot application. /dbgsettings Sets the global debugger parameters. /debug Enables or disables kernel debugging for an operating system entry. /hypervisorsettings Sets the hypervisor parameters. Command that control remote event logging ========================================= /eventsettings Sets the global remote event logging parameters. /event Enables or disables remote event logging for an operating system entry. |
key | value |
---|---|
file_name | BioIso.exe |
file_path | C:\Windows\system32\BioIso.exe |
hash_md5 | 0855653EBDFF403F8252D1797777ADC1 |
hash_sha1 | 504A79EA9E0EE79DCDF0B6DADA0D18800CF3A3B2 |
hash_sha256 | 5E38342AF8D87785850EA09687A34CCD19543989B68DEB841E98D8F617007D89 |
hash_sha384 | 8C8FDF7291A961C2FE2710280091C1EE23580F81A4233684D469C8440EF0D307EDF584A700A564DA7688EAA225BFF47F |
hash_sha512 | 0193E6564A96DFDAF5F80C125A58AC29F38DDACEC5126AABD001B4FC1BCAE8A34C75F8B02DA873E11B024E6BEDC1D2F31B6FB227C5CB1E1A0715E40F6DA59B78 |
hash_ssdeep | 3072:43Af+FgHqzM4AmUarGlkHkibGanY15pwuOltoBbe38WxGsU1lkZjiTs01CDA/3eS:iAWFgKz67lsYf916is0cU8PN0as |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Secure Biometrics |
meta_original_filename | BioIso.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | bitsadmin.exe |
file_path | C:\Windows\system32\bitsadmin.exe |
hash_md5 | F548717B821860C2B2242367732FE105 |
hash_sha1 | 8D6CB70C836642E0424CFC47D7156F285E382A5D |
hash_sha256 | E1057A20945BCE8F00C0BE5E3DB40C4A98AB33F42F4D2DF919AEDB0EF6651D6E |
hash_sha384 | 2E0480DBC0AA2D014C81468D9DFD9064907626A32D4C358B87C08BDEDC2D85385547D435789195185AFCD7D1E4949414 |
hash_sha512 | 7F78E459FE1BD588519847E4BFD57EB30F19BED634D2A447A0BF151B5073B85399C0EF5EF483058D55A71F6EEAB2D285D6D00D1E8E5607F5271987B86F4F9F09 |
hash_ssdeep | 3072:0aNHfEZH0gh/oX8NaV//+YksdZet0Z+q+mBSwS:RHAW8NYDZSw |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | BITS administration utility |
meta_original_filename | bitsadmin.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 7.8.14393.0 (rs1_release.160715-1616) |
meta_product_version | 7.8.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
BITSADMIN version 3.0 BITS administration utility. (C) Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows. Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. Invalid command USAGE: BITSADMIN [/RAWRETURN] [/WRAP | /NOWRAP] command The following commands are available: /HELP Prints this help /? Prints this help /UTIL /? Prints the list of utilities commands /PEERCACHING /? Prints the list of commands to manage Peercaching /CACHE /? Prints the list of cache management commands /PEERS /? Prints the list of peer management commands /LIST [/ALLUSERS] [/VERBOSE] List the jobs /MONITOR [/ALLUSERS] [/REFRESH sec] Monitors the copy manager /RESET [/ALLUSERS] Deletes all jobs in the manager /TRANSFER [type] [/PRIORITY priority] [/ACLFLAGS flags] remote_url local_name Transfers one of more files. [type] may be /DOWNLOAD or /UPLOAD; default is download Multiple URL/file pairs may be specified. Unlike most commands, may only be a name and not a GUID. /CREATE [type] Creates a job [type] may be /DOWNLOAD, /UPLOAD, or /UPLOAD-REPLY; default is download Unlike most commands, may only be a name and not a GUID. /INFO [/VERBOSE] Displays information about the job /ADDFILE <remote_url> <local_name> Adds a file to the job /ADDFILESET Adds multiple files to the job Each line of lists a file's remote name and local name, separated by spaces. A line beginning with '#' is treated as a comment. Once the file set is read into memory, the contents are added to the job. /ADDFILEWITHRANGES <remote_url> <local_name range_list> Like /ADDFILE, but BITS will read only selected byte ranges of the URL. range_list is a comma-delimited series of offset and length pairs. For example, 0:100,2000:100,5000:eof instructs BITS to read 100 bytes starting at offset zero, 100 bytes starting at offset 2000, and the remainder of the URL starting at offset 5000. /REPLACEREMOTEPREFIX <old_prefix> <new_prefix> All files whose URL begins with <old_prefix> are changed to use <new_prefix> Note that BITS currently supports HTTP/HTTPS downloads and uploads. It also supports UNC paths and file:// paths as URLS /LISTFILES Lists the files in the job /SUSPEND Suspends the job /RESUME Resumes the job /CANCEL Cancels the job /COMPLETE Completes the job /GETTYPE Retrieves the job type /GETACLFLAGS Retrieves the ACL propagation flags /SETACLFLAGS <ACL_flags> Sets the ACL propagation flags for the job O - OWNER G - GROUP D - DACL S - SACL Examples: bitsadmin /setaclflags MyJob OGDS bitsadmin /setaclflags MyJob OGD /GETBYTESTOTAL Retrieves the size of the job /GETBYTESTRANSFERRED Retrieves the number of bytes transferred /GETFILESTOTAL Retrieves the number of files in the job /GETFILESTRANSFERRED Retrieves the number of files transferred /GETCREATIONTIME Retrieves the job creation time /GETMODIFICATIONTIME Retrieves the job modification time /GETCOMPLETIONTIME Retrieves the job completion time /GETSTATE Retrieves the job state /GETERROR Retrieves detailed error information /GETOWNER Retrieves the job owner /GETDISPLAYNAME Retrieves the job display name /SETDISPLAYNAME <display_name> Sets the job display name /GETDESCRIPTION Retrieves the job description /SETDESCRIPTION Sets the job description /GETPRIORITY Retrieves the job priority /SETPRIORITY Sets the job priority Priority usage choices: FOREGROUND HIGH NORMAL LOW /GETNOTIFYFLAGS Retrieves the notify flags /SETNOTIFYFLAGS <notify_flags> Sets the notify flags For more help on this option, please refer to the MSDN help page for SetNotifyFlags/GETNOTIFYINTERFACE Determines if notify interface is registered /GETMINRETRYDELAY Retrieves the retry delay in seconds /SETMINRETRYDELAY <retry_delay> Sets the retry delay in seconds /GETNOPROGRESSTIMEOUT Retrieves the no progress timeout in seconds /SETNOPROGRESSTIMEOUT Sets the no progress timeout in seconds /GETMAXDOWNLOADTIME Retrieves the download timeout in seconds /SETMAXDOWNLOADTIME Sets the download timeout in seconds /GETERRORCOUNT Retrieves an error count for the job /SETPROXYSETTINGS Sets the proxy usage usage choices: PRECONFIG - Use the owner's default Internet settings. AUTODETECT - Force autodetection of proxy. NO_PROXY - Do not use a proxy server. OVERRIDE - Use an explicit proxy list and bypass list. Must be followed by a proxy list and a proxy bypass list. NULL or "" may be used for an empty proxy bypass list. Examples: bitsadmin /setproxysettings MyJob PRECONFIG bitsadmin /setproxysettings MyJob AUTODETECT bitsadmin /setproxysettings MyJob NO_PROXY bitsadmin /setproxysettings MyJob OVERRIDE proxy1:80 "" bitsadmin /setproxysettings MyJob OVERRIDE proxy1,proxy2,proxy3 NULL /GETPROXYUSAGE Retrieves the proxy usage setting /GETPROXYLIST Retrieves the proxy list /GETPROXYBYPASSLIST Retrieves the proxy bypass list /TAKEOWNERSHIP Take ownership of the job /SETNOTIFYCMDLINE <program_name> [program_parameters] Sets a program to execute for notification, and optionally parameters. The program name and parameters can be NULL. IMPORTANT: if parameters are non-NULL, then the program name should be the first parameter. Examples: bitsadmin /SetNotifyCmdLine MyJob c:\winnt\system32\notepad.exe NULL bitsadmin /SetNotifyCmdLine MyJob c:\callback.exe "c:\callback.exe parm1 parm2" bitsadmin /SetNotifyCmdLine MyJob NULL NULL /GETNOTIFYCMDLINE Returns the job's notification command line /SETCREDENTIALS Adds credentials to a job. may be either SERVER or PROXY may be BASIC, DIGEST, NTLM, NEGOTIATE, or PASSPORT. /REMOVECREDENTIALS Removes credentials from a job. /GETCUSTOMHEADERS Gets the Custom HTTP Headers /SETCUSTOMHEADERS <...> Sets the Custom HTTP Headers /GETCLIENTCERTIFICATE Gets the job's Client Certificate Information /SETCLIENTCERTIFICATEBYID <store_location> <store_name> <hexa-decimal_cert_id> Sets a client authentication certificate to a job. <store_location> may be 1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE), 4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY), 7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE). /SETCLIENTCERTIFICATEBYNAME <store_location> <store_name> <subject_name> Sets a client authentication certificate to a job. <store_location> may be 1(CURRENT_USER), 2(LOCAL_MACHINE), 3(CURRENT_SERVICE), 4(SERVICES), 5(USERS), 6(CURRENT_USER_GROUP_POLICY), 7(LOCAL_MACHINE_GROUP_POLICY) or 8(LOCAL_MACHINE_ENTERPRISE). /REMOVECLIENTCERTIFICATE Removes the Client Certificate Information from the job /SETSECURITYFLAGS Sets the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer. The value is an unsigned integer with the following interpretation for the bits in the binary representation. Enable CRL Check : Set the least significant bit Ignore invalid common name in server certificate : Set the 2nd bit from right Ignore invalid date in server certificate : Set the 3rd bit from right Ignore invalid certificate authority in server certificate : Set the 4th bit from right Ignore invalid usage of certificate : Set the 5th bit from right Redirection policy : Controlled by the 9th-11th bits from right 0,0,0 - Redirects will be automatically allowed. 0,0,1 - Remote name in the IBackgroundCopyFile interface will be updated if a redirect occurs. 0,1,0 - BITS will fail the job if a redirect occurs. Allow redirection from HTTPS to HTTP : Set the 12th bit from right /GETSECURITYFLAGS Reports the HTTP security flags for URL redirection and checks performed on the server certificate during the transfer. /SETVALIDATIONSTATE <true|false> starts from 0 Sets the content-validation state of the given file within the job. /GETVALIDATIONSTATE starts from 0 Reports the content-validation state of the given file within the job. /GETTEMPORARYNAME starts from 0 Reports the temporary filename of the given file within the job. The following options control peercaching of a particular job: /SETPEERCACHINGFLAGS Sets the flags for the job's peercaching behavior. The value is an unsigned integer with the following interpretation for the bits in the binary representation. Allow the job's data to be downloaded from a peer : Set the least significant bit Allow the job's data to be served to peers : Set the 2nd bit from right /GETPEERCACHINGFLAGS Reports the flags for the job's peercaching behavior. The following options are valid for UPLOAD-REPLY jobs only: /GETREPLYFILENAME Gets the path of the file containing the server reply /SETREPLYFILENAME Sets the path of the file containing the server reply /GETREPLYPROGRESS Gets the size and progress of the server reply /GETREPLYDATA Dumps the server's reply data in hex format The following options can be placed before the command: /RAWRETURN Return data more suitable for parsing /WRAP Wrap output around console (default) /NOWRAP Don't wrap output around console The /RAWRETURN option strips new line characters and formatting. It is recognized by the /CREATE and /GET* commands. Commands that take a parameter will accept either a job name or a job ID GUID inside braces. BITSADMIN reports an error if a name is ambiguous. |
key | value |
---|---|
file_name | bootcfg.exe |
file_path | C:\Windows\system32\bootcfg.exe |
hash_md5 | DE200E259184C1E27A46A273826F4598 |
hash_sha1 | 5A687E4901E1E09405239BEFB7745CC9A121D286 |
hash_sha256 | D788BE82341083FEFB8320CCC9F88CDEC21F9CD5582125AF4FEFBC441FD9A748 |
hash_sha384 | 015C1EC93785398CD20351EA5337B7A8EEF24AE1AA7CE522FB91664354CB26113026E8E970487882935F92446034C22C |
hash_sha512 | 7B8654D2AE8679FDDB4B788DCE234B386E5DF36E8C86879499425C1AE1E8C6C8BB2719E4F6B3F00FB2D6A7DA407AB77C835F68C9F4BDE242D87A38326F12F202 |
hash_ssdeep | 1536:M8P7Mxh11crAug4IRLeC0byqklCLzaAx+DVmsJQuutas7PTa:y711cEX4F/b48uAMxmtas7ra |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | BootCfg - Lists or changes the boot settings. |
meta_original_filename | bootcfg.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
BOOTCFG /parameter [arguments] Description: This command line tool can be used to configure, query, change or delete the boot entry settings in the BOOT.INI file. Parameter List: /Copy Makes a copy of an existing boot entry. /Delete Deletes an existing boot entry from the BOOT.INI file. /Query Displays the current boot entries and their settings. /Raw Allows the user to specify any switch to be added. /Timeout Allows the user to change the Timeout value. /Default Allows the user to change the Default boot entry. /EMS Allows the user to configure the /redirect switch for headless support. /Debug Allows the user to specify the port and baudrate for remote debugging. /Addsw Allows the user to add predefined switches. /Rmsw Allows the user to remove predefined switches. /Dbg1394 Allows the user to configure 1394 port for debugging. /? Displays this help message. Examples: BOOTCFG /Copy /? BOOTCFG /Delete /? BOOTCFG /Query /? BOOTCFG /Raw /? BOOTCFG /Timeout /? BOOTCFG /EMS /? BOOTCFG /Debug /? BOOTCFG /Addsw /? BOOTCFG /Rmsw /? BOOTCFG /Dbg1394 /? BOOTCFG /Default /? BOOTCFG /? WARNING: BOOT.INI is used for boot options on Windows XP and earlier operating systems. Use the BCDEDIT command line tool to modify Windows Vista boot options. |
error | ERROR: Invalid syntax. Type "BOOTCFG /?" for usage. |
key | value |
---|---|
file_name | bootim.exe |
file_path | C:\Windows\system32\bootim.exe |
hash_md5 | B710761B5ED0288253672C1BA805EBBF |
hash_sha1 | 205E58464ACE32358BA2062E956676F50C4B61C9 |
hash_sha256 | 4C66A88D7981117EF438EA867DC67445B3706BBB16AAFEA688AE74DB5DDF0D5C |
hash_sha384 | 7609225A74038B72E437D85AA3679F74B1051CE8149098157609A2AE22F9AFCE0918394519723F206FB58FD1D2151541 |
hash_sha512 | 5BAEB73847C1854D5BAA58367F2268C4BA662CD0CDAF153E791BA0034C6DBA030F99EC6770F7EF9BAFC72D1EF093A8134F934F29FE794341D3D5EF376F30176E |
hash_ssdeep | 768:+wvsOjY8RL3Kpw2fCHAUTCdFPkkPL2vFHHoQ:+QsSLHgc09FMFHHoQ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | boot immersive menus |
meta_original_filename | bootim.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | bridgeunattend.exe |
file_path | C:\Windows\system32\bridgeunattend.exe |
hash_md5 | E8A0611BAEA2DD61EDF1033B3748A1D9 |
hash_sha1 | D8C4F6F95B00C7C20CF2BB86008552CBDB0D5FBA |
hash_sha256 | 33AC0BC2AAC1FB4A70804618460DC701D7D84ECFF343FFC20DD0CE873566081F |
hash_sha384 | A779EA165CDAB99DEDF747F20647B6CCDC99B90FA294F20B9FF3A84EB252B83E5041ECEBB7C06C3B020F7FD4F2EED231 |
hash_sha512 | 05378FDF70C425185A934319727444F764E05D5323186A590662CEEEED04029DF60A5FE51521AB4033B212FADE0E8C80A2FDAB3FA8377764C38717517A2464B0 |
hash_ssdeep | 384:lNViIGafHo53dfNFCYMJYDoVbPPyvjKNbcD43C/O0YHWcfW:sJJCODiPQWeD410Yf |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Bridge Unattend Utility |
meta_original_filename | bridgeunattend.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | browser_broker.exe |
file_path | C:\Windows\system32\browser_broker.exe |
hash_md5 | C7C56DB13D5F1A2BB6DE92B8BBD22CA0 |
hash_sha1 | 1415D7D0C0BCC2B82BBAF0C5B965BE3E39132B61 |
hash_sha256 | 63CAB0DB2A90DAFA855F92BD9505DCF6BD197545A9D5A8FC40C3DFDFDB2AB2CB |
hash_sha384 | C9B92DF4FDA02A72A69EDCD729CDD0355E3260A81ADC956BE8CEF4BE4FDD8BD074709D0592265A4AC357F70FDAF53E73 |
hash_sha512 | B7D27488AE9235A800145062C7146C455D903BEEEC5B2049B3A340B15C13C611C0F0138305F552593736604390F8DD4915A94212B34DDF8B8CE66421F254F18C |
hash_ssdeep | 384:/789syaX6EptzFas9SYtSZu0h5Q2DgWQHFWMWbHFWumXjDBRJp81Zl9Qz:/geXPXzcW0ha2DKEyXj1PAY |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Browser_Broker |
meta_original_filename | browser_broker.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 11.00.14393.2791 (rs1_release.190205-1511) |
meta_product_version | 11.00.14393.2791 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | bthudtask.exe |
file_path | C:\Windows\system32\bthudtask.exe |
hash_md5 | CCDD2D8B1E499BFC883BA7436B480DE3 |
hash_sha1 | E0378C5D47A2B81B31AC38AFC39EBFDE7903AE10 |
hash_sha256 | 8C5B4D4B3AAD46D75F119DC627E1215186BCABCDB03CADAC8AEA4E6B3AA5A645 |
hash_sha384 | 463699B5D78590DE320513A3F505D9EC5D4AC71DAFD090B25AC904E4C946B95685917AF2F0AB48FAC441F27F2340011C |
hash_sha512 | B3824502EF9D678078741EBDA37AC044F6FA3CD1EA2BB150B77BE2A7A9CE843EE2DD1497ED4FF00A4A4B654FA070B7889A69EC7DE8625FC7352547B998A73204 |
hash_ssdeep | 384:xB/XWYz5UAFDKUKw2cfXNIZwAZdkkYWWUHWJKJajXDO1/EagS817l:f/mYNl49UfdYkkhEzDO |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Bluetooth Uninstall Device Task |
meta_original_filename | BthUdTask.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | ByteCodeGenerator.exe |
file_path | C:\Windows\system32\ByteCodeGenerator.exe |
hash_md5 | E36553DAD04554CB8E891F348DD6955E |
hash_sha1 | 44F85E6A74AE49BFC2B4DEA5A8F7ECDA8CF97C40 |
hash_sha256 | 8EABA705068D576ECF9BEEAF62DE53A8189FF9F339905E4A71EA3FDF5E3C90B2 |
hash_sha384 | 0B11533398E1E161341FBB3EF76B3822713A341EA9D2A146C33A8FF953FC55EBC2173B333676D4D8B19237AAECFF709B |
hash_sha512 | C83BFF61CF1D4874387345C26B71DD47625A39D56E37BF8301A9A3FF28157E559875EEF901710B51E0CEADF472B347FE6F224797B56AF121DCFBA4CDE5E6BFDA |
hash_ssdeep | 768:QXO7ydUYDCJ9RqQRecfgWdaDtgZtgXnbGefpVi+DiU4lelTUoxE0cxEMvdpB7Bq:OOB/icXh0b7hk++U2p0YlpBdq |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | AppX Deployment Bytecode Generator EXE |
meta_original_filename | BytecodeGenerator.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | cacls.exe |
file_path | C:\Windows\system32\cacls.exe |
hash_md5 | 5A28B3C94D93A367B370C80820942DC8 |
hash_sha1 | 1328A9F91A011F707B2C0718EB206CD2DEFA4D7B |
hash_sha256 | 1E7C610F63BA1E22F8CE1350DF98F0825A4A23328C15928BE67EE6E8B58E0290 |
hash_sha384 | 88EBC5C363B085C9BEED8912537EC008F3D2A4007B937FE44135A8DBF6F09FA6A919F49B58802BF6E87370BB1C7136F6 |
hash_sha512 | 291D9CB617700388F16C202C859A7020CC7F8E1985D96530526404DA4DD4D82EEFF26B5483ECBF01C974BE558D4767530D749B791515B291ABCB09855D94C156 |
hash_ssdeep | 768:5RieH9nlsba7UydioQhMSj6DkPkzixXsLmM+Pu:riUltYyiofSj64PdSmM+Pu |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Control ACLs Program |
meta_original_filename | CACLS.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | \r NOTE: Cacls is now deprecated, please use Icacls.\r \r Displays or modifies access control lists (ACLs) of files\r \r CACLS filename [/T] [/M] [/L] [/S[:SDDL]] [/E] [/C] [/G user:perm]\r [/R user [...]] [/P user:perm [...]] [/D user [...]]\r filename Displays ACLs.\r /T Changes ACLs of specified files in\r the current directory and all subdirectories.\r /L Work on the Symbolic Link itself versus the target\r /M Changes ACLs of volumes mounted to a directory\r /S Displays the SDDL string for the DACL.\r /S:SDDL Replaces the ACLs with those specified in the SDDL string\r (not valid with /E, /G, /R, /P, or /D).\r /E Edit ACL instead of replacing it.\r /C Continue on access denied errors.\r /G user:perm Grant specified user access rights.\r Perm can be: R Read\r W Write\r C Change (write)\r F Full control\r /R user Revoke specified user's access rights (only valid with /E).\r /P user:perm Replace specified user's access rights.\r Perm can be: N None\r R Read\r W Write\r C Change (write)\r F Full control\r /D user Deny specified user access.\r Wildcards can be used to specify more than one file in a command.\r You can specify more than one user in a command.\r \r Abbreviations:\r CI - Container Inherit.\r The ACE will be inherited by directories.\r OI - Object Inherit.\r The ACE will be inherited by files.\r IO - Inherit Only.\r The ACE does not apply to the current file/directory.\r ID - Inherited.\r The ACE was inherited from the parent directory's ACL.\r |
key | value |
---|---|
file_name | calc.exe |
file_path | C:\Windows\system32\calc.exe |
hash_md5 | 4673C27FDCAB6166578A1863060D83FF |
hash_sha1 | 4A2446EE9651D90AC6C5613BDDF416DF197F6401 |
hash_sha256 | B093FD472121CDA0BBB1E0079479DE36325F1B2FAA7FDA54C4F757565572FE1D |
hash_sha384 | FDD4BB991CD9FB460DE2A77B1EC9142988AB256604102F04AA775C4E274B94FD0A7B467FCADB1A5A547C3BCEB8A88ED0 |
hash_sha512 | D570BA4428BC5085B7CADD56A25233CAB810DCEB17D8873D4B458A4E7FA565201B45525F252489B4571ECEC24333BA216907FC849992A74572ADE03E61F00F3E |
hash_ssdeep | 384:ju/51mFSDUiIMbPWUrytejUSFqpy7LJcGWSAYWSiiiiiiiiiiiiiiiiiiiiiiiik:juiQI0OUfjUUevb |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Calculator |
meta_original_filename | CALC.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | win32calc.exe |
key | value |
---|---|
file_name | CameraSettingsUIHost.exe |
file_path | C:\Windows\system32\CameraSettingsUIHost.exe |
hash_md5 | 1BF18CFEE1C87D70212A6221A1902412 |
hash_sha1 | 51A745FF2762E15C070F3BC52BA2311602FF548E |
hash_sha256 | 4A3F27D0B975E2CC2FAA75763913A17E64244BF44C44907A0DD6F1AE681F080A |
hash_sha384 | 2EBEC29A91DB8C5140404EE526F94BFCCCE8D79502825D9A45A68665FDD434418FA6EBB329A6F8A53DF9D0AF29A3C6D9 |
hash_sha512 | FA4FF8BC8035FE8310564320B21AD95187668CD1E44502E9BC7598873813C5D602BFBB4489E055EFB3A9495E3C0A779A6EC2B3328C4A87F0302BA61AE155856C |
hash_ssdeep | 768:7tBKESlh0V9HekDZ3WAcUArXYHAIe1PO1q:2Bj6ZmApADYHAIGP6q |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Camera Settings UI Host |
meta_original_filename | CameraSettingsUIHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | CastSrv.exe |
file_path | C:\Windows\system32\CastSrv.exe |
hash_md5 | 78AACFC94400EC961796DECA636C5E25 |
hash_sha1 | F8D4C766104209B5E78336466D3D93176B20D1B0 |
hash_sha256 | 260B608EC4C2E43A78C5585B97AEFCE1A34429A6FA85CE6E152719344EDF896D |
hash_sha384 | 2840F98C1B6A49782FC479FC6FE5B0C94DF93A7E3B50AF6F1722612B4DD231543FB62B9102937444712C1D41EB485C84 |
hash_sha512 | E2F80FB124C201E678F52921513B17EB03BDD91576F0D4BACB48C86200E27A39D43EB286F56FDF78C74D0A90220796F745D714213171EFEA2052A116EBD7FD23 |
hash_ssdeep | 1536:gObBZ2wy1VwFvmrzQx4Qg+pLvrT8hZKiWuKhazDnJPKoJ:hbBZZyrUvmrolgwrTSKiWuKozzJCoJ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Casting protocol connection listener |
meta_original_filename | CastSrv.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | CertEnrollCtrl.exe |
file_path | C:\Windows\system32\CertEnrollCtrl.exe |
hash_md5 | D9DE355599A2CD57600B1C4932D12F3A |
hash_sha1 | 48EF2A0F97CF94DA58AD93FF2B9E34B2417AD7F7 |
hash_sha256 | 912EF3F36892C013566988D86796ABFDE12AC513D32408E83DB589FA64BDFFC4 |
hash_sha384 | DE8C26754059494549D19127D96AEB47EF93FB75328FCC0E3691820C763996CB203E95FB902E0E1285151F8D0CD6F8CB |
hash_sha512 | 61E10A3F3E0A909C774006F0B6AC66CEBFA3251C41DAE14A89A7A580E52A27F78254A6327432225C022E5857A31E0FBC8C961CAFB11F50865AD6D9E491A421AF |
hash_ssdeep | 768:fAQHFNpqi4P1fhZzUkjmj+LINv7tWNp+2OEiZ+iaOjprTllDyVO1vTzwiEU7JWG8:fAQRql5k+89BWC2fivHuYHwPUIGeCNK |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Certificate Enrollment Control |
meta_original_filename | EnrollComServer.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | certreq.exe |
file_path | C:\Windows\system32\certreq.exe |
hash_md5 | 81C07107AB05BD4C4AE1B7D889BCD4FE |
hash_sha1 | 97BA5F1CEA1C13C8E89CB476BEBD5B278BA853E5 |
hash_sha256 | 23FD587C7C7FACF6B1B23EDAEC7DBEA5EAEF4F3820ACBAD73D338774D29F2970 |
hash_sha384 | EE61C90C810840EB4E77618ED983E5575E045C9FFDF68796B2EA8EF3C278EEC414CECFE2E0298414117AC15F9FD4E6CA |
hash_sha512 | 96E261C01D859DD9C1F15BDC04AFD44E6F4CBA2B6C64540693CB37B92B1653785B59017B2490B6DE72F3F2BB84EDB0D4A222FAE8B8C2271E21A729AC6E1FB293 |
hash_ssdeep | 6144:e1yDud3OkISnubPVJZ8Ua7Z/xrR47giuXoXPPj:eoUVniPXZK7Zv40p0b |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | CertReq.exe |
meta_original_filename | CertReq.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | conhost.exe |
output | Usage:\r CertReq -?\r CertReq [-v] -?\r CertReq [-Command] -?\r CertReq [-Submit] [Options] [RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]]\r Submit a request to a Certification Authority.\r Options:\r -attrib AttributeString\r -binary\r -PolicyServer PolicyServer\r -config ConfigString\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -crl\r -rpc\r -AdminForceMachine\r -RenewOnBehalfOf\r -NoChallenge\r CertReq -Retrieve [Options] RequestId [CertFileOut [CertChainFileOut [FullResponseFileOut]]]\r Retrieve a response to a previous request from a Certification Authority.\r Options:\r -binary\r -PolicyServer PolicyServer\r -config ConfigString\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -crl\r -rpc\r -AdminForceMachine\r CertReq -New [Options] [PolicyFileIn [RequestFileOut]]\r Create a new request as directed by PolicyFileIn\r Options:\r -attrib AttributeString\r -binary\r -cert CertId\r -PolicyServer PolicyServer\r -config ConfigString\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -pin Pin\r -user\r -machine\r -xchg ExchangeCertFile\r CertReq -Accept [Options] [CertChainFileIn | FullResponseFileIn | CertFileIn]\r Accept and install a response to a previous new request.\r Options:\r -user \r -machine \r -pin Pin\r CertReq -Policy [Options] [RequestFileIn [PolicyFileIn [RequestFileOut [PKCS10FileOut]]]]\r Construct a cross certification or qualified subordination request\r from an existing CA certificate or from an existing request.\r Options:\r -attrib AttributeString\r -binary\r -cert CertId\r -PolicyServer PolicyServer\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -pin Pin\r -noEKU\r -AlternateSignatureAlgorithm\r -HashAlgorithm HashAlgorithm\r CertReq -Sign [Options] [RequestFileIn [RequestFileOut]]\r Sign a certificate request with an enrollment agent or qualified\r subordination signing certificate.\r Options:\r -binary\r -cert CertId\r -PolicyServer PolicyServer\r -Anonymous\r -Kerberos\r -ClientCertificate ClientCertId\r -UserName UserName\r -p Password\r -pin Pin\r -crl\r -noEKU\r -HashAlgorithm HashAlgorithm\r CertReq -Enroll [Options] TemplateName\r CertReq -Enroll -cert CertId [Options] Renew [ReuseKeys]\r Enroll for or renew a certificate.\r Options:\r -PolicyServer PolicyServer\r -user \r -machine \r -pin Pin\r CertReq -EnrollAIK [Options] [KeyContainerName]\r Enroll for AIK certificate.\r Options:\r -config\r CertReq -EnrollCredGuardCert [Options] TemplateName [ExtensionInfFile]\r Enroll for machine account Credential Guard certificate.\r Options:\r -config\r Unknown argument: -help |
key | value |
---|---|
file_name | certutil.exe |
file_path | C:\Windows\system32\certutil.exe |
hash_md5 | E4EF926FE8FADE150250A706922BB969 |
hash_sha1 | BF24C5E8C4C2B25740E1AEB1FBCB36C58F392A83 |
hash_sha256 | 7F924C38130A582FC3B6F94F388234789569C3D8101FD471925217D0F6212175 |
hash_sha384 | 79B9A860CD81D5D0B8BDBAC9EA1CB429B83B20D23C191509D18ACE16147F6773F581FABA17EF97890044018F5B9376FD |
hash_sha512 | 4F129E89AD91F5FB979CCF67C5C5C7C8EBB1723D38D0F1398558B8E5F8E2440B8A177D05336BEBE8264820CA65EBF0EB78801765AFBF6B983B8AFC251C675503 |
hash_ssdeep | 24576:m2WXVRbBU0x/BzK2za8KXDqp5DNvtrGGbz0bBE9hDauGXbuEsqf:m2WlRbBU0xEiazUNvzuE9FauG6q |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | CertUtil.exe |
meta_original_filename | CertUtil.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Verbs: -dump -- Dump configuration information or file -dumpPFX -- Dump PFX structure -asn -- Parse ASN.1 file -decodehex -- Decode hexadecimal-encoded file -decode -- Decode Base64-encoded file -encode -- Encode file to Base64 -deny -- Deny pending request -resubmit -- Resubmit pending request -setattributes -- Set attributes for pending request -setextension -- Set extension for pending request -revoke -- Revoke Certificate -isvalid -- Display current certificate disposition -getconfig -- Get default configuration string -ping -- Ping Active Directory Certificate Services Request interface -pingadmin -- Ping Active Directory Certificate Services Admin interface -CAInfo -- Display CA Information -ca.cert -- Retrieve the CA's certificate -ca.chain -- Retrieve the CA's certificate chain -GetCRL -- Get CRL -CRL -- Publish new CRLs [or delta CRLs only] -shutdown -- Shutdown Active Directory Certificate Services -installCert -- Install Certification Authority certificate -renewCert -- Renew Certification Authority certificate -schema -- Dump Certificate Schema -view -- Dump Certificate View -db -- Dump Raw Database -deleterow -- Delete server database row -backup -- Backup Active Directory Certificate Services -backupDB -- Backup Active Directory Certificate Services database -backupKey -- Backup Active Directory Certificate Services certificate and private key -restore -- Restore Active Directory Certificate Services -restoreDB -- Restore Active Directory Certificate Services database -restoreKey -- Restore Active Directory Certificate Services certificate and private key -importPFX -- Import certificate and private key -dynamicfilelist -- Display dynamic file List -databaselocations -- Display database locations -hashfile -- Generate and display cryptographic hash over a file -store -- Dump certificate store -enumstore -- Enumerate certificate stores -addstore -- Add certificate to store -delstore -- Delete certificate from store -verifystore -- Verify certificate in store -repairstore -- Repair key association or update certificate properties or key security descriptor -viewstore -- Dump certificate store -viewdelstore -- Delete certificate from store -UI -- Certificate Trust List: -attest -- Verify Key Attestation Request -dsPublish -- Publish certificate or CRL to Active Directory -ADTemplate -- Display AD templates -Template -- Display Enrollment Policy templates -TemplateCAs -- Display CAs for template -CATemplates -- Display templates for CA -SetCASites -- Manage Site Names for CAs -enrollmentServerURL -- Display, add or delete enrollment server URLs associated with a CA -ADCA -- Display AD CAs -CA -- Display Enrollment Policy CAs -Policy -- Display Enrollment Policy -PolicyCache -- Display or delete Enrollment Policy Cache entries -CredStore -- Display, add or delete Credential Store entries -InstallDefaultTemplates -- Install default certificate templates -URLCache -- Display or delete URL cache entries -pulse -- Pulse autoenrollment event or NGC task -MachineInfo -- Display Active Directory machine object information -DCInfo -- Display domain controller information -EntInfo -- Display enterprise information -TCAInfo -- Display CA information -SCInfo -- Display smart card information -SCRoots -- Manage smart card root certificates -verifykeys -- Verify public/private key set -verify -- Verify certificate, CRL or chain -verifyCTL -- Verify AuthRoot or Disallowed Certificates CTL -syncWithWU -- Sync with Windows Update -generateSSTFromWU -- Generate SST from Windows Update -generatePinRulesCTL -- Generate Pin Rules CTL -downloadOcsp -- Download OCSP Responses and Write to Directory -addEccCurve -- Add ECC Curve -deleteEccCurve -- Delete ECC Curve -displayEccCurve -- Display ECC Curve -sign -- Re-sign CRL or certificate -vroot -- Create/delete web virtual roots and file shares -vocsproot -- Create/delete web virtual roots for OCSP web proxy -addEnrollmentServer -- Add an Enrollment Server application -deleteEnrollmentServer -- Delete an Enrollment Server application -addPolicyServer -- Add a Policy Server application -deletePolicyServer -- Delete a Policy Server application -oid -- Display ObjectId or set display name -error -- Display error code message text -getreg -- Display registry value -setreg -- Set registry value -delreg -- Delete registry value -ImportKMS -- Import user keys and certificates into server database for key archival -ImportCert -- Import a certificate file into the database -GetKey -- Retrieve archived private key recovery blob, generate a recovery script, or recover archived keys -RecoverKey -- Recover archived private key -MergePFX -- Merge PFX files -ConvertEPF -- Convert PFX files to EPF file -? -- Display this usage message CertUtil -? -- Display a verb list (command list) CertUtil -dump -? -- Display help text for the "dump" verb CertUtil -v -? -- Display all help text for all verbs CertUtil: -? command completed successfully. |
key | value |
---|---|
file_name | change.exe |
file_path | C:\Windows\system32\change.exe |
hash_md5 | 4645FC757936A446550596B27CE63E79 |
hash_sha1 | A68600DEF3CCA2294CDBC2933C8D5081220FB227 |
hash_sha256 | C66BF7322DEEAEC6109FD82C700569E3322701AFB5EC19006B51E3600EEE86CB |
hash_sha384 | 2D15C5554ED1049137820CF75C3461A05F186678BC1402AE51BB0D726F5268BB2C3CB2356AF53717071B93E05DCBFF9A |
hash_sha512 | 2ACE5B1370A0F0931A96951EED0AF1E382D6A18D41D6F4786265B79EA1254D3BC6C5035D3902DCEC873A07D0216CA292340B77CE65D53C2567860052C41D3B92 |
hash_ssdeep | 192:vWS8qyttAW2/Ei8h9aPB/E/RJoqxx2+YcLWjhAvNsr+GXn1qmvWNLW:vWS8qyUW2s9/fTD2TKo2vNsr+wvWNLW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Remote Desktop Services Change Utility |
meta_original_filename | change.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | CHANGE { LOGON | PORT | USER } |
error | Invalid parameter(s) CHANGE { LOGON | PORT | USER } |
key | value |
---|---|
file_name | changepk.exe |
file_path | C:\Windows\system32\changepk.exe |
hash_md5 | E158157A57E322D9BB683FE2378724BA |
hash_sha1 | A863F6C4299446AA6DFBDADCA98AE40FA044EB5E |
hash_sha256 | 64708A3E27EE5ACBEB14140A956AAF8F6472CF60D592C05BC564851BE5CD42D5 |
hash_sha384 | D86A41EA963DC9B3970EE8B909AA03E6FD79ECA23384145FCF3FF02C74EB09FC31989F87BDCFF901A3323508F89A8A62 |
hash_sha512 | 2767FB90151E7A2BFB41516854D8893BCEC9E9458369ED481ED6A97EE06E7107832FB1215FF61973C17645F2511DCED990B6C3A04664EC94302DEB5AD673154E |
hash_ssdeep | 1536:/nceOoyWlp5h15wTGjvzj07j5UfTTfPLr0:EoyqHXzK5UfTTfzr0 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Activation |
meta_original_filename | changepk.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | charmap.exe |
file_path | C:\Windows\system32\charmap.exe |
hash_md5 | 9FE7E5B2973E876A0A48A2B3C3104AEB |
hash_sha1 | 68EBCD6019C94215568DAAF356CA71EE76C024CC |
hash_sha256 | 25E722D47EA9421B38E41059C73077606CAEE3EF6B6E4885E3D59F80E014B1D8 |
hash_sha384 | 72CDE8130C5BC100328B0FCBF84A4705FE5EE1888BE749285F64341A6DF70C0F9E2F643CA48DCDD23B7F972251427D73 |
hash_sha512 | C2AAE18B11B743A043942948A3903E347BA5813E5B2AE3BD4CB951C745B1F9DCA80074588C9923E035319C4BE0B46ACA1ADF8CD3E042865A6794E9391A1CAE4B |
hash_ssdeep | 3072:ci6ND48iXJJ5G4peH4817f7UIH+XnF/buMbrLF5NUdrSO9K/tagbdDu5nB:8i5J5GK63lY7n1Dbgqt5g |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Character Map |
meta_original_filename | charmap.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 5.2.3668.0 |
meta_product_version | 5.2.3668.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | CheckNetIsolation.exe |
file_path | C:\Windows\system32\CheckNetIsolation.exe |
hash_md5 | E1E1BCDF1C08D0FCB81B521C1EBADEE9 |
hash_sha1 | 7A6BB4D9287450108917DFC87829237DA8CBE7AD |
hash_sha256 | 5C47AB615178CFBD5633F77029F7B05C8F7151C865A3CF3E347312C6A04167AA |
hash_sha384 | 968A500F7CF32A1AC2928E86BA53B5AFA63961374593331077F175257214C89CB88903744B797C0003B020FBBD92036F |
hash_sha512 | D027FDD29DD1E484483486ED3C4BBF3F31A9DEF9757209BA373792DA7580BEC52B421C4AF61E22678D9EC9A9B27992ACD712690EB62778C662BFE509A2799811 |
hash_ssdeep | 768:KmIFT6/SRYi9TFAClvoGayQ+h1b4v7pN:hsTAZShAClvoGany1b4v7p |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | AppContainer Network Isolation Diagnostic Tool |
meta_original_filename | CheckNetIsolation.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Error: Invalid Parameters Usage: CheckNetIsolation [Module] List Of Modules: LoopbackExempt - controls the loopback exemption of AppContainers and Package Families to ease application development. Debug - Starts a network traffic troubleshooting session of an AppContainer or Package Family. Generates a report of network capabilities that are used, not used or missing, together with the network traffic generated by the application. -? - Displays this help message. |
key | value |
---|---|
file_name | chglogon.exe |
file_path | C:\Windows\system32\chglogon.exe |
hash_md5 | B6A3F273EE6A39CDDEB63AABCB6393DA |
hash_sha1 | C0BFE8B5628D9DCFE2966721FB3F0BF7845EA93D |
hash_sha256 | 1C83A61F2FBCF0713498086E22786E105557CAEEDC9A9DAA8064DD19BAA85F0B |
hash_sha384 | D1423EEC68A653823B00CFC2344C269B4E2C00674802ABCD20EB161F50792A575F5E295FD3A51B12E21FDD67D0A22A2E |
hash_sha512 | 56436EC4624ED30E469683C103F31210F8D1E8AF0E5083E61D4FCE11FDEB26A27D3AD7A98187012F51B1B68970736B97E5A915D74C7CA95E6E2982BE1973476E |
hash_ssdeep | 384:+zDWGx94ReeBLAJS5Zdt2QFiEt55l/W1Vf+6YZ9aM5mlpXMrPYPuqWZEW:+/uBLZdBp+jf+3NmwYPuV |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Change Logon Utility |
meta_original_filename | chglogon.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
error | Invalid parameter(s) Enable, disable, or drain session logins. CHANGE LOGON {/QUERY | /ENABLE | /DISABLE | /DRAIN | /DRAINUNTILRESTART} /QUERY Query current session login mode. /ENABLE Enable user login from sessions. /DISABLE Disable user login from sessions. /DRAIN Disable new user logons, but allow reconnections to existing sessions. /DRAINUNTILRESTART Disable new user logons until the server is restarted, but allow reconnections to existing sessions. |
key | value |
---|---|
file_name | chgport.exe |
file_path | C:\Windows\system32\chgport.exe |
hash_md5 | 1C0796B4A1B37D9970DE98F05ABB3E1A |
hash_sha1 | 8F83E5A5EE2A34C32BD66FEA557BE96210D42F62 |
hash_sha256 | 0FE597AD95B4878CC62E79ABE423CF4F757763C0A9C1415745C80DCE3CF31372 |
hash_sha384 | 05F90154A6163C8927275EC15B2EF823E134AECB8DFBBF08D4717A3DB297E000E655F474F1F1990E6F0450B846012328 |
hash_sha512 | 9F4ADB12BF222421D36A3C2ECC6A731E1E433B3EEDD5BF371C2568448C243F630A8326C62B247B3527F15A7BAEBA217E2592063F77098813A254333E4D59F07C |
hash_ssdeep | 384:BFHyeMQeeCdiiRdSyYIRIA0L9Bt9XEBEw55kmPtQFj4PSvzy8/5HhMJPGDrMWgQW:BFHaQjibAIuBwNllEkmzf/bDrm |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Change port Utility |
meta_original_filename | chgport.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
error | Invalid parameter(s) List or change COM port mappings for DOS application compatibility. CHANGE PORT [portx=porty | /D portx | /QUERY] portx=porty Map port x to port y. /D portx Delete mapping for port x. /QUERY Display current mapping ports. |
key | value |
---|---|
file_name | chgusr.exe |
file_path | C:\Windows\system32\chgusr.exe |
hash_md5 | FA3BD1F9901285218280C4019623F589 |
hash_sha1 | E57D5845D4B25E8A11D2C92FC78E322D8B849A11 |
hash_sha256 | 51FE407785A2B1164B5313C981968A6EB100AB21A3B9DEBA25DE223BA96A22BE |
hash_sha384 | B21057D8278936B680589D0DFEE6677422034AABF7E41D03825BBCF7127BB07826895ACE5DEE76F94ACB5A0D678F5C5C |
hash_sha512 | 98E3EF448D6AF85E9378E237BA3CB659155BB113FBD750F632943028E192E26B35143234F8E27116CA4F5080BEED34F49611B323AF4FB3BAFD130D0B2E3DB4A8 |
hash_ssdeep | 384:kyMAOpQEtYZQBEP55zi/ErBPC3Y71OcQLu0Qm16jNH4aWsVW:FENY6mBPIEjQa0QT4A |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Change INI File Mapping Utility |
meta_original_filename | chgusr.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Change Install Mode. CHANGE USER {/EXECUTE | /INSTALL | /QUERY} /EXECUTE Enable execute mode (default). /INSTALL Enable install mode. /QUERY Display current settings. |
error | Invalid parameter(s) Change Install Mode. CHANGE USER {/EXECUTE | /INSTALL | /QUERY} /EXECUTE Enable execute mode (default). /INSTALL Enable install mode. /QUERY Display current settings. |
key | value |
---|---|
file_name | chkdsk.exe |
file_path | C:\Windows\system32\chkdsk.exe |
hash_md5 | 7FF8B08D7537D3EB817332D962488C69 |
hash_sha1 | 9D3D757D38B44EA84D19A7DE63B860821217CDEF |
hash_sha256 | 249CE8BFC6DFDB17CF87F97DC8F5541FAFB75F8ABDC9419364204AB8144E5E29 |
hash_sha384 | 7A3EDF82F94F4D52ED90DB72BA5E8CA1784E39A3B4B09D30A26AB6E8D11FABF8AD27D3C026360DB36E3E32F4BA7B698B |
hash_sha512 | 3A58412C9D091A3F8B239744877A025A139C7546D1A6DC145DA390EEA3FBF8685D8FDF21B209DF6D7204476BA6D47C507283315EEC017C6AC4EC3EB3443B2FE0 |
hash_ssdeep | 384:Zf1Q/Mof3hE7QaVigrWBLD4APQ7fJGro1h2+0eImIoOzFNWWSFrhW:h10hP0ViYWBDMfQrM30ev4Or |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Check Disk Utility |
meta_original_filename | CHKDSK.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Checks a disk and displays a status report. CHKDSK [volumepath]filename] [/F] [/V] [/R] [/X] [/I] [/C] [/L[:size]] [/B] [/scan] [/spotfix] volume Specifies the drive letter (followed by a colon), mount point, or volume name. filename FAT/FAT32 only: Specifies the files to check for fragmentation. /F Fixes errors on the disk. /V On FAT/FAT32: Displays the full path and name of every file on the disk. On NTFS: Displays cleanup messages if any. /R Locates bad sectors and recovers readable information (implies /F, when /scan not specified). /L:size NTFS only: Changes the log file size to the specified number of kilobytes. If size is not specified, displays current size. /X Forces the volume to dismount first if necessary. All opened handles to the volume would then be invalid (implies /F). /I NTFS only: Performs a less vigorous check of index entries. /C NTFS only: Skips checking of cycles within the folder structure. /B NTFS only: Re-evaluates bad clusters on the volume (implies /R) /scan NTFS only: Runs a online scan on the volume /forceofflinefix NTFS only: (Must be used with "/scan") Bypass all online repair; all defects found are queued for offline repair (i.e. "chkdsk /spotfix"). /perf NTFS only: (Must be used with "/scan") Uses more system resources to complete a scan as fast as possible. This may have a negative performance impact on other tasks running on the system. /spotfix NTFS only: Runs spot fixing on the volume /sdcleanup NTFS only: Garbage collect unneeded security descriptor data (implies /F). /offlinescanandfix Runs an offline scan and fix on the volume. /freeorphanedchains FAT/FAT32/exFAT only: Frees any orphaned cluster chains instead of recovering their contents. /markclean FAT/FAT32/exFAT only: Marks the volume clean if no corruption was detected, even if /F was not specified. The /I or /C switch reduces the amount of time required to run Chkdsk by skipping certain checks of the volume. |
key | value |
---|---|
file_name | chkntfs.exe |
file_path | C:\Windows\system32\chkntfs.exe |
hash_md5 | B153574FEFD4B21A45855C4267027007 |
hash_sha1 | BD03976BDE015ABCA84961E3AE4FAA04696FBE96 |
hash_sha256 | C5066D00E21F691F9716EFA0A85386EB10AF407011363B123DBB7386166339F0 |
hash_sha384 | 6714422C73E76E5751126775F28EC4B111650763900FCECDB7D1325BDC0CF438FB67286C4A25FC8F7C23B2CC010A7353 |
hash_sha512 | E2D2044C967E741C4EAB91E23DE55A6CA83642AA9C3C5D82CBC2965782C86ED61643227B1BFA3B652AA3379FB53124A8457FCAA11DE5518426A2814B10D93452 |
hash_ssdeep | 384:ZrTDt8z/kU8lV9F5ip3LiolfCTvCl0CTFLIk23jsONEW56W:tDt87klVBidnfC+mCZL4AOR |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | NTFS Volume Maintenance Utility |
meta_original_filename | CHKNTFS.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Displays or modifies the checking of disk at boot time. CHKNTFS volume [...] CHKNTFS /D CHKNTFS /T[:time] CHKNTFS /X volume [...] CHKNTFS /C volume [...] volume Specifies the drive letter (followed by a colon), mount point, or volume name. /D Restores the machine to the default behavior; all drives are checked at boot time and chkdsk is run on those that are dirty. /T:time Changes the AUTOCHK initiation countdown time to the specified amount of time in seconds. If time is not specified, displays the current setting. /X Excludes a drive from the default boot-time check. Excluded drives are not accumulated between command invocations. /C Schedules a drive to be checked at boot time; chkdsk will run if the drive is dirty. If no switches are specified, CHKNTFS will display if the specified drive is dirty or scheduled to be checked on next reboot. |
key | value |
---|---|
file_name | choice.exe |
file_path | C:\Windows\system32\choice.exe |
hash_md5 | ED5FC58EC99A058CE9B7BB1EE3A96A8E |
hash_sha1 | C573BE90E21A389E0D70CF6D5DF6DE0DB5C29335 |
hash_sha256 | DF8085FB7D979C644A751804ED6BD3B74B26CE682291B5E5EDE4C76ECA599E7E |
hash_sha384 | B48ACF039E5B6DCF459BE9359B3531D9CD99DA628477A1C5430C327CC251244E390D5DC2482CE6A4DE48AA71A5FC1354 |
hash_sha512 | B539515D4F468375E7631BE23B873D7F0A296C34FB5717F8D5B9D4B67941CD8B079B55E90B15BB7A6F101568408EDC29E3924439ED473D892ABA41DF12B7CEC2 |
hash_ssdeep | 768:/yUBO99iglShcyDArO3VOUHzefixuer/qmKbxLflfw:DBO7iR7aixuer/JwxBfw |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Offers the user a choice |
meta_original_filename | choice.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
CHOICE [/C choices] [/N] [/CS] [/T timeout /D choice] [/M text] Description: This tool allows users to select one item from a list of choices and returns the index of the selected choice. Parameter List: /C choices Specifies the list of choices to be created. Default list is "YN". /N Hides the list of choices in the prompt. The message before the prompt is displayed and the choices are still enabled. /CS Enables case-sensitive choices to be selected. By default, the utility is case-insensitive. /T timeout The number of seconds to pause before a default choice is made. Acceptable values are from 0 to 9999. If 0 is specified, there will be no pause and the default choice is selected. /D choice Specifies the default choice after nnnn seconds. Character must be in the set of choices specified by /C option and must also specify nnnn with /T. /M text Specifies the message to be displayed before the prompt. If not specified, the utility displays only a prompt. /? Displays this help message. NOTE: The ERRORLEVEL environment variable is set to the index of the key that was selected from the set of choices. The first choice listed returns a value of 1, the second a value of 2, and so on. If the user presses a key that is not a valid choice, the tool sounds a warning beep. If tool detects an error condition, it returns an ERRORLEVEL value of 255. If the user presses CTRL+BREAK or CTRL+C, the tool returns an ERRORLEVEL value of 0. When you use ERRORLEVEL parameters in a batch program, list them in decreasing order. Examples: CHOICE /? CHOICE /C YNC /M "Press Y for Yes, N for No or C for Cancel." CHOICE /T 10 /C ync /CS /D y CHOICE /C ab /M "Select a for option 1 and b for option 2." CHOICE /C ab /N /M "Select a for option 1 and b for option 2." |
error | ERROR: Invalid argument/option - '-help'. Type "CHOICE /?" for usage. |
key | value |
---|---|
file_name | cipher.exe |
file_path | C:\Windows\system32\cipher.exe |
hash_md5 | 981F342BFEB1A495202275ADBCDA141E |
hash_sha1 | 010960B96FEA177539F4661A311625F4719E5820 |
hash_sha256 | F2C1D0936204911AB67DEEC718F8136257DDAE477BF56BDEED296D197E8D7215 |
hash_sha384 | 4CF3D9BCDAE0F9EB137AEA28CC2981E414686FFB3700858AD9088E43CC72B87DB838789327F736B31573F6FFAF1BA6BB |
hash_sha512 | 101E3F9711FC39019806AC8FA56D898BB7231866E9EA6C71BDB0E1DADCA1C3243B67B82F59D5F0AF37FAB9F86D8CE70F5BC79CA9D51EAB47AB3E32E525427173 |
hash_ssdeep | 768:+nIEAyHarnYDRo/k536GbgjvXvvvD73RG7kkXUgwKmbbisev5xjEw4v:6AyHaIr36Gbivv3Im//HqEw4v |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | File Encryption Utility |
meta_original_filename | CIPHER.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Displays or alters the encryption of directories [files] on NTFS partitions. CIPHER [/E | /D | /C] [/S:directory] [/B] [/H] [pathname [...]] CIPHER /K [/ECC:256|384|521] CIPHER /R:filename [/SMARTCARD] [/ECC:256|384|521] CIPHER /P:filename.cer CIPHER /U [/N] CIPHER /W:directory CIPHER /X[:efsfile] [filename] CIPHER /Y CIPHER /ADDUSER [/CERTHASH:hash | /CERTFILE:filename | /USER:username] [/S:directory] [/B] [/H] [pathname [...]] CIPHER /FLUSHCACHE [/SERVER:servername] CIPHER /REMOVEUSER /CERTHASH:hash [/S:directory] [/B] [/H] [pathname [...]] CIPHER /REKEY [pathname [...]] /B Abort if an error is encountered. By default, CIPHER continues executing even if errors are encountered. /C Displays information on the encrypted file. /D Decrypts the specified files or directories. /E Encrypts the specified files or directories. Directories will be marked so that files added afterward will be encrypted. The encrypted file could become decrypted when it is modified if the parent directory is not encrypted. It is recommended that you encrypt the file and the parent directory. /H Displays files with the hidden or system attributes. These files are omitted by default. /K Creates a new certificate and key for use with EFS. If this option is chosen, all the other options will be ignored. Note: By default, /K creates a certificate and key that conform to current group policy. If ECC is specified, a self-signed certificate will be created with the supplied key size. /N This option only works with /U. This will prevent keys being updated. This is used to find all the encrypted files on the local drives. /R Generates an EFS recovery key and certificate, then writes them to a .PFX file (containing certificate and private key) and a .CER file (containing only the certificate). An administrator may add the contents of the .CER to the EFS recovery policy to create the recovery key for users, and import the .PFX to recover individual files. If SMARTCARD is specified, then writes the recovery key and certificate to a smart card. A .CER file is generated (containing only the certificate). No .PFX file is generated. Note: By default, /R creates an 2048-bit RSA recovery key and certificate. If ECC is specified, it must be followed by a key size of 256, 384, or 521. /P Creates a base64-encoded recovery-policy blob from the passed-in certificate. This blob can be used to set DRA policy for MDM deployments. /S Performs the specified operation on the given directory and all files and subdirectories within it. /U Tries to touch all the encrypted files on local drives. This will update user's file encryption key or recovery keys to the current ones if they are changed. This option does not work with other options except /N. /W Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume will be removed. /X Backup EFS certificate and keys into file filename. If efsfile is provided, the current user's certificate(s) used to encrypt the file will be backed up. Otherwise, the user's current EFS certificate and keys will be backed up. /Y Displays your current EFS certificate thumbprint on the local PC. /ADDUSER Adds a user to the specified encrypted file(s). If CERTHASH is provided, cipher will search for a certificate with this SHA1 hash. If CERTFILE is provided, cipher will extract the certificate from the file. If USER is provided, cipher will try to locate the user's certificate in Active Directory Domain Services. /FLUSHCACHE Clears the calling user's EFS key cache on the specified server. If servername is not provided, cipher clears the user's key cache on the local machine. /REKEY Updates the specified encrypted file(s) to use the configured EFS current key. /REMOVEUSER Removes a user from the specified file(s). CERTHASH must be the SHA1 hash of the certificate to remove. directory A directory path. filename A filename without extensions. pathname Specifies a pattern, file or directory. efsfile An encrypted file path. Used without parameters, CIPHER displays the encryption state of the current directory and any files it contains. You may use multiple directory names and wildcards. You must put spaces between multiple parameters. |
key | value |
---|---|
file_name | cleanmgr.exe |
file_path | C:\Windows\system32\cleanmgr.exe |
hash_md5 | B6A5162D28FDCB87869A2ED87F46C8A6 |
hash_sha1 | 659B7F78216F5FED46C251399EAF7FCD08B14FC6 |
hash_sha256 | A12A5393FAFD1B373BBB9ABA6384DD84D8A8DE8F306A331380355B945D6918F8 |
hash_sha384 | C2DDAE0FAF935C0D16A4F7A63D0A7ADCE4073B45C55F776069152769814189E63FB6372387D0BD03545D8E2C53460D4A |
hash_sha512 | 2A9C5654C20115F4982D978F43C81D0C01C79DE259972F0CED439C2C2D111B0E1F11C890DED4AB20ED83DB0D9A6922691070FF2D80A49B7FA125197736FB61CB |
hash_ssdeep | 3072:T7iHR8+DLd664sn+yfZAEPGRvQhRkKqUa9antF5hvvJkuXp6:Xir3JfeE+ohSKq99UF5hvv/ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Disk Space Cleanup Manager for Windows |
meta_original_filename | CLEANMGR.DLL.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | DismHost.exe |
key | value |
---|---|
file_name | cliconfg.exe |
file_path | C:\Windows\system32\cliconfg.exe |
hash_md5 | FF9932C30F72B19E57D9B07F230487E7 |
hash_sha1 | 0B7A0E55A69820062D9C9A4D6522B2CD3CB4414F |
hash_sha256 | FBD7F130718C6A73E0AFD15D1F8D843426604A866EC63624357F8A952B484AD1 |
hash_sha384 | 04D2E87133F9930DC6764E91CE81C487774608A814D5A18F86104E5F856F473223734CBEDF347F110592062F49E77382 |
hash_sha512 | 735DAB7C2165A5A29B64B80D64F11551DCFEC7F2D7B099E7EBCC5DE9EFD0554AD537273E13EB4DBB7DA1C37A744D27D9F743C0F995049B58FA5982C33A1055AF |
hash_ssdeep | 384:nhjdkMnHDyWjUyEurzWkpWrwWlPXuNvBQAMYJQ2JQSkdowyo:nhjRnHlcGbiLuI30lJBkvT |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | SQL Client Configuration Utility EXE |
meta_original_filename | cliconfg.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | clip.exe |
file_path | C:\Windows\system32\clip.exe |
hash_md5 | 020308633CC047DB3026FE49ED9A8363 |
hash_sha1 | 497E1981B6943E81E350AC6B8CD34E463F245B83 |
hash_sha256 | B57333B76E5CAABC4B8A8AE4264CD664E1EEEC3CC4A7F6BED76C23D53B5418DA |
hash_sha384 | C9AF5A8C9AB9C0136822D35FD72C204FFDE29E573C2230633E28A28D84EA2F09E8760C270C84CD2677BB671997543F9E |
hash_sha512 | 578CBB625E9B29ABE9CD7002002E6FA3F132E53ACA9E712EDF7790FF832AFDC9F83160555D46A8403D5425F1A1B1A0D30C9E896DF6A2E95F3056C9B294B7B874 |
hash_ssdeep | 768:ZtTxvqQ5ch96j6O3VRiSXALa3cAefgy6x5YCM:fT9vzpcAefwxCC |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Clip - copies the data into clipboard |
meta_original_filename | clip.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
CLIP Description: Redirects output of command line tools to the Windows clipboard. This text output can then be pasted into other programs. Parameter List: /? Displays this help message. Examples: DIR | CLIP Places a copy of the current directory listing into the Windows clipboard. CLIP < README.TXT Places a copy of the text from readme.txt on to the Windows clipboard. |
error | ERROR: Invalid argument/option - '-help'. Type "CLIP /?" for usage. |
key | value |
---|---|
file_name | ClipUp.exe |
file_path | C:\Windows\system32\ClipUp.exe |
hash_md5 | F0B12178989648631AE6988B47AAA1D9 |
hash_sha1 | 96B729050E0CBFD44A7BD87798F3BDBDB53C1231 |
hash_sha256 | C2DD216FD13A31C5F273301B60F8DFC67F7B569E32008B95456756AC2FE2AAC2 |
hash_sha384 | 05D417C3DB874236B5E83A57D140426E7B7007B04F27C7C57FAB98A0DDE55F0CDFFAA33F61D0C68B2F6D3DB9B38DDD76 |
hash_sha512 | AABA17267EADD16F4CA5D5740854E5A6715F12AA0D9B7B3E262FF4BE67F31BDF35BEC513282BE9FABF916D1B4734B497C3125CAF972412CC8381456B4E3BB620 |
hash_ssdeep | 24576:hu4ui7hq/WVUewvRvg6uGuItJIVvQCbI2FYjeU7Vv7aa0PHoVTZZ9nAyaxEv4VPB:TJhq/WVUewvRvg6uGuItJIVvQCbI2FYS |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Client License Platform migration tool |
meta_original_filename | ClipUp.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3503 (rs1_release.200131-0410) |
meta_product_version | 10.0.14393.3503 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
error | Failed! Error 0x80070057. |
output | Done. C:\Windows\system32\ClipUp.exe Usage: -?/-h This help menu -p Attempts to migrate data from the legacy Windows Phone database -o Attempts to migrate data from Windows Genuine Authorization blob -altto [path] Optional alternative Windows Genuine Authorization blob folder location -d Generate a genuine ticket for the BIOS key -k [5X5 product key] Windows 7/8/Blue product key -pfm [package family name] Optional package family name to look for a migratable license -l [path] Optional folder of legacy Windows Store licenses -v Enables optional verbose logging -previd Device ID prior to hardware-related changes [path] Optional alternative output location for migrated data Done. |
key | value |
---|---|
file_name | CloudExperienceHostBroker.exe |
file_path | C:\Windows\system32\CloudExperienceHostBroker.exe |
hash_md5 | 077DDBBA17D8017A86A221B091DAA2B1 |
hash_sha1 | 4126ACA16CD148BE04EBF4F39E0F0A7087ADEDA3 |
hash_sha256 | F5A654EBDBAA9A88412F718F8924D70E75E22E5CFE45A06406AAE71C3E28630A |
hash_sha384 | 85DBDCC2C34BB671504E1A89DCD256EA221D631BE0E860706E6E3409DD706759FEBF243BBAC0D69469E167D32CC05D8C |
hash_sha512 | 6534737A874622DC753DF2F6A95A0535B02391D2D1873F373A8D862F1FA2EF5A43FA53242ACC37AF9D26981103E00EF166F30D8401D94568ADAF4FB00737E72B |
hash_ssdeep | 1536:aZBWjco9eS2/Eqidhxz43BkxYMvNhIsd+pS199YMXVP15FP0cG:QBqMS28vkBkxYE+pSb9YM515FMZ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | CloudExperienceHost Broker |
meta_original_filename | CloudExperienceHostBroker.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | CloudNotifications.exe |
file_path | C:\Windows\system32\CloudNotifications.exe |
hash_md5 | 61DB0642A13AE2FA2BD396346DF8D4EC |
hash_sha1 | 18C64D244E70D67C829093562B7C3AD0444F1E2C |
hash_sha256 | EB823693C4281FD34D871297C4088B1E5E5B4A24A1B02C73977F2983041E13C9 |
hash_sha384 | 742EA3C393D6CC3D09BFDA85FA47114C05404B5795E7B4CEB67ADC7C3C668FAD72D6800AFFEFF5A41CACF1A9CB546DAC |
hash_sha512 | D928504D80E3227379DDB3460B033EF88F95956D6682DA405286A4B5DE737DF38D93BE8AA24EAC3663BCC8B8C493B4D1885ACD3E0E35751C89C73ED427D80865 |
hash_ssdeep | 1536:P+KGtFXerKIEynO4ODc4XZY+z1GcLZdMiG9w/E6pPXfP:PCXUHEykDJC+z1ZVGf9bS/H |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Cloud notifications |
meta_original_filename | CloudNotifications.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | CloudStorageWizard.exe |
file_path | C:\Windows\system32\CloudStorageWizard.exe |
hash_md5 | 710ECA77A9DD864DB7FF59B74F9A4FFF |
hash_sha1 | BA72139C00F609D6B282BB7F2D2EAEA0BA8F122D |
hash_sha256 | 6A0C048E20622EC78B70230B38BBFD5E9B8D752AD1D84C096E19645CE566D6C8 |
hash_sha384 | E9F2BB5B60941809C190681C0B170B06D0D79FFABA64368DDFF7FA92BD89DCB27A18EB8772CFE94B01563B1F99631D26 |
hash_sha512 | 8D7C9DDD66D02C1EB8E89F0A88221E260EEC66E702C84405841B8750D2F92707F2100A77E8D3B76CEAE819ADB33577A2CD2B6591F609533B3FEB8C4BC9FE8FC8 |
hash_ssdeep | 3072:MkKlA48WgqLPCEp9FcYBp2BsSVB+ZCTGP40H+w2pVmM3T2jk:MkCA4FLdpX37uZBEH+RiyD |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | CloudStorageWizard |
meta_original_filename | CloudStorageWizard.dll.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | cmd.exe |
file_path | C:\Windows\system32\cmd.exe |
hash_md5 | F4F684066175B77E0C3A000549D2922C |
hash_sha1 | 99AE9C73E9BEE6F9C76D6F4093A9882DF06832CF |
hash_sha256 | 935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2 |
hash_sha384 | 1ABF23B8C686B89573BEAD0736FDA0E336DAA2C6EF3B0FDB00D9BAFEC5CE45E44E2587D14E2C130F30341725550EBAB2 |
hash_sha512 | FE8F0593CC335AD28EB90211BC4FF01A3D2992CFFB3877D04CEFEDE9EF94AFEB1A7D7874DD0C0AE04EAF8308291D5A4D879E6ECF6FE2B8D0FF1C3AC7EF143206 |
hash_ssdeep | 3072:bkd4COZG6/A1tO1Y6TbkX2FtynroeJ/MEJoSsasbLLkhyjyGe:bkuC9+Af0Y6TbbFtkoeJk1KsfLXm |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Command Processor |
meta_original_filename | Cmd.Exe.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Starts a new instance of the Windows command interpreter CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON | /V:OFF] [[/S] [/C | /K] string] /C Carries out the command specified by string and then terminates /K Carries out the command specified by string but remains /S Modifies the treatment of string after /C or /K (see below) /Q Turns echo off /D Disable execution of AutoRun commands from registry (see below) /A Causes the output of internal commands to a pipe or file to be ANSI /U Causes the output of internal commands to a pipe or file to be Unicode /T:fg Sets the foreground/background colors (see COLOR /? for more info) /E:ON Enable command extensions (see below) /E:OFF Disable command extensions (see below) /F:ON Enable file and directory name completion characters (see below) /F:OFF Disable file and directory name completion characters (see below) /V:ON Enable delayed environment variable expansion using ! as the delimiter. For example, /V:ON would allow !var! to expand the variable var at execution time. The var syntax expands variables at input time, which is quite a different thing when inside of a FOR loop. /V:OFF Disable delayed environment expansion. Note that multiple commands separated by the command separator '&&' are accepted for string if surrounded by quotes. Also, for compatibility reasons, /X is the same as /E:ON, /Y is the same as /E:OFF and /R is the same as /C. Any other switches are ignored. If /C or /K is specified, then the remainder of the command line after the switch is processed as a command line, where the following logic is used to process quote (") characters: 1. If all of the following conditions are met, then quote characters on the command line are preserved: - no /S switch - exactly two quote characters - no special characters between the two quote characters, where special is one of: &<>()@^| - there are one or more whitespace characters between the two quote characters - the string between the two quote characters is the name of an executable file. 2. Otherwise, old behavior is to see if the first character is a quote character and if so, strip the leading character and remove the last quote character on the command line, preserving any text after the last quote character. If /D was NOT specified on the command line, then when CMD.EXE starts, it looks for the following REG_SZ/REG_EXPAND_SZ registry variables, and if either or both are present, they are executed first. HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun Command Extensions are enabled by default. You may also disable extensions for a particular invocation by using the /E:OFF switch. You can enable or disable extensions for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions to either 0x1 or 0x0. The user specific setting takes precedence over the machine setting. The command line switches take precedence over the registry settings. In a batch file, the SETLOCAL ENABLEEXTENSIONS or DISABLEEXTENSIONS arguments takes precedence over the /E:ON or /E:OFF switch. See SETLOCAL /? for details. The command extensions involve changes and/or additions to the following commands: DEL or ERASE COLOR CD or CHDIR MD or MKDIR PROMPT PUSHD POPD SET SETLOCAL ENDLOCAL IF FOR CALL SHIFT GOTO START (also includes changes to external command invocation) ASSOC FTYPE To get specific details, type commandname /? to view the specifics. Delayed environment variable expansion is NOT enabled by default. You can enable or disable delayed environment variable expansion for a particular invocation of CMD.EXE with the /V:ON or /V:OFF switch. You can enable or disable delayed expansion for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion to either 0x1 or 0x0. The user specific setting takes precedence over the machine setting. The command line switches take precedence over the registry settings. In a batch file the SETLOCAL ENABLEDELAYEDEXPANSION or DISABLEDELAYEDEXPANSION arguments takes precedence over the /V:ON or /V:OFF switch. See SETLOCAL /? for details. If delayed environment variable expansion is enabled, then the exclamation character can be used to substitute the value of an environment variable at execution time. You can enable or disable file name completion for a particular invocation of CMD.EXE with the /F:ON or /F:OFF switch. You can enable or disable completion for all invocations of CMD.EXE on a machine and/or user logon session by setting either or both of the following REG_DWORD values in the registry using REGEDIT.EXE: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar and/or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar with the hex value of a control character to use for a particular function (e.g. 0x4 is Ctrl-D and 0x6 is Ctrl-F). The user specific settings take precedence over the machine settings. The command line switches take precedence over the registry settings. If completion is enabled with the /F:ON switch, the two control characters used are Ctrl-D for directory name completion and Ctrl-F for file name completion. To disable a particular completion character in the registry, use the value for space (0x20) as it is not a valid control character. Completion is invoked when you type either of the two control characters. The completion function takes the path string to the left of the cursor appends a wild card character to it if none is already present and builds up a list of paths that match. It then displays the first matching path. If no paths match, it just beeps and leaves the display alone. Thereafter, repeated pressing of the same control character will cycle through the list of matching paths. Pressing the Shift key with the control character will move through the list backwards. If you edit the line in any way and press the control character again, the saved list of matching paths is discarded and a new one generated. The same occurs if you switch between file and directory name completion. The only difference between the two control characters is the file completion character matches both file and directory names, while the directory completion character only matches directory names. If file completion is used on any of the built in directory commands (CD, MD or RD) then directory completion is assumed. The completion code deals correctly with file names that contain spaces or other special characters by placing quotes around the matching path. Also, if you back up, then invoke completion from within a line, the text to the right of the cursor at the point completion was invoked is discarded. The special characters that require quotes are: &()[]{}^=;!'+,`~ |
children | conhost.exe |
key | value |
---|---|
file_name | cmdkey.exe |
file_path | C:\Windows\system32\cmdkey.exe |
hash_md5 | 343E6DA0ADF3D528C54E1767254432A6 |
hash_sha1 | AD489907F7EE31329CC09E70E21FF70B8EF43DB1 |
hash_sha256 | 89B6A8CB5CF989E3D999482CECF779BA295871A9C80C8CA151694942D5881114 |
hash_sha384 | 861113EC543A92759B4A659F0027A6E1C2C0B91A35E7721C14A2793B4B0654A3A93A90187DD7335C8178F219BE1B947F |
hash_sha512 | 7BEA84928ED745BFDF9F22E11E2032168AF402B4BF76F35AB05CE2EE54CF1755385AAB74F2551CF74347FD212513DF15F7A08C9C4C9C3A2EA7211ACCA263D705 |
hash_ssdeep | 384:uEpXrrS58wQb5Hm/D9LtkwkNdsHCybbm/rD1/D/8F62WQwW:7rSHQlH+YICmm/rD1b8Q4 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Credential Manager Command Line Utility |
meta_original_filename | cmdkey.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Creates, displays, and deletes stored user names and passwords. The syntax of this command is: CMDKEY [{/add | /generic}:targetname {/smartcard | /user:username {/pass{:password}}} | /delete{:targetname | /ras} | /list{:targetname}] Examples: To list available credentials: cmdkey /list cmdkey /list:targetname To create domain credentials: cmdkey /add:targetname /user:username /pass:password cmdkey /add:targetname /user:username /pass cmdkey /add:targetname /user:username cmdkey /add:targetname /smartcard To create generic credentials: The /add switch may be replaced by /generic to create generic credentials To delete existing credentials: cmdkey /delete:targetname To delete RAS credentials: cmdkey /delete /ras |
key | value |
---|---|
file_name | cmdl32.exe |
file_path | C:\Windows\system32\cmdl32.exe |
hash_md5 | FA1D5B8802FFF4A85B6F52A52C871BBB |
hash_sha1 | 5A16BEBFAF89081DE501887AB8582C3852D7B37A |
hash_sha256 | 9489CB8520A6AEA11FA6B1A2F019768417DC4963C1369CC87D4E1107C2ED788B |
hash_sha384 | 75C811694B3E2F7C1444129C048A91ADAE5D41DDFAB17EE93FC35525F0E8B6F66E1FF3564D651407AF57F7E6D9EC808B |
hash_sha512 | 80746D6688E84B95A2174E57F64A3671A65796CD44776BD0F730BF14526F43E16A7CF42C75D871DA3976FD357D71D3EDC9E23E0A050096CA10D06C4869568AC5 |
hash_ssdeep | 1536:Sg54co5XqW6rJ9HT05zevkp8KdUaAEuI:SqOY5s8KdUpI |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Connection Manager Auto-Download |
meta_original_filename | CMDL32.EXE.MUI |
meta_product_name | Microsoft(R) Connection Manager |
meta_company_name | Microsoft Corporation |
meta_file_version | 7.2.14393.0 (rs1_release.160715-1616) |
meta_product_version | 7.2.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | cmmon32.exe |
file_path | C:\Windows\system32\cmmon32.exe |
hash_md5 | 527B257B270FE03BB7C2CA5BC54CC71B |
hash_sha1 | F30F79322C5C1CA0A20597B12F6C6AB7663B65DE |
hash_sha256 | A95970D4F8DE4F869D508ACBCF70CBB4A02F06A0F3201F85CF028C5F72B1728A |
hash_sha384 | 1CE68D76A9C4D56F8175E984631E352CB3521078516BFED645644FE58EEA3405823FB7971AD92F123E4E001BA5C08B7B |
hash_sha512 | FA70DD5FEE8F985F21B9A05D41B4EEC9FB1019E99F1CCF26D6F57C287216EF5C20F5CCD5DDD7949D394C626CCEF1ACE60893C1AB5DF303891CE84DD4B95C1671 |
hash_ssdeep | 768:zbi6c54hoUjVgqPpjT466QHDnOHh9UASnhBmNDJf2X:zbikhoUG+466QHDq900NDJeX |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Connection Manager Monitor |
meta_original_filename | CMMON32.exe.mui |
meta_product_name | Microsoft(R) Connection Manager |
meta_company_name | Microsoft Corporation |
meta_file_version | 7.2.14393.0 (rs1_release.160715-1616) |
meta_product_version | 7.2.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | cmstp.exe |
file_path | C:\Windows\system32\cmstp.exe |
hash_md5 | 3A6BDA23988B72A24458551CCE0449A5 |
hash_sha1 | 51BB20013415F3904DB6A0D9E58847D7F6FF48F6 |
hash_sha256 | 3D95ECACACF64066AC25B17E8A458003A000BAE45F5A70D660AFB7A8D88D4F00 |
hash_sha384 | 76725F90B98C600BE5A464D4278CC5F20CB5601FF9985F7F5CC823B459E01A43C84A7A2A428A94768B8017FC7F6F0009 |
hash_sha512 | BE28D4DE895A556777AA12C6C937290F3BE342CFFF8C1B95C1BA382B35AC3097777A774F6EF39FD2A32BA7FFC9B32E356C0B5C8C5EB6541C8CBE2180F0D23753 |
hash_ssdeep | 1536:j+s9y5VG7d4FSLBnQz9h+88dEHsh2MqoaoRuE1AERu1/87BMVRXlW15x0/AyS:SIyi7WS1kymsh2/oBuE1A11k7BMVRXYr |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Connection Manager Profile Installer |
meta_original_filename | CMSTP.EXE.MUI |
meta_product_name | Microsoft(R) Connection Manager |
meta_company_name | Microsoft Corporation |
meta_file_version | 7.2.14393.0 (rs1_release.160715-1616) |
meta_product_version | 7.2.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | cofire.exe |
file_path | C:\Windows\system32\cofire.exe |
hash_md5 | 7122293F5957D751921C08267199BA92 |
hash_sha1 | 616E328A44555BEEA5C9A309832705B5B3F498BC |
hash_sha256 | BC5C3E946738B49FA8E3EC466244F0549F846B81278BBCC68FAB63A544E0E9CA |
hash_sha384 | B7D3D3AE4EBF16FE3708A9DA4E3C0402D18B13BD43BC826C66F93FAD4FEF30B50FEB4E33948B7EB5C7B35D864CA81D8D |
hash_sha512 | 04C252474C3148C98487F7621488514657AC533EB7DFC1D84B1FF9ADAD90B158C1A88E197A004CED373A18476C85551CB151FB7B6E083202AA88C2D67805F1F5 |
hash_ssdeep | 384:1XJWJBS7ApUMDv2yTNf/NL/7R4d3xP8PDymu5fltWLJW:94XS7SDBTNFjDymSflW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Corrupted File Recovery Client |
meta_original_filename | cofire.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | colorcpl.exe |
file_path | C:\Windows\system32\colorcpl.exe |
hash_md5 | 362986B35574BF922A81E7B0BA50C96B |
hash_sha1 | FD3359E461AE6BC2EE3C72AE5E456E5617695E91 |
hash_sha256 | AFC126088E3292D6455584222B70822D3A1AF397F48EF6982834A03ED181863D |
hash_sha384 | C11903F4E80D8A58D633434F8CA890C8BD5727EE3581FE68B7ABEE9A700B3B01F431BC26F3CB0B7D5A2B9C15DDBCDA14 |
hash_sha512 | 177D1F3A1AD6EEDFE4E1DFBD762A1B7F49F756791D4F8CDFF6280282AE26FAE821443DBE852693F634324029DFB70052223E1F4FADBCBA5181263BC250C9CEAE |
hash_ssdeep | 1536:0z7IPfSbS9vMBN7rQOJ7CFToTCzhcRguhwxTyPCb3lZpdym4dy7p:skXlvq7jSP1cR2prbpdCY9 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Color Control Panel |
meta_original_filename | colorcpl.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | comp.exe |
file_path | C:\Windows\system32\comp.exe |
hash_md5 | 9246204D06C7D8EB3DA2999F51E94DD6 |
hash_sha1 | 12619BA913E709E018D4CAF3B88ED62AF211ABC7 |
hash_sha256 | 20FD32B6503A1826D10C6447CF5A04F938615FE1CF65E7C1804D99D306225426 |
hash_sha384 | 3571FE1F4889AE18C019662F780DDA36161FF96EDEA523F97154E1488F45A532ADFE2E5B0CDF97D6CB54C13A705F55E0 |
hash_sha512 | A3C2FF82DEEDC1E844560180A91465BA260F1F4C7FED5A154FC459585CBE9E682AE5E8B5BCAAAC3084A8D62E6F5334A05B2C2B8416B3489B0741B8D2EE3A553E |
hash_ssdeep | 384:fVFhUhkkjkm1IGxT/ldBjdq2X9carlGpafBN7WjcW:X6m8IST/9E+9NPBy |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | File Compare Utility |
meta_original_filename | Comp.Exe.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Compares the contents of two files or sets of files. COMP [data1] [data2] [/D] [/A] [/L] [/N=number] [/C] [/OFF[LINE]] data1 Specifies location and name(s) of first file(s) to compare. data2 Specifies location and name(s) of second files to compare. /D Displays differences in decimal format. /A Displays differences in ASCII characters. /L Displays line numbers for differences. /N=number Compares only the first specified number of lines in each file. /C Disregards case of ASCII letters when comparing files. /OFF[LINE] Do not skip files with offline attribute set. To compare sets of files, use wildcards in data1 and data2 parameters. |
error | Name of second file to compare: |
children | conhost.exe |
key | value |
---|---|
file_name | compact.exe |
file_path | C:\Windows\system32\compact.exe |
hash_md5 | 06CB9005B45476BBCFA7DA89572A3012 |
hash_sha1 | 0F67DF3CD323CAE6D0004B92D2E45CCCE2B0ACB9 |
hash_sha256 | CF847A846107E19BCD596479AF3B7CF848D7FA5974F514383491928FA6C2BE80 |
hash_sha384 | 0CA8DF29A3C39F1887AED5541F1FE4276E870291E5817527E0710D4A044D9BAD77E6C829C739F64539008E660372F3BF |
hash_sha512 | 3A479356ED37FAC6DD5699AE677C58ABBA2E0E7052807E02974F2D7F403086EA5CB81939252133450BCF8BBA14D664456240D7B3271347D2C6B4405CC9420FFC |
hash_ssdeep | 768:Z7Ryb6dpu6gCRsddJA8LdCrZgPV7gGKJLz9cdlpduo/IjDw7XNImXKN:R1UqsHJA8ZCZArQLz9cdlpdusoU7XN5e |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | File Compress Utility |
meta_original_filename | COMPACT.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Displays or alters the compression of files on NTFS partitions. COMPACT [/C | /U] [/S[:dir]] [/A] [/I] [/F] [/Q] [/EXE[:algorithm]] [/CompactOs[:option] [/WinDir:dir]] [filename [...]] /C Compresses the specified files. Directories will be marked so that files added afterward will be compressed unless /EXE is specified. /U Uncompresses the specified files. Directories will be marked so that files added afterward will not be compressed. If /EXE is specified, only files compressed as executables will be uncompressed; if this is omitted, only NTFS compressed files will be uncompressed. /S Performs the specified operation on files in the given directory and all subdirectories. Default "dir" is the current directory. /A Displays files with the hidden or system attributes. These files are omitted by default. /I Continues performing the specified operation even after errors have occurred. By default, COMPACT stops when an error is encountered. /F Forces the compress operation on all specified files, even those which are already compressed. Already-compressed files are skipped by default. /Q Reports only the most essential information. /EXE Use compression optimized for executable files which are read frequently and not modified. Supported algorithms are: XPRESS4K (fastest) (default) XPRESS8K XPRESS16K LZX (most compact) /CompactOs Set or query the system's compression state. Supported options are: query - Query the system's Compact state. always - Compress all OS binaries and set the system state to Compact which remains unless administrator changes it. never - Uncompress all OS binaries and set the system state to non Compact which remains unless administrator changes it. /WinDir Used with /CompactOs:query, when querying the offline OS. Specifies the directory where Windows is installed. filename Specifies a pattern, file, or directory. Used without parameters, COMPACT displays the compression state of the current directory and any files it contains. You may use multiple filenames and wildcards. You must put spaces between multiple parameters. |
key | value |
---|---|
file_name | CompatTelRunner.exe |
file_path | C:\Windows\system32\CompatTelRunner.exe |
hash_md5 | E261809228A9C7DDD17E7E0B5E23704C |
hash_sha1 | 32AFE403DB068F240400435688B179FDF8290AE7 |
hash_sha256 | B1F8A6AE285A2485AC2D876DFC135B985450A887DFDB42C2BDDC414CCB487E46 |
hash_sha384 | 7E4FFBE63A3E00E88C85C64622A543EEFA77EFBC8D57FD0E941B3AD1035A0232BA86F2DFB2A8A8DE773B84B48367A473 |
hash_sha512 | 7C4F57D9813962F9DB22392B5220EA6230C2E3511AEAA37367C023A0D22CD6A36712832F9B0C59B89C2577AD05FCDFAD8F7A001D94A17C5C1917F3624E9807F4 |
hash_ssdeep | 3072:017mRucu5IfDAZp+dBYE6lDgQr9hbwwBr5cxQ+VBD4nax79UkJvmRItLJ2wkLkl5:m7mRuc0IfDUoBCge9hbwwBtaQH6ukMRI |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Compatibility Telemetry |
meta_original_filename | CompatTelRunner.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.18362.1035 (WinBuild.160101.0800) |
meta_product_version | 10.0.18362.1035 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | CompMgmtLauncher.exe |
file_path | C:\Windows\system32\CompMgmtLauncher.exe |
hash_md5 | 28317A51B8F874BCF5220872269FEC2C |
hash_sha1 | D26DF3B03D41FE5BA7854A04FCE7EAD17A32661B |
hash_sha256 | 4352BE6FDB79A4552AE9D41A088F0B6FB16E36686FAC2A69F2AB863972AD53C1 |
hash_sha384 | 48FF12D5EEF474D8D0E89E918403ACDAB03F3D5A816D28E17B934235F506D09BA2FB4C74C8B5242EA720A4ACD3E6AF33 |
hash_sha512 | CFB1DA18B1FAA715E2A1B0D61D346A7E0ED0FD8DCD916D6044BFDC8B1DC6C1B1D5C716A624E5FC08E835A108E60838383642C93B36807E3B25ADD0FE5E8E11A6 |
hash_ssdeep | 1536:9DeNdNKcJaVlpAjzfldyCKPu1oT1ldlOo+vi6Uf:BHcJazmjTldyCut1ldco+Q |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Computer Management Snapin Launcher |
meta_original_filename | CompMgmtLauncher.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | ServerManager.exe |
key | value |
---|---|
file_name | ComputerDefaults.exe |
file_path | C:\Windows\system32\ComputerDefaults.exe |
hash_md5 | 3F032A1BDF4D7DF2F43FE7C0410AC175 |
hash_sha1 | 1D9CFDB4C324543CC3231029913D735D6EE27C70 |
hash_sha256 | 4978AD7650C44D4239ED6B77267DD21D50D33BBD3D875ACE4131F2DED3A11804 |
hash_sha384 | 7C564FD80D41AEA6A7BAB82152322511CC0EB782BDC64739A9871E94FDD5393E2EBC09F56032FEC0AF3B0EDC0B6E9A95 |
hash_sha512 | C281C1009D2CF7CC41E45B39E3EFBBAD3AED091A21FAC30EE369281BAF4C0D9AC190B321E9BE891092BCE7FC2DDEC2195F67A5B6E70CA680BE4F9205090130A4 |
hash_ssdeep | 1536:gS1tjONtCc7jFGPURDoq4OZZZLlCIibk:7HOocRD68wbk |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Set Program Access and Computer Defaults Control Panel |
meta_original_filename | ComputerDefaults.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Configure-SMRemoting.exe |
file_path | C:\Windows\system32\Configure-SMRemoting.exe |
hash_md5 | 59EF03A3CE316E02EC6C916E86715282 |
hash_sha1 | A47CE1CBBF89AE72FC4575D6A21EBB93856ED6E5 |
hash_sha256 | E26FE2AD8452293B4B1E957B21371693996941A4D3D2371E7E51A35892C59418 |
hash_sha384 | 74086034DDBCB3DE293522F949BBE627CE36C0B93A3F4B928AC05D3BEAE4F915EF5B9C9B4B526D076F877819675572BD |
hash_sha512 | 682CA659B0CC47E235FB5177E41359565339CFD6B41651CF448961B4131DA57F3A410047D0AB4A7E36D0EA545A368AD7774B4DD418F688512D273FC4294B4661 |
hash_ssdeep | 768:Z8RbOjsY9kR/Luxlf3qHgeNljODzWLZGj+B/YYLyOoZzytqfvbJbkYLEzXQbJW5P:uR89+pSLf3YgmlNwfXOtqfj2FrBW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Configure-SMRemoting |
meta_original_filename | Configure-SMRemoting.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
error | Configure-SMRemoting.exe -GET | -ENABLE | -DISABLE |
key | value |
---|---|
file_name | conhost.exe |
file_path | C:\Windows\system32\conhost.exe |
hash_md5 | D752C96401E2540A443C599154FC6FA9 |
hash_sha1 | 00667A0F0C0D5E9DA697E9FF54ECDDD449259354 |
hash_sha256 | 046F7A1B4DE67562547ED9A180A72F481FC41E803DE49A96D7D7C731964D53A0 |
hash_sha384 | AD67D3EDBB13C362730836F72850B01A0E5A0F8C5155D50FC21A1BBE6799B356C54C0CD182C644A17BDD48C240AB244A |
hash_sha512 | DDEFBDD11FF0A4B3F47155331479E4D01852C1EA7670A7E449F3AD5F0AA0EAFED4146B91AEDC50328BC1BF80395B1E7E51E42A0B8507BBBFDEE5ACD9867073F4 |
hash_ssdeep | 384:MJrgzqNPdIb4NQUFiuBGPnUixUXeYKSWhnWUOufano5wACtQMyBs:MFVVdvQUnGPUixUOYK1SuYotCtGBs |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Console Window Host |
meta_original_filename | CONHOST.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | consent.exe |
file_path | C:\Windows\system32\consent.exe |
hash_md5 | E43A9155F6B33B869B33EF3E42686A95 |
hash_sha1 | 6D722CA9F9EB63A2286DDC012B3D2BE7A5EBC5FE |
hash_sha256 | B2F1ADF4123953EB808FFEA652E0F0F894315E5205E25129C007C8BA10A2E79D |
hash_sha384 | 126F8D0654CC87D6D2ED3C9C58444992FEDDC2FBCDD2E3EE1DABD2B202E8146A281B18DB9E181037AC6072AB9841C582 |
hash_sha512 | 3E2CB8721DAA431AD4FE98A447AAC589CB0D59A03B835134B95F7FCF9FE2580B3C4D8FA4E2F613298A65C1E41ADFA3B5D129F015121617B5CE283583A680E8E9 |
hash_ssdeep | 1536:fhPwZ9//62wgsLLO3aeEA3XKTIUQdud9V6BILDblLVQ+Ffss728apgczk5pPoO:fR29EgsSaSSXjMwble+FfsfpgczkL7 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Consent UI for administrative applications |
meta_original_filename | consent.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | control.exe |
file_path | C:\Windows\system32\control.exe |
hash_md5 | 924219B426830FF7476AF7D22AE91DE1 |
hash_sha1 | 6230F80FEF1563F087E641B34A318811FD82B57A |
hash_sha256 | CB089C50698BEE280244437BCAF56D3955402A582E5E928DBC8812A5D9C0EF4D |
hash_sha384 | 2EC3CAC66FFF26E48FFDA6920FE2E6429E2F828B4B798CD6E0C6B96FC205F2F1D2EF79045EE6113A0458886ACEBD1FFC |
hash_sha512 | 4447C609ED3428F7F44A4015C7B9C320A8C2CA38DD3AD41B33A8F100B5255621CBDD9B66B1230873F2F809631CC15B182CF33F8305224E51F9573674B520FC90 |
hash_ssdeep | 1536:vhM9USq0WalUt7ae/qzSpZ3r1q6QkjfkQUk8+k6kawM1x8Dkf8dani25imK:vBUUxa7Sp5+1k12b/Af885RK |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Control Panel |
meta_original_filename | CONTROL.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | convert.exe |
file_path | C:\Windows\system32\convert.exe |
hash_md5 | B7F09576EA6958004C704E5F4AD13D35 |
hash_sha1 | FC21F5E51611B8A19F0B5A6E2D8155FFD4C9A400 |
hash_sha256 | E02C54FDA923DC10375E569D6C5C45D95AF8ED5E6613B073A77DAE2BA0B20AE9 |
hash_sha384 | BE55FE701A1C59CD496CD71259B068A53368C3F72DE69AAA3506F1F2872D0D287D8D9EF16B4476731F516DBCF34ECF05 |
hash_sha512 | BF21D3B3AE13A3E21C275054930E20F27D9877A612EAE494232FB0830559699DCEA4DBF9AFBF2538146C260FD47A726D3BB905E84E02ED9F7D31B01573FDA33C |
hash_ssdeep | 384:eEN9ZWz+IhDbQ7ZUnGtg9yV1Y2yoRk+vKclmPaNcWzqW:PZWz+I9Q1/tUyVeoeOmPa3 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | File System Conversion Utility |
meta_original_filename | CONVERT.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2969 (rs1_release.190503-1820) |
meta_product_version | 10.0.14393.2969 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Converts a FAT volume to NTFS. CONVERT volume /FS:NTFS [/V] [/CvtArea:filename] [/NoSecurity] [/X] volume Specifies the drive letter (followed by a colon), mount point, or volume name. /FS:NTFS Specifies that the volume will be converted to NTFS. /V Specifies that Convert will be run in verbose mode. /CvtArea:filename Specifies a contiguous file in the root directory that will be the place holder for NTFS system files. /NoSecurity Specifies that the security settings on the converted files and directories allow access by all users. /X Forces the volume to dismount first if necessary. All open handles to the volume will not be valid. |
error | Invalid drive specification. |
key | value |
---|---|
file_name | CredentialUIBroker.exe |
file_path | C:\Windows\system32\CredentialUIBroker.exe |
hash_md5 | 3D03F2265F973E1FAD95B189BDAF1B02 |
hash_sha1 | D492A060D76A164D0EE964900BA63F80A79B1CE7 |
hash_sha256 | A9804ED800307E8E9D14D7909936521619ACFA6EC714559963FC2DEC0C3CE8B7 |
hash_sha384 | AC0FCA06906E843A9F38041DA1ADDEBFC11215545120D93010352D4CCA128732F10DC2BA3D6B87156A08A7AEB0C78015 |
hash_sha512 | 4731FB67474A0917BCB894269595E9F0E0520B87F514EAE2ED41B79DBD855E55F5840F4CFBE89D9F8F64E3808E9C9F86D638EDFD8A4E957B35F6C0ED986786B1 |
hash_ssdeep | 1536:v4v4wE51+mShF/poFvCTTCP96+kuOSGucsePpo:5Y/+dC/m/D4udeBo |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Credential Manager UI Host |
meta_original_filename | CredentialUIBroker.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | credwiz.exe |
file_path | C:\Windows\system32\credwiz.exe |
hash_md5 | A6001253D5FD839243DB624A2735F188 |
hash_sha1 | 0FEE237A8DF821F4E38BA89441B83A28DCC09D43 |
hash_sha256 | 9DEDB08C7F04F9C0BF33B48C4B8692A200AE62112F02FEF985F13322D6AB540E |
hash_sha384 | 9606DEF02F459A4A463A1F15192BD36317B3D4F0A85924C61E6A4E9446C054B8766ED4FB8BE63359B8C8CD29F89C46E1 |
hash_sha512 | 519844821CDBD9A4D38C4AD93428D4C7698C9A3DC3A13AE9348187EF69A47A13BE45502FB45F1ECAE31223B7178D89BE285D5A0EFDCEA3F75921F8B567B3C5A1 |
hash_ssdeep | 768:dLaECK6c9URwnAU0+tXyJYFOJLta8UbMWVPtCyHbTGsFZ:NY+qA0NYYJLta8wMWVPtCgTGsF |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Credential Backup and Restore Wizard |
meta_original_filename | credwiz.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | cscript.exe |
file_path | C:\Windows\system32\cscript.exe |
hash_md5 | 8552F94CFD39A4C307BCD1BD88D41604 |
hash_sha1 | 024BE36DC724F7D9C7F9F509111C75F847E86664 |
hash_sha256 | 6216383428EAB3292C5590C70D24B33A7D84FBF1C463E331C40F052E6EA356FE |
hash_sha384 | E79D4C51FAE898EDE3454EAAF0AABE27A6E791CFB7F796F9247BA65C71C4337AA61326143AA5E96FED3C43F93A2DC767 |
hash_sha512 | 32CE39310BA72808DF51FD69666AB58FF9FB0A21832DD31A26F986BA66A59ED969EE4E9131A3BDF809FF587C046BC9736D24FEC49AC2842BF9FCDE3458CA7C53 |
hash_ssdeep | 3072:1rPQPDxl6mHuN0OZdrV5m3X96edko49UKdGxBZgNJ6IZxtt:1r4LuNHZ1+3XAlsBZ+JfZh |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Console Based Script Host |
meta_original_filename | cscript.exe.mui |
meta_product_name | Microsoft Windows Script Host |
meta_company_name | Microsoft Corporation |
meta_file_version | 5.812.10240.16384 |
meta_product_version | 5.812.10240.16384 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Microsoft (R) Windows Script Host Version 5.812 Copyright (C) Microsoft Corporation. All rights reserved. Usage: CScript scriptname.extension [option...] [arguments...] Options: //B Batch mode: Suppresses script errors and prompts from displaying //D Enable Active Debugging //E:engine Use engine for executing script //H:CScript Changes the default script host to CScript.exe //H:WScript Changes the default script host to WScript.exe (default) //I Interactive mode (default, opposite of //B) //Job:xxxx Execute a WSF job //Logo Display logo (default) //Nologo Prevent logo display: No banner will be shown at execution time //S Save current command line options for this user //T:nn Time out in seconds: Maximum time a script is permitted to run //X Execute script in debugger //U Use Unicode for redirected I/O from the console |
key | value |
---|---|
file_name | csrss.exe |
file_path | C:\Windows\system32\csrss.exe |
hash_md5 | 955E9227AA30A08B7465C109B863B886 |
hash_sha1 | 563338B189DE230AEDF51B69E6D1601FBA40292D |
hash_sha256 | D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E |
hash_sha384 | 63186C5336EC460B02A928F88A18646A71772DCA1D37F29F976D130601FD40F93BE043FF6F31C864DBB541763F4E6D7A |
hash_sha512 | 993FE93F54295BAA3BD789DA3457EB7D63297B57BF014114B3083751794A95CB3B52FF000E9DDE8D340C3E9F2606373F1F737C8A3A393B981A6F77565874C287 |
hash_ssdeep | 192:9HF0JXHYYI813lB9iCQWmYW5JnWgKN7OwDBQABJE8Foodqnajqh+HgwSG:9oXHY6lBSDYW5JnWBNHDBRJzSIle4HJ7 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Client Server Runtime Process |
meta_original_filename | CSRSS.Exe.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | ctfmon.exe |
file_path | C:\Windows\system32\ctfmon.exe |
hash_md5 | BB38581A13B7265CF4E62741955E7457 |
hash_sha1 | 725DE67B89D97CAE8029F34AF5F4891C0A6A3D54 |
hash_sha256 | 103C028F6ED13FDF916B0B15138BDFE66CAC0D667D735D853FC8E45341FE8A3A |
hash_sha384 | A512EDCC58E99FEB211034376B4343AA45322AE9156D3A01BF5493296D7003F5F883D44D8EB31DB13625F293D42B66D1 |
hash_sha512 | D9E94AFFBF8B564FDDB59F2E275933E969F3F9272388D2ADF309222AA0D999189904409951081994B85B45F91F999352E723337C6D49A69D1B7B67397E278994 |
hash_ssdeep | 192:ZIPh6+S+J/zawTqs9g+fhnyq6oC347W6gW:2FSQ/WIqEg+fcqbW6gW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | CTF Loader |
meta_original_filename | CTFMON.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | cttune.exe |
file_path | C:\Windows\system32\cttune.exe |
hash_md5 | CCD6BF7BE1F0944A59F2BDC788FE24D5 |
hash_sha1 | 98F4BA9FC727E715B21C13B8AD8AC92502E44ACA |
hash_sha256 | A9E7564FF4E42D143A9AD94E8B2D8E416F90FDD40103B25B7E97E6DE0B222E51 |
hash_sha384 | 3D630C0D36B4440CEFB918AB78720ED7F08EE2C5DD64636FF34ECD130CB1B4F07B36C5A651031E789D90DAF86DC3716A |
hash_sha512 | BB9E0C5AE79FE469B6D4EA9E8D3BA42D62B13800117464EDF6E4019CACFCDDC055E44ACC4508CEA7CAA5A588C771C453A8D985E6C8D3C822F133270B6EA186EA |
hash_ssdeep | 3072:DyuUhMflm2sfT+SMK5NBdQR7u4h6vJqxEm4x1ESuQG+3SeyRS6CSfKVu1xgCAWUe:+3qflm5KfQGZu4h6voxEvTEPp/F |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | ClearType Tuner |
meta_original_filename | CTTUNE.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | cttunesvr.exe |
file_path | C:\Windows\system32\cttunesvr.exe |
hash_md5 | C5CD274DF4E70681AE0EDC2FDDD47607 |
hash_sha1 | 3FE75BE073D2D603B9ABC9BB92D57A8B5B804D2A |
hash_sha256 | 99B1A2437959A31D588BF8119A3517F214F15FDCB7EA71B9685FAD5456D46E74 |
hash_sha384 | 56E71581C317D946854800D6B37F100659A9C2B14DFCF357A53CE8E130CBAA549E6FC5D7B8C911CE91F01634667E699B |
hash_sha512 | A63BF2AFD6E229C6839A66468F4416457B2C110144D6EB7F306696A3376EA7173B3CB65C01F30FD6A38D532713FA22669B17A986D5175831989B582A4A786D42 |
hash_ssdeep | 768:osb3lkNePOWzUfWatpsuDAV0QHOCcgJnXPHq5yiuabJN+3HTD:R5ODWaIu8V0QHB1nXPqyiXE3zD |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | ClearType Tuner |
meta_original_filename | CTTUNESVR.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dasHost.exe |
file_path | C:\Windows\system32\dasHost.exe |
hash_md5 | 2BEA31D5635883B5E7471853E1F55CDB |
hash_sha1 | E4013F35E869C1BB64E61A0FE4A341ADEC51C85A |
hash_sha256 | 97543C2C341DACFCEA21D5D3FB799E2112124CED951F33EB30BFC230D435F457 |
hash_sha384 | 75AF0078A6757A7D7D6920DBB681237A47BA13513AF419077A59B09208F5595289025ACA6638E039AD59990593A50EA7 |
hash_sha512 | 3C3300881FFCB6654E60291646B11748299340029C36F8401E012A0C57679FB1F0ABBBCEB008D94CDBFBFA850171EDCB4E093FAE02836DCF24063965ADC73AED |
hash_ssdeep | 1536:BH2ICtxwqaU6hh3mgCiIfkye2pb1n6xMyTktG8letDBlwiY2lZJI3:liw06hoO2ppStktG7tHwiYKy |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Device Association Framework Provider Host |
meta_original_filename | dasHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2791 (rs1_release.190205-1511) |
meta_product_version | 10.0.14393.2791 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | conhost.exe |
key | value |
---|---|
file_name | DataExchangeHost.exe |
file_path | C:\Windows\system32\DataExchangeHost.exe |
hash_md5 | 516E28557D03FBBB5B06D0A871A71320 |
hash_sha1 | A83D1B437D4ABEABAD9ECAA1F0FF9EE500852189 |
hash_sha256 | 2CEEB1A1C7FE0E1E1BBC05B942A855AD7150FE766BF629CB773F1424CC84D3DD |
hash_sha384 | 3CC71A3E76CF151EFB3CF4B15A14CC22255851C3FA7A838CB765604F10B9339C7EC8C84062B1B4EBA043D357DAAD0A6B |
hash_sha512 | 4E82D1040E46C235C52D8CFAD7DD8432A5551B5AA0CCB3F463AB1F6DD67C975F3BE06258D35FF339C59C7F9D746326D6C737FCA19AA93375FBA2082DAC9B4CFA |
hash_ssdeep | 6144:P9KFZFytGANN5k9zu9QAQ2FaTd7FE/Fno9hs:Pwpytvkhu9pQ+aTdC8hs |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Data Exchange Host |
meta_original_filename | DataExchangeHost.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DataSenseLiveTileTask.exe |
file_path | C:\Windows\system32\DataSenseLiveTileTask.exe |
hash_md5 | 3EF5F79338BF1A3D256C55170044D1AC |
hash_sha1 | 85F0930246A8AA0515EF70C527ABB80945876139 |
hash_sha256 | E07FAFA91A53B2FFE5C6A9B6302FF2575EF4D7D653848D4E0316012073B8F5AE |
hash_sha384 | 0CA6A898160F34FD3ADE8D40CCF0D768D3E85890698109D411E99EE0F8B29639BF6004CFABCCDD7590DF5B0BBA9B515E |
hash_sha512 | 5ACD05ECCF61F9537EF3B8BD2C26AD7D67793190ABE11564ECF4B628A031B26257F19406AA87DBAC2322E17DE579C064C12507E31ED5C1D4B2661891D81A85EB |
hash_ssdeep | 768:dl/fh8A7EU+1mj9pgDokEoiJs7rtLyQuj+SAf1l7OVwH5RGl0HF0fxf4t/+1vQ6z:fewEUwtokniiPtrf1EkG+HOfax+e6z |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Data Sense Live Tile Task |
meta_original_filename | DataSenseLiveTileTask.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dccw.exe |
file_path | C:\Windows\system32\dccw.exe |
hash_md5 | B6532886AB39BD25126033D15C241E45 |
hash_sha1 | 00EFB0625553E970A6A86BA79FFB5159FD43B550 |
hash_sha256 | E163A1C97456E32FF40744D1E1CEBDF59978A7BE0501598FE40134B65C510CFE |
hash_sha384 | 0161096B2F84C0638AB95146A6F20EA98DCE94CEE2841045E0FB6DC53967FE00B28F72233EBE1AF82FB1B445FEA7395C |
hash_sha512 | CED7DA762B61598E52351C9064EA6D99932469B756A63999917B082B13FD42E59B141222318E4DD46910BF66E5300818BE2A64A67074F4F837D2FCA6A432F72A |
hash_ssdeep | 12288:pSJ10jGOhS/IzJqrraq/t2qXy6xdRhMA:4rGS/EEn/tkI |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Display Color Calibration |
meta_original_filename | dccw.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dcgpofix.exe |
file_path | C:\Windows\system32\dcgpofix.exe |
hash_md5 | 240AB7E571FC384F8A5C48985856011E |
hash_sha1 | 02677648C909F3DA4BE2C314F4A927A72F3594A6 |
hash_sha256 | 32B2012C038DD49E96DD2F0DE5A2A2A17BC29E166B94C4B21B984B7A3B09A2F7 |
hash_sha384 | 448E0A2AF5B90A2598A584696DDF7F4AFB2E58C2453B29169E7D1563BD0ECD088755AC520B779F8F557F9DE49EC75017 |
hash_sha512 | E665B41756464FD81618FA6972BAAB13A8213788186381A05C5FC5C287E5E28D6EB0FE2171802C92AAACA4BF48FB7B5B77B6FF9A605B71834CD70EE43CD03EA3 |
hash_ssdeep | 1536:ZNYh3QQ1eb2045yZhteRKntUIc+aW8R77QVfI:kXet/7t4+aNR77iQ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft (C) Default Group Policy Object Restore Utility |
meta_original_filename | DefaultGPOFix |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Microsoft(R) Windows(R) Operating System Default Group Policy Restore Utility v5.1 Copyright (C) Microsoft Corporation. 1981-2003 Description: Recreates the Default Group Policy Objects (GPOs) for a domain Syntax: DcGPOFix [/ignoreschema] [/Target: Domain | DC | BOTH] /target: {Domain | DC | BOTH} Optional. Specifies the GPO to be restored: the Default Domain Policy GPO, the Default Domain Controllers Policy GPO, or both. /ignoreschema: Optional. Use this switch to enable this tool to ignore the schema version of Active Directory. Otherwise, this tool will only work on the same AD schema version as the Windows version in which the tool was shipped. |
key | value |
---|---|
file_name | dcomcnfg.exe |
file_path | C:\Windows\system32\dcomcnfg.exe |
hash_md5 | 97EDBB24F9A5970325DAF0B0E39805A8 |
hash_sha1 | E5C2BF03DF48AC54823B10C07422591E3E3B9A97 |
hash_sha256 | 720878507B5C004CDB9FFC4C99D1F14EF8E03FA76E753BEEA0FE111DEE6C3123 |
hash_sha384 | 5FFF79DF5881F2FA4D4DD2117821485BAAF98FD1A6185718267EA7D5EF99CEAEEA82B59E786798E4ECA9C4E26923AC86 |
hash_sha512 | C078E9C333DA1E37B25F53004E125C10A3F957E856E8F4A9A89C5F5E523E4EA470B4EBD4AD2B2DCCDF7A6BE0FD381155EBEC591C258DE2D02718FE5EE314EA33 |
hash_ssdeep | 192:onUDb+CMPDA/20Wki5mlJpeWLf6w5Svnb0FG8x9L6fVWZEW:onUDCC84lWkiwlJAWr6bvnb0FGWZEW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | COM+ |
meta_original_filename | DCOMCNFG.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 2001.12.10941.16384 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | mmc.exe |
key | value |
---|---|
file_name | dcpromo.exe |
file_path | C:\Windows\system32\dcpromo.exe |
hash_md5 | 7CBFAC17F4A4BCA957D351749F0D9803 |
hash_sha1 | A5748FF4A15F0F947BF3E93F2D06EE37F4573D94 |
hash_sha256 | 673B7844466F95D10780C5ECF267FA938D51C7818BBBAB6C49C989A5B2619084 |
hash_sha384 | 694717AB3F1C7534BBEAB689664154D66AA98880A79B17B737AAEE87236958D64901ED1498C9A66FD75C3D70BD01313F |
hash_sha512 | 6EAFF562984F47A66C0EF2382CB69BDC8CBE43F2CF5761259393FD9F852E907C56DBAB4240165D3894BDDF3D7B3A6E0B820562BDB1A67B5917395F4D014565C2 |
hash_ssdeep | 6144:CWms72era8bVjnCbn+URLQvG+4ntASgZaghY:GsaUbnCT+URwOtgQg |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Active Directory Domain Services Installer |
meta_original_filename | dcpromo.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | conhost.exe |
output | The specified argument 'help' should start with '/' or '-'. |
key | value |
---|---|
file_name | ddodiag.exe |
file_path | C:\Windows\system32\ddodiag.exe |
hash_md5 | AC8C4B3F8FF22209B1BBB95271C56D56 |
hash_sha1 | 59971678D97B8D2709035F1CC9675873996D2CF4 |
hash_sha256 | 6584E99E510951361469880D7802718F16D5D598C65858CC9CB7529186B03384 |
hash_sha384 | 1454276357DAAF1321FB8CBA8D82EF2EBEB7228F100046B9721223D72B84CBC3436E12FA7732788D6CB1776FB568DFC8 |
hash_sha512 | B1D7FA9F3D1BFAE182EB61614D90D589F11230CB32972308BC1E9DCCE279C9F7EFD8ADCEDD494AC94E9ED292E623115EF22EDD3501D82D9A460D95CE5F2CDCBB |
hash_ssdeep | 768:+k+B6N+9R9H+uhGK/hc3aZkLmMgMaouZl6iOSYIf:k6U9R9H+cGK/hc3aZkLmMgMaouZl6iUG |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DDODiag is a tool that collects Device Display Object (DDO) information from the system and logs it |
meta_original_filename | DDODiag.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Defrag.exe |
file_path | C:\Windows\system32\Defrag.exe |
hash_md5 | BCBD8C0BFD620A4761C8ACDF96D9CDAE |
hash_sha1 | 608A8D6663A114825E800F84A053D74B901C0754 |
hash_sha256 | 9FEC67B7E7C6FB7009C5D16387B1B34C017EA0BBE7543C63A2E197B1F369F127 |
hash_sha384 | 5F508C96D54DBB97478F5375A31279BCDB972EAA727295B429F61008BDCD1862CFD156E429678B2A6998A9FB9ED5985D |
hash_sha512 | 5CAF2D20CE205E197CF58A63AB93F6EEC9D9FAA5267E25438FDA5C324243FB71E24F6B0D35C918FE4CE849517BA437323E8C251C23C237F178EA6EC079485DBC |
hash_ssdeep | 3072:BRzXzWWCZawAPFeFtyab4C6c5Q3eSjlR+8qxLijgJyfFOG83Yj34YFnw6OC2c9cB:/XRCMPuk3lRGOUZGKc4YFnwjCpW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Disk Defragmenter Module |
meta_original_filename | Defrag.EXE.MUI |
meta_product_name | Windows Drive Optimizer |
meta_company_name | Microsoft Corp. |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | 2013 Microsoft Corp. |
output | Microsoft Drive Optimizer Copyright (c) 2013 Microsoft Corp. Please specify a volume to perform the operation on. (0x89000007) Description: Optimizes and defragments files on local volumes to improve system performance. Syntax: defrag | /C | /E [<task(s)>] [/H] [/M [n] | [/U] [/V]] [/I n] Where <task(s)> is omitted (traditional defrag), or as follows: /A | [/D] [/K] [/L] | /O | /X Or, to track an operation already in progress on a volume: defrag /T Parameters: Value Description /A Perform analysis on the specified volumes. /C Perform the operation on all volumes. /D Perform traditional defrag (this is the default). /E Perform the operation on all volumes except those specified. /G Optimize the storage tiers on the specified volumes. /H Run the operation at normal priority (default is low). /I n Tier optimization would run for at most n seconds on each volume. /K Perform slab consolidation on the specified volumes. /L Perform retrim on the specified volumes. /M [n] Run the operation on each volume in parallel in the background. At most n threads optimize the storage tiers in parallel. /O Perform the proper optimization for each media type. /T Track an operation already in progress on the specified volume. /U Print the progress of the operation on the screen. /V Print verbose output containing the fragmentation statistics. /X Perform free space consolidation on the specified volumes. Examples: defrag C: /U /V defrag C: D: /M defrag C:\mountpoint /A /U defrag /C /H /V |
children | conhost.exe |
key | value |
---|---|
file_name | DeviceCensus.exe |
file_path | C:\Windows\system32\DeviceCensus.exe |
hash_md5 | 26FC7C7BDB99AB9B3EACB4BD513F6642 |
hash_sha1 | 23232E14346D850903001DC75E2BC08049658186 |
hash_sha256 | 8210C4F78F6BEFFB8BE252988F80A34BC7F49D583C710E34611F0427FAF02C95 |
hash_sha384 | 03AB5DFB0D5D479F077BCEFE514A33126584B48EA4E5B39DA79B61CFA6E843BF24B78828601D72E3281B0A2C60704EE9 |
hash_sha512 | 549B74E464A4F1749912F6B23440A34CEBD727554A9D255647AB74674F80C728F42E375D38A293E64BAC9AF48906E8281CEE2362E5082DA03046547360EAA92C |
hash_ssdeep | 768:/rqp1ssuvWRCll0zrMF7G4i6Xf4r6wD1Pu:2jivW0+PO7GcfWPu |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Device Census |
meta_original_filename | DeviceCensus.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.18362.1035 (WinBuild.160101.0800) |
meta_product_version | 10.0.18362.1035 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DeviceEject.exe |
file_path | C:\Windows\system32\DeviceEject.exe |
hash_md5 | 45DBFE6EA65E1FA16A2E9DA86EE01124 |
hash_sha1 | FE7A3796A020F51E995BBE8D08D17940DD81EB96 |
hash_sha256 | BF114A11688A5FF9E1A665F8E57F43F37743BA9445F8B8A5756322AD807472D9 |
hash_sha384 | 1E6CEAC47AAE23FD492A83657D8F624F9F80A9606A60A24D118DE9ED9BCF27F9E59A2B32CB75344214E4FFEECB69CFB5 |
hash_sha512 | D656E3D9822D94CAA3A590BFCF9A13E1D884C2FF5DA0D13C8286A0493C12EC08B0A3E2BDD0383F688AC7C0E2DFF6BD43294C20586D8830C72895E41C4F196717 |
hash_ssdeep | 384:mfAm+y3Vvrc92z0DOZ969eNopxWvyDyK5TYWpwWJJY0ehA/9gnl0:mAczcq0D19eg0yuK5zbJYQ/9gnl0 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Eject Device |
meta_original_filename | DeviceEject.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DeviceEnroller.exe |
file_path | C:\Windows\system32\DeviceEnroller.exe |
hash_md5 | 96A487B266262DC65DC08ECD591BB25D |
hash_sha1 | 83E3422A787B0AAA4B70633EAB5B445DA32F9A23 |
hash_sha256 | 420E680C4F681DCA6273080E8B1290991A8889BBE7CBE7E47B88C830A4136108 |
hash_sha384 | 002DB87CEE3008D4900F97F46896EE19D681B3740E42C77E67CE1651353AC5F25B94F2B9A6559202149C96E7322C7571 |
hash_sha512 | F1BB784C5D699E70EF7CDFF2485D2A9EB026BCE9E6A3199ED8E1833F5211969F7A953ED2747C60D2F67EA9E24829CAAD5840B72C33D67387A1DE12C97828A6E9 |
hash_ssdeep | 3072:7nn6vo3sqtHAVDJ2SQBkLnysQOQ29mjkJzwGtxa/OlV:7nn6vTqtgVDYSxQOQ24SEYx |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | API for MDM Enrollment |
meta_original_filename | deviceenroller.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2515 (rs1_release_1.180830-1044) |
meta_product_version | 10.0.14393.2515 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DevicePairingWizard.exe |
file_path | C:\Windows\system32\DevicePairingWizard.exe |
hash_md5 | E4445E4A56348FF85A9C2F9D5ADEEAE3 |
hash_sha1 | D4FD853DA5BF46DD9592C4C85FC3C4EF17420CDB |
hash_sha256 | 8EB20EBE33E5850DFED3D61EA65794CE40984198002D0A1F4DB53F3748A282CB |
hash_sha384 | 659ADC07C1D08967AC767091FC1BB97115F9D3A244E97586294AD71DEEB2E3C2EB1F8363AE51DB1D0A5D7E08E205261C |
hash_sha512 | 64A28DC76C2981FF88B80E3E2540C94D3684F7643E13AD3EECCED261BD88156F054ADA4B243A3058627F0EFA52838D9412880FDE5D6E4E1B8D429511D7E6B724 |
hash_ssdeep | 1536:Qc7rNy7PUmeHh0ORziE8Ujcd7GtKe9MqZ3qOTj:77A7Pe+ORziE8gcQtr6oj |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Device Pairing Application |
meta_original_filename | DevicePairing.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DeviceProperties.exe |
file_path | C:\Windows\system32\DeviceProperties.exe |
hash_md5 | C799FC7C577BA8AFF1B73EBD54210C50 |
hash_sha1 | C305426E6AF509A34462F8658595CF7093EB3210 |
hash_sha256 | E0197C3F2D9FD1B54E711EC4FD84078E8E809CE3E77A2FA4050C5085F6160FE1 |
hash_sha384 | EF2E3468FD38F81E0BE66A5C5001C60C73B7887F53D8D00C9AAFEC1401A2E56636BAC1C92487085D72E72CA4A574AF28 |
hash_sha512 | 0F35C8381AA0608F866B2BC36AC99ECEC78F7061BA217A061C473C09A918A6B5AB8BFA2BBA0B8F795492FB7FA9256CDF6876C42498E761332067F76D6733F5CE |
hash_ssdeep | 1536:IEwSO2y5nNWLJpBpTybQ74i6u0dw9Wegi85mChdlzwCxi65p:IAO55NOFpTyIcuz9WzF4Chdlzri6n |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Device Properties |
meta_original_filename | DeviceProperties.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DFDWiz.exe |
file_path | C:\Windows\system32\DFDWiz.exe |
hash_md5 | 72ECFD20DB8AE2C475856699987CADE3 |
hash_sha1 | 513C71900C4F04A2C681D2ED2ED169C3F0D0A3D3 |
hash_sha256 | 60CD7954BBE02422F9C28FC95B234426615D3F5DBAF7F7D2B733ADA657C6D406 |
hash_sha384 | F0DAF0EA40008C78C03E000537A8397B2049C7EF206BE435A1A184A75A5D2D6DC279AF77A02E6864444FD9E4472778A9 |
hash_sha512 | 08F818FEDF4F2F96FB972869A21CE6E5E2735EA8672FCA3B95D52E14FE1E3E9F8A73FB9295DD718073773B76B430019F56522B38FDB60AAE6ADF20D33880B14F |
hash_ssdeep | 768:gnm5UETuFLczkNQ9GHQx4oj0GZND7k1Uk9wFO6Omc0G0zmjuHShGF:XS9g9nZDjO6DS0SLhG |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Disk Diagnostic User Resolver |
meta_original_filename | DFDWiz.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dfrgui.exe |
file_path | C:\Windows\system32\dfrgui.exe |
hash_md5 | DE723C6B0D294576C1258CC6925D4E7B |
hash_sha1 | A19F962C447DE9F0A98360AC3484672A48C33DAF |
hash_sha256 | D5E151E700B5AC51AC3B0BEC9BA1B8E57DC332E151A6881BF190A41F4149D879 |
hash_sha384 | 8CCA1BB676CAFED8C16D609E2A3BB434250F8D52A5F34FF157B2E368C6DDA0A7845192B25B6F10770AC26AB3BC3E325E |
hash_sha512 | 4AAE612BFE7AE9CBEC539CEB204E66A0DAD3193A6CAF950FF2B37383C3D71AB362E50C7BD146AAF0753B1F8A9BBD9758ED11859813B70302F665B0109E49322D |
hash_ssdeep | 12288:45iMQWh2e8Xu3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7:foWu3/kRc4l6g6gtPbcHn7q |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Drive Optimizer |
meta_original_filename | lhdfrgui.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dfsrdiag.exe |
file_path | C:\Windows\system32\dfsrdiag.exe |
hash_md5 | F8A3CA53C9A2BDB74B031A11B7ED35E2 |
hash_sha1 | ABEE7CDADBD67245F7FEEAE67290B83F5460FC65 |
hash_sha256 | 477D379C5C5F3862E6815F741C924BFA24F3A32A0709CF21BFEE45545652FC24 |
hash_sha384 | 674815EF34E984E008186DECABB9DCDF2FA913081F27D84E2417043F24CA1C348BFF56FB0D127835E737C02F8644EB9D |
hash_sha512 | 95AF37ACFC6744D1E009426FCFB56410022AD276ED66B39A7DC38FADA516A63924F79789D9B76EF0A35EF9C6163135F0BB9AACFBEA99F3DA0C7DF1AEC6B1CDCB |
hash_ssdeep | 49152:7l5Bt5M1P5YkK0DtaVBJ10lMuEynUiuSJk/rwjR45P6mxkn:PBt5Y/KOz |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DFS Replication Diagnostics Tool |
meta_original_filename | dfsrdiag.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2999 (rs1_release_inmarket.190520-1518) |
meta_product_version | 10.0.14393.2999 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | [ERROR] Unknown Command <-help> DFSRDIAG - DFS Replication operational and diagnostics command line utility SyncNow - Forces replication over a given connection; ignore schedule for n minutes StopNow - Stop replication over a given connection; ignore schedule for n minutes PollAD - Trigger a sync with the global information store in Active Directory Domain Services DumpAdCfg - Dump AD configuration settings pertaining to a certain member DumpMachineCfg - Dump service-wide configuration of a given server hosting the DFS Replication service StaticRPC - Set static RPC port for DFS Replication Backlog - Display the backlog of replication data to send from one replication group member to another replication group member GUID2NAME - Translate GUIDs to user friendly names PropagationTest - Test replication progress by dropping a test file under replicated folder PropagationReport - Generate a tracking report for the replication progress of the propagation test file FileHash - Displays a hash value identical to that computed by the DFS Replication service for the specified file or folder IDRecord - Displays the contents of a replicated file's ID record ReplicationState - Displays the updates that are currently being transferred on inbound and outbound connections |
key | value |
---|---|
file_name | dialer.exe |
file_path | C:\Windows\system32\dialer.exe |
hash_md5 | 52BCE70E1E4701C0113C6A49F6424DEC |
hash_sha1 | 8C56E4914F7A7AD78582329D98D6B6A78E15565C |
hash_sha256 | 4F4BF6FC3338E2BB14CC6814DB8CCD9CCEF1F39938EC051A77DD31F69BADC600 |
hash_sha384 | 1A1F8163406590C6299E8C29B160AA279A1153EB0E2A29D0FE193221595452E804C736111B385F088976E7CE0042915C |
hash_sha512 | 3EF881B5C6F6EF31699CD8248B015FF79FBE1D4A582A34F9186345F98AE8B7FC0877429C3A07BCB25457ACA66505C85E997E058269F8BC6680B9B46E86CB4FDF |
hash_ssdeep | 768:bft/qZZYgutzQN6TP00/SOZpjfZz52ySWDcI6ICRfrid:Lt+WwY0oPl2ySmcI6IUid |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Windows Phone Dialer |
meta_original_filename | DIALER.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DIMC.exe |
file_path | C:\Windows\system32\DIMC.exe |
hash_md5 | C8462C3F318849C08C28B1E68D24D5BA |
hash_sha1 | C09D63EC8EAECE1E9B11059D66780F6C8647DB87 |
hash_sha256 | D9C6DE64B45C3B8657C5DF00813F0EAF3A8B45F3614DD046C5B71DD955567B22 |
hash_sha384 | DB4085984BCAE675127BA87F67FB0CB4AE505CB98C6DE1CFE74E779521A5005E7DC9B4E5F3FFAA64EA4D31791EF5549B |
hash_sha512 | DB718BD1FAD1AC0E70F77A8CA73D693E15E5848AC901FF696CD25A3CDEA701AF4F7A0A97DDA6C76891FFA39FCF06A825F3139350269A5F5DCD276AB94C9ADB63 |
hash_ssdeep | 384:gdYKO3GR/jE3y7gqn8udp+olZ0KQ+U46C7mYeeCFUO9/0Kh1l2HsedmAzYLMhG4G:gpWXq8u2YZVRz7S3CmkYLMhG40x |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Deployment Initial Machine Configuration Tool |
meta_original_filename | DIMC.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | \nDeployment Initial Machine Configuration Tool:\n\nUsage: DIMC.exe -UnattendPath <Unattend_file> -HivePath <IMC_hive> [-SequenceNumber <Sequence_number>] \n\n -UnattendPath Specify the path to an unattend file.\n -HivePath Specify the path to an IMC hive.\n -SequenceNumber Specify the IMC sequence number. This is optional.\n -? Display help. This is the same as not typing any options.\n |
key | value |
---|---|
file_name | diskpart.exe |
file_path | C:\Windows\system32\diskpart.exe |
hash_md5 | 07B2CEDAADC8202D201A1E8552737BE9 |
hash_sha1 | EEF86A653F127486C5D1E1468D85CDE2653316BE |
hash_sha256 | BFD5377E93863AA5CCC8233C09BE14C54CE7731062CBA5BD319B2A1E2955EA1D |
hash_sha384 | A0EF0E5F8A2ED394EF0F21498171678175DEA8EC6756A41CC534D4FD762FACDB3E007F839C913FD2642875530C27AA92 |
hash_sha512 | F7ECB3946F90DA26B78D7DF0777CD95A66D03582E7F3FDAD4B4B724EC4A8A47792368CADD1D410C663980B09C55AFDBC4265ED6719550A915715833CAD6EFE02 |
hash_ssdeep | 3072:NsJf/qp9FzpbpBogl7WIJ2FO8FzYDdA0WJuTxI5I8q9QxraM:qJXqp9FF9qggFtOdzWJga5cY |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DiskPart |
meta_original_filename | diskpart.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Microsoft DiskPart version 10.0.14393.0 Copyright (C) 1999-2013 Microsoft Corporation. On computer: default-pc Microsoft DiskPart syntax: diskpart [/s <script>] [/?] /s <script> - Use a DiskPart script. /? - Show this help screen. |
key | value |
---|---|
file_name | diskperf.exe |
file_path | C:\Windows\system32\diskperf.exe |
hash_md5 | 26FF50708FB975D7DF334460ABE5899A |
hash_sha1 | CC45C6D879622CD9810467930A93684F33952D3D |
hash_sha256 | BFAA29161F3A1C6B7E427EA7A7BD39FCF47BF84448B3800E2ED686B062453F71 |
hash_sha384 | 06A85DDCC755F5B3C2C7E1FFB31529D4CC1D6DAFD058E736F3228F9DE70C11C160885BC62BC400D66DF99E552E7EBCE3 |
hash_sha512 | A10BE643CC0C0A6A8BE85B4D667E502A0B7DF0F03630CBE39B4CB1A339E605BF697022C66275FA37BB96271158C1FEA6C5380F71FDC71D9C93A817C19EAF8DB1 |
hash_ssdeep | 384:79rok9TCGqAaRXvKnORtGbUfjSXRy5goyiOMNbZNisLP9eJ9W8JW:7T9TCGqAQKnORX0iiiOMNzimP9m9 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Disk Performance Configuration Utility |
meta_original_filename | DISKPERF.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
DISKPERF===================== Starts and stops system disk performance counters. Used without the command switches, DISKPERF reports what disk performance counters are enabled on the specified Windows 2000 computer. Disk performance counters can be specified to report the performance of the individual physical drives, or the individual logical drives or storage volumes. Note that these two sets of performance counters are measured independently. The user has the option of enabling and disabling them independently using the command line switches. NOTE: This command can only be used to control remote Windows 2000 systems. In newer systems, these performance counters are automatically enabled. DISKPERF [-Y[D|V] | -N[D|V]] [\computername] -Y Sets the system to start all disk performance counters when the system is restarted. -YD Enables the disk performance counters for physical drives. when the system is restarted. -YV Enables the disk performance counters for logical drives or storage volumes when the system is restarted. -N Sets the system to disable all disk performance counters when the system is restarted. -ND Disables the disk performance counters for physical drives. -NV Disables the disk performance counters for logical drives. \computername Is the name of the computer you want to see or set disk performance counter use. The computer must be a Windows 2000 system. NOTE: Disk performance counters are permanently enabled on systems beyond Windows 2000. |
key | value |
---|---|
file_name | diskraid.exe |
file_path | C:\Windows\system32\diskraid.exe |
hash_md5 | F416B737B95745072FD5C10B0D97179F |
hash_sha1 | A234A13339D4EA894546CFBC9F0415C0DD43FF9B |
hash_sha256 | 7667FE2E4416321EDF29B17DE47E7DE83E2C97F558F5581D50F85EDE0F7FAE34 |
hash_sha384 | 4E516F48BF5AB72EBCEA9F45F3103249F34F1567C727FC5554B0F51A7D8A65529C614FFD871D4F58A1F7DC2F982781A9 |
hash_sha512 | 93246A6DC25B5A9DACD5E508D8453F201858A7833DEE738A45B8F4890108CFC296BD08BB1EAAEC5150A7EFAD9A7E4423FBF3FEB62971C1C40E7292F8898F2A2F |
hash_ssdeep | 6144:RvjlYPBi9Lh00wkw/Legq7x/qoRDG6Zsgo4SPVzU:RvjEewJTM1qKD58 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DiskRAID |
meta_original_filename | diskraid.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Microsoft DiskRAID version 10.0.14393.0 Copyright (C) 2003-2013 Microsoft Corporation. On computer: default-pc Usage: DISKRAID [/? | [/s <script>] [/v]] Launches the DiskRAID application. /? specifies that DiskRAID should display this usage text. /s <script> specifies that DiskRAID should execute commands from the script file at the location specified. /v specifies that DiskRAID should run in verbose mode, printing out additional information about each command being executed. Examples: DISKRAID DISKRAID /v |
key | value |
---|---|
file_name | diskshadow.exe |
file_path | C:\Windows\system32\diskshadow.exe |
hash_md5 | 5A6926E132B7A3F3319E825A88BCAD61 |
hash_sha1 | 93483D6F002E96440D8FC7FA18614FAB20484C35 |
hash_sha256 | 8D556F8CA5588872AB80EE7DCF93B0EEE4CD2596A454CC7ADE4EA7CED3F8D7D8 |
hash_sha384 | A2531D1D56EA27159C3D12057217A164616DFFF2FDAFCB696220B17C078F3422CA75E5FD0F946C8907DA3959DBA6743B |
hash_sha512 | 48C5A07C65C6AE2CD49FEA76C1DFD49240A11639C8BDECFB13AAF6FDB876722632EC04FCC92C72E2048DB441E1AD0CD4CE8B182127A50F8C740B003C58B9A381 |
hash_ssdeep | 6144:4+AcTyT0wvhfrLNAId0pDBJPWze96xTj0z5u9lghTk2g:4+AcdoJPOId0pDBJye9A0z5u+g |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DiskShadow |
meta_original_filename | diskshadow.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Microsoft DiskShadow version 1.0 Copyright (C) 2013 Microsoft Corporation On computer: default-pc, 6/4/2020 4:10:50 PM DISKSHADOW.EXE [/s [param1] [param2] [param3] ...] [/l ] - Runs script mode DISKSHADOW.EXE [/l ] - Interactive mode /s [param1] [param2] [param3] ... [paramX] - Script mode. Include environment parameters in script using %DISKSH_PARAM_1%, %DISKSH_PARAM_2%, %DISKSH_PARAM_3%, ..., %DISKSH_PARAM_X% to reference [paramX] above. /l - Output log file |
key | value |
---|---|
file_name | DiskSnapshot.exe |
file_path | C:\Windows\system32\DiskSnapshot.exe |
hash_md5 | AA2947CE60C08B3C728994938AD03BFC |
hash_sha1 | F04C0220A87DF743A936D58C4F7C42A3AF0B0CCC |
hash_sha256 | 9F677C2796047B08BDC6EE30FB9DD5C4BB0948726B34D97B880A46AF580D0859 |
hash_sha384 | 131399E36947292431036DD66ECDA05E41A50FD2F5A0EACFE252EED9C15BCF81FED9B9D3E6F464B7860A149E6FB110DC |
hash_sha512 | 70CDE99FA111C967FB873528280BB68212BB363DD747A92B26D63540097558F23BBE2FFEAC9CC25B76ACAAE5878578067A14B4E84B545672B1A679466142F821 |
hash_ssdeep | 1536:oUXgqagabifeWsFMtGhynZrsjTD7wObLRaecOPfGeLIcY+xAz4qgfXEGRdx:vGWsFMtGhynZrsjTD7wObLRaecOP+eMy |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DiskSnapshot.exe |
meta_original_filename | DiskSnapshot.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | conhost.exe |
error | DiskSnapshot.exe [options] -c console output -i (deprecated) detail data to console -s (deprecated) summary data to console -u process large volumes (no limit) -j [config] specifies an alternate config file -w [output-file] dumps MFT to a file (v arg required) for testing or reparsing -r [input-file] parses a previously dumped MFT file -v [volume][path] specifies volume(+path) to process, e.g. "d:" or "d:\foo" -e prints out escalation keywords -p disable privacy |
key | value |
---|---|
file_name | Dism.exe |
file_path | C:\Windows\system32\Dism.exe |
hash_md5 | 707C25B81CE66CCBC5112AC07C980909 |
hash_sha1 | 77D5C21D5630CF674ECD1AE8C7928CE13B79B40F |
hash_sha256 | FFA65D0286EF4016CCE89ABDFB5B6CB30996BCC00FE7E8F440B9AF565179E9DA |
hash_sha384 | DB6851FB21595A48334FCECEDD58D11A8051628B96774FA091DDDBD19633B6CD5BAB6D474240A4B764EF5D2243E9DF40 |
hash_sha512 | A550267DB255D5C9B62867D496C9365EEBDE3D1CC9FBC7D3C00D7430EB6E5F58EE66132462AE03E9E19338946416CD301B8507E2EC8BF945A9FDDBB270F9E570 |
hash_ssdeep | 3072:rzNZ1tcy1sjPuoBI95tHlaTXhdbSr5eWVWtQiZT0i8hBo+ai+4nr54:r5Z3cAsbuoBOMTXCwWi1cBoybr+ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Dism Image Servicing Utility |
meta_original_filename | DISM.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Deployment Image Servicing and Management tool Version: 10.0.14393.3241 DISM.exe [dism_options] {Imaging_command} [<Imaging_arguments>] DISM.exe {/Image:<path_to_offline_image> | /Online} [dism_options] {servicing_command} [<servicing_arguments>] DESCRIPTION: DISM enumerates, installs, uninstalls, configures, and updates features and packages in Windows images. The commands that are available depend on the image being serviced and whether the image is offline or running. GENERIC IMAGING COMMANDS: /Split-Image - Splits an existing .wim or .ffu file into multiple read-only split WIM/FFU files. /Apply-Image - Applies an image. /Get-MountedImageInfo - Displays information about mounted WIM and VHD images. /Get-ImageInfo - Displays information about images in a WIM or VHD file. /Commit-Image - Saves changes to a mounted WIM or VHD image. /Unmount-Image - Unmounts a mounted WIM or VHD image. /Mount-Image - Mounts an image from a WIM or VHD file. /Remount-Image - Recovers an orphaned image mount directory. /Cleanup-Mountpoints - Deletes resources associated with corrupted mounted images. WIM COMMANDS: /Apply-CustomDataImage - Dehydrates files contained in the custom data image. /Capture-CustomImage - Captures customizations into a delta WIM file on a WIMBoot system. Captured directories include all subfolders and data. /Get-WIMBootEntry - Displays WIMBoot configuration entries for the specified disk volume. /Update-WIMBootEntry - Updates WIMBoot configuration entry for the specified disk volume. /List-Image - Displays a list of the files and folders in a specified image. /Delete-Image - Deletes the specified volume image from a WIM file that has multiple volume images. /Export-Image - Exports a copy of the specified image to another file. /Append-Image - Adds another image to a WIM file. /Capture-Image - Captures an image of a drive into a new WIM file. Captured directories include all subfolders and data. /Get-MountedWimInfo - Displays information about mounted WIM images. /Get-WimInfo - Displays information about images in a WIM file. /Commit-Wim - Saves changes to a mounted WIM image. /Unmount-Wim - Unmounts a mounted WIM image. /Mount-Wim - Mounts an image from a WIM file. /Remount-Wim - Recovers an orphaned WIM mount directory. /Cleanup-Wim - Deletes resources associated with mounted WIM images that are corrupted. IMAGE SPECIFICATIONS: /Online - Targets the running operating system. /Image - Specifies the path to the root directory of an offline Windows image. DISM OPTIONS: /English - Displays command line output in English. /Format - Specifies the report output format. /WinDir - Specifies the path to the Windows directory. /SysDriveDir - Specifies the path to the system-loader file named BootMgr. /LogPath - Specifies the logfile path. /LogLevel - Specifies the output level shown in the log (1-4). /NoRestart - Suppresses automatic reboots and reboot prompts. /Quiet - Suppresses all output except for error messages. /ScratchDir - Specifies the path to a scratch directory. For more information about these DISM options and their arguments, specify an option immediately before /?. Examples: DISM.exe /Mount-Wim /? DISM.exe /ScratchDir /? DISM.exe /Image:C:\ est\offline /? DISM.exe /Online /? |
key | value |
---|---|
file_name | dispdiag.exe |
file_path | C:\Windows\system32\dispdiag.exe |
hash_md5 | 2E0521ED2631272D90D5887A7109C20C |
hash_sha1 | D7396AD887AEB2DA1D5D1045741CBCFD684098AD |
hash_sha256 | 2FAFF3700BF080D64D0997994C533B57816751E70893A158AF6C7B47D9FD9301 |
hash_sha384 | A3235624D967DF832805EFA3FEA07553C343EF710D8B88DA004CC15E5B301F8CDC2A60F55F1525CBBE9489913298F9EC |
hash_sha512 | CA3BC7605B220BA691F064F69AF5C794F44C3529EDED9700A905D2BA7BDC1336EAB975A68DAC5EB222D760234C73042A563B3703739132B5F60504A28D002FCA |
hash_ssdeep | 1536:f+DGiHD+sItZuxWsB81yl/uJkgqQlgzn3/bCZxcd060I+qCIIpX78hWF26Z:fhsBLl/a8z3/bSxcdSINBIpX7iWf |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Display Diagnostics |
meta_original_filename | dispdiag.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | Language Neutral |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Logs display information to a file in the current directory. Usage: dispdiag [-testacpi] [-d] [-delay ] [-brightnesslogging] [-out ] -testacpi runs hotkey diagnostics test -d generates a dmp file as well with additional data. -delay delays the collection of data by specified time in seconds. -out path where the dispdiag file should be saved, including filename. This must be the last parameter -DumpIdDiag force Indirect DIsplay framework to dump diag info via WPP -brightnesslogging toggle verbose brightness logging. -ccddatabaselogging <on|off> toggle Ccd database access logging. -dxgautologger <on|off> toggle DxgDiagnostics autologger. Requires admin and a reboot. -DodFullscreenupdates <on|off> toggle if all active display only drivers should process each present as full screen dirty.Output: Name of the saved file. |
key | value |
---|---|
file_name | DisplaySwitch.exe |
file_path | C:\Windows\system32\DisplaySwitch.exe |
hash_md5 | B1C084BEDCFF3D4AB356687698B1BA82 |
hash_sha1 | 96128150CF6F9EB6E9AE43D4BEE43B2552ED70DE |
hash_sha256 | 94CD03DFB938F5F0A999C77CA7FCC2320F6A8C570AC0F01A99A6DC9440C980D8 |
hash_sha384 | D743933CF1E1544A789D5CCC44C0D501DD7E36121CA97C927F38CC2C223BEB4138E6F4754A02A9F418AF0F6575EC68FA |
hash_sha512 | B37FE0F7078591824792E9D9D78BB2322EAB626BA053EDB0C1C7812533E8BAEE4DE723B979546113734C33598108267FC4ABE267FC4B3429B390F939857FD0FD |
hash_ssdeep | 3072:XUG9few5ZOAQuZpxQo4/j5AwR9wqhZsEvkQ86AyLa7eygpPIHl:XUaGw5ZGuxQo4/j5NwqhZLDsqM |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Display Switch |
meta_original_filename | DisplaySwitch.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | djoin.exe |
file_path | C:\Windows\system32\djoin.exe |
hash_md5 | 111E795B25B9414BE6E43A29093E8C45 |
hash_sha1 | C063495FEF959F6000B0B486AA8A2E7585C03BE1 |
hash_sha256 | FBC1AE96D1EE1A883658C6F9101590777F95F480010ACAC4E7934505B405F507 |
hash_sha384 | 6F6A8E24EC115B184FDA07DBF6D725EE9850017F4D1A056FD0083AA929E41FA181DC99E5683B9C953AB6D56CB3054003 |
hash_sha512 | E131E35A133BDF2B6E8926F04413C88C86F1D452F40A26B51C56D1001BD448349C15264F20E7C8A50A6446EEBCA9ED3D2F62A9370E08E328C231F5FB120587B7 |
hash_ssdeep | 768:0E8pWPUVCowgo/fTDGbgNcwYKNgiZcRN5yR/2Ij8FH9Bfv/hX3bfhbj5UmhRQJ6J:D7zzgoTDCUPHZcRiRFGHnvNLfZKCRQJ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Unattended Setup Generic Command For Domain Join |
meta_original_filename | djoin.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Usage: djoin.exe [/OPTIONS]\r \r /PROVISION - Provision a computer account in the domain\r /DOMAIN - of the domain to join\r /MACHINE - Host of the computer joining the domain\r /MACHINEOU - Optional where the account is created\r /DCNAME - Optional to target for account creation\r /REUSE - Reuse any existing account (password will be reset)\r /SAVEFILE - Save provisioning data to a file at \r /NOSEARCH - Skip account conflict detection, requires DCNAME (faster)\r /DOWNLEVEL - Support using a Windows Server 2008 DC or earlier\r /PRINTBLOB - Return base64 encoded metadata blob for an answer file\r /DEFPWD - Use default machine account password (not recommended)\r /ROOTCACERTS - Opt. include root Certificate Authority certificates.\r /CERTTEMPLATE - Optional of machine certificate template.\r Includes root Certificate Authority certificates.\r /POLICYNAMES <Name(s)> - Opt. semicolon-separated list of policy names.\r Each name is the displayName of the GPO in AD.\r /POLICYPATHS <Path(s)> - Opt. semicolon-separated list of policy paths.\r Each path is a path to a registry policy file.\r /NETBIOS - Opt. Netbios of the computer joining the domain.\r /PSITE - Opt. of persistent site to put the computer joining\r the domain in.\r /DSITE - Opt. of dynamic site to initially put the computer \r joining the domain in.\r /PRIMARYDNS - Opt. of primary DNS domain of the computer\r joining the domain.\r \r /REQUESTODJ - Request offline domain join at next boot\r /LOADFILE - specified previously via /SAVEFILE\r /WINDOWSPATH - to the Windows directory in an offline image\r /LOCALOS - Allows /WINDOWSPATH to specify the locally running OS.\r This command must be run as a local Administrator.\r This option requires a reboot for changes to be applied.\r \r Examples:\r \r To provision a computer account in the domain:\r djoin.exe /PROVISION /DOMAIN /MACHINE \r /SAVEFILE \r Note: Other parameters are optional\r \r To request the local machine to perform an offline domain join:\r djoin.exe /REQUESTODJ /LOADFILE /WINDOWSPATH \r Note: Other parameters are optional\r The parameter is incorrect.\r |
key | value |
---|---|
file_name | dllhost.exe |
file_path | C:\Windows\system32\dllhost.exe |
hash_md5 | DA63852A2B0340E94D74EAF0CD444979 |
hash_sha1 | 0E33FA9CE0074155F361DB9CB36183431C8FC266 |
hash_sha256 | EE8364C07B3F4F71FA649E0E6C4C73C15D285130E4B16E79890EEBBF89C2164E |
hash_sha384 | 62C2F675957F45AD622C9DD1F7E263F5D97B9134BAAD13732684EC09774A4E8090F6B5B3C79E8C755528CE74742F1138 |
hash_sha512 | 1E03CD567B070BA34214E653E8F8A7F1607E99FFDB664ABA80E2F672CDA2117FAE6C1179354644AD0B5F949012C10F8E4ED7B00919F0979FC7F580953DEFABA5 |
hash_ssdeep | 384:17GusqDUSr7YVsFW/5WOlRDBRJalkoU66N:1JisiH1PpoP6N |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | COM Surrogate |
meta_original_filename | dllhost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dllhst3g.exe |
file_path | C:\Windows\system32\dllhst3g.exe |
hash_md5 | DC9817C8F88FB51BEC1F2A16A2AC5234 |
hash_sha1 | 2E1A191839B8D8BE20AD3495FD8990DD725E517C |
hash_sha256 | B9C234164A34312D92034B49BB8BC29C8F676C3CD974375490438120CAFBF6FE |
hash_sha384 | 22C32AF6F32B8EBF1A28D622437AA0D4E01B00A7DA47CD06626B0D90EE39934B98038DF3E86FC46A0D82033F8128CB01 |
hash_sha512 | 296392EC2EE5B2EF4504C61F6007017ECFED47FAF527B95EEE425B35DE687B33417B177BA2602934734D33C75C4328FC1826DDA6F61943573723BAAF65EB1749 |
hash_ssdeep | 192:n40Y2eSwWhTWsxDEF+HsaHL010pEBswbWCyW:n40UWhTWs6cWs8WCyW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | COM Surrogate |
meta_original_filename | dllhst3g.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dmcertinst.exe |
file_path | C:\Windows\system32\dmcertinst.exe |
hash_md5 | 5DEF89906DA4AB4BCBB8B9E48338F7BC |
hash_sha1 | 09F843A5A5E94CDA898CB0C6372BE464653D77C1 |
hash_sha256 | 82C85CD40108D5259793AD73B63F25BD734BD75880BD67D226DF76E56C63DBC0 |
hash_sha384 | 3B4741E186BBA1E13AC139625749C766271EF433CA4359405F2AC9D4FE23E59C6C03412C8538680C8176DE54A6EA773A |
hash_sha512 | C29B722AB220A872B15743063C082FC3DE49850AB546BA57DE03292C7317064005424B156AEE23D142D23A6BE291EE95BEBCF6C781728DC1FFE46F02693DD2DB |
hash_ssdeep | 3072:Bi3pKC/eGfWQbEHAoGFiNt8RXsQUyzWYQOQ2qMxbUUaBJ:Bi3pKOeXEiYRNjfQOQ2vxwUaB |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DM Certificate Installer |
meta_original_filename | dmcertinst.dll |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.1066 (rs1_release_sec.170327-1835) |
meta_product_version | 10.0.14393.1066 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dmcfghost.exe |
file_path | C:\Windows\system32\dmcfghost.exe |
hash_md5 | 2F3DE6353E6542ADC3B2B11CDAFCDF7E |
hash_sha1 | 9DC2A7E8A97ABC8040602F87536928545102FA03 |
hash_sha256 | BBF2CD3259D4EE211F1EC4A0C5F62C5400EE77584AAA1F09E33CD880825528EA |
hash_sha384 | 0B4379075224291ECF09237D0DD71018C763F13B3943555F254EC5BD672D6E93B523DE7BDBE559A60B850CBE80DE6DC9 |
hash_sha512 | D3CB14A4ACC0F15AFD1C99D10E85FC28BEA8D8A69BCE175059B11D3A9B1C4D810D4CD1D35E3C9613E9FDBCF192C56D916D3F6B643920923753D1F30CAC372A48 |
hash_ssdeep | 768:k49Fv2Ei7Y0Dl7IOaojrnNZDahY4owDl0lDGAgkMk57z:rv2Ew0OrnNZDa3D+kAgkT57z |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Host Process for Push Router Client of OMA-CP |
meta_original_filename | dmcfghost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DmNotificationBroker.exe |
file_path | C:\Windows\system32\DmNotificationBroker.exe |
hash_md5 | 2A3064C51C2187A3587FEE04981BCDA7 |
hash_sha1 | A7F5DF9B8BFAAED024A1BCD4333CD9B2F64FADC6 |
hash_sha256 | D012DA52B3A3C739E94AE6A2828BAAF0C9C3AD5FFEDFA14038A9225DD563C256 |
hash_sha384 | 588287C0779210482053339FD67A0E58DB6271C0A9810E3D7763698F6028393DDD87D73A8244D350BA6C11E2BFB941EC |
hash_sha512 | EB8DF7D07B5E2D292747A735F4F52FA805F5DB460405CB3BE2ECB93522FA4C19DFE37396499A5A502809EAA5FAFD35D0A21D3B2265E781553DD703CAA607B9AB |
hash_ssdeep | 768:9wg2XXdIn24Dzfvv+lj4dhkMl0n5KxxZCs:SNIn24v3v+6diM+n0XZCs |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DmNotificationBroker |
meta_original_filename | DmNotificationBroker.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DmOmaCpMo.exe |
file_path | C:\Windows\system32\DmOmaCpMo.exe |
hash_md5 | 0EB3D27E3F73231822E8E646028ACB81 |
hash_sha1 | 49A585370FA153E3D088C1509BF24038071945B2 |
hash_sha256 | 75D5064A345B0991C2C53A5339BD0D80D7D20FA088E6AAF82FF012AB5C425DDF |
hash_sha384 | F0CB6570B0668C451223638362895B913F9BDB77583BD3752CEDF7C25F1295C7D7722419850952DA61EA218C883682E3 |
hash_sha512 | 15D77C95B8B8C0691B99F544D743530D8E42E7CA053624DFE95C44CA6559F2A120336AA4530C5F1D0FDE0203DE5B643E38548F92FBFDA0BA23765EEA3528EDD0 |
hash_ssdeep | 384:MLxWPh+ywR0bGYid9hpRjrTMCezDi8rVnrMReuU/3upCW6pxeW:9PMywRBPPhpxMX28BnrMLK3omx |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Host Process for OMA-CP Client |
meta_original_filename | DmOmaCpMo.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dns-sd.exe |
file_path | C:\Windows\system32\dns-sd.exe |
hash_md5 | B028C54FA794C275703BF3F3BABDC119 |
hash_sha1 | 4F7DC4A2963A283DF429BB8C751598E415E34B00 |
hash_sha256 | 6A27826B490457CCFECEBAF98A01325CC1CCECC81917B156AA1E566D141B520C |
hash_sha384 | C50C625F60BBF04C8943BF4FF5D3E7D1FD125E376BAF14B4214338DFDB4736CA73C46EECF112FE7CB0CCAAAB5BB5DA5E |
hash_sha512 | 79CA9874EC2B18F70A81A46BC7580786108F329BAB287C0EE4DF30578831A90A40FDFACE604BE8D1AA8738A046F886A610C3FFADAAC48A5164FC7D6004F7CF6F |
hash_ssdeep | 1536:itKnTo4lhyfVgIqR/z6lFEaXYoeeTOhvU7Cupxrptx1uj9L+4gkF4QSZ:zmfVezaLKeTsvWCKbBWxF4BZ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 2B20EB3380792AB011F662C064FDB473 |
signature_thumbprint | 173A28539CA6DAB5AC8C3B995ABAA692F95C5FC4 |
signature_issuer | CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US |
signature_subject | CN=Apple Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Apple Inc., L=Cupertino, S=California, C=US |
meta_description | Bonjour Console Utility |
meta_original_filename | dns-sd.exe |
meta_product_name | Bonjour |
meta_company_name | Apple Inc. |
meta_file_version | 3,1,0,1 |
meta_product_version | 3,1,0,1 |
meta_language | English (United States) |
meta_legal_copyright | Copyright (c) 2003-2015 Apple Inc. |
error | dns-sd.exe -E (Enumerate recommended registration domains) dns-sd.exe -F (Enumerate recommended browsing domains) dns-sd.exe -B (Browse for services instances) dns-sd.exe -L (Look up a service instance) dns-sd.exe -R [...] (Register a service) dns-sd.exe -P [...] (Proxy) dns-sd.exe -Z (Output results in Zone File format) dns-sd.exe -Q (Generic query for any record type) dns-sd.exe -C (Query; reconfirming each result) dns-sd.exe -X udp/tcp/udptcp (NAT Port Mapping) dns-sd.exe -G v4/v6/v4v6 (Get address information for hostname) dns-sd.exe -V (Get version of currently running daemon / system service) dns-sd.exe -A (Test Adding/Updating/Deleting a record) dns-sd.exe -U (Test updating a TXT record) dns-sd.exe -N (Test adding a large NULL record) dns-sd.exe -T (Test creating a large TXT record) dns-sd.exe -M (Test creating a registration with multiple TXT records) dns-sd.exe -I (Test registering and then immediately updating TXT record) dns-sd.exe -S (Test multiple operations on a shared socket) |
key | value |
---|---|
file_name | dnscacheugc.exe |
file_path | C:\Windows\system32\dnscacheugc.exe |
hash_md5 | 0E18A714F4532CAA83321D118BB5269C |
hash_sha1 | 9D33BFAD9BB96FDE8AF4A5B749E678CFF756341B |
hash_sha256 | 899D181BFBC861C2666E2386113BF49735B1383B5BCF964F1CA1FDF9FA4BAEC3 |
hash_sha384 | 606A01D83FA196A91A096A36532B72831149D22C0D7C69DF0D5598C82CAA14DE720AC4AAE6DF2600DF58D437C95602B9 |
hash_sha512 | 434FCA561776915641291E732A7256433C98F1A5EA389A48375B93FAA7B79EABA927EBD5720E1DD0FA3BA48892C9981EEF5164A9D48A25E4196071DCF591196F |
hash_ssdeep | 768:0yziMyvYwaQD8Ck9OP2V1WZnR46iSDSiuy:PziMyn52Vq4qDSNy |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DNSCache Unattend Generic Command |
meta_original_filename | dnscacheugc.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | doskey.exe |
file_path | C:\Windows\system32\doskey.exe |
hash_md5 | 56BC572C8305144F4C498ABB7E8160A2 |
hash_sha1 | 15E1995CEAC131956607103DB274DE7745AFCAB3 |
hash_sha256 | DBF2E1E11FD57DD0FBB2ACCB08778E6D838F272B3D5E814260044F0B0866B5A1 |
hash_sha384 | 136F44DC02EF332B8D24F94CCC477F8892F000844B38303C142F1E28AD6D020D5C1EDBBC7D2517DCAFCA8C7983C537FF |
hash_sha512 | F9A09DD562580E5440D2A084E1712B97AF804C72DA1B0700AE00BE4DBDBA97BF3012F3706CE2A23D2D6AB2EF8C3069A3D7491A76C032082D5D850BD50954E6BF |
hash_ssdeep | 384:fvRMoahJprnSidDNEUfXUQp5+5mMV+JUy+t7mPWXiWz:fvRMpfpbSCNPXTIR17m8 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Keyboard History Utility |
meta_original_filename | DOSKEY.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Edits command lines, recalls Windows commands, and creates macros. DOSKEY [/REINSTALL] [/LISTSIZE=size] [/MACROS[:ALL | :exename]] [/HISTORY] [/INSERT | /OVERSTRIKE] [/EXENAME=exename] [/MACROFILE=filename] [macroname=[text]] /REINSTALL Installs a new copy of Doskey. /LISTSIZE=size Sets size of command history buffer. /MACROS Displays all Doskey macros. /MACROS:ALL Displays all Doskey macros for all executables which have Doskey macros. /MACROS:exename Displays all Doskey macros for the given executable. /HISTORY Displays all commands stored in memory. /INSERT Specifies that new text you type is inserted in old text. /OVERSTRIKE Specifies that new text overwrites old text. /EXENAME=exename Specifies the executable. /MACROFILE=filename Specifies a file of macros to install. macroname Specifies a name for a macro you create. text Specifies commands you want to record. UP and DOWN ARROWS recall commands; ESC clears command line; F7 displays command history; ALT+F7 clears command history; F8 searches command history; F9 selects a command by number; ALT+F10 clears macro definitions. The following are some special codes in Doskey macro definitions: $T Command separator. Allows multiple commands in a macro. $1-$9 Batch parameters. Equivalent to %1-%9 in batch programs. $* Symbol replaced by everything following macro name on command line. |
key | value |
---|---|
file_name | dpapimig.exe |
file_path | C:\Windows\system32\dpapimig.exe |
hash_md5 | DD32F3C19410E4E7974DBB33229CBD7F |
hash_sha1 | 073E5BBD34595353510976373C8EDB79511B35F4 |
hash_sha256 | ADB6E4A682D56CEDC4DF75A41271DADC69DDCF0FF03E3AC0F1ECAF6D9E96E48F |
hash_sha384 | 84598CF57B35B705216BD46175AE92725331B7B2E495AB10142D77B87E08E608DE5FFC03A96711896A27A43D80673C6E |
hash_sha512 | 200A8C2DB9D90B7102FC80D00C044A7550BB9772C172D9CF1C5F5296B8AE3AF6E408BB59E63C8415850F89D64CCCBC1763652A3C23B1E7D3015894F68F2904D5 |
hash_ssdeep | 1536:7KLerwUdEMCGGWJ00l3uU1HIED1fCbWpygzU:5rwMeWeSJj16bE |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DPAPI Key Migration Wizard |
meta_original_filename | dpapimig.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DpiScaling.exe |
file_path | C:\Windows\system32\DpiScaling.exe |
hash_md5 | C1E219912D2237CB6661F7DAF20CC4DD |
hash_sha1 | 5DF3AFF2960BC56017FF8E417B3C0A99CD7A3F57 |
hash_sha256 | 10F1143ABBC80AFB70E08A952525E6B4E89F70606869E2A74C408641C23A107A |
hash_sha384 | 1AF600F971B63552C1D4E5DBCB37BB669DCCE75409E9CEC48A6DD797529AA2EC1ABEFEF53D7A89281F9E05540D730C51 |
hash_sha512 | 16C77CE35D8748567FDECC557E91B68088229F9133562B98E64C4A461694F8E04A8468F81EB8D969A8E2E5E49DCE37F586C4490C8D2E6D2F5D062CF7D51FE1FF |
hash_ssdeep | 1536:biGj91OwxgwYfPSqlGv+BNXNvuZS36EDtAZ7jz6dTdMQiMtYwJjD:TDOwNMSqoKXNvuZAFDqXzlzQf |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Display Control Panel |
meta_original_filename | DPISCALING.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | explorer.exe |
key | value |
---|---|
file_name | dpnsvr.exe |
file_path | C:\Windows\system32\dpnsvr.exe |
hash_md5 | 1FDE0F80845E978984762574963E18C4 |
hash_sha1 | 9E889FDEA47B5B76738A4A319FEE5B60C65CA6C8 |
hash_sha256 | A6AC48AC5B671C2ACE2D5359EA55E9553EE96C15C0D2004F663AF8F905936B5B |
hash_sha384 | 92420F8AF29FC21CD10E7FCD43114A84DE48B906883DA27FECA87C3E8CCA360E828FAF49915D71E6E0577A18EF48D81F |
hash_sha512 | DC6D50A2F6BE8BC747FCA4CDE7CC1CF4F9764752FDC950BD840A3A97FEE2BC67275D1D1748FEC02218692AAC085BA052C8890719422159DC5D1C6963002A1855 |
hash_ssdeep | 96:P7PZQ7sNjN/2Qz6A7309WaOMJrPgh2xt51EWauWw9:aImzy32WalogxruWauWE |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DirectPlay Stub |
meta_original_filename | wcodstub.dll |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | driverquery.exe |
file_path | C:\Windows\system32\driverquery.exe |
hash_md5 | 996B3110600838030F16B687267316B1 |
hash_sha1 | 82D6F1F5AAF4164A176A6F005E586279E19C53E2 |
hash_sha256 | C201D26820B30BDCA8FCDBA7F043EF5A191F6FA1FF8A82F7A56EA6FE449BA4C7 |
hash_sha384 | 438A5A316F7CE4BD789A050126BF26B32304F19CB9AABDD91E3F446F1D4D57CAFB2B1E2AC8D3ED4745433882057D26C5 |
hash_sha512 | 6D281F089DF8E262195FB9E4939F2F2A4F44012ABAD8741A2E609E73C6E9EFECD15057AB63FF86507EE5E417AC299C193EB8B6E4D993DFB0EAA97AAFE948E040 |
hash_ssdeep | 1536:G7Wb3B2Zx9F7bEF405V2zfj4qXlOSJRiLxYZG8mmVoxqpXN:AO296uzfj4oELLQoxqP |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Queries the drivers on a system |
meta_original_filename | drvqry.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
DRIVERQUERY [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/SI] [/V] Description: Enables an administrator to display a list of installed device drivers. Parameter List: /S system Specifies the remote system to connect to. /U [domain]user Specifies the user context under which the command should execute. /P [password] Specify the password for the given user context. /FO format Specifies the type of output to display. Valid values to be passed with the switch are "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed. Valid for "TABLE" and "CSV" format only. /SI Provides information about signed drivers. /V Displays verbose output. Not valid for signed drivers. /? Displays this help message. Examples: DRIVERQUERY DRIVERQUERY /FO CSV /SI DRIVERQUERY /NH DRIVERQUERY /S ipaddress /U user /V DRIVERQUERY /S system /U domain\user /P password /FO LIST |
error | ERROR: Invalid argument/option - '-help'. Type "DRIVERQUERY /?" for usage. |
key | value |
---|---|
file_name | drvcfg.exe |
file_path | C:\Windows\system32\drvcfg.exe |
hash_md5 | EE71E796775C657612D93A7FB2371A39 |
hash_sha1 | D96BE6C6455BB3B867305740D58FCF0B79270D70 |
hash_sha256 | 265931E2682BB0FF454C539034261941A4DA854677B2FFC96EFEC6916FE616EB |
hash_sha384 | F049FBB72AE2B7F9A1361C6FCF12FCBE2F1E55268E2FE6875771A7C8ADD5344A9BA8B3B1ED435A154F288B6DC64DADD0 |
hash_sha512 | B346A353702D340F185BF6DAC474AE67A5B5574173A97537DFBAD86787080057A440AC8D2F0D0BFA2AA29A0A67975AF206CD6F5F1A6A714C77E762356090A651 |
hash_ssdeep | 1536:s0P8+mKFDtocK42SXxC7+0PfuFWjzm1DDew:s0k10pIwxs3fu2zqDn |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Driver Configuration Module |
meta_original_filename | DrvCfg.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | drvinst.exe |
file_path | C:\Windows\system32\drvinst.exe |
hash_md5 | 188CE3916E9FD3D123F38F01F8F8B93C |
hash_sha1 | 8C5B77915FD2F67FB0B45609785AFEF0BFA710F1 |
hash_sha256 | C196086017725E8724DAB1DFDFABA9F4B7CFACD47A885BCC81984F8BC78D9F75 |
hash_sha384 | 543123421E13AD4B3398E4AA95440D7F73107A5A8A931D1DB19305311BED47DEEA96CEB518445FAFE79679C1200FE2D2 |
hash_sha512 | 6553BD32D33CA3D77DF4A1E6E17E12A4A42EEB3BBF3D642FEABD367508D65721EB802B6CD16E72EF64C0306BD42B3AC3B9A863D7D5D5D89C3F50BFE7DE17B839 |
hash_ssdeep | 3072:ibFtPkdahbAIdY1LdxggXlQYUw/pf1YVI9L50b9yoHO5T4ucsiR:6jkda/Y1RmoUMtOrkLT4ux |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Driver Installation Module |
meta_original_filename | DrvInst.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DsmUserTask.exe |
file_path | C:\Windows\system32\DsmUserTask.exe |
hash_md5 | 9F0CE85E4CC2D3DDDBCD11B391CD801D |
hash_sha1 | BC2A19E20713493269E2C400EDF7ED6AD6007B1B |
hash_sha256 | E2A467FCA75950B2A72CDFC63E415431DFD15EE5BEA1937EC2ABA640BDDAA638 |
hash_sha384 | 63AD817588EBFC1E79438CDC7B26482E41C5B97FB3C18FF7D77D6E7CBAC02F54ED9AAAA0F673A59D8484255E95A59285 |
hash_sha512 | 3214A110738DC9D0EE87B2ECD44EE1088123E3D6F3B8BC99461C3C5F485EA2100332AAB4C185C046D4C32D0285C7C6B89D6DECDED2DDA892455918424E5297C3 |
hash_ssdeep | 768:FjptAPEVZZ1rg4OAuHvaJ+LDEzVj9yGb1H:JAPEVZZu3iJ+LkyGbR |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Device Setup Manager User Task Handler |
meta_original_filename | DsmUserTask.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dsregcmd.exe |
file_path | C:\Windows\system32\dsregcmd.exe |
hash_md5 | 35EC92D9C4435C22AAA0DBA710DBE8C0 |
hash_sha1 | 55EF3D858682BEBD359C90C7679DDD76CC00C3C8 |
hash_sha256 | 55AF68BEEEC8F56F931C497EF876D5E204E55257DCDB8E4FCDE498BFCAEDA0D8 |
hash_sha384 | CB2F0501BC0DB0D16D90CAE75FA4FFCEDB19659F8B37BE42EC904942B0DD6D2442CEC82C3FF6323B5E7CA58F4BD9F0BA |
hash_sha512 | 0309518DA33D6AC9C095882EA8F5A9CF34EDF6392CA960945B3C1FA8AE6D87CFCB289CE4FE372BE9F5382EC774EE9F50636B529120D92D9BFCCF699A6CAF1215 |
hash_ssdeep | 12288:2WDjl+NcT1a7sgc1yhu0z5fkZG0yWzvfmhvjLrgUOv+r/L:ZDUNcZa7sgckhu0lfkZGdWrmhLZOv+rD |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DSREG commandline tool |
meta_original_filename | dsregcmd.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dstokenclean.exe |
file_path | C:\Windows\system32\dstokenclean.exe |
hash_md5 | F10F9128C93A79D8D1EDAAB19ADEEF5A |
hash_sha1 | D55FD012F74C2178375805869EB22CED464FEFED |
hash_sha256 | 700F2DBF378F89BFD9C9378483BE76012326D58F906E83B5996A289EC013C8CF |
hash_sha384 | 96B71E53305D890E326A029AF0C4E2B2354773050046F142AA40C79754DBEA3FDE728D442DD766AA789D8E206660FBBB |
hash_sha512 | 6F8027697D240EEB1514958ACD26925B33E93F1CB46FE9520BC91F50B41839184288B28A409899B8F82C0EDFA4C9310EE3C7CAF9159474012F07E581F03EDB19 |
hash_ssdeep | 192:DuhLbbgVPrmg7dOOaYgeCTM1NS2TkvGSGt7Wd9GXkgDARVsDWzEW:DCHbcRs+xCkNS2Qzq7W/gUODWzEW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Data Sharing Service Maintenance Driver |
meta_original_filename | dstokenclean.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dvdplay.exe |
file_path | C:\Windows\system32\dvdplay.exe |
hash_md5 | 9778532E11E1C71F14659D4F9BDB43A5 |
hash_sha1 | 9EDD9109441D50E61E6AD26EF6D410DAF644157A |
hash_sha256 | 0E7099CAE6EFD37BD377E780C6D8FAC60B12531A49F05FEBB263CB8BC2AA7E90 |
hash_sha384 | 2EB10511F318ED7A4D2F56D3BB04DC3F430AFD84262D13C78835E7737B07CBC06CA1D8D4F2F109CA407FB55B3DE14D03 |
hash_sha512 | 5BAB8BB199EE8B388EC591B7168F8977BEB00D1EC3B77A17313852EFD2EF33AEE5F8893E1EBA9B910D9156FB983DC44C2F517811D675CDBEB8607FD06E3B5C11 |
hash_ssdeep | 192:NgJAPtro6MHwpSOvLIX2PX3vq6hw1ramQmQPjhFioW5ZW:NguhHEOjEM/q628JW5ZW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | dvdplay placeholder Application |
meta_original_filename | dvdplay |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | wmplayer.exe |
key | value |
---|---|
file_name | dwm.exe |
file_path | C:\Windows\system32\dwm.exe |
hash_md5 | C89F159A577F19F7F03C73C98D29D841 |
hash_sha1 | DE60075CB979D655256F2DB447A22BD366AAEB6B |
hash_sha256 | B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408 |
hash_sha384 | BA97E1D3BC49A4863EAB1D12A44DBDB1E746A0E675FEDB283CBC82088335A46631AC289CB6D36CD0C279789E1D134D73 |
hash_sha512 | 3C7D4A156D926740200A8DA145B1741FA2974D1F76290D3C9DDCCCEC9DB7B192B8D9BDEF1DC318B34EEAC272A08CC7AE48D5B608AA9B34C46517E3825B1F5A53 |
hash_ssdeep | 768:rXu0S+gTySq24Opa3OXX6pTPBuwsDpCpWxCD6Urgb/ng9h+h4J1xnSVa4:rXu+A1z4negTPxmrb/ng94va4 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Desktop Window Manager |
meta_original_filename | dwm.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | DWWIN.EXE |
file_path | C:\Windows\system32\DWWIN.EXE |
hash_md5 | F2FF66DDAD0DE9B65D8C98BF30F69F24 |
hash_sha1 | 3979D93574A15B64B5667CD0825B9F6DD9526084 |
hash_sha256 | 24BF4EFB1F90427F0A039AB8A8080911EEB2315309D899574611BCDDF7F8E751 |
hash_sha384 | E3D4899E531001358BDBD407EE52472084908C6244E29DEB479B22E2055CC019990A2AE995AFEF9DFE106ED6EB07CF0B |
hash_sha512 | 37D7869829C07F06ADEAD94DA25EE826F900C83791DDECA024AE12937F9A045F6917C56EC958A6A6A6431E0D89C0B6AA6D6465F8BD719F84E1913A15C9A3EC5F |
hash_ssdeep | 3072:fpXbsYMYi0tBM6SMJdInuOl6r6ue3wrlo60S3zixVNRpcK0f:xXbsGiGK6SMguOlacw69KQNRpcK0 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Error Reporting |
meta_original_filename | DWWIN |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | dxdiag.exe |
file_path | C:\Windows\system32\dxdiag.exe |
hash_md5 | 547556E6022C3F8814D5C9D59BE746C8 |
hash_sha1 | 0C84994C79118EFEA4E9F6C60090841491E05C2F |
hash_sha256 | D035316F6BDF5009934565079CE30EA49A540492780CA476571C904B18C8518A |
hash_sha384 | 0F9D05101649C5B1A958A4FC9FCA05A653AC354085420A4644D3069847B01AA5490F00C5B7C81B1AA906A7D6BD7F6870 |
hash_sha512 | F75FE41AC3AF2CF38556CE5A7A9BD91E55921EDF921F63EEB0C45276A5D5BC4DD456180D0C67618802CE9545BECA3E6D1943F1AF24C3B615335240A68D35209D |
hash_ssdeep | 6144:Y4ZDzdsA4+M1gjY/zFB/cNSj96KtyhruJhZ26diFkrWKiwHbgJ6fP:E+nYb/hjsKtyhruJ2FkrWKBP |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft DirectX Diagnostic Tool |
meta_original_filename | dxdiag.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Dxpserver.exe |
file_path | C:\Windows\system32\Dxpserver.exe |
hash_md5 | 946396A1872AF9A926F1A38E836E996C |
hash_sha1 | D3F9807599C5BC767F8A3693D2FBE24D3E5B88A5 |
hash_sha256 | 55B7E34965532077A36B9641C9E8D70AEA2AAE40AFE8D53F56E0CC9B5F36A96D |
hash_sha384 | CD32D692DB2F56AF48711C5A21F5E66B9CABE1294EFCF67138084A6CFBBD1F6C46FA7F35FF3EED9BF3E0BF53729A6D38 |
hash_sha512 | 26B661ECE8F0EAAF9561607DF5C7D5E144173A145A1B522E801E4FB62BC98BFBC8B58BA0778280C82809C07AF4674D2BE67CE537AFFA77AD341DE725FA7E29BA |
hash_ssdeep | 6144:rqalQGj6XpSsYeMUg0cejAUbGhXGoAA2YoqNdd:rqqQBXvGtGYhokd |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Device Stage Platform Server |
meta_original_filename | DXPServer.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Eap3Host.exe |
file_path | C:\Windows\system32\Eap3Host.exe |
hash_md5 | 272735F369FCFC4496A6662691DA1D9A |
hash_sha1 | A45FFFBE536F7C6C556FB97F01EC3549C15C6CD6 |
hash_sha256 | 32F8CB599F8C8B15C4371EF30214CB0794B5D0F45CCADC9306026485F7573083 |
hash_sha384 | 5BB0AA841D2A051AD387A37F00B62212ABB374325C91E9BBFE16FD9F617D0312C9A49A6132AFEA5551C42800F0B3A5DF |
hash_sha512 | 9B28863A360291477A5D5806E8DADE149924BD969B948612853FA42C6B15C05529581704DEB12A59B9F4C876FBBA2D32025A47164A776683EF29ECE3612F7427 |
hash_ssdeep | 384:NVRA0oogaIknVoVWGsJLlxRw6okaSWNaW:nooYknVoVelRokaJ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Eap Third Party Surrogate Host |
meta_original_filename | Eap3Host.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | EaseOfAccessDialog.exe |
file_path | C:\Windows\system32\EaseOfAccessDialog.exe |
hash_md5 | 6CF3E7D021A16A86178F840D787F2E4C |
hash_sha1 | 04951BC22A668CAE0A494D525DAAC1F0ED4F1820 |
hash_sha256 | 3FFAE27251606DB5F1D95A667A39CF775B693342C0C17873CC07357AC4B2E64F |
hash_sha384 | E86D9F626207559B019C3710A717E6BF2B90747D7B1D9C0132BE73D2CBE496CFE89C3F5A3CD4F76589FD9B89A9380DF5 |
hash_sha512 | D29D972ED47CD4BE3CF93FFEB99D0CF0ED7BF11E38767B0A474B10C4B94F92BE376F629C11E249C807303E99AFFAAC3C33811E46D4998B07DFA3637F38C3DCAC |
hash_ssdeep | 6144:SZ977j5qOj+jn6uFz2LJGRg4kLNnei36cw:SndiFCdUc |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Ease of Access Dialog Host |
meta_original_filename | EaseOfAccessDialog.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | easinvoker.exe |
file_path | C:\Windows\system32\easinvoker.exe |
hash_md5 | F7C513DF8F3281ACC55ADBABD93B7C31 |
hash_sha1 | 7BB195EBD1AAEDFB7092C0240F8CD2EAF687E4B0 |
hash_sha256 | 6DC05888D8026ACD8EBACDD6A54AD8AD64A49DFD1AF9CB8F360089B8362BD002 |
hash_sha384 | A3340939097D3D5F90C32638918124F1E1ABDDC5AC2494E7DF7FFE67973A65A985E22A051385B8D67D80F857E11BB1D0 |
hash_sha512 | C4315F2FBF18E141DCC01F822367090328FA1972F5AD013A4B77455D731757B2856BD2BE9E108977E6C6AC3F452953F7B5AD2133BF66AB1D4F00E286408331F0 |
hash_ssdeep | 1536:ZW95nI6AueECr3lImy2xXib8wwuY/Y1FaS3r2lCPZF:ZOI6AueECjljy2xXib8wwdY1Fr72oRF |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Exchange ActiveSync Invoker |
meta_original_filename | easinvoker.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | EasPoliciesBrokerHost.exe |
file_path | C:\Windows\system32\EasPoliciesBrokerHost.exe |
hash_md5 | 234553BD86C5A1CEB127D293A9D92683 |
hash_sha1 | 67245181800F72CBD2C80F4EB44AA20D83445A4A |
hash_sha256 | DB68BDA5C181983E9A7CD4A1ACF5C4FADEE5A21F050EDE2E8CAD6F21718C9FBE |
hash_sha384 | BA04DDABC095F341D8F3EE91F4BABB227BA5734A32E9C8565497F0FC7AD50AE2E51794B0E6FBFE3B09430E2C43B37957 |
hash_sha512 | 120FAC900D05AE9F3B273D4D43E4A8DCAB2DBDB4BEFE5CDDE4FD0731B14CB94158AB564D397DD8C4E157FA6655335B8525EF5939F6ACA6ABA6C8D1AC578C136F |
hash_ssdeep | 192:z1Ua5/0LPvIEPv9YelabubslKn88YXQrGQKb91XcKwvjpDKcW6HW:z1Us/0L/O1bcslKl3rbbK8jpDKcW6HW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Exchange Active Sync Policies Broker |
meta_original_filename | EasPoliciesBrokerHost.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | EDPCleanup.exe |
file_path | C:\Windows\system32\EDPCleanup.exe |
hash_md5 | FAE5D9725F3E1BE1214FBD92A190D01A |
hash_sha1 | C5435D02FD80890EFAD84EEA799AC0E6E8C64F06 |
hash_sha256 | 7868D296AF221FCCF8E704A2053F116CE236270634AE2035F61A0976CA4BCF11 |
hash_sha384 | B3A8C90A50240783F3E9CC2BDD5D5A4900DFAB9C5DB232F87D01E1E8219FDEC6253F648411F3DDCC5CDD450F8724B34C |
hash_sha512 | 9E464E6D0DE7500EC3073B24C3B815D88F55CA39B61A5697C95061F8B59DFF08FA5747B09845AAC1CE9D648F03537FBFD45E59C9BF2692AA247CB736230ABA4A |
hash_ssdeep | 3072:/dVdJM7wEENSLdeUYmqHWxxefY9dcZiDwXxiHV51dLg1vb:/dVdCoUVqH0oA9dcZwOxi51dLgl |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | EDP Cleanup |
meta_original_filename | EDPCleanup.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.479 (rs1_release.161110-2025) |
meta_product_version | 10.0.14393.479 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | edpnotify.exe |
file_path | C:\Windows\system32\edpnotify.exe |
hash_md5 | B23E719836D235DE85DE688CBB57511A |
hash_sha1 | 3D198B4F108FA284494C7D9257ED403286372EEF |
hash_sha256 | CB54139B6F0D7F937376665B76540407E4898303276A55A0740C1D8082EE5BF1 |
hash_sha384 | 456D39B51FF5C6B9A8986048791E04746320B2B6AA23CD02DE51E4C0EA38B5F9DBE46079DFC266DD1509515487EE45AA |
hash_sha512 | FA0334BE639B0AACF071B2AA2481A025B8E18A033A1E962B6FC22561B2E54739E4796868EEA89FF2D7BDB0404A11B668176A953D59E34A7CB2E13128610E4D16 |
hash_ssdeep | 768:w9f+ggq0NmeN0NuIw6NiAaupxo2oiMQn5+VecIom0gijQCVmB6hsEIqeBJ:wrg7AxNlZxoO74VeBomndCV9h1Iqc |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Enterpise Data Protection |
meta_original_filename | EdpNotify.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | efsui.exe |
file_path | C:\Windows\system32\efsui.exe |
hash_md5 | 6DFA1BBB4D2F89DC46BACABC83B6AB95 |
hash_sha1 | 9F6277D1AFA76FEC3C85DFBF61E222E27F106C8E |
hash_sha256 | 1106CE6AE6EDFFA752D71F5EFF9FAAB53360CFFC6B224957760FBDC0A7D4FF17 |
hash_sha384 | 0281947DCA5C5B28A34EAA0076C44497A29880CA36B42FD574D1788056FB73E7E1035EA68AF73859CF515818EB2B8644 |
hash_sha512 | 0E8B0F2F1058361109BB559FC8329349186E5E5C08C3B72E7BE97A426C664E38EDE86202582CD7C275A7D5A278883148AC9621B217A03F9CFD3C62F5052B98D2 |
hash_ssdeep | 192:QdPeMqG5HPL9S0mnuHyhaz0IDomlOe9fYoMDB669GbGmDmTpWSsRW:wP1d5NtHyUzXDorlBmG7TpWSsRW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | EFS UI Application |
meta_original_filename | efsui.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | EhStorAuthn.exe |
file_path | C:\Windows\system32\EhStorAuthn.exe |
hash_md5 | 3A8D87E31C85B5F949BF26436D7DD02A |
hash_sha1 | 7025E50ABE866CCF577AD19726E39BB838D8F7F2 |
hash_sha256 | 04A8D05965B6E408BE13D5D1DD1A3BAE139F6A8B2BF01EFE6DE6822147A9CDE2 |
hash_sha384 | 945C1FFEC8D2F95FF9B3EE7855B17BA0951C16051ADF5F0661331AEA388730DFDD76950AFF46BF29F7DEA2011E06CD25 |
hash_sha512 | 0E428D92C73E4CD847B7F4206E48D35CA23FF5B4CE84FF7152E72109F8BDAA6FA2F64B41A9D8AB1292859D5F2A6708AA64B4D2B7777804C4D659D36C6AE51F5F |
hash_ssdeep | 1536:miN4wM7tnzIjFScpLv64BI7NrKxycdDRtqhveomgPHA5kG9mQ7N6wMkNaAYG5n8s:mPtnzWpLvRmGdDRAhvxPxQZDFcZIZ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Enhanced Storage Authentication Program |
meta_original_filename | EhStorAuthn.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | embeddedapplauncher.exe |
file_path | C:\Windows\system32\embeddedapplauncher.exe |
hash_md5 | AFD5EE6B9F8A747C59E3FACD27D9EE33 |
hash_sha1 | D4D691B7FC744E24DD4F1AD7F7DFD86BDD36EB11 |
hash_sha256 | 5B02D716DA8ECE83C4260D6ADF64B73522D6D1192AB82954591DC3096ECE0A0D |
hash_sha384 | 2117B00BE90DEC66C42313A61E39F3CE0100BB21D877B7E726AA25CDDE27098CAD5649646350CA8F57EAAEE02D86AB24 |
hash_sha512 | 67B8362EA22952A1FD1DE339A7A79CF975A6196DB301106F3188AAA2F5B96B89FE8BD1EA999A8E2F1804B57E5EB543D2F145D78E5CF6A6AE2953E0507F836E0E |
hash_ssdeep | 768:VNnFc/FIjSAwIA68rx9GHooYJJwzckZzyB0E5ho71Pm1I:7OG22e2UBN5hkPCI |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Embedded App Launcher |
meta_original_filename | EmbeddedAppLauncher.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | EmbeddedAppLauncherConfig.exe |
file_path | C:\Windows\system32\EmbeddedAppLauncherConfig.exe |
hash_md5 | 586054DE183F14002BA454848B3379C9 |
hash_sha1 | 7738DEBE60A11EE5D8DABC154E542A917812CCD8 |
hash_sha256 | EC9749889ECD9F62A46740B022683172A88C736515A89DA3793820EC084288AC |
hash_sha384 | FC1228303B0032195D5C923E399AEC0928B2A6649DD7C1F6990D78F84ED780A44D15154224BBC44E35ED68EE5A63CF5A |
hash_sha512 | 19DD95FE292F7C199975F120DA6A064318072CD81B87169C686772C73CA62491EFB051A60F9286C38C160F50666C10415DE98BCE6970F5C8C39261FED6B529FE |
hash_ssdeep | 768:Y3Qswq/TISwkYZqVYhHzn3AmFOFbL1PvMoBLoF:HswqsyBOhz3KFbhPvL2F |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Embedded App Launcher config |
meta_original_filename | EmbeddedAppLauncherConfig.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | SLCONFIG: ExePassThrough==> SLCONFIG: invalid parameter, can only use /generalize, /specialize SLCONFIG: ExePassThrough<== |
key | value |
---|---|
file_name | escUnattend.exe |
file_path | C:\Windows\system32\escUnattend.exe |
hash_md5 | C214508E8CBD209D971284159DC36EF0 |
hash_sha1 | 676249B6BD418BEC62C31819622CF85012506F9A |
hash_sha256 | 8683E1A4B7A52DFA6B6EDCA8E16FD5B81667FD7F3F4D18F687759DBA6A7FA40F |
hash_sha384 | AC2E99A2DBFDC14C735DEE5474C7120871F9B6010609FA36FC75C02E06BE47933151AC33FD2BD7B27297DD91BEC40536 |
hash_sha512 | D413DC83250533F5C794D6027C2711B9B92866D618FC9083E609D278810058741D556039FAB78E97B2D13F6EBECB608D9F53935CDAD4024F08EF7358176571B5 |
hash_ssdeep | 1536:YmJfn5EV1YFxso5nJGz09tXQiIWzHrQFm/mwna/LkCNDb:YKXbgHFCa/LkUDb |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | IE ESC 7.0 Unattended Install Utility |
meta_original_filename | ESCUNATTEND.EXE |
meta_product_name | Internet Explorer |
meta_company_name | Microsoft Corporation |
meta_file_version | 11.00.14393.0 (rs1_release.160715-1616) |
meta_product_version | 11.00.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | rundll32.exe |
key | value |
---|---|
file_name | esentutl.exe |
file_path | C:\Windows\system32\esentutl.exe |
hash_md5 | D4CD32ECE6D3DC2F2B32A45F828078DE |
hash_sha1 | 3FCF5E1BEB126A3EF8E0C1C2DAEBA18DB3554A98 |
hash_sha256 | 6363FBBDB2E8AA68E11D12CF20EE008A86517D93BA155B1A32B5DC9A7AF61876 |
hash_sha384 | AEAF14AC9AF593695E901839D8C500F2D7FF232674C2618B774B886693493293675C50D7039B5CDEC7334F6082CE8115 |
hash_sha512 | 8F5EC082873369D4C9CD46F63676EFACDB2A0C720A9E542986003E4F8179DD673BD04F02E52F964ED64A8C7E99374FAC582B314690D934DFAA1588845A07AD9C |
hash_ssdeep | 6144:Y4BpxWW2iWcKTBxdw8zbYsqplR2JduRFWG0KI3RVY2:xnxWW29FwMbyplR2dumG07hV |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Extensible Storage Engine Utilities for Microsoft(R) Windows(R) |
meta_original_filename | esentutl.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2999 (rs1_release_inmarket.190520-1518) |
meta_product_version | 10.0.14393.2999 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | conhost.exe |
key | value |
---|---|
file_name | eudcedit.exe |
file_path | C:\Windows\system32\eudcedit.exe |
hash_md5 | BE25BBC85EB503BF8128ADAD7D971A61 |
hash_sha1 | 60364017E91E5992769343CD48EAF5491C1A908F |
hash_sha256 | A3D0B2683FF84CFB46650A67D50E1794C6CF3DCD0CD6CE1B974595F61CCCBD6B |
hash_sha384 | 47DBA09C81B3F802A0B163FBCD83BF57FD0E3AB503E4B8664DEA6770C947BA86310941C59A8EDF7A296D4F24B13230A0 |
hash_sha512 | 424D42ABA6586FDD4354E6DD384E7905514E15EED233EF41E86C08191FCD6C39FF97D46FF35BD22A8307D1E49642F6F284AB3483049F6309208887C5E63B69FF |
hash_ssdeep | 6144:J7wfr3En31gvKzIjhAuymPgpwl4TWxx5tY0Fo+1PZSqtYV:Zwj3EnFu8pwKOx5+u13tY |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Private Character Editor |
meta_original_filename | EUDCEDIT.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | eventcreate.exe |
file_path | C:\Windows\system32\eventcreate.exe |
hash_md5 | 1EDA7FDF4B09E1582A7DAC5FEFFE0894 |
hash_sha1 | 9F442376B6ED94DA2DCB47F1B851153488D0B909 |
hash_sha256 | AD90D99135B3E443F3DEEA5B40199CE5B83CCB0964FD9AC3F11B9224766ED7BA |
hash_sha384 | A18DAA92750CE6469B345A7E40C70D450240335D3E612F1F6D7541E88CB24D04EDF902057AE685E34BFE1BE54F50981A |
hash_sha512 | 31F345ADEF864E8DB02439CE8191DE06EA924FAD6F3CA040593A9F6275D40D8E758B320C3DC2542A5E5B6C5F911F4A0E0E8AD5B7BE65604872D54BC755BB86D4 |
hash_ssdeep | 768:9I2semKXr+5bjQNAWDnm8pKNtO3VcItPTxlCXHYQNt0y3SJXaT1oA:W2bnrFnpFTP6HYQN6oS5aBoA |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Event Create - Creates a custom event in an event log |
meta_original_filename | evcreate.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
EVENTCREATE [/S system [/U username [/P [password]]]] /ID eventid [/L logname] [/SO srcname] /T type /D description Description: This command line tool enables an administrator to create a custom event ID and message in a specified event log. Parameter List: /S system Specifies the remote system to connect to. /U [domain]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /L logname Specifies the event log to create an event in. /T type Specifies the type of event to create. Valid types: SUCCESS, ERROR, WARNING, INFORMATION. /SO source Specifies the source to use for the event (if not specified, source will default to 'eventcreate'). A valid source can be any string and should represent the application or component that is generating the event. /ID id Specifies the event ID for the event. A valid custom message ID is in the range of 1 - 1000. /D description Specifies the description text for the new event. /? Displays this help message. Examples: EVENTCREATE /T ERROR /ID 1000 /L APPLICATION /D "My custom error event for the application log" EVENTCREATE /T ERROR /ID 999 /L APPLICATION /SO WinWord /D "Winword event 999 happened due to low diskspace" EVENTCREATE /S system /T ERROR /ID 100 /L APPLICATION /D "Custom job failed to install" EVENTCREATE /S system /U user /P password /ID 1 /T ERROR /L APPLICATION /D "User access failed due to invalid user credentials" |
error | ERROR: Invalid argument/option - '-help'. Type "EVENTCREATE /?" for usage. |
key | value |
---|---|
file_name | eventvwr.exe |
file_path | C:\Windows\system32\eventvwr.exe |
hash_md5 | 16DF74906C84D249F47C3709F47DF6C3 |
hash_sha1 | 59261042EC9AC6995A074C164782559C48E1BCB2 |
hash_sha256 | 1501986365AE248C8E4998ECADD52F44ACF9E31D05FA10B0C324DC12D4A5C07E |
hash_sha384 | C4A2FD7E1BFC2D8C16C21BDD84C22F5FAABCCEB7EFFE20AD3FD9FA30A84DE95CC42A1F5E5033CB8A9B00F4D798AB791E |
hash_sha512 | C890DACC11422B9EA28C76A42D4E7506C6C1C2CDFF22FA8B76E8527D40E4BAB3FE01131FDBA34E8D73CCE9E326C3F7BA3A34340AA5C2ED4C670EF40F68213EAE |
hash_ssdeep | 1536:8T4XMjSj5IMfoJUhSU6nPlTggJ2oj71BgR/Vp8dY14:88Z3lhzslTZJ9j7Heb8C14 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Event Viewer Snapin Launcher |
meta_original_filename | eventvwr.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | mmc.exe |
key | value |
---|---|
file_name | expand.exe |
file_path | C:\Windows\system32\expand.exe |
hash_md5 | 700328EA375572AA173E72932AAC389E |
hash_sha1 | 068EA7377D30066A4340F9F7525C56B32F7AA202 |
hash_sha256 | 83EA7A5C7634EEA15F4460417658120E1B2FC2C706B0D3468231FD47266086FC |
hash_sha384 | CD8103889FC4597313F764538B665C88FAA138ACEFB64C431D9075A49E212376C244061D21C447D3E802F2807A07E1A7 |
hash_sha512 | 31F03FF8F42F3719BE40EA48B3A68E3D1979A492236C346FC2D8C324F07647AE67E9631799ACDD93E0B3AB4DF8F1C3013E14281DA26B6DE5103EE09EF9ECE146 |
hash_ssdeep | 1536:zXf4VOsHS2ENfKm1TFcdK5fHuYHwrBDn:TQHSHNH1TyeuJn |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | LZ Expansion Utility |
meta_original_filename | expand |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 5.00 (rs1_release.160715-1616) |
meta_product_version | 5.00 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Microsoft (R) File Expansion Utility Copyright (c) Microsoft Corporation. All rights reserved. No destination specified for: help. |
key | value |
---|---|
file_name | extrac32.exe |
file_path | C:\Windows\system32\extrac32.exe |
hash_md5 | 052CB6F7404214AD775D74324E756053 |
hash_sha1 | F2A15B3A070B3DF2A2C4ADEF2FD60086BB52B6DF |
hash_sha256 | 2B44ACF71844632F2F24A622EE152AF553AEA63B12A42BB90095111AE13C6913 |
hash_sha384 | 5D48FFCAA2ABCB54454E15234F73F0D93E8500FFF4387FDE4E0E34AA1D5D8F587FA1850C4F0EEF02AA82E232F8754FF0 |
hash_sha512 | 0C6EE7FBBAAD15EE3EE8DB2AF2AF7962E318187E0279304C0C5445E80C3F14A785DA09CBFE67C2D2E6CEA5589D446B5A5571E7084A9B26CEE65096D209CC92D1 |
hash_ssdeep | 768:yQHk2EjPHGCTK4dhdYHvH9XFoDxeaPGoZw2YJ9cDH:HmHGCXKHvH9XFexeqG3JJ9cDH |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft CAB File Extract Utility |
meta_original_filename | extrac32.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 5.00 (rs1_release.160715-1616) |
meta_product_version | 5.00 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Microsoft (R) Cabinet Extraction Tool Copyright (c) Microsoft Corporation. All rights reserved.. EXTRACT [/Y] [/A] [/D | /E] [/L dir] cabinet [filename ...] EXTRACT [/Y] source [newname] EXTRACT [/Y] /C source destination cabinet - Cabinet file (contains two or more files). filename - Name of the file to extract from the cabinet. Wild cards and multiple filenames (separated by blanks) may be used. source - Compressed file (a cabinet with only one file). newname - New filename to give the extracted file. If not supplied, the original name is used. /A Process ALL cabinets. Follows cabinet chain starting in first cabinet mentioned. /C Copy source file to destination (to copy from DMF disks). /D Display cabinet directory (use with filename to avoid extract). /E Extract (use instead of . to extract all files). /L dir Location to place extracted files (default is current directory). /Y Do not prompt before overwriting an existing file. |
key | value |
---|---|
file_name | fc.exe |
file_path | C:\Windows\system32\fc.exe |
hash_md5 | 4F9FD9C32055BD713F974DF655A1A834 |
hash_sha1 | B7DE142BDCF56551C4FA0F20AEF96428F4BEBD45 |
hash_sha256 | FD9E665C2CB62778A6E7AB2C9F3B78700F8C6E16B0555E3AE1E73F3996A23F07 |
hash_sha384 | 865923343CE0D0633B490D8DA7AF913D6101EEBD7335F78F880084F9BC8490C23A9470BA31FE759ECAB0941793C64777 |
hash_sha512 | A2B5BA13D42EC3FCB28BAE9EEC38AF857EA9D5131C186C50996F00028E394E6F78A94B658617EE11ACA7D03FEFE342315447CE3169A32BFA4C5A4D15B6E5BD13 |
hash_ssdeep | 384:uuZasabyl+bHLdPGNu59VpoVfO5HyfTC9A8ih8eWrqYW:nasa+l+l2u59oVkyLCFrq |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | DOS 5 File Compare Utility |
meta_original_filename | FC.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Compares two files or sets of files and displays the differences between them FC [/A] [/C] [/L] [/LBn] [/N] [/OFF[LINE]] [/T] [/U] [/W] [/nnnn] [drive1:][path1]filename1 [drive2:][path2]filename2 FC /B [drive1:][path1]filename1 [drive2:][path2]filename2 /A Displays only first and last lines for each set of differences. /B Performs a binary comparison. /C Disregards the case of letters. /L Compares files as ASCII text. /LBn Sets the maximum consecutive mismatches to the specified number of lines. /N Displays the line numbers on an ASCII comparison. /OFF[LINE] Do not skip files with offline attribute set. /T Does not expand tabs to spaces. /U Compare files as UNICODE text files. /W Compresses white space (tabs and spaces) for comparison. /nnnn Specifies the number of consecutive lines that must match after a mismatch. [drive1:][path1]filename1 Specifies the first file or set of files to compare. [drive2:][path2]filename2 Specifies the second file or set of files to compare. |
error | FC: Insufficient number of file specifications |
key | value |
---|---|
file_name | find.exe |
file_path | C:\Windows\system32\find.exe |
hash_md5 | 1E16116CCE7317C0E87559DA23A4EAD3 |
hash_sha1 | 5A27FC19C8D3650727766805E322923E9368D308 |
hash_sha256 | 40C0EC6D7371D316BC1F0ABE80D0236F613C9FB88DCE2D9B5D5FD4A1A59E8B49 |
hash_sha384 | 312B46906A6018EB473174ED861730201D14A5DDEA772A85563FF70B04339F47EF2E368301C1610CE84772D604DE9CCB |
hash_sha512 | B208C44FC04033B7012D9B553DB244DC3B052E7166B36AA438324471FDD11FAC46CB310B4AD21D16B3F17141A3CBD18C1964EB95E39AECA6D2CB38EEDB73ED96 |
hash_ssdeep | 384:RCWraD3RofPNirga9u0ODAa7geWFLW9IWf:R9GFofVFNCa7gem2l |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Find String (grep) Utility |
meta_original_filename | FIND.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Searches for a text string in a file or files. FIND [/V] [/C] [/N] [/I] [/OFF[LINE]] "string" [[drive:][path]filename[ ...]] /V Displays all lines NOT containing the specified string. /C Displays only the count of lines containing the string. /N Displays line numbers with the displayed lines. /I Ignores the case of characters when searching for the string. /OFF[LINE] Do not skip files with offline attribute set. "string" Specifies the text string to find. [drive:][path]filename Specifies a file or files to search. If a path is not specified, FIND searches the text typed at the prompt or piped from another command. |
error | FIND: Parameter format not correct |
key | value |
---|---|
file_name | findstr.exe |
file_path | C:\Windows\system32\findstr.exe |
hash_md5 | 15B171EC73E7B71F4EBB4247E716271E |
hash_sha1 | C6F01014D0CDCE1D77FC8C2F79447C28D8B8C9AD |
hash_sha256 | 2956F7BC863498DFCC868CE7DF4C9C131A4A5C17B065658456AFEF7566ACE1EE |
hash_sha384 | 262436CD83B35800766C12218A17C397112BB58EC405370867BD7D75E1C79AFD57829C73B3C875B7C3C352D0F9E68A1D |
hash_sha512 | 0CB3F8B77C4CA0AA972A3D46D5C85200C09EFEF454100A4FBC5A3D751483C30F4C32437537387C6F036F81E7D237950C9AD60D4B296A7D119C5C256D21424271 |
hash_ssdeep | 768:fkwYjv0u6An0gwwAX4AwXu3CAXtIcTgVGe1GUR+jKR0TqS92IINKdR:fcbI20gtcXhXtIc8VkURV2TqSAIIodR |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Find String (QGREP) Utility |
meta_original_filename | FINDSTR.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Searches for strings in files. FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file] [/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]] strings [[drive:][path]filename[ ...]] /B Matches pattern if at the beginning of a line. /E Matches pattern if at the end of a line. /L Uses search strings literally. /R Uses search strings as regular expressions. /S Searches for matching files in the current directory and all subdirectories. /I Specifies that the search is not to be case-sensitive. /X Prints lines that match exactly. /V Prints only lines that do not contain a match. /N Prints the line number before each line that matches. /M Prints only the filename if a file contains a match. /O Prints character offset before each matching line. /P Skip files with non-printable characters. /OFF[LINE] Do not skip files with offline attribute set. /A:attr Specifies color attribute with two hex digits. See "color /?" /F:file Reads file list from the specified file(/ stands for console). /C:string Uses specified string as a literal search string. /G:file Gets search strings from the specified file(/ stands for console). /D:dir Search a semicolon delimited list of directories strings Text to be searched for. [drive:][path]filename Specifies a file or files to search. Use spaces to separate multiple search strings unless the argument is prefixed with /C. For example, 'FINDSTR "hello there" x.y' searches for "hello" or "there" in file x.y. 'FINDSTR /C:"hello there" x.y' searches for "hello there" in file x.y. Regular expression quick reference: . Wildcard: any character * Repeat: zero or more occurrences of previous character or class ^ Line position: beginning of line $ Line position: end of line [class] Character class: any one character in set [^class] Inverse class: any one character not in set [x-y] Range: any characters within the specified range \x Escape: literal use of metacharacter x <xyz Word position: beginning of word xyz> Word position: end of word For full information on FINDSTR regular expressions refer to the online Command Reference. |
error | FINDSTR: /h ignored FINDSTR: Bad command line |
children | conhost.exe |
key | value |
---|---|
file_name | finger.exe |
file_path | C:\Windows\system32\finger.exe |
hash_md5 | FF95B2B128EB6B0BDDDF39CD05C78A0F |
hash_sha1 | EA35E56DD787C90E4BAD3DAE3DFD621E6188575C |
hash_sha256 | DF1AE05C349A5C4E9D3187D0D85BD6172FB131BD5B826A1FFC947DB9A09F3DCF |
hash_sha384 | 037AC29CFF65182A3B83F056C01546BFC4A2E3CF2EB2CAECD05A481CA5CEFBB1BBB42A45F5DA3DB7EEFA6B0C782F7FB0 |
hash_sha512 | 0D0B205294C9A79F58C83A870CE32E4EAAB020B3B0726559C01FD6EC16B5D41629C3B2F621570D4ED0320BB7129613A48FFA01F2B8EE959D3530FA4C8EDB9F97 |
hash_ssdeep | 192:EwdcloBqMc+SDPhpT+qcXxmYFrurHF6h+YGkEYou3OD8r1oyW20W:Ewdcl6qM2tJKxmyru8eu3+0W20W |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | TCPIP Finger Command |
meta_original_filename | finger.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
error |
Displays information about a user on a specified system running the Finger service. Output varies based on the remote system. FINGER [-l] [user]@host [...] -l Displays information in long list format. user Specifies the user you want information about. Omit the user parameter to display information about all users on the specifed host. @host Specifies the server on the remote system whose users you want information about. |
output |
[default-pc] |
children | conhost.exe |
key | value |
---|---|
file_name | fixmapi.exe |
file_path | C:\Windows\system32\fixmapi.exe |
hash_md5 | E7E5FEE8B81D38D56BB8AA2057D98948 |
hash_sha1 | 40F14501D11E6FCFAB4F50E40E7E2353D0D6764A |
hash_sha256 | 51A468C99DE946A0FDDA997AEE7D49C330A7EF531BD44F6BDC5BEF5361501FAD |
hash_sha384 | 2E84694BDBEA60E0E4B6D42E7338221340F2BA4A769CB51853D0908C29494EF77BE036394A2B1A2044A2DF166DDED81C |
hash_sha512 | EDAE19FDC50319EA0D8BED022AB1E3120ECB1222A71A41DB3DEFF4979DD7F000F04AF946568BC845C5BCF688D03026607E08972E1734FEFB96C62F97C8D0252C |
hash_ssdeep | 384:fqOs9U8XIy7lyHDNjjGgHUekDxmH2VO1znEpGarlfHM4W6nWe:g6rHDNjXHdke0OGcaR/M4 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | FIXMAPI 1.0 MAPI Repair Tool |
meta_original_filename | FIXMAPI.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | fltMC.exe |
file_path | C:\Windows\system32\fltMC.exe |
hash_md5 | C1FB634109DF6A3E5BB58E09ED31A150 |
hash_sha1 | AB05EA4E491945D606A9FED9BF65371CE7E1F1CD |
hash_sha256 | AECB882985F84A7531A27CF401BF86DBEC9191FDF6993C1317F35BEB1E32EA94 |
hash_sha384 | 9CC6C40E56A141AFD05B363159E6CD19B6AC4AD68A6194BB3A748BED1F43F0D16CB13B5054EB42DD0619AFBC5CD5DBF9 |
hash_sha512 | EFD02F8CC732A6FAF0F4778906D5B4CE78459B28A0DB7ED37E8CCA1AD76FBB8651BC9BD52B08BF446BB617D17BDD6BD94E21FF964D29BE81B741568338C55D55 |
hash_ssdeep | 384:woaKAz7gaDjjlbhSsFz3KO91P43Qp3blz9vKsc8e4NdP7SmIdUGsNJdWH9W:woO7g8jjRhT3KOPKQNbNb7B7SGNJy |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Filter Manager Control Program |
meta_original_filename | fltMC.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
** Invalid command Valid commands: load Loads a Filter driver unload Unloads a Filter driver filters Lists the Filters currently registered in the system instances Lists the Instances for a Filter or Volume currently registered in the system volumes Lists all volumes/RDRs in the system attach Creates a Filter Instance to a Volume detach Removes a Filter Instance from a Volume Use fltmc help [ command ] for help on a specific command |
key | value |
---|---|
file_name | fodhelper.exe |
file_path | C:\Windows\system32\fodhelper.exe |
hash_md5 | 4679A1966AABBF229FEC12E3D7A323BD |
hash_sha1 | 118DEB6CCC9C61043858AF8D7CD304EF1830A860 |
hash_sha256 | 4346962B31D93DD4E8B5164E6167BB030FC0CA7C77EC0BB6AB798A1E8CD9488E |
hash_sha384 | D089125BC7C3163DE000C7184B7C3C01EBB3A41C82CD5A0E64EC25FFE0703A47D025B46ABE91C6379A3E4490B6E47D07 |
hash_sha512 | B24AA37FBF9FE3FECA838BB9389A2B1FD3873E27C9D4A378509C9C40E73DD0475EDA8C4E420FFDD41768ECD3D1C8118519D63E12D66A15A95003D3629E30E323 |
hash_ssdeep | 768:Mvj4V4fDopm6nh9b/wnbuqLI+2d+czaMl/+X17GS7Nrj0ppJPG8a:k4V2yL1qLIVdrBQXpGS9j+PG5 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Features On Demand Helper |
meta_original_filename | FodHelper.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Fondue.exe |
file_path | C:\Windows\system32\Fondue.exe |
hash_md5 | F995D2EF9220F33C260425DB39ED05A3 |
hash_sha1 | E52B96C6263BE61D632E87861F052B6DABE392BF |
hash_sha256 | 29A612CAA964CE61D8FFBC2951EC2C1A401AB775C1883782AD83FDE8CFA19DE6 |
hash_sha384 | F6B38EB1BE00D6E4D408CDB2C25C104CB54501206FB12446487A22B7833ACE6494BAC08EC8B34DAF9098ABDFC879583A |
hash_sha512 | CC630797C013E368CFAB47DB1D643D10E8590F69B09AFB4748D4A1B06F00858231AE41B6F39F81DAB17131311E136114A1E39127B1C9F17298AA7FFB9297A5C4 |
hash_ssdeep | 3072:s4H1bKbEaznWfH22ZsuX2xKwMPTnaSrIrvDi:sobMznWjZnXeKwMLnaqY |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Features on Demand UX |
meta_original_filename | Fondue.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | fontdrvhost.exe |
file_path | C:\Windows\system32\fontdrvhost.exe |
hash_md5 | 208E3D2200E14B480126DBAA08D341A6 |
hash_sha1 | 4D460CD08289E1D11B587D76659090EB0714987E |
hash_sha256 | E58A0460B0C64FF8DE25653BAA81C33623856E932B85A3DCA0E3ABC81DD94B61 |
hash_sha384 | F1522A3A1E191AC98FD849A822733F9AD82D82E1C8805541EEC9A50660089353B91C272221B4B622A192959F2B724EB1 |
hash_sha512 | 02B0574207F5807F976D2E01A9440826BF417ABBE2BFA32AB68DA6E83F67E68A62A2954530F9FD5D678D5F2C0E4DF9AA7A162A1DAEB09475DA3603E4893D1BFA |
hash_ssdeep | 12288:yIAvE6t7s+68DI59wtUOYUY1GHYMK/SCGhqRd3uIXTJJ0zOAhpmkcY:ylvE65ns9wtNYHoKlG4uIXTepmkcY |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Usermode Font Driver Host |
meta_original_filename | fontdrvhost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3686 (rs1_release.200504-1524) |
meta_product_version | 10.0.14393.3686 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | fontview.exe |
file_path | C:\Windows\system32\fontview.exe |
hash_md5 | 5C122031AF7A1DB1A7172B83A220B411 |
hash_sha1 | 6A963FB24B91A00CFF0D96D5A7AA142ED8A4D97D |
hash_sha256 | D28FBEDC5DF62C2CCAF452F596DC750FBE3A706463E686428ED036E8471544FB |
hash_sha384 | 6F68E97B2FF239832D04A7D9B03B1ABE47E39A3CE664ED8B7D6FA87D9C80A871223B9047A05C1B39D5D9D5794241C617 |
hash_sha512 | 585225919D16DBFF50E7FE6EE4AB26301184A5D0DD9CC6AF7330639654813AE69AC68AEE4214760BB5649E15DC0271B7965C258E72A0EF58AA2426FA98603472 |
hash_ssdeep | 3072:ogsI3cRyfNJjWRkOtHxtt3EOL2QvIsitSYVF:NsY9DWRRZzqGY |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Font Viewer |
meta_original_filename | FONTVIEW.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | forfiles.exe |
file_path | C:\Windows\system32\forfiles.exe |
hash_md5 | C1597D16DF61070172BFC283C4F3EC82 |
hash_sha1 | 83DA939493AE1C44FC0DEE93DD5B8E095AB0C441 |
hash_sha256 | 5B2BA93B56D9DA593CBD896FD153414BF6C2C301F5FB034974D1504FA087B955 |
hash_sha384 | 9AB8F605385530FE87FD86E7E374C0FBEAAC22C47AAAFAEDD44C3B15ADCAE1824C9BFFCBDA314F9A3CE53046C27794C3 |
hash_sha512 | A16A4BE24D47F5CD59B7F8CA388543632DB1B8DE45D5AF53F5AD1D20F3BA2B91BEE45CB85E7CD9F233DF5E388EFFEE1CDC46AAD4A17433DE1F59D3AD0A80DB3D |
hash_ssdeep | 1536:3JfxGF15zZseSwsR13mI3SRNok+t6ZVxypHO0:z+1JZseSwsR1RSs0VxypH |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | ForFiles - Executes a command on selected files |
meta_original_filename | forfiles.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
FORFILES [/P pathname] [/M searchmask] [/S] [/C command] [/D [+ | -] {MM/dd/yyyy | dd}] Description: Selects a file (or set of files) and executes a command on that file. This is helpful for batch jobs. Parameter List: /P pathname Indicates the path to start searching. The default folder is the current working directory (.). /M searchmask Searches files according to a searchmask. The default searchmask is '' . /S Instructs forfiles to recurse into subdirectories. Like "DIR /S". /C command Indicates the command to execute for each file. Command strings should be wrapped in double quotes. The default command is "cmd /c echo @file". The following variables can be used in the command string: @file - returns the name of the file. @fname - returns the file name without extension. @ext - returns only the extension of the file. @path - returns the full path of the file. @relpath - returns the relative path of the file. @isdir - returns "TRUE" if a file type is a directory, and "FALSE" for files. @fsize - returns the size of the file in bytes. @fdate - returns the last modified date of the file. @ftime - returns the last modified time of the file. To include special characters in the command line, use the hexadecimal code for the character in 0xHH format (ex. 0x09 for tab). Internal CMD.exe commands should be preceded with "cmd /c". /D date Selects files with a last modified date greater than or equal to (+), or less than or equal to (-), the specified date using the "MM/dd/yyyy" format; or selects files with a last modified date greater than or equal to (+) the current date plus "dd" days, or less than or equal to (-) the current date minus "dd" days. A valid "dd" number of days can be any number in the range of 0 - 32768. "+" is taken as default sign if not specified. /? Displays this help message. Examples: FORFILES /? FORFILES FORFILES /P C:\WINDOWS /S /M DNS.* FORFILES /S /M *.txt /C "cmd /c type @file | more" FORFILES /P C:\ /S /M *.bat FORFILES /D -30 /M *.exe /C "cmd /c echo @path 0x09 was changed 30 days ago" FORFILES /D 01/01/2001 /C "cmd /c echo @fname is new since Jan 1st 2001" FORFILES /D +6/4/2020 /C "cmd /c echo @fname is new today" FORFILES /M *.exe /D +1 FORFILES /S /M *.doc /C "cmd /c echo @fsize" FORFILES /M *.txt /C "cmd /c if @isdir==FALSE notepad.exe @file" |
error | ERROR: Invalid argument/option - '-help'. Type "FORFILES /?" for usage. |
key | value |
---|---|
file_name | fsavailux.exe |
file_path | C:\Windows\system32\fsavailux.exe |
hash_md5 | D2B27CA999836FB40CC853504F307676 |
hash_sha1 | C18C145185A608E670D14A2AABAE869471406B2F |
hash_sha256 | 4BAA1260926EAC745F874D9A1E6070A37DBF22A741034C429DF42C41DE5E703A |
hash_sha384 | 31FBF02AFF31CB543E5812CED2E2EC4A9C8A27CE75C9E50E4ECC2661B4404D5E141767B6E9EB4A13BDD6EF98A052DD83 |
hash_sha512 | 4E4E25CF20F6A66744B65760CF139B6C9BEEBA39D770DD7E2DE71B68DEB9E3D41AC27AFAC9AC63E127A9014F39DF50206E5E2F43522E95C69E2FB3B72FD6D52F |
hash_ssdeep | 384:TWM7340MBGm9+XszPzQGi0vMbShA+FbK5WgVWW:z73ASgrjhAAbK9 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft\fsavailux |
meta_original_filename | fsavailux.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | fsquirt.exe |
file_path | C:\Windows\system32\fsquirt.exe |
hash_md5 | 78D460CCDA4D36835579CD33BD9B9908 |
hash_sha1 | B5865CDC2BA3C0D329953AD02A7811FEEFA1EB62 |
hash_sha256 | E967007DA2930D50DEEAF7CA9595485701B11EE9AAD31CC9C4A3116791055BD6 |
hash_sha384 | 682899439F56C89EF6CAED8766049421348D1098E8328BE2D7C0EA1F79D6333547BED0096BB040B4C10095641FD23DC2 |
hash_sha512 | 124F19D018AB90D8AE4FA2D5F2B9EAF48DBBCD01399CB81E605D031536B7BD5C9A72CF72EE1F8C5AAB40D44DB2AF5C404B03CE233220E6228F5A944CC2FEE5F5 |
hash_ssdeep | 3072:MIOhjFOv5BW1asOO4V1BWyQNq+FbFveIkcUKh:9SAQ1NO3hQN9FbFvv |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_original_filename | fsquirt.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | fsutil.exe |
file_path | C:\Windows\system32\fsutil.exe |
hash_md5 | F0098B57C5A1C572EDBA78CECECC8155 |
hash_sha1 | 9FA9BD1C352431F7107558631D93EC86B5B6AE9D |
hash_sha256 | 66A36EFFC1CCAC37A95ED1D268C1E5F92F47707F8E0C8039C2BD8C954C5F4100 |
hash_sha384 | 07741A5D78430CDDD4CB7F6D08EF7EB9EE6803C71B95C2CF6A907B540816BC75B65616BDE99A76374F279EBF5FB2AEE9 |
hash_sha512 | FB0DF12C196B3A54BC53D5508B340A3FB0E684F3765E864B4B6461664AB946CA07A068BD3844391B965E1094458F3BBC58AAF3ECE9CB30ED39FE5A876637C0CF |
hash_ssdeep | 3072:eXpIYba961G6dorepBHV8Vq9CIIVT808tJgDJnVy6Y15+mBt7PlGjbTNyJLNcYBe:eCYba961G6dorepBHV8Vq9CIIVT808tN |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | fsutil.exe |
meta_original_filename | fsutil.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | -help is an invalid parameter. ---- Commands Supported ---- 8dot3name 8dot3name management behavior Control file system behavior dirty Manage volume dirty bit file File specific commands fsinfo File system information hardlink Hardlink management objectid Object ID management quota Quota management repair Self healing management reparsepoint Reparse point management resource Transactional Resource Manager management sparse Sparse file control tiering Storage tiering property management transaction Transaction management usn USN management volume Volume management wim Transparent wim hosting management |
key | value |
---|---|
file_name | ftp.exe |
file_path | C:\Windows\system32\ftp.exe |
hash_md5 | 8409563436FF19C2446FB43F4A4E2BD8 |
hash_sha1 | 089D7DED75D46350C8277A06777F3EB3AC870E25 |
hash_sha256 | 4D30F463695D25CE3AAF9C51E9B7BE4823FBB79B6E31847DEB2BA1111755B2D6 |
hash_sha384 | 5D7510D6E1F531764E38D061FD90BDFFD6A72F86EE46FB2CCFFEF99A4E3D64DDB3E29889D7A967C4F476AED62182B8A7 |
hash_sha512 | 60768843E9B62D09F32FB831251D1548EE9112D15ED9CDA377D845B5A37A4225C10D493B585D8B74F3061F236469739A5FBC36F8EA94522C1B5B2DAA8FD23002 |
hash_ssdeep | 768:a4pERzH1GacDuC58ggyVWwP1LDq9euFkWlJsnfk7pqe0t1KCJZSVuQqpwT4Bu9T:lpUKJ5TzrdQB2Ht1ZSV/44 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | File Transfer Program |
meta_original_filename | ftp.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
error |
Transfers files to and from a computer running an FTP server service (sometimes called a daemon). Ftp can be used interactively. FTP [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-A] [-x:sendbuffer] [-r:recvbuffer] [-b:asyncbuffers] [-w:windowsize] [host] -v Suppresses display of remote server responses. -n Suppresses auto-login upon initial connection. -i Turns off interactive prompting during multiple file transfers. -d Enables debugging. -g Disables filename globbing (see GLOB command). -s:filename Specifies a text file containing FTP commands; the commands will automatically run after FTP starts. -a Use any local interface when binding data connection. -A login as anonymous. -x:send sockbuf Overrides the default SO_SNDBUF size of 8192. -r:recv sockbuf Overrides the default SO_RCVBUF size of 8192. -b:async count Overrides the default async count of 3 -w:windowsize Overrides the default transfer buffer size of 65535. host Specifies the host name or IP address of the remote host to connect to. Notes: - mget and mput commands take y/n/q for yes/no/quit. - Use Control-C to abort commands. |
children | conhost.exe |
key | value |
---|---|
file_name | GameBarPresenceWriter.exe |
file_path | C:\Windows\system32\GameBarPresenceWriter.exe |
hash_md5 | 583F959FF2A8D9F9B73E8508AC48ABCF |
hash_sha1 | 0904BC0F0A2688DD6DF44CEF747B7CAEC0175AD2 |
hash_sha256 | 505280C8EFE3F358F80CED74C1558A132CE85BF2337B0CCC09A47B2C9E9A7EEC |
hash_sha384 | 03FF26ED72C89AD35204787CA3B76EC3F345383D64EAD45183CA05FFCD71100CE026BE2FE809C2F4CF501E261AB8190B |
hash_sha512 | 9C7E07D266F0B62A4DAB7C4DCBF48B10EB91D6689F1DA18CD4A020DB2027141FE7B5FCDDA58CE6564A541E34D0CC43E910A719D99BCA99C79ECECD624D83F731 |
hash_ssdeep | 3072:gWba1t9ZdZqJhf/vFrfyT8kSXiXpEVBuf:gWm1chNjykkpmBu |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Gamebar Presence Writer |
meta_original_filename | GamebarPresenceWriter.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2608 (rs1_release.181024-1742) |
meta_product_version | 10.0.14393.2608 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | GamePanel.exe |
file_path | C:\Windows\system32\GamePanel.exe |
hash_md5 | FAD9B5F8BE5D0D098994579016A213E9 |
hash_sha1 | A987E5C2DE41324078E9B379C32E180A7D9A3AFC |
hash_sha256 | F5E3CC2D6B9AD529FAFC3F1F57230036AF5F5933ED4D72EC38B0FC2D5666E312 |
hash_sha384 | C294E44F2A249BFCB785AC802667ED1C6DF5C2B24D90D68B5503DFA459271F3644685B45B784914FCBF567EE148D7570 |
hash_sha512 | A4D15F0729532B6BC8B7947578A60951FE0B045590B21CEB96E2EC48B9690B6948CBDA39B3E452E222302CFD27671FF801961749774C066EAE5614E676E91C5D |
hash_ssdeep | 12288:1kT/fyVNTfdlAbNY7fgV7u5EPPKTWR9aUPIi:1kjiTf+ggV7u5EPPKyR9aUP |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Game Bar |
meta_original_filename | gamepanel.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | GenValObj.exe |
file_path | C:\Windows\system32\GenValObj.exe |
hash_md5 | 8D68C9DCF28F519B0F8268A1D66CF9BF |
hash_sha1 | FB0CA3DEC249E5E74ACF51D70AEEE0B2C94AE909 |
hash_sha256 | FFC29D1A0B6412AB2519DDCC11B12E2083744178820567D6B2E26EC2122FC0F8 |
hash_sha384 | 3E074A8AB81C636CB55FF21B3D9F079549C03E9904823ADB3DDF0567B349E061644EE2985B34E654E182B6482154986F |
hash_sha512 | 1EDA4B1E10375FCB5FF26BEDCFFDEABB3B29BB13950143FDEECA012EC2B905C11F8DA6C5DD0FF278CA6A0697DF6D6234274674C76F802B5B79F4B6DD5B1C0C48 |
hash_ssdeep | 12288:GSjOxIqzk8mJqdZK1UCjFVx5J6QulvdhWcwOr/+EnGdpnrLWyH3xlxTtBn:GStqzk0/KJjFVx2jWlOr/HnGdhKKV5Bn |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Software Protection Platform Admin Object |
meta_original_filename | GenValObj.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2273 (rs1_release_1.180427-1811) |
meta_product_version | 10.0.14393.2273 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | getmac.exe |
file_path | C:\Windows\system32\getmac.exe |
hash_md5 | 88A081F2002F826E6B03503DAE39D78E |
hash_sha1 | 92ADE156DFAC19A41A2E8FCE47ADF9E9269C3F88 |
hash_sha256 | 3D7AF74B6313751663D28A68084CAD9C1F5E9F82B01FD5352880CBE86A06AAB2 |
hash_sha384 | 6ABBA09E84484DAA21823B3726F05DD55AF4EF2A9899A1F61BEDCD1BA5DE51E9E4E33C621C7B1EC649A21073969FBABF |
hash_sha512 | 794C8D7D848FA57AE1E8504F6F39B8EF7D4B35F9188276BE17CD576DFF1B9AA6D4CE3B4930729F58EF2F3A441334F2901DAB3B6BB0C3D8B840B686DF0C95AAB2 |
hash_ssdeep | 1536:dsWiKpuWkdLyfEEWHGiTgmeZEYXGY6zMb+usa6YkR:dDpumf/WvVeZEiRjsaRw |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Displays NIC MAC information |
meta_original_filename | GetMac.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
GETMAC [/S system [/U username [/P [password]]]] [/FO format] [/NH] [/V] Description: This tool enables an administrator to display the MAC address for network adapters on a system. Parameter List: /S system Specifies the remote system to connect to. /U [domain]user Specifies the user context under which the command should execute. /P [password] Specifies the password for the given user context. Prompts for input if omitted. /FO format Specifies the format in which the output is to be displayed. Valid values: "TABLE", "LIST", "CSV". /NH Specifies that the "Column Header" should not be displayed in the output. Valid only for TABLE and CSV formats. /V Specifies that verbose output is displayed. /? Displays this help message. Examples: GETMAC /? GETMAC /FO csv GETMAC /S system /NH /V GETMAC /S system /U user GETMAC /S system /U domain\user /P password /FO list /V GETMAC /S system /U domain\user /P password /FO table /NH |
error | ERROR: Invalid argument/option - '-help'. Type "GETMAC /?" for usage. |
key | value |
---|---|
file_name | gpresult.exe |
file_path | C:\Windows\system32\gpresult.exe |
hash_md5 | A861D09B9E459FBB2B05CCBFDDAB44D5 |
hash_sha1 | 489EFD87AA1956E1CD5D128CB6B57BCD1BA2D168 |
hash_sha256 | 0B50D2EE2453DC08C8734F4B9DE2F4FFFA8DB8BC9C4BEE6741C6F1217A3C3FC6 |
hash_sha384 | 32FA0353AC7D54663A87806BFED946DE10417B1DA62CC8F322D0A9A4686B606CE311F743CBA47B1321AFB7128E43DFAB |
hash_sha512 | 82151DEABB04D83FD1D1A0B022E28DFD95E8959D619EBD9BE57FA25185428A289E2222C81FB60BD51C6C799F0A693484B5315D8BA65B21F836F454E0EEB98F96 |
hash_ssdeep | 3072:R2cBypzkFf2mc8jGM5mckdj/6T+JUaq4xWbgEPGuR+l+suXvk15Q9krgSweZH:R2cBCzS5VE/06UaasEP3RSYE5QfA |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Query Group Policy RSOP Data |
meta_original_filename | gprslt.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
GPRESULT [/S system [/U username [/P [password]]]] [/SCOPE scope] [/USER targetusername] [/R | /V | /Z] [(/X | /H) [/F]] Description: This command line tool displays the Resultant Set of Policy (RSoP) information for a target user and computer. Parameter List: /S system Specifies the remote system to connect to. /U [domain]user Specifies the user context under which the command should run. Can not be used with /X, /H. /P [password] Specifies the password for the given user context. Prompts for input if omitted. Cannot be used with /X, /H. /SCOPE scope Specifies whether the user or the computer settings need to be displayed. Valid values: "USER", "COMPUTER". /USER [domain]user Specifies the user name for which the RSoP data is to be displayed. /X Saves the report in XML format at the location and with the file name specified by the parameter. (valid in Windows Vista SP1 and later and Windows Server 2008 and later) /H Saves the report in HTML format at the location and with the file name specified by the parameter. (valid in Windows at least Vista SP1 and at least Windows Server 2008) /F Forces Gpresult to overwrite the file name specified in the /X or /H command. /R Displays RSoP summary data. /V Specifies that verbose information should be displayed. Verbose information provides additional detailed settings that have been applied with a precedence of 1. /Z Specifies that the super-verbose information should be displayed. Super- verbose information provides additional detailed settings that have been applied with a precedence of 1 and higher. This allows you to see if a setting was set in multiple places. See the Group Policy online help topic for more information. /? Displays this help message. Examples: GPRESULT /R GPRESULT /H GPReport.html GPRESULT /USER targetusername /V GPRESULT /S system /USER targetusername /SCOPE COMPUTER /Z GPRESULT /S system /U username /P password /SCOPE USER /V |
error | ERROR: Invalid syntax. Value expected for '/h'. Type "GPRESULT /?" for usage. |
key | value |
---|---|
file_name | gpscript.exe |
file_path | C:\Windows\system32\gpscript.exe |
hash_md5 | 5DD0F13C8A76D57D6B02DD00C645D0F5 |
hash_sha1 | 6DCCA79BEDD6DF2B55CE4A5ADACE7CFF8F7AE210 |
hash_sha256 | 57B307144F8ED485DFC4519431131A722DB2E64FF5C8A35E7F1B59663FF1738D |
hash_sha384 | 55244728CD9AA5545DEF38CDD18927E4792FAD302ACD069C05836A36C618C0203A05DC47B6611BC4F61377B468B2D937 |
hash_sha512 | 2DF834D675A6C69538528CDEC205E144A1B1BF765A1D4D0BDE7B12E5AF6E395C554B97FD0F36A9771C390CF8C3A89FEE12AE2FB891D03C7A982D058BD8AAB5C2 |
hash_ssdeep | 768:lA1TP7KYN/TlmHlkyJvG35YD8ZCcLl0ex0HhcHytubIQj4Bx9sm:66YNxmHpq5UWCcL+ex0HTtubI24Bsm |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Group Policy Script Application |
meta_original_filename | GPSCRIPT.EXE |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2457 (rs1_release_inmarket.180822-1743) |
meta_product_version | 10.0.14393.2457 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | gpupdate.exe |
file_path | C:\Windows\system32\gpupdate.exe |
hash_md5 | B476F566E001063D9925348BE8B03832 |
hash_sha1 | 2DD75C0A85741B5E00684E535BC62C842CC581F7 |
hash_sha256 | 6DAB84DDD1E1DB2FD7FA7DBA8184A884085779E3ECFE219601C3DB24B550ED56 |
hash_sha384 | A47C23C70FB171C1D11EFC7797C083FD7595C713C0B6BBBEF27B6EE896B1185EBC6B5A367389D94E599A32C569F0D651 |
hash_sha512 | F8FE9342063DB5B6CE5CC0A4B0D188A2866760B200BFDB8FCBBBAE73A181FA761BD134073981817C0C9886ECAE74F94A75CACFA4147782F9588C6E25CABA03FB |
hash_ssdeep | 768:7PxsJKAaQRRpR9sdneV/6Lwl0iiJlkyg:LgRm10/Ww+iqlkyg |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Group Policy Update Utility |
meta_original_filename | GPUpdate.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Description: Updates multiple Group Policy settings.\r \r Syntax: Gpupdate [/Target:{Computer | User}] [/Force] [/Wait:]\r [/Logoff] [/Boot] [/Sync] \r \r Parameters:\r \r Value Description\r /Target:{Computer | User} Specifies that only User or only Computer\r policy settings are updated. By default,\r both User and Computer policy settings are\r updated.\r \r /Force Reapplies all policy settings. By default,\r only policy settings that have changed are\r applied.\r \r /Wait:{value} Sets the number of seconds to wait for policy\r processing to finish. The default is 600\r seconds. The value '0' means not to wait.\r The value '-1' means to wait indefinitely.\r When the time limit is exceeded, the command\r prompt returns, but policy processing\r continues.\r \r /Logoff Causes a logoff after the Group Policy settings\r have been updated. This is required for\r those Group Policy client-side extensions\r that do not process policy on a background\r update cycle but do process policy when a\r user logs on. Examples include user-targeted\r Software Installation and Folder Redirection.\r This option has no effect if there are no\r extensions called that require a logoff.\r \r /Boot Causes a computer restart after the Group Policy settings\r are applied. This is required for those\r Group Policy client-side extensions that do\r not process policy on a background update cycle\r but do process policy at computer startup.\r Examples include computer-targeted Software\r Installation. This option has no effect if\r there are no extensions called that require\r a restart.\r \r /Sync Causes the next foreground policy application to\r be done synchronously. Foreground policy\r applications occur at computer start up and user\r logon. You can specify this for the user,\r computer or both using the /Target parameter.\r The /Force and /Wait parameters will be ignored\r if specified.\r \r |
key | value |
---|---|
file_name | grpconv.exe |
file_path | C:\Windows\system32\grpconv.exe |
hash_md5 | 923442E8D3FC0288782D2945EF0E24D4 |
hash_sha1 | 4C572D4C2826530451D374152D3C19D05ADA053C |
hash_sha256 | DC0F3E3A852BC334B148D5F2F0D9D20E4C99839F81831D42305B455A97D53163 |
hash_sha384 | 227AA8BDCCEE400575B0FAB4A997FE3C3DB97682AF9054E8C1B5B289AAC24A60E5E4EF408A18062B3E761BC1F1DA244D |
hash_sha512 | 3F96C76B083CE505F4514075F5CDE3511CAD25945DBC64777BDB669B51B2A7A27E005F394954DC7544ADBFDDD6205A7C551D4B18759E32F7252D21CE1F34F00C |
hash_ssdeep | 768:cEHjAW5nfyq4m2cQDz/i0pSfU+YOUSSay/+pT2NlVT5RqImK8e7n7GmL:cEHjA+9V2hKZUrT/IQzT5RqI7p7GmL |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Progman Group Converter |
meta_original_filename | GRPCONV.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | hdwwiz.exe |
file_path | C:\Windows\system32\hdwwiz.exe |
hash_md5 | 1127C71A9213CB60B3F8CF26DF9F2988 |
hash_sha1 | 21DD4824D304D79F0D8840A9F6FB51C80E848972 |
hash_sha256 | 24169D455F8D4FEF27C1E80CE609A0BF446126153E6F563085CED82E58AD47E1 |
hash_sha384 | AF08F5DB6D9D9C04AF2277D766C361A7B2197D38A0DC37FA2419A56E135BC85E5B44F965FF65EE59B68932D6E174C7BB |
hash_sha512 | BA1F3290D11CEFE9640E32E01397D5A70316A0E4849B82778E61CF346C8A92918B406800BC47B76DFD28D3E6458F6B7B850F4E56DD6C54EAFA938BF94AB00F61 |
hash_ssdeep | 384:vr4ypercULRjvYU53IKLWFLLu4Eaub/cWByWj4650Ingu+n6aJTIXFJhjhxhWM1l:kvLRkg38BUL/4G0In3BhzhWM1GOVz17 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Add Hardware Wizard |
meta_original_filename | HdwWiz.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | help.exe |
file_path | C:\Windows\system32\help.exe |
hash_md5 | 9D24133A55598199F8C89A45C40102F6 |
hash_sha1 | 6026C6AE15522AC3E52D57928090C920B648FD76 |
hash_sha256 | 029DFF1542E2FD42C7F19DCB993F6D2189324C0C196D8B433B5202D782511E4B |
hash_sha384 | AC723E995F7986DEBC739403A1D86FE4A828F9EC9AC7BE06E0D0C399A6A444D0235277F4433B94335581E30A88E02308 |
hash_sha512 | 1DC803AC0E9E9CF22E3A511E2A1BD530BBC76121233B321E1508D432D81A69C9457984FF3967DC6855BDD628D87B985330AEF244A94D7B9E02A43945F928BC57 |
hash_ssdeep | 192:oAg7w0PzAFXZyXZ7/Jx4+nRS9vCto95BGXk4mYWjcW:ob7wLp6bJu+RSooxJYWjcW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Command Line Help Utility |
meta_original_filename | Help.Exe.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Provides help information for Windows commands. HELP [command] command - displays help information on that command. |
key | value |
---|---|
file_name | HOSTNAME.EXE |
file_path | C:\Windows\system32\HOSTNAME.EXE |
hash_md5 | 1088BA1BF7CDDFF61ECC51BC0C02FDEF |
hash_sha1 | D2090DA5E0490585AD2D859846E9A371B5E9202C |
hash_sha256 | B8DA5A3AE4371E63DFD2F468E29CC23AA6F98A6A357A67955996F8F61E58FBA1 |
hash_sha384 | C88265F17AB6E4592F8AB1D87A80D7BFE27AB41E3FF3942636C1682FA5F55C3DAC3200048C8033FBB611301EC7D90EB3 |
hash_sha512 | 531ED60872D48EE8EBB7B61970219790EB110680D22E04BB68FAF7213BC1A2A1B531DD1B74949175B75E656DBA7FA03A85A2AA82B3C5FE4FC6012E8C3C80F14D |
hash_ssdeep | 192:Eu4QmRVxfP+NhKgrsK+U7yIxESUHfGGg9GXHNyS9dVW26W:Eu4QmnINnRB7vRAftZNyinW26W |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Hostname APP |
meta_original_filename | hostname.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Prints the name of the current host. hostname |
error | sethostname: Use the Network Control Panel Applet to set hostname. hostname -s is not supported. |
key | value |
---|---|
file_name | hvax64.exe |
file_path | C:\Windows\system32\hvax64.exe |
hash_md5 | ED2E8ED83C2517A9BCAD87B57DD56075 |
hash_sha1 | 2D570476DB2C923F2436DE1E774E2C1390DF8198 |
hash_sha256 | 7805EC4395F258517DFCEEED2B011801FE68C9E2AE9DB155C3F9A64DD8A81FF6 |
hash_sha384 | 471FC4ADB97A7BC8D7C945AEB9C0674B12034B5E8325D0BB108E5169A23C019AE63EB973CF32DC75A09884DB25BB9DE3 |
hash_sha512 | A7A535B9B4BC6B050F3740985FCA962FD36F3DE30B66A13F9866F7F4259CD507A06FEFD0C88E96647CDBC24D32B18CFC933520FFEFA841997A906E2BDE3B75F6 |
hash_ssdeep | 24576:lU1hEhLvUX7O4yReHZtc2AE4ejrbi2WqoIYe+/3Nk:oqUX7O4yIP4bW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Hypervisor V2.0 |
meta_original_filename | hvax64.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3686 (rs1_release.200504-1524) |
meta_product_version | 10.0.14393.3686 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | hvix64.exe |
file_path | C:\Windows\system32\hvix64.exe |
hash_md5 | 1F4E87D63E63C1F3A0869394C46444FC |
hash_sha1 | A9C3B305B468B21B2796B75EB30AB40CDA40C43D |
hash_sha256 | 950A0D03B4903D580F691710DE6A83B43545686509B8EE7D350955E5F9425070 |
hash_sha384 | 6AAC2F7607D1CB55D1FA6EBDD6C20E6988509B54872E6337AF0A19966501D7DF36FB06292A5C580A04F2273D71809419 |
hash_sha512 | 5E6ADC473B2E2D56EF84CC96E7071B521A36F58D14ED9142356C2D3767C18644D8AE9BF8AB020857B65114EE1C15B3EB3647702877311ABEE81E4F1923CBBD04 |
hash_ssdeep | 24576:XCKkQ98oVbthatf6OyzJXqnhzJ+5eKJnR1RqQVC7UDva0H41uoIZ+MscRo:Su8Df6OY6ntRK9JqCBaz1z1 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Hypervisor V2.0 |
meta_original_filename | hvix64.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3686 (rs1_release.200504-1524) |
meta_product_version | 10.0.14393.3686 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | hvloader.exe |
file_path | C:\Windows\system32\hvloader.exe |
hash_md5 | 7E5A06C8F5A7687A08283AB58C52E6CB |
hash_sha1 | 79437BFD933C4806D08C32814E9A8C3C92EF8A32 |
hash_sha256 | E64A0954596AC03BDB45C5616B01F2C834E213326BFE8DC9319A0BC78DD96BA0 |
hash_sha384 | DE3A6D56DCD5C5885AADDEADA64A3AD9088CD30C598E45AF6BAEA8E013BF181DE32B4DB56D69AE7E2FE636A6C3E9107F |
hash_sha512 | AE8B911E19A554A8A06D701BD05D43AD349EB7EC8DC3BA9DFBC256BDFB25E346F520880D60406A4E7D54CDD5498725F83A739D8ADA6D154829C1202CA29BEBC4 |
hash_ssdeep | 24576:zFR2MZIVWC/Ho/gAQ+z8Om7xu54vrlcxLXoIg:hRpaVWCD+INDlcxc/ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | HV Loader |
meta_original_filename | hvloader.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3686 (rs1_release.200504-1524) |
meta_product_version | 10.0.14393.3686 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | hwrcomp.exe |
file_path | C:\Windows\system32\hwrcomp.exe |
hash_md5 | 138DE62F2F6AE9249EA596A8A5F142B2 |
hash_sha1 | 0FBCFD4BB74FD9B7567521DD0C02A1D39BB3C42F |
hash_sha256 | 365AD0B7CD24CB91E106B3358E9E099811BAE145338F796A92E11C4952E57787 |
hash_sha384 | 2A599E89A0857EFD0DB5015B344CD9F28ED0600DCAB803895D12306EF5B2499B2B37D1E98B726E75C0222994435EE919 |
hash_sha512 | E27961F581625F7C505B075B22AF677CB93741709A7B6C70E98AF024A22F7D30C35B6BDC9C6FF5878CF4B888747DEA9C2463F9112674F75537AE2E889B249A94 |
hash_ssdeep | 768:bT2c85/Y9R1lef/xxu2InDvov3+gnOV04chZWoz9c8o4Jg3Q3dFbcEa424by4:pz9Do/nuXr4+gny0wo9Jgg3dZcEa4Te4 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Custom Dictionary Compiler |
meta_original_filename | HWRComp.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Usage: hwrcomp [-lang ] [-type ] [-comment ] [-check | -o <dictfile.hwrdict>] -check Verify the input file -lang Assign this default language to the dictionary file. Locale is of the form - using ISO codes -type Assign this type to the dictionary file -comment Compile this comment into the dictionary file -o <dictfile.hwrdict> Output to this file name. If this option is missing, use .hwrdict Examples: hwrcomp -check mylist1.txt verifies file content hwrcomp -lang en-US -type SECONDARY-DICTIONARY -o myrsrc1 mylist1.txt compiles mylist1.txt into myrsrc1.hwrdict, assigns language 'English (US)' and type 'SECONDARY-DICTIONARY' |
key | value |
---|---|
file_name | hwrreg.exe |
file_path | C:\Windows\system32\hwrreg.exe |
hash_md5 | CA884831726320755F49820B9EC85E14 |
hash_sha1 | 7130337984874649218F953EFAC809A98E50EE93 |
hash_sha256 | 1179269C2FE5D784374F92138BC0EC960BEDE5833F32655BC8AFEE1A4A980E3D |
hash_sha384 | ABF4E920A5A097A9EF4D68D839BCF6ADDA8EE564BE64151DB2CF9213EAACD691BA9A6003B83FA33047A8B4371C4B7301 |
hash_sha512 | 6A3BE37B55B4AD58648F0FA991CBC06A10C3B2BDC740481562B5CD03D4BD2734588E541E55BB198BCF0904B106C363B224000491387112539A8564654C7184B7 |
hash_ssdeep | 3072:9chRQFLQSXRKC9TPN/cVRZl31qbydPlJReBrYWQgbmpQJ5GtCmY2lZmVC:rRRh1uLZLcydPlJReSr45J5G1Y |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Custom Dictionary Registration Tool |
meta_original_filename | HWRReg.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | USAGE: hwrreg [-check] [-lang ] [-scope {all|me}] [-noprompt] <dictfile.hwrdict> -check Verify dictionary file and show its registration information -lang Assign this language to the installed dictionary. Locale is of the form - using ISO codes -scope {all|me} Install for all users on this machine or just for me -noprompt Don't prompt for confirmation Example: hwrreg -lang en-US myrsrc1.hwrdict installs myrsrc1.hwrdict with language 'English (US)' and default scope 'me' Usage: hwrreg [-lang ] [-scope {all|me}] [-type ] -list | -remove -lang List or remove dictionaries registered for this language. Locale is of the form - using ISO codes -scope {all|me} List or remove dictionaries installed for all users or or just dictionaries installed for me (default) -type List or remove dictionaries registered with this type -list List all installed dictionaries matching the other options -remove Prompts for removal of any dictionary matching other options Examples: hwrreg -list -lang en-US -type PRIMARY-DICTIONARY lists dictionaries installed for me with this language and type hwrreg -remove -lang en-US -type PRIMARY-DICTIONARY removes dictionaries installed for me with this language and type |
key | value |
---|---|
file_name | iashost.exe |
file_path | C:\Windows\system32\iashost.exe |
hash_md5 | 366568E9B5FA798822BBB64615947495 |
hash_sha1 | 50E4AF9AF08C99F1640EC120A47AD6D3EB5636EE |
hash_sha256 | 5C53AD612CF744C692739BEAC5A5554E0511872C30591329BD1B8CE98A32E58A |
hash_sha384 | 047666A660A06067C5C5239B6BFEEE62415B9F0C8DCC18520B01EAF262302C4EE4495D27E39D4F196B857CCAE7FE503C |
hash_sha512 | E10C96A5E57A7AEE50C3458B1D55D39377B4926EDDAD85CD4EB5ECAF80DEC8A95C1A2321415AF7A1877D00E35ED4A0F56D3D6CFB9667D9B0EE33B19251314BFD |
hash_ssdeep | 384:j5WCUR7Lm5oCWcafg5q7QMGmHzke2UMMAmF3wHpm/CHZXhti1W/uW:jkhhKcf7QP6zkvMAmVwJm+XuC |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | IAS Host |
meta_original_filename | IASHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | icacls.exe |
file_path | C:\Windows\system32\icacls.exe |
hash_md5 | 0F7E1625009A0C00A9D9809694FC5831 |
hash_sha1 | 8291754C0A2A2C886BBB2B56D85CBAC3968E3BD2 |
hash_sha256 | 0CA4AFF87EED104E2277C0E38B292CD32950DAD6A233C791F798EA75AE28DEEC |
hash_sha384 | B605BA31842BBF6A91F85E73E42D93D366E7C7F42AEC1A27992FF5F705BEF1B364F7771CBD51390E9F94179D3E7C859C |
hash_sha512 | 0E39026BC14442DCBE3E34BBF7B3290E1CE799F99CDAC0450EA3B79EF87B7AAFE77906BAE060076E1121F6EA5D062574F6EDA64DCB28632BE75F1C42C954A304 |
hash_ssdeep | 768:DXVMnhAJWCVG03uvj98+0K+sw+DBthirUksD3u99JgoUFEOLk4ZY:DXVsSYS+/DXhirU5TC9JgomEOLxZY |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_original_filename | iCACLS.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
ICACLS name /save aclfile [/T] [/C] [/L] [/Q] stores the DACLs for the files and folders that match the name into aclfile for later use with /restore. Note that SACLs, owner, or integrity labels are not saved. ICACLS directory [/substitute SidOld SidNew [...]] /restore aclfile [/C] [/L] [/Q] applies the stored DACLs to files in directory. ICACLS name /setowner user [/T] [/C] [/L] [/Q] changes the owner of all matching names. This option does not force a change of ownership; use the takeown.exe utility for that purpose. ICACLS name /findsid Sid [/T] [/C] [/L] [/Q] finds all matching names that contain an ACL explicitly mentioning Sid. ICACLS name /verify [/T] [/C] [/L] [/Q] finds all files whose ACL is not in canonical form or whose lengths are inconsistent with ACE counts. ICACLS name /reset [/T] [/C] [/L] [/Q] replaces ACLs with default inherited ACLs for all matching files. ICACLS name [/grant[:r] Sid:perm[...]] [/deny Sid:perm [...]] [/remove[:g|:d]] Sid[...]] [/T] [/C] [/L] [/Q] [/setintegritylevel Level:policy[...]] /grant[:r] Sid:perm grants the specified user access rights. With :r, the permissions replace any previously granted explicit permissions. Without :r, the permissions are added to any previously granted explicit permissions. /deny Sid:perm explicitly denies the specified user access rights. An explicit deny ACE is added for the stated permissions and the same permissions in any explicit grant are removed. /remove[:[g|d]] Sid removes all occurrences of Sid in the ACL. With :g, it removes all occurrences of granted rights to that Sid. With :d, it removes all occurrences of denied rights to that Sid. /setintegritylevel [(CI)(OI)]Level explicitly adds an integrity ACE to all matching files. The level is to be specified as one of: L[ow] M[edium] H[igh] Inheritance options for the integrity ACE may precede the level and are applied only to directories. /inheritance:e|d|r e - enables inheritance d - disables inheritance and copy the ACEs r - remove all inherited ACEs Note: Sids may be in either numerical or friendly name form. If a numerical form is given, affix a * to the start of the SID. /T indicates that this operation is performed on all matching files/directories below the directories specified in the name. /C indicates that this operation will continue on all file errors. Error messages will still be displayed. /L indicates that this operation is performed on a symbolic link itself versus its target. /Q indicates that icacls should suppress success messages. ICACLS preserves the canonical ordering of ACE entries: Explicit denials Explicit grants Inherited denials Inherited grants perm is a permission mask and can be specified in one of two forms: a sequence of simple rights: N - no access F - full access M - modify access RX - read and execute access R - read-only access W - write-only access D - delete access a comma-separated list in parentheses of specific rights: DE - delete RC - read control WDAC - write DAC WO - write owner S - synchronize AS - access system security MA - maximum allowed GR - generic read GW - generic write GE - generic execute GA - generic all RD - read data/list directory WD - write data/add file AD - append data/add subdirectory REA - read extended attributes WEA - write extended attributes X - execute/traverse DC - delete child RA - read attributes WA - write attributes inheritance rights may precede either form and are applied only to directories: (OI) - object inherit (CI) - container inherit (IO) - inherit only (NP) - don't propagate inherit (I) - permission inherited from parent container Examples: icacls c:\windows* /save AclFile /T - Will save the ACLs for all files under c:\windows and its subdirectories to AclFile. icacls c:\windows\ /restore AclFile - Will restore the Acls for every file within AclFile that exists in c:\windows and its subdirectories. icacls file /grant Administrator:(D,WDAC) - Will grant the user Administrator Delete and Write DAC permissions to file. icacls file /grant *S-1-1-0:(D,WDAC) - Will grant the user defined by sid S-1-1-0 Delete and Write DAC permissions to file. |
error | First parameter must be a file name pattern or "/?" |
key | value |
---|---|
file_name | IcsEntitlementHost.exe |
file_path | C:\Windows\system32\IcsEntitlementHost.exe |
hash_md5 | E7F16BEB428C7D3A9DDFD562BF5C04E5 |
hash_sha1 | B8DDFBBA4F8BED07B649745423B40903F4C29878 |
hash_sha256 | E0AEB4758BD99D1EE66E38BB457638ACD6750A01C2CD5A32ABBBFE00EBBC2F5A |
hash_sha384 | E453F0A7E236B4354922718A36C28CECBF065135F70CE5CAAED72B2234DECC9B33745A455B960BFDA7E2D6F8E93DFD47 |
hash_sha512 | 4BFE9107076C542949B79B084FE7ABA25C77BB083B9DEBCC48C3701EE928F63892D8949DC99A373FA5A321889B0A3BC310D75644FD21611F1C2C51F0481B1D6D |
hash_ssdeep | 384:r6VhHWwJlubdFZGMe9wjdBZNKrIwPqP1OQZJTsmrRsltbrWzEsdW:GVdWWuYMe9e2I4ssltyEs |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | ICS Entitlement Host |
meta_original_filename | IcsEntitlementHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | icsunattend.exe |
file_path | C:\Windows\system32\icsunattend.exe |
hash_md5 | D3689BFEBFAAC10BC59189C80E27F026 |
hash_sha1 | 2592FA8AC3631706ED371DD9C9C2EE37A48205F9 |
hash_sha256 | 921ABB7221AA090479CD6A9739B57B37E096B999BBC2D87C22E9E6A3E57B5AA2 |
hash_sha384 | 2323B72864A15B104149F38965CD4336D32E556BB2D4FDB087EE04F3F11BAEB011A757B3ED06CE1FDF6D97CEA07F0D2D |
hash_sha512 | D0677238A700CBEB2F027AFB346B844A0D653BB67791FD986E336FAFE3D3DFE6F476853DAC3CDC1658B7B9AE5DBFCAC940248C2DE2BACB7832DC0E1272DEFD12 |
hash_ssdeep | 384:FASFRFkWUHqSrEdJVKC6tiTmiClgnyck4ToTg1zPWZRW:FAaIEFKTLiF9k4sTg1zu |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | ICS Unattend Utility |
meta_original_filename | icsunattend.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | ie4uinit.exe |
file_path | C:\Windows\system32\ie4uinit.exe |
hash_md5 | 8450580ADC40581006B7233F2B2803EB |
hash_sha1 | 4847B6EC7851126774037130C518B377F454D1D3 |
hash_sha256 | DD7FE0DBD6BD3B66437C093B707D1B2CA8AC72E4671B88829A4327FA6B8A00BD |
hash_sha384 | 6B86056EE2FC3DF835CF06FAACE0EA8C7CD5311C0E5FFD0FD0A5F3A9911C1D1BD2EB168BB44F08BDEA3E8371AB0672E8 |
hash_sha512 | 1FC29268C19E1076EC16A36536A434AE51E25F53DD98173F22365D3C94B2DDE7FA477F90449FD189BDDF3E4507590386265127BFE5B67D07EFA43C59EBD08A77 |
hash_ssdeep | 6144:M22QSvNlvMQBGwGk2FBSKrzise1JMQiGK4trw:rSn21d4uorw |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | IE Per-User Initialization Utility |
meta_original_filename | IE4UINIT.EXE.MUI |
meta_product_name | Internet Explorer |
meta_company_name | Microsoft Corporation |
meta_file_version | 11.00.14393.0 (rs1_release.160715-1616) |
meta_product_version | 11.00.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | ieUnatt.exe |
file_path | C:\Windows\system32\ieUnatt.exe |
hash_md5 | 5B14465BAEC054DCFB21F89EB01F4199 |
hash_sha1 | 2B92A04F72B0B7282F10FA2A6A65316DB99DF90E |
hash_sha256 | ECC16CF9654A9981132FF199D4326C679CD3C61670F6B5CCB1CE17616EFB58FD |
hash_sha384 | B5D3A0352BCA8C479E59C21B64DCF12DB9A8112CB9D9D08A97E051912F213DC2A5D5DD879C4097E92549E4A3AA65F806 |
hash_sha512 | 71C0C5C6A11C56009735A67BB5869A6104F17913D0AC40A24B29DC6AD7BFBA4D28AFA3893809898579C7883D1D0AC6B19BC6C0BE343915CD77A38B44D3AAED8A |
hash_ssdeep | 1536:/N8n1wo/WMXtpngisE65r3yj4bNKaAtJoqu0EUCmAuSs8M6Bmrp/mKz0u0EUCmAO:/awP9u1JDrAn1p |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | IE 7.0 Unattended Install Utility |
meta_original_filename | IEUNATT.EXE.MUI |
meta_product_name | Internet Explorer |
meta_company_name | Microsoft Corporation |
meta_file_version | 11.00.14393.0 (rs1_release.160715-1616) |
meta_product_version | 11.00.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | iexpress.exe |
file_path | C:\Windows\system32\iexpress.exe |
hash_md5 | F2B70A9C54BC8ECC299942E718ACB785 |
hash_sha1 | 72F6CD10F57CC5588A26B64DF92E0209A2C4BAC6 |
hash_sha256 | BDE274C0E0AD135062E7746842D79EC34C9715608266D6FAA1400158EC0989FF |
hash_sha384 | 1D5F6368344A3C76B4AA52461836EB52463EEF6CD819320C3CF3917F99FFF35F145AD75CADC76CD660D611939F2986D5 |
hash_sha512 | DCBD6E2A7BAC301EA1BC901DF87EEDF758C7B0C49D70FD5DA50D88737694C9972FBD0AC1DC3A8D1C0C1B718B80F3134BE8259B80DBB640D82CF415478AD20EFF |
hash_ssdeep | 3072:rSu3CErr/G0r16YNDnGOb+ahXNqJohePnq45L84I:5SElfNDGOb+asEwv5L |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Wizard |
meta_original_filename | IEXPRESS.EXE.MUI |
meta_product_name | Internet Explorer |
meta_company_name | Microsoft Corporation |
meta_file_version | 11.00.14393.0 (rs1_release.160715-1616) |
meta_product_version | 11.00.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | iisreset.exe |
file_path | C:\Windows\system32\iisreset.exe |
hash_md5 | D09D9DAD407B4A61CCB96EA5974AEFEB |
hash_sha1 | 63A0ADA875FE271DC6AC746CB61B55C1F917A5C5 |
hash_sha256 | EDA5883BD414852613CA4C25B4CAB15197DA73C3DAC182F7876A27BAC9DCDE23 |
hash_sha384 | 6240FA5A79EF5B9CA1DE30A0C9339FBF07FC69C28DE13D3296178F71515571636968C4F17251881AC798BEC46B503CF4 |
hash_sha512 | 8DE4CC8CC09FA56C65D713176A2B2C9BA1AC9277167AD83F5FFD7AF1A8569A6FE300F6EF837B322FE685D5998C1687AC5755F564968459B60115406B0834A2A4 |
hash_ssdeep | 384:1rfAz/f54lG6A0O3yc7tGlps62gy8HDExabCviEgQBIbW0:ZG41A0O3bEl9H/WvijQBIz |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | IIS control command line utility |
meta_original_filename | iisreset.exe.mui |
meta_product_name | Internet Information Services |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | Language Neutral |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
IISRESET.EXE (c) Microsoft Corp. 1998-2005\r \r Usage:\r iisreset [computername]\r \r /RESTART Stop and then restart all Internet services.\r /START Start all Internet services.\r /STOP Stop all Internet services.\r /REBOOT Reboot the computer.\r /REBOOTONERROR Reboot the computer if an error occurs when starting,\r stopping, or restarting Internet services.\r /NOFORCE Do not forcefully terminate Internet services if\r attempting to stop them gracefully fails.\r /TIMEOUT:val Specify the timeout value ( in seconds ) to wait for \r a successful stop of Internet services. On expiration\r of this timeout the computer can be rebooted if \r the /REBOOTONERROR parameter is specified.\r The default value is 20s for restart, 60s for stop,\r and 0s for reboot.\r /STATUS Display the status of all Internet services.\r /ENABLE Enable restarting of Internet Services \r on the local system.\r /DISABLE Disable restarting of Internet Services \r on the local system.\r |
children | conhost.exe |
key | value |
---|---|
file_name | immersivetpmvscmgrsvr.exe |
file_path | C:\Windows\system32\immersivetpmvscmgrsvr.exe |
hash_md5 | 38FECB8EEB0F7014F23008DDE65CC789 |
hash_sha1 | F41986E642D1B287FD11DFAFB39CFC16959431E9 |
hash_sha256 | 703A98A8AC4B66063BA7C899B56625DD91A41AAA9C332EAD121030F18EC3CA65 |
hash_sha384 | DC44F2F78A2AA28031E081922CCA0D9CD1D2137A32DA45B93B9418DE52FD7ADF279F73D6205D81DC0F2902A22E8549F5 |
hash_sha512 | CD2C7AC211957D8C811245F29A704C96F521E87E2D014BA95881F98D1D335E14B4E2F4F40FD55CDFD08418812FC99EA5E165D22634DADFDBE84D8BC070D487B8 |
hash_ssdeep | 3072:blfd1OmDDRu2ThFOqkHaBJA+ZwtyYOwVrIAcCR5yqqlOEwL:Nd1OURzzOAAywtyYLpqqqYEw |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Immersive TPM Virtual Smart Card Manager COM Server |
meta_original_filename | ImmersiveTpmVscMgrSvr.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | InfDefaultInstall.exe |
file_path | C:\Windows\system32\InfDefaultInstall.exe |
hash_md5 | 6E4ACBE95965D394FE042E1C0B5D7206 |
hash_sha1 | 4BB46BD42846A347C5DEB0479F692824846FC809 |
hash_sha256 | 84FCF22D7086A99B436BA4A39E61318881B8CA544D30D2E93412DAA49795D8C4 |
hash_sha384 | 8B309BE652F8383D9E01DA7C8564D018329371D1B7FDEB667E35994423AE239FA4B338AB8F006C60616C3255924A425A |
hash_sha512 | 16B2CA778A6C710B681AC8051E1C722C45D5E21952967DC54696E7F505884BE3B707AE5092A7A8F07825AE157EC6F7866594D6B1660769673A662E6FC72C9CA5 |
hash_ssdeep | 192:PY5Y0PDblClcp1IvCg+7RSBGzZzdBgW6U19wzs9aW/GW:PY5YUx4o1kCrNsGx7gWCzcaW/GW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | INF Default Install |
meta_original_filename | InfDefaultInstall.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 5.2.3668.0 |
meta_product_version | 5.2.3668.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | InstallAgent.exe |
file_path | C:\Windows\system32\InstallAgent.exe |
hash_md5 | CB4C493005600B466808E7A717FB5DA4 |
hash_sha1 | 9DB76D1BD4D873B284A068E40D9EFA821939CDE8 |
hash_sha256 | A20E2D63FB201564B95208593DFE105650E3FB8CA89FE2D417EBDA8A5D27F361 |
hash_sha384 | D51814043D84ACC1A08B656A43D8F29A6A112A619BDC84E82634B70118FEC5055B1FF778E7ABB19D2AAC86162183CFB6 |
hash_sha512 | 6AC36691C44067685B499AB70F0C0B9017E99288AAF7EEBC8FD06B02EE659C00725ED42D856E645F7BC91DA52B7F240E1D8BDC8515794376C0E2D65AF963C17B |
hash_ssdeep | 6144:ccA+cNOWNnPGH+OnT6EZOeY7HvW7QOQ2Ll6/1:ccA+cNOWZ4nWEZOeYjkl6t |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | InstallAgent |
meta_original_filename | InstallAgent.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | InstallAgentUserBroker.exe |
file_path | C:\Windows\system32\InstallAgentUserBroker.exe |
hash_md5 | D8D0FFD2C9433F552C840820DD1A07BA |
hash_sha1 | 73D45D77D9C9CD6832A5AEE13E89E82ED8CFF0D4 |
hash_sha256 | 319BC440F8E272CDCA6E557433FC646302408FB16A2F7CE282E4DBDD0A8DD187 |
hash_sha384 | FD0B1E8DC4C16F88060F0ECC8CA6BD84BA19DA98136D1D926DA3B461A458FFA498BCC5D47A0FA4A6753D9FAD6B5CAE0F |
hash_sha512 | 3A5C847092625C1AE1F2234BE3A6FFD2343B15137A5740D6246DD82C01F33AEBE2A8607B6233EFE6216584460C3D7F2FBD0D766C302C3D80C470F096B6E014D8 |
hash_ssdeep | 6144:SkYl1yUHxDUQPDctrkcTHTRviQOQ22UF5:SkYl15Jrcucy5 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | InstallAgentUserBroker |
meta_original_filename | InstallAgentUserBroker.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3686 (rs1_release.200504-1524) |
meta_product_version | 10.0.14393.3686 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | ipconfig.exe |
file_path | C:\Windows\system32\ipconfig.exe |
hash_md5 | 29916DCEA5377C19996B417D9235F42F |
hash_sha1 | A95BEAA8B81FD799DB6051A79D959908FFBDB22F |
hash_sha256 | 5EE3FD7CA1AC876D0DE539D469BFC333594FCA3DF9F377CC96C756D9648697F1 |
hash_sha384 | D5EDCDE639AFE00BE297ACFA1B96BDB292C757E9139F73647C092A01BD3C5C6410C04A0F6CCA8A0A5EC7AF08712D37A7 |
hash_sha512 | 805C3BF8252BD90795E3D9C481686041A343BD5F805A8E16127529A3DF860AE45322C4DDD1CDD8F35E70E0FA7D1D98AF28D7B40F1F9FA711ED5B5CD149FC67B0 |
hash_ssdeep | 768:e+7E/DIclS42UY4KN7afkCUeyBJD1eav8UyrdbK:nk1lEH+lUeyBJDhExrdW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | IP Configuration Utility |
meta_original_filename | ipconfig.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Error: unrecognized or incomplete command line. USAGE: ipconfig [/allcompartments] [/? | /all | /renew [adapter] | /release [adapter] | /renew6 [adapter] | /release6 [adapter] | /flushdns | /displaydns | /registerdns | /showclassid adapter | /setclassid adapter [classid] | /showclassid6 adapter | /setclassid6 adapter [classid] ] where adapter Connection name (wildcard characters * and ? allowed, see examples) Options: /? Display this help message /all Display full configuration information. /release Release the IPv4 address for the specified adapter. /release6 Release the IPv6 address for the specified adapter. /renew Renew the IPv4 address for the specified adapter. /renew6 Renew the IPv6 address for the specified adapter. /flushdns Purges the DNS Resolver cache. /registerdns Refreshes all DHCP leases and re-registers DNS names /displaydns Display the contents of the DNS Resolver Cache. /showclassid Displays all the dhcp class IDs allowed for adapter. /setclassid Modifies the dhcp class id. /showclassid6 Displays all the IPv6 DHCP class IDs allowed for adapter. /setclassid6 Modifies the IPv6 DHCP class id. The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP. For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed. For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed. Examples: > ipconfig ... Show information > ipconfig /all ... Show detailed information > ipconfig /renew ... renew all adapters > ipconfig /renew EL* ... renew any connection that has its name starting with EL > ipconfig /release Con ... release all matching connections, eg. "Wired Ethernet Connection 1" or "Wired Ethernet Connection 2" > ipconfig /allcompartments ... Show information about all compartments > ipconfig /allcompartments /all ... Show detailed information about all compartments |
key | value |
---|---|
file_name | iscsicli.exe |
file_path | C:\Windows\system32\iscsicli.exe |
hash_md5 | 5D9CE9006FDE6D04DF8A589897844D4E |
hash_sha1 | 5779EE47F57709B95147AFDFAEB3E2CAE4132532 |
hash_sha256 | CE3228CC8F46D84800D99D569A1261D70FD56873C63F5E75B24B3FE02C53A9DD |
hash_sha384 | 5CA9770E6C1E79BC3DFF7B7F93E9D01F184F31104B30AE64D215804042E7BB10F7B63C4F7475C19CC9E6D8FA8A779184 |
hash_sha512 | 748F0BC8E703B56437A8A8D336DF3960A06B2355EE6C4443A62E2DBB901C0A213B5A7BDA8D48FD869A6FD3079F319A5229ABFBC7AB7647083073B0E5F619AEAD |
hash_ssdeep | 3072:iRvS6Ny1iqELm3ynAICgKOKaeqUKOpVk/qfWJTfS1n37M:U6+pm3kKRaeqUp3WJrM |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | iSCSI Discovery tool |
meta_original_filename | iscsicli.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Microsoft iSCSI Initiator Version 10.0 Build 14393\n\niscsicli\n\niscsicli AddTarget \n \n \n \n \n \n ...\n\niscsicli RemoveTarget \n\niscsicli AddTargetPortal \n [HBA Name] [Port Number]\n \n \n \n \n\niscsicli RemoveTargetPortal [HBA Name] [Port Number]\n\niscsicli RefreshTargetPortal [HBA Name] [Port Number]\n\niscsicli ListTargets [ForceUpdate]\n\niscsicli ListTargetPortals\n\niscsicli TargetInfo [Discovery Mechanism]\n\niscsicli LoginTarget \n \n \n \n \n \n \n ...\n\niscsicli LogoutTarget \n\niscsicli PersistentLoginTarget \n \n \n \n \n \n \n ...\n\niscsicli ListPersistentTargets\n\niscsicli RemovePersistentTarget \n \n \n \n\niscsicli AddConnection \n \n \n \n \n \n\niscsicli RemoveConnection \niscsicli ScsiInquiry \n\niscsicli ReadCapacity \n\niscsicli ReportLUNs \n\niscsicli ReportTargetMappings\n\niscsicli ListInitiators\n\niscsicli AddiSNSServer \n\niscsicli RemoveiSNSServer \n\niscsicli RefreshiSNSServer \n\niscsicli ListiSNSServers\n\niscsicli FirewallExemptiSNSServer\n\niscsicli NodeName \n\niscsicli SessionList \n\niscsicli CHAPSecret \n\niscsicli TunnelAddr \n\niscsicli GroupKey \n\niscsicli BindPersistentVolumes\n\niscsicli BindPersistentDevices\n\niscsicli ReportPersistentDevices\n\niscsicli AddPersistentDevice \n\niscsicli RemovePersistentDevice \n\niscsicli ClearPersistentDevices\n\niscsicli Ping [Request Count] [Request Size] [Request Timeout]\n\niscsicli GetPSKey \n\niscsicli PSKey \nQuick Commands\n\niscsicli QLoginTarget [CHAP Username] [CHAP Password]\n\niscsicli QAddTarget \n\niscsicli QAddTargetPortal \n [CHAP Username] [CHAP Password]\n\niscsicli QAddConnection \n \n [CHAP Username] [CHAP Password]\n\nTarget Mappings:\n is the LUN value the target uses to expose the LUN.\n It must be in the form 0x0123456789abcdef\n is the bus number the OS should use to surface the LUN\n is the target number the OS should use to surface the LUN\n is the LUN number the OS should use to surface the LUN\n\nPayload Id Type:\n ID_IPV4_ADDR is 1 - Id format is 1.2.3.4\n ID_FQDN is 2 - Id format is ComputerName\n ID_IPV6_ADDR is 5 - Id form is IPv6 Address\nSecurity Flags:\n TunnelMode is 0x00000040\n TransportMode is 0x00000020\n PFS Enabled is 0x00000010\n Aggressive Mode is 0x00000008\n Main mode is 0x00000004\n IPSEC/IKE Enabled is 0x00000002\n Valid Flags is 0x00000001\n\nLogin Flags:\n ISCSI_LOGIN_FLAG_REQUIRE_IPSEC 0x00000001\n IPsec is required for the operation\n\n ISCSI_LOGIN_FLAG_MULTIPATH_ENABLED 0x00000002\n Multipathing is enabled for the target on this initiator\n\nAuthType:\n ISCSI_NO_AUTH_TYPE = 0,\n No iSCSI in-band authentication is used\n\n ISCSI_CHAP_AUTH_TYPE = 1,\n One way CHAP (Target authenticates initiator is used)\n\n ISCSI_MUTUAL_CHAP_AUTH_TYPE = 2\n Mutual CHAP (Target and Initiator authenticate each other is used)\n\nTarget Flags:\n ISCSI_TARGET_FLAG_HIDE_STATIC_TARGET 0x00000002\n If this flag is set then the target will never be reported unless it\n is also discovered dynamically.\n\n ISCSI_TARGET_FLAG_MERGE_TARGET_INFORMATION 0x00000004\n If this flag is set then the target information passed will be\n merged with any target information already statically configured for\n the target\n\nCHAP secrets, CHAP passwords and IPSEC preshared keys can be specified as\na text string or as a sequence of hexadecimal values. The value specified on\nthe command line is always considered a string unless the first two characters\n0x in which case it is considered a hexadecimal value.\n\nFor example 0x12345678 specifies a 4 byte secret\n\nAll numerical values are assumed decimal unless preceeded by 0x. If\npreceeded by 0x then value is assumed to be hex\n\niscsicli can also be run in command line mode where iscsicli commands\ncan be entered directly from the console. To enter command line\nmode, just run iscsicli without any parameters\n\nThe operation completed successfully. \n |
key | value |
---|---|
file_name | iscsicpl.exe |
file_path | C:\Windows\system32\iscsicpl.exe |
hash_md5 | 42D0FA9084EDF93DA5FFEC1CFBF18410 |
hash_sha1 | 3FAE4A309F3A17ED4FABD259E4503FF590D2F1C8 |
hash_sha256 | F172D2F71EB88FD70F1BDBF2F2BFEFFD8C09BA03DAEE8A182C47AE77DB1A4DDA |
hash_sha384 | C582BB2EE3F24501DA921E74F65FBC306D9A98A30639D84DDA6A0088A1AD76E782A65DB6491B925A63880DF4B122F55E |
hash_sha512 | B76857D9006B6471AD9CAFDD2E68EEA08F10B2AEF4AFE424C712E42E0EC4D5E580314491D420D133F2CC4A69F3C71DAEF505D5B27D67ECCD994D68BD4C4AE430 |
hash_ssdeep | 3072:STmFAEM82n7GC2jctoKpsusT2rEFpeoIUpZ:SRX8I0jct5rEJdp |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft iSCSI Initiator Configuration Tool |
meta_original_filename | iscsicpl.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | isoburn.exe |
file_path | C:\Windows\system32\isoburn.exe |
hash_md5 | 13D374B961671151002FD0BC062621EF |
hash_sha1 | 3D3D775CD42A007CAE04E9EB5E9A4705A421C171 |
hash_sha256 | AE82EEBA17FA923A7C1535F32FCBB3A26BA7F737B6CD1168FBDC84324F120E3F |
hash_sha384 | E2651A51377C8A0C82D9DE344C4356D2FC0B5C7AF360F9273F9150027DA7C2BECA6F051671D827F177B0CD569083BF12 |
hash_sha512 | 6539D748DD04C22983BBFB9F1FD359A3E58AE6EAAE5BCFA76F6E5B3B78D82CBFCA3AF8DA38578EA671FA6F33722F7CF991713EC3665B10377187E62A4C3A09D5 |
hash_ssdeep | 1536:WYPuVbEcc4iuqPf4yvYGojUrYiHOiHBWqTAll9Q+KAbeHZrQqf:3Ogch8PMGo4rY0vfTAl3jNeHd3 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Disc Image Burning Tool |
meta_original_filename | ISOBURN.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | klist.exe |
file_path | C:\Windows\system32\klist.exe |
hash_md5 | 1B4E8E3355E782F088EE2A2F54CE7D49 |
hash_sha1 | 0212B9B929CD5224B181081EEFAEAC5BE04038C4 |
hash_sha256 | 4E05E47D6344D8693CF95B1B2F74FD0D372E054485924E8917E9A38A78505B11 |
hash_sha384 | 914DB5757A25AE597B8F33B017A1790CD23F92B8452EBA7697997FE7F759C735DD98CC42A0C9D7705B32FC77E0277979 |
hash_sha512 | 319601AF797016FCBAB56DDA173E5C610D9383D0059A9D71BE5AD93C4D31936455C9B7DBBA76FAD2625CD3476CBB5A89275E0D4AEBEE716032A449D02039E426 |
hash_ssdeep | 768:3Kajkfz/QQCxSTDYlx0lSz4XNCLU4ZQ8Fci4n8D1cDxN6qvLmV/n:axfz4i4PLUVMqvaV/n |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Tool for managing the Kerberos ticket cache |
meta_original_filename | klist.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Usage: klist.exe [command] Command list: [tickets] [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] tgt [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] purge [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] sessions [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] kcd_cache [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] get [-lh <LogonId.HighPart>] [-li <LogonId.LowPart>] [-kdcoptions ] [-cacheoptions ] add_bind query_bind purge_bind |
key | value |
---|---|
file_name | ksetup.exe |
file_path | C:\Windows\system32\ksetup.exe |
hash_md5 | DECEF3E5B16A811A8EDC76DCCE6D7182 |
hash_sha1 | 0C4079A451D4EAA012C4611C307CA9A4D7E94B52 |
hash_sha256 | D84EC1FCB3AB841C32EFEA8A3C821FDD7ADDBCAFC678D26620479D8C5679D2FA |
hash_sha384 | 74F8B7B5618A88706CE926199450AD18E59333A0F255593D12AC0C5B32FC74D27C6121AB06445FCCE947A9F39E2BAE2B |
hash_sha512 | 70EDC3CD7A30479A243E0E77A684633E1B6E1F315B205BAE0B948321A0E2849508C15DA3CB7083DFFB4F1B8E1DB912CA9F50AB08CCDF537D4357985BAFB3C23B |
hash_ssdeep | 768:UDgasMQOobn/BXxDvwiIHEFAQDcv1QU+bbwLYBdBVMzdLE:aoDvNcL+bgKLVWdLE |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Kerberos Setup tool |
meta_original_filename | ksetup.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
USAGE: /SetRealm Makes this computer a member of an RFC1510 Kerberos Realm /MapUser [Account] Maps a Kerberos Principal ('' = any principal)\r to an account ('' = an account by same name);\r If account name is omitted, mapping is deleted \r for the specified principal /AddKdc [KdcName] Defines a KDC entry for the given realm.\r If KdcName omitted, DNS may be used to locate KDCs. /DelKdc [KdcName] deletes a KDC entry for the realm.\r If KdcName omitted, the realm entry itself is deleted. /AddKpasswd Add Kpasswd server address for a realm /DelKpasswd Delete Kpasswd server address for a realm /Server specify name of a Windows machine to target the changes. /SetComputerPassword Sets the password for the computer's domain account\r (or host principal) /RemoveRealm delete all information for this realm from the registry. /Domain [DomainName] use this domain (if DomainName is unspecified, detect it) /ChangePassword Use Kpasswd to change the logged-on user's password.\r Use '*' to be prompted for passwords. /ListRealmFlags (no args) Lists the available Realm flags that ksetup knows /SetRealmFlags [flag] [flag] [...] Sets RealmFlags for a specific realm /AddRealmFlags [flag] [flag] [...] Adds additional RealmFlags to a realm /DelRealmFlags [flag] [flag] [...] Deletes RealmFlags from a realm. /DumpState (no args) Analyze the kerberos configuration on the given machine. /AddHostToRealmMap Adds a mapping for to to the registry. /DelHostToRealmMap Deletes existing mapping for to from the registry. /SetEncTypeAttr Sets the encryption types trust attribute for to (multiple types should be separated by spaces).\r Supported encryption types are:\r DES-CBC-CRC, DES-CBC-MD5, RC4-HMAC-MD5, \r AES128-CTS-HMAC-SHA1-96, AES256-CTS-HMAC-SHA1-96 /GetEncTypeAttr Gets the encryption types trust attribute for . /AddEncTypeAttr Adds to the encryption types trust attribute for (multiple types should be separated by spaces). /DelEncTypeAttr Deletes the encryption types trust attribute for . |
key | value |
---|---|
file_name | ktmutil.exe |
file_path | C:\Windows\system32\ktmutil.exe |
hash_md5 | E1E323995AAB4B9491F326F15A067748 |
hash_sha1 | D4C9BB80E016DE127287B3C84F81C37AF38A5564 |
hash_sha256 | 8567448C90730513C238D6EFB0350E0A645EBC23CBC4A69E88AD78CD5F70CDEB |
hash_sha384 | CB7B8929F1B9D34C7395A68ACE2163ACF97D406351CACBAA6DF1DBE7062D999C44ACCB1F29659C9E0942E3D5EBA87067 |
hash_sha512 | 6FB2BC407014FE3F6E03431F6A1DE4F00158C1B0C7D9E108DF3BC09D95323994FADF555CFAA16BAD30EFB318F53849B17E092F135D261B02ABBD8B13BEBC3318 |
hash_ssdeep | 384:qbzPHplMV00/RJWZtq6Ext6+NQfA+D2XSPf+mW8jW:qbDzMVPQZjEvNDI2CP2k |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Kernel Transaction Management Utility |
meta_original_filename | ktmutil.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | -help is an invalid parameter. ---- Commands Supported ---- tx Commands related to transactions tm Commands related to transaction managers |
key | value |
---|---|
file_name | ktpass.exe |
file_path | C:\Windows\system32\ktpass.exe |
hash_md5 | 847F918DCAC5FD0E3162290C5ADE2F2A |
hash_sha1 | F4CDDF83A3EF0909B3569C256DBC96D3DF887728 |
hash_sha256 | 2AF1FE66D0A9181F8BEDAF83DFF3AB7D58D36490355147A69047F240BCDBDACD |
hash_sha384 | A5638F3FF10EBAF17244BE6CD882AC420CCD898296D682AF4F38B77CFD9B09BB94CF8C1E8B281910C5AFAB137FC7DF01 |
hash_sha512 | 32CEDA70E9257BE9BFB1AA42810951691DA9A6927D8FD75B31414FA8CA1FADB28ED02F897EBE4D7EC6AF9E2BF05C39E5094C42515B60D8FA9584427524AC00A4 |
hash_ssdeep | 768:a26UJ2jK/o47bxidpPfZbSvKz5XVvvSvIPRmFx6U2eFDw0LOhJVoUw:Uu7XoPsvyZQ4U2elRGJVjw |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Kerberos keytab tool |
meta_original_filename | ktpass.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
error | Command line options: ---------------------most useful args\n[- /] out : Keytab to produce\n[- /] princ : Principal name (user@REALM)\n[- /] pass : password to use\n use '*' to prompt for password.\n[- +] rndPass : ... or use +rndPass to generate a random password\n[- /] minPass : minimum length for random password (def:15)\n[- /] maxPass : maximum length for random password (def:256)\n---------------------less useful stuff\n[- /] mapuser : map princ (above) to this user account (default: don't)\n[- /] mapOp : how to set the mapping attribute (default: add it)\n[- /] mapOp : is one of: [- /] mapOp : add : add value (default) \n[- /] mapOp : set : set value \n[- +] DesOnly : Set account for des-only encryption (default:don't)\n[- /] in : Keytab to read/digest\n---------------------options for key generation\n[- /] crypto : Cryptosystem to use\n[- /] crypto : is one of: [- /] crypto : DES-CBC-CRC : for compatibility \n[- /] crypto : DES-CBC-MD5 : for compatibility \n[- /] crypto : RC4-HMAC-NT : default 128-bit encryption \n[- /] crypto : AES256-SHA1 : AES256-CTS-HMAC-SHA1-96 \n[- /] crypto : AES128-SHA1 : AES128-CTS-HMAC-SHA1-96 \n[- /] crypto : All : All supported types \n[- /] IterCount : Iteration Count used for AES encryption\n Default: ignored for non-AES, 4096 for AES\n[- /] ptype : principal type in question\n[- /] ptype : is one of: [- /] ptype : KRB5_NT_PRINCIPAL : The general ptype-- recommended \n[- /] ptype : KRB5_NT_SRV_INST : user service instance \n[- /] ptype : KRB5_NT_SRV_HST : host service instance \n[- /] ptype : KRB5_NT_SRV_XHST : \n[- /] kvno : Override Key Version Number\n Default: query DC for kvno. Use /kvno 1 for Win2K compat.\n[- +] Answer : +Answer answers YES to prompts. -Answer answers NO.\n[- /] Target : Which DC to use. Default:detect\n[- /] RawSalt : raw salt to use when generating key (not needed)\n[- +] DumpSalt : show us the MIT salt being used to generate the key\n[- +] SetUpn : Set the UPN in addition to the SPN. Default DO.\n[- +] SetPass : Set the user's password if supplied.\n |
key | value |
---|---|
file_name | label.exe |
file_path | C:\Windows\system32\label.exe |
hash_md5 | 83D46B267C8068566557E8A3DF7CEEA0 |
hash_sha1 | 9085903E1952D7A815B554104C05AA1510D2A4B4 |
hash_sha256 | 5BB47AE58EEABAD359B2911CB773C6D0AF2C2027BC5D9097534F6C1E308E9FF3 |
hash_sha384 | E5B2049EF794395F64CCF689F4FE6A9C53F5C301E2B03461682E82145A7D69E7D1CCAEFEB006CCB19EE5B41CA3D49922 |
hash_sha512 | F77A79CDA2D1407D52D5A9FACA44237CEEBBC783AC500D55CFF82AFED28A5BDCE3861F686C88B012066349BC0A20EFA820B56C44935C9AE859EE11B23322DF42 |
hash_ssdeep | 192:A0p63NlEcrV7KGYJ4iJi4tlIWP4UBmai4cDWMMsWPXohMWyi4oIGdhVV/19ZmQWx:A0pUV7hYeWfki04EWe4FPvCMQWSpjW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Disk Label Utility |
meta_original_filename | Label.Exe.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Creates, changes, or deletes the volume label of a disk. LABEL [drive:][label] LABEL [/MP] [volume] [label] drive: Specifies the drive letter of a drive. label Specifies the label of the volume. /MP Specifies that the volume should be treated as a mount point or volume name. volume Specifies the drive letter (followed by a colon), mount point, or volume name. If volume name is specified, the /MP flag is unnecessary. |
key | value |
---|---|
file_name | LanguageComponentsInstallerComHandler.exe |
file_path | C:\Windows\system32\LanguageComponentsInstallerComHandler.exe |
hash_md5 | 43134EFEE38C960E4267E2F1550A9BDF |
hash_sha1 | 4A4F6412E5818FDB642CBE1B2369BB837AB77C1F |
hash_sha256 | B1B2FEDBF7FD7F584F0EE0A3DC4FE1179802BBEC18962957BA29276CDDBD58B2 |
hash_sha384 | 0DE597AE8DE95B89F2EF1F6EDE2DCC5FD9AD2E5A8DCF92E1400ACCCD891A7D0FE29F62EBF6A19FA924F6ACB16EBBB7E8 |
hash_sha512 | AD040FFF429F2311AD546FEFEFE3F3BEE5326851DA02CB8A6BE0BE970B54F4BFE7DBAA1456393AD65536794D04778033BADB787CA772162F95C09151311D2470 |
hash_ssdeep | 1536:O9OM0ukdc+pC1QunQVVVbl+s7r4gCZ2+uO:QOZdT41/nQ/Vh+xZTu |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | LanguageComponentsInstaller COM Handler |
meta_original_filename | LanguageComponentsInstallerComHandler.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | LaunchTM.exe |
file_path | C:\Windows\system32\LaunchTM.exe |
hash_md5 | E40B4BED011FA2AF5AC660E620E3F887 |
hash_sha1 | A6A64CC07500E327970D2FFAFBBF6F70855F9419 |
hash_sha256 | 028E02A7F698150DD9F2CF8A98143F9C67268D1494EFE3AEF0B950D02A4A58DE |
hash_sha384 | 43FC8A18F95592A143B596059934587368BB852BEB594C6B6EDAB379BD5C95104916E98D9D7DD8FDFA1137153C51BEE5 |
hash_sha512 | A69A1390C88319820427E8D21153FCD5C0F8CD6007E5368C08C655D1B6415B2C92551D2D5FF1D67A62461C40A03BA887DA8E70C8AC3A71C9D5A7615E305B4644 |
hash_ssdeep | 1536:CSSlMm8UngMCw2I8FXmzOGDBdpunOl1UIHmejrDwkKgT43FVkXXPKedjXfaW:AlOeCO8FXUO0iOlCIHmeRKPKk |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Task Manager Launcher |
meta_original_filename | LaunchTM.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | Taskmgr.exe |
key | value |
---|---|
file_name | LaunchWinApp.exe |
file_path | C:\Windows\system32\LaunchWinApp.exe |
hash_md5 | 3AB074C43F1CAF880D984B2E98464048 |
hash_sha1 | 35331EC6DE56699E4CE32AA37C6B710747E7EB8F |
hash_sha256 | 477B19B706FAB3C1E565B33741ADBAE8016699F0759C771AE1B8F47CD08798BA |
hash_sha384 | 60774674F3ECF8A7E00A643A179DE5F94739805D1B7D52E78BA6B2FAB70BBCCFCD8DD9A354091065E8167483F8D762BD |
hash_sha512 | 3B84AD4D1AF5E604637448F20D0AB16B670966D8BBE9BCA093711AC7C592204CC1D220CA801BE2D5F23D2D6F1AF421003095919895E4ACF126E28BE000B33764 |
hash_ssdeep | 768:XLpiISO2qrX9xnSe0xY3FobomUSzzTQTJs6gnRwl0O/qgelxGNIGjkKnvw:XteqrDRFGoXyPEJf+O/lNIGjxY |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Launch Windows App |
meta_original_filename | LaunchWinApp.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3686 (rs1_release.200504-1524) |
meta_product_version | 10.0.14393.3686 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | LbfoAdmin.exe |
file_path | C:\Windows\system32\LbfoAdmin.exe |
hash_md5 | 86D331A0F698EEA7CEF552C1EF7F4E82 |
hash_sha1 | 31E78BF1329B81F2AC50B8A62354420062172E02 |
hash_sha256 | 7B07A154C26EAB7A0086BD8D0288061CCEAD92787FD175DB3FBC1F844AF954E9 |
hash_sha384 | C8732949000F2FF8BDA00E6F6DBF39AC816EF4592AC8A11A305DCD45EB37DE8D78AE048CBE1EF82357DE51E11A6230D5 |
hash_sha512 | 868A972C04DC6829E040962B60E9CF24F219872CC90B97E2408D83B5077A84C1971DA796562EE3FACDAE7CEA76D8DEABFEF96F86BC327BA23D8A87D3BD5D6AF9 |
hash_ssdeep | 1536:5tVcjj4PBuhUYXH1VydQShStyJPnqbye86opC3M/EgmnryqPbvAWc14zUWJGCTBD:lxP8hUYXH1+mty9quegO7jS4VzT5 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | NIC Teaming |
meta_original_filename | LBFOADMIN.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | LegacyNetUXHost.exe |
file_path | C:\Windows\system32\LegacyNetUXHost.exe |
hash_md5 | 5B7F8034C0FD0327884BFD06B7F5760C |
hash_sha1 | 598F2C8F104668F6B85DB529B08AC4DC2C172769 |
hash_sha256 | CD0E6E0B017130B980ECA23538518C50AEAE11CB97D401372D4DEC7B6F0C5E17 |
hash_sha384 | EEAB8D0DBDB006CD1B323CE7AFA794485B1A9B52152721AA1240ACC5D8F2C6E51E3AE1252939EED186E41E29C82B20BC |
hash_sha512 | 47BAE0234C6FB24121861EC576E9A4BAB8322506BB0835632D547E5FC64201B22408BA6089A7FC83FE5E6AFA5B0CEACDEC01F1D0E00AF7C0D11B5BE826302D0C |
hash_ssdeep | 3072:+9mlDBGVYt+uIc2pC5Akvxw8nobS+Z829rt/0uc6RMNS:+9SD8VYRInIBoufuaucCMN |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Legacy Net UX Host |
meta_original_filename | LegacyNetUXHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | LicenseManagerShellext.exe |
file_path | C:\Windows\system32\LicenseManagerShellext.exe |
hash_md5 | 6290371174BD6A21DA88BD2CA14026F9 |
hash_sha1 | E15588231E7C4D5239BB4D17F5AC776893391B36 |
hash_sha256 | 24BC3C78E92B7041566302071855128FD2A9D07675576F1010EBE00BD31151BE |
hash_sha384 | 24348C7DB160EAC2DBCFAA26F2C060E82F03743E284EB4185B20EF09D7D9D0E715F09C66ECD832EC49161EB69B6F4454 |
hash_sha512 | 2DAE570B4B7E6DB750887F6DB02ABA06E76FF0E5300367C67D1C6DFC9FB683F2D95E782B7A528ABA539037604AD571947997329D8A3EA1DEF5E171C8A3B97C3C |
hash_ssdeep | 384:dm8NFFDaXMl3DQUtb9CaRTXWmHcc1NRlFIq+QdldDuedzQKFd6mgdZHfOW9qWwX:08NFFZQUxZccDOq+QdyexQKymg7F |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | LicenseManagerShellExt |
meta_original_filename | LicenseManagerShellExt.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | licensingdiag.exe |
file_path | C:\Windows\system32\licensingdiag.exe |
hash_md5 | 58DC7B96D334B2F47380224A93610B56 |
hash_sha1 | 1BF838884A8CD0F94BA1BBE7DCAF76EF8BB9AED1 |
hash_sha256 | 1A7DD1CE81B334BA211E0EEC122855ADD5321BD3D30D4A851DD5A0CC5AF22959 |
hash_sha384 | C4083D14F105BD82E7A5D70CE1A380C2EE95F8D97B4E71D4851F1F299F7AE6D71CA92FEF79F6DCF3D2B42C1CD1B9FB10 |
hash_sha512 | 822ACB7930F85B9902D3394E9C7180703B678B4DB9E0E4DA8AA02490182422B1A847CE57B4B9306C282103423C3BFE29FC354D7814F652EEFEC4D6A5B8C4FEB5 |
hash_ssdeep | 1536:BIl84wWlkIGxab8nuviEHeobh2ejgy3VTVuaxpvE:BdxawW7eC8u3h0aT8 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Licensing Diagnostic Tool |
meta_original_filename | LicensingDiag.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
children | conhost.exe |
key | value |
---|---|
file_name | LicensingUI.exe |
file_path | C:\Windows\system32\LicensingUI.exe |
hash_md5 | FD591AF9E78ED65C96A736507780C5E9 |
hash_sha1 | BA9C7ED57D6F67AFF5A4F0A30781A06E42E617B1 |
hash_sha256 | 7A4E307A372D56387AC61870E770EB0097A12C26FE2C470D14D41EE76E3C0779 |
hash_sha384 | 97587464F2E841482F2DC47414BCF4DD9B42DDF1766385BA656E55B6726B25526496C42C2663FA4FFF692A3B56FC674F |
hash_sha512 | 97D89217BCBD14DB4936A3A885F1FEBAD9E87AF85BCB759104854990BDAC05438823E0A02113359447F21957DCFECCD53751F7CEDA9E8EC8063A3AE15CAC94B1 |
hash_ssdeep | 3072:ebazxnZ1T2lNznF8kF8jrWZ1LW5NuyN3whWAgiJTdDf/Wvkaf14REt1f:rz9ZV2vR8kajSZ1LW5NrdwhWAFKrwEf |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Licensing UI |
meta_original_filename | LicensingUI.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | LocationNotificationWindows.exe |
file_path | C:\Windows\system32\LocationNotificationWindows.exe |
hash_md5 | 5313F9A0C940970D5491E00C19EF074C |
hash_sha1 | D443BE0BCB6895908CD9B6DF4787CEAD208331C8 |
hash_sha256 | 52A028416FBE7FF2FF1936CFFDC59082A1EBBB7E100BFBFC0E7E79E89E983BCD |
hash_sha384 | ECF4FE63A7A01E51A3E0D85A1356D9B45FDF8165929D75ED213E47D10A2C1168567554132B91BA6C7CC1821B64F0C021 |
hash_sha512 | A765B5440630BF14C1E11ADA5127E15A0E2E06CAD120B44A5E9806BCF4EA2F70BBDC7473A678B380B5781BFE676443235D17DAC13C57F4E824B1F836BC727CB4 |
hash_ssdeep | 1536:AGiirUZv/AsPfwmFGaHp8ZYBOA/wb0vBRwOKGpL:AGiXVfwpaJ8Zu/wb0ZRwwpL |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Location Notification |
meta_original_filename | LocationNotificationWindows.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Locator.exe |
file_path | C:\Windows\system32\Locator.exe |
hash_md5 | 109C1D609951E886D3643B15C1EDD1C2 |
hash_sha1 | 20E9173558D9B594D40D5EBB4A7C4019BFF0BF3A |
hash_sha256 | 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA |
hash_sha384 | 985B85F8B137025A33F89F26CA001AA51E95A1AEF3B864DEA3DF7686E8A2D211237A2EF5599E1ABC18363B86E72E5AE2 |
hash_sha512 | 3F723B2A46F45469B76AC9B75D6D4AF5689167139720D14534AB64ACD58493A19CA40F12CEFA71ABAC6E14AE298C43A802002E06FB6C24880E35E1F3320E0A46 |
hash_ssdeep | 192:h+KPfrjBKb15VbkP1NC+XwkKjGLIIQG5Va1F18oDkoJeumD6WrlW:Zvgb3w1Y+gkKjFIQuk/1Zk1rD6WrlW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Rpc Locator |
meta_original_filename | locator.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | LockAppHost.exe |
file_path | C:\Windows\system32\LockAppHost.exe |
hash_md5 | CCC6C8D3FF120D250F724629C263FA8D |
hash_sha1 | 2FC2230B7024F558D68C4FA543C9FC6415E00BC5 |
hash_sha256 | 84E652597EE67BAC3A3A8D51523009089027C387F190542E1A9DFE9678D755F2 |
hash_sha384 | 55CB86368E714B43397C5D869AA85B873438300C26C468AE8CADEAD6DA8487B5D1124231C0C89C7611A86F46A42BF853 |
hash_sha512 | B2A47A979F8513EFBBF4BA4C08BD3F98E4E4FD5020CC69BE65536353650E03532137BD0095935CA7D269954642EA3E630C05385B0C273A8AFB9230A7D22EC3E1 |
hash_ssdeep | 6144:V80LhMUpyhl3T804SLVSjYSLLGPTeYusbpfxVHM91FOvednwaHq9ow:V80lM4cD8XYSPiSYusFxSxhKL |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | LockAppHost |
meta_original_filename | LockAppHost.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2457 (rs1_release_inmarket.180822-1743) |
meta_product_version | 10.0.14393.2457 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | LockScreenContentServer.exe |
file_path | C:\Windows\system32\LockScreenContentServer.exe |
hash_md5 | 074886F1102550E0B30F22806A33681E |
hash_sha1 | C42677B20D3474F4EF6441859645FDFC628F95F1 |
hash_sha256 | DF1E8AA50DF4A2EE02220D8466207462B3C56846731748EE33321DF4FDB32D2B |
hash_sha384 | FBED1C39D98F37C10F998D3AFACED3F80B8CCF77DA2E6BD7F95090C063EC0DEF6B72E120BCF0064F92A4A16C3C4276D1 |
hash_sha512 | 1EDE585D95D966C539EE17E9647E1EAFC7D36C2183DEB1E357A9E41D419A66292763B0F466E7921ED348068BD94F34A94DC10884FB898BB83FB377E158683102 |
hash_ssdeep | 768:oangc4hQ7u07x8jBmu5kuWHtFHl9rG9GO1pP1PM10d:9gxKVFwjVWHvHHrG9GwpNPg0d |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | LockScreenContent Server |
meta_original_filename | LockScreenContentServer.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | lodctr.exe |
file_path | C:\Windows\system32\lodctr.exe |
hash_md5 | F4436EB15113D5872A1ED801FFF738CE |
hash_sha1 | 47CC7447F9165129E59F3D89F9F0E352D909A807 |
hash_sha256 | AEAE0D1EDC73E853A73FA9BC1A0836557E05910E777682D9B80E516B9C9E874D |
hash_sha384 | FB66E330A7F2CDFC6DEA7340FB4F83CBEBF23ACB18402BFE15F048AFB8602D58E2408F9A164358F3DDDFCD8EBB68294D |
hash_sha512 | 88DB51E791A6BB065181DE42A87B727F34214D5359A1607B6136FADCB0CEAAC8CD0FDB34534611F260E8B42626371F3DD74A05551D145EBA5BFA3ED0C39D13B9 |
hash_ssdeep | 768:R5tugiyl/yPYp8yaigwZXbLsWwPN9s9aJuQrt8bplMcpvX/QxQb10Bxk:sxyUiRjwg9azYlMcBPQxQbmBxk |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Load PerfMon Counters |
meta_original_filename | LODCTR.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
LODCTR Updates registry values related to performance counters. Usage: LODCTR INI-FileName is the name of the initialization file that contains the counter name definitions and explain text for an extensible counter DLL. LODCTR /S: save the current perf registry strings and info to LODCTR /R: restore the perf registry strings and info using LODCTR /R rebuild the perf registry strings and info from scratch based on the current registry settings and backup INI files. LODCTR /T: set the performance counter service as trusted. LODCTR /E: enable the performance counter service. LODCTR /D: disable the performance counter service. LODCTR /Q LODCTR /Q: query the performance counter service information, either query all or specified one. LODCTR /M: install Windows Vista performance counter provider definition XML file to system repository. Note: any arguments with spaces in the names must be enclosed within Double Quotation marks. |
key | value |
---|---|
file_name | logagent.exe |
file_path | C:\Windows\system32\logagent.exe |
hash_md5 | 6C62CC5322D36EC0B180DD40DB67C2E1 |
hash_sha1 | 2705CAC8ADC3E8523B943B495D46700374C577FB |
hash_sha256 | 19D88CDACE7D668D56EC843A4EC09B5F140AB2DECDBAD340D2C565E7B62E3335 |
hash_sha384 | C67A07CF9EA42AA0EFCB28D37C25E4400AB308443A4EB53E66799A21FC5207E91CB8FCEB91EAF90EF291EAFD7311515B |
hash_sha512 | C1EFDD0FEBC6F5D95954D2D86B06F7513ADEB50ADA4BF20565593755E76D18147369F04999D4475BA3993683DB6669EF83BFA00AB83115E1C96D2711D5A10150 |
hash_ssdeep | 1536:YSA8y59/iay73JyUzq3s/JJPjE2Ce87O1XqSQVfYWlC17ygPG8Tm0Okz89TWr1F:rmKY3yJbE2T87O1p4lCNYJkgdWrr |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Media Player Logagent |
meta_original_filename | logagent.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 12.0.14393.0 |
meta_product_version | 12.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | logman.exe |
file_path | C:\Windows\system32\logman.exe |
hash_md5 | 16F3C9E88811A304E23C2A8B0B9618ED |
hash_sha1 | 3312004370A3A05F70EC2DF7F242FBA50BA75321 |
hash_sha256 | 58BF717313D23FFF632B6E8D8BB58A96DF2489C80F6FC2D4C8BFE499275FB483 |
hash_sha384 | AB9F3BAC2217E95CA00C1CE10043B6D7BFE5E88DC6A8D03209E68CB4C3645C29BEB3318C3184A7609242D5A7127E0E77 |
hash_sha512 | 5DBD02D00AD3B81E97D3310B133ECD05F97B70719740032DBD3A9A37924B4081D43BA355B194A19A5AE06FBDE2D792239DE2A5518FB408CC669EBB40AE8AC96D |
hash_ssdeep | 1536:O1gLO54vPgHQYpWSg2AoRv8S+GgTI8mHuYHwQsjXK25apHm:5LOevPgVUSxAoXBKlxeGjX75a4 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Performance Log Utility |
meta_original_filename | Logman.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output |
Microsoft r Logman.exe (10.0.14393.0) Usage: C:\Windows\system32\logman.exe [create|query|start|stop|delete|update|import|export] [options] Verbs: create Create a new data collector. query Query data collector properties. If no name\n is given all data collectors are listed. start Start an existing data collector and set the\n begin time to manual. stop Stop an existing data collector and set the\n end time to manual. delete Delete an existing data collector. update Update an existing data collector's properties. import Import a data collector set from an XML file. export Export a data collector set to an XML file. Adverbs: counter Create a counter data collector. trace Create a trace data collector. alert Create an alert data collector. cfg Create a configuration data collector. providers Show registered providers. Options (counter): -c <path [path [...]]> Performance counters to collect. -cf File listing performance counters to collect,\n one per line. -f <bin|bincirc|csv|tsv|sql> Specifies the log format for the data\n collector. For SQL database format, you must\n use the -o option in the command line with\n the DNS!log option. The defaults is binary. -sc Maximum number of samples to collect with a\n performance counter data collector. -si <[[hh:]mm:]ss> Sample interval for performance counter data\n collectors. Options (trace): -f <bin|bincirc|csv|tsv|sql> Specifies the log format for the data\n collector. For SQL database format, you must\n use the -o option in the command line with\n the DNS!log option. The defaults is binary. -mode <trace_mode> Event Trace Session logger mode. For more\n information visit -\n http://go.microsoft.com/fwlink/?LinkID=136464 -ct <perf|system|cycle> Specifies the clock resolution to use when\n logging the time stamp for each event. You\n can use query performance counter, system\n time, or CPU cycle. -ln <logger_name> Logger name for Event Trace Sessions. -ft <[[hh:]mm:]ss> Event Trace Session flush timer. -[-]p <provider [flags [level]]> A single Event Trace provider to enable.\n The terms 'Flags' and 'Keywords' are\n synonymous in this context. -pf File listing multiple Event Trace providers\n to enable. -[-]rt Run the Event Trace Session in real-time mode. -[-]ul Run the Event Trace Session in user mode. -bs Event Trace Session buffer size in kb. -nb Number of Event Trace Session buffers. Options (alert): -[-]el Enable/Disable event log reporting. -th <threshold [threshold [...]]> Specify counters and their threshold\n values for and alert. -[-]rdcs Data collector set to start when alert fires. -[-]tn Task to run when alert fires. -[-]targ Task arguments. -si <[[hh:]mm:]ss> Sample interval for performance counter data\n collectors. Options (cfg): -[-]ni Enable/Disable network interface query. -reg <path [path [...]]> Registry values to collect. -mgt <query [query [...]]> WMI objects to collect. -ftc <path [path [...]]> Full path to the files to collect. Options: -? Displays context sensitive help. -s Perform the command on specified remote system. -config Settings file containing command options. [-n] Name of the target object. -pid Process identifier. -xml Name of the XML file to import or export. -as Perform the requested operation asynchronously. -[-]u <user [password]> User to Run As. Entering a * for the password\n produces a prompt for the password. The\n password is not displayed when you type it at\n the password prompt. -m <[start] [stop]> Change to manual start or stop instead of a\n scheduled begin or end time. -rf <[[hh:]mm:]ss> Run the data collector for the specified\n period of time. -b <M/d/yyyy h:mm:ss[AM|PM]> Begin the data collector at specified time. -e <M/d/yyyy h:mm:ss[AM|PM]> End the data collector at specified time. -o <path|dsn!log> Path of the output log file or the DSN and\n log set name in a SQL database. The default\n path is '%systemdrive%\PerfLogs\Admin'. -[-]r Repeat the data collector daily at the\n specified begin and end times. -[-]a Append to an existing log file. -[-]ow Overwrite an existing log file. -[-]v <nnnnnn|mmddhhmm> Attach file versioning information to the end\n of the log name. -[-]rc Run the command specified each time the log\n is closed. -[-]max Maximum log file size in MB or number of\n records for SQL logs. -[-]cnf <[[hh:]mm:]ss> Create a new file when the specified time has\n elapsed or when the max size is exceeded. -y Answer yes to all questions without prompting. -fd Flushes all the active buffers of an existing\n Event Trace Session to disk. -ets Send commands to Event Trace Sessions\n directly without saving or scheduling. Note: Where [-] is listed, an extra - negates the option. For example --u turns off the -u option. More Information: Microsoft TechNet - http://go.microsoft.com/fwlink/?LinkID=136332\n Examples: logman start perf_log\n logman update perf_log -si 10 -f csv -v mmddhhmm\n logman create counter perf_log -c "\Processor(_Total)% Processor Time"\n logman create counter perf_log -c "\Processor(_Total)% Processor Time" -max 10 -rf 01:00\n logman create trace trace_log -nb 16 256 -bs 64 -o c:\logfile\n logman create alert new_alert -th "\Processor(_Total)% Processor Time>50"\n logman create cfg cfg_log -reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"\n logman create cfg cfg_log -mgt "root\cimv2:SELECT * FROM Win32_OperatingSystem"\n logman query providers\n logman query providers Microsoft-Windows-Diagnostics-Networking\n logman start process_trace -p Microsoft-Windows-Kernel-Process 0x10 win:Informational -ets\n logman start usermode_trace -p "Service Control Manager Trace" -ul -ets\n logman query usermode_trace -p "Service Control Manager Trace" -ul -ets\n logman stop usermode_trace -p "Service Control Manager Trace" -ul -ets\n logman start process_trace -p Microsoft-Windows-Kernel-Process -mode newfile -max 1 -o output%d.etl -ets\n logman start "NT Kernel Logger" -o log.etl -ets\n logman start "NT Kernel Logger" -p "Windows Kernel Trace" (process,thread) -ets\n |
key | value |
---|---|
file_name | logoff.exe |
file_path | C:\Windows\system32\logoff.exe |
hash_md5 | 63DAFD4EB9CF5D5BAD52B2F78C9C3DDD |
hash_sha1 | 54128FE2F1E8E2E325F73000E78D321A6C84D1DE |
hash_sha256 | EC35AEEDEDEAD912B65247BEBF6B87D010182ACA99EA78B6EE2D80BD267FBD40 |
hash_sha384 | 5D424FD643753FA6842994CB9B601E43F9C7F0FC6561368D89BB9EA390B7926468C8BCB9B082D311FEF8FFD878C04320 |
hash_sha512 | 782724E112FBF327DD170957819C329B9E2A63CA2FC828ACD76337A23E8C4CB288AF8E0D9C92A0E93D73DC85D58BBF1B4EEC7AF7D8F8FF3C996CFC7EB80A8617 |
hash_ssdeep | 384:jrh2V3nRO3qQRC9QgstQrldEg55M2ID2/GFtR+nzn5mocyGMrUvbzCW37uW:jrhEYdLaRlmh3Qz5mxvbz/ |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Session Logoff Utility |
meta_original_filename | logoff.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
error | Invalid parameter(s) Terminates a session. LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V] [/VM] sessionname The name of the session. sessionid The ID of the session. /SERVER:servername Specifies the Remote Desktop server containing the user session to log off (default is current). /V Displays information about the actions performed. /VM Logs off a session on server or within virtual machine. The unique ID of the session needs to be specified. |
key | value |
---|---|
file_name | LogonUI.exe |
file_path | C:\Windows\system32\LogonUI.exe |
hash_md5 | B38DFCF985D8AE5B1A17C264981E61C7 |
hash_sha1 | D14F98FA954E585672D8505DFBB1F8240C49EDA1 |
hash_sha256 | AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5 |
hash_sha384 | 0DEF752E3AD60FE1CF9E27FC1640CF7B73FDEE05D39370B9909603ED20310AED045DD38C116A54CDB2BB6B3897839BA8 |
hash_sha512 | 7B16787E8C4A5197D0E904C73CD256BF02E646B4C65013668161D00A193314E14270F4A5756D85E1562E990B197441A2A53D17297FF4D03F08A13C3FCB8326EE |
hash_ssdeep | 192:wPQ3DcPYDUfHqlZubjq4jrzCEqXVdQ9GvGHsl2WnUW:bDUfwgbLjreEOXGHsoWnUW |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Logon User Interface Host |
meta_original_filename | logonui.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | lpkinstall.exe |
file_path | C:\Windows\system32\lpkinstall.exe |
hash_md5 | DE7C9EF49B7C0DFECC0D535A11607AB2 |
hash_sha1 | DA08D0492CDF53680D06408FD48FC1F4835F0D2F |
hash_sha256 | 6F15E80B4E9CBD7741C129B68F15F6400F10DF9A4474DC48104C09FAB182E63B |
hash_sha384 | 7F72B97F976CACF028AE78F9495760C994164F70190CE00073434F223E381E3B6F782EEE4B3DB98F60439CCDE24A3402 |
hash_sha512 | F03207207EEC93CFEE5E972ACB228C26CF4FE4162244C8149263EE7D84C9C2A1D472F17447ABCF018F72FA4E0513BA0D21D03C692CEB958A7DED6CB9D1E63163 |
hash_ssdeep | 768:v0Cuho104bqSjm4PoNHi0tRlhl0VNbT6WniSHUPzBa:vPaoBbqGm4wD+VNbTJiSHUPNa |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Language Pack Installer |
meta_original_filename | lpkinstall.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | lpksetup.exe |
file_path | C:\Windows\system32\lpksetup.exe |
hash_md5 | 170343B59D2A8607C7106ED63E524AE3 |
hash_sha1 | 848FC2AB03F982B442C9F04C26677413CC90121F |
hash_sha256 | D374DD6E68F5CA40B3A86B6E32946019DAEBD2E24A48CD43D0D01074CFE26681 |
hash_sha384 | 55FA09FF17501C54E468F96F81272FB4BE7B2B8799F4D0D08102AD4EA01E6D0A18742B263CA89F9F86FDE56097B737C6 |
hash_sha512 | 12A0D2032FB87EFCE81AF03DBD47A3C3555FBE177EE547D77525419BB9DF334E529CE245F4D4F413A5C688700B948B897BB6052E456B4BFD1EA3620F4B2C44EC |
hash_ssdeep | 12288:PQGXMy8IkciS00hDrydajNts6T8doqyKJjmReMNOtNQWggQVqtDx2/D6yfndmLh:PlX8IkciLEZnrT8OsmIWOtNQkQVIDw/a |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Language Pack Installer |
meta_original_filename | lpksetup.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | lpremove.exe |
file_path | C:\Windows\system32\lpremove.exe |
hash_md5 | DC79517FEBFB066CEA6BDBD376DA9C08 |
hash_sha1 | 7BF2B7FFD9BEBD13162AB7D8ED19FC0956D32C9C |
hash_sha256 | 1422EAB9650F4D37D496BD0EFB976628E4336D2BD7FF1B4864D6E8E073300C5F |
hash_sha384 | D4A6BFE98C442F85E0A12CCD1BFECCE9F4E242B68147511855970C2A2C497E763ECF3B78C8EBF921CEB35518C832162E |
hash_sha512 | E0FC36EDD812FBB237FBBF3FD34EB4ACFFA975E96A66193CC5F3F7A2FF71A5409929FE9A10C3EF416EE63AAC8B03378A5B5FED0429351DA782284474C9A71D86 |
hash_ssdeep | 1536:QIZ20erN5lWs8gReESH2treCUp0slvcykxNSiAg:3XypWUReESH2hKPvYxkI |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | MUI Language pack cleanup |
meta_original_filename | lpremove.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | LsaIso.exe |
file_path | C:\Windows\system32\LsaIso.exe |
hash_md5 | BE793A4B6179CA7D380CA168344E0FD1 |
hash_sha1 | A0CA299EB5904C03889CAE33C2B13007CC069F5C |
hash_sha256 | 06F7BD6FE8ECE75B38E6CDBFE8D7CA9767FE1AD638A82671D6A4C855FD538BB6 |
hash_sha384 | 48DDCA0AC83252552405895C01ABAC8A69D1A047E8D7F41BC3ED0A751760A2CFE8B574B51933627A9A9172BA6836CF0E |
hash_sha512 | E6AEDC6933727A5EA62EEF249DA6BDD481A0D407C8F701F6CC0C5BD02DB7B9F35BCCC4A913AFD3296B9DEAEF1108784C61D8F37B1A8AC83A0F24B06BF77A1195 |
hash_ssdeep | 3072:aD0pGEPBmKdDxPPqmpax5FN27JzWpaQmTs3vIAqazg3o243NmaW9j+vS:aD04EPB9DEmsx5FWzWpvqyvIuB09n |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Credential Guard |
meta_original_filename | LsaIso.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3659 (rs1_release_1.200410-1813) |
meta_product_version | 10.0.14393.3659 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | lsass.exe |
file_path | C:\Windows\system32\lsass.exe |
hash_md5 | 5AE8589CDDE46ED132AEF8280BC8894A |
hash_sha1 | 20A244C0440ED0B418F454F8A12ED0DE6A8BD6D2 |
hash_sha256 | D957A03C6EA35CBF0C90B0B088DF07E7803A1A3EEB4BA889038F88DB066BBDC4 |
hash_sha384 | A2A00CB7709B7E90EEA20781D3E156532D69265E7C1430C613A3ECA4AB214A556C484A6663C7494B97EBF678D14A761D |
hash_sha512 | E8949C6EF0D5DAC5A89536734305AEE0CD1F28055B77367981EB065CA967AA391FDC9C14C634DE5119D7719BCA36A10B2B079ADF9E705028F9C0A706F202F077 |
hash_ssdeep | 768:xorvR2Fw+l+EPbRXFk5sM9cxTS3Pgez2F6zHoeTosKzls65ztMIrJ2fy1PTSi:xTFw+l+Azk55zV8eTY5JJGiJ2qPTSi |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Local Security Authority Process |
meta_original_filename | lsass.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.2580 (rs1_release_inmarket.181009-1745) |
meta_product_version | 10.0.14393.2580 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Magnify.exe |
file_path | C:\Windows\system32\Magnify.exe |
hash_md5 | 88156DA1B88F03E6591359587F3FAF2C |
hash_sha1 | 3E44758C3140A0129700DDAE611F70D3492E5C39 |
hash_sha256 | 82EA54BB8C1A96AE09CB240BB14CFF8A6A6E612F76FBB0AE39A4A10E2E3CB318 |
hash_sha384 | 69451F3B26743B2DB192F5057994FE127599723E1F7447E6369F16776165CE325D6877A67FDE59158AB30D3E9CDCBCDA |
hash_sha512 | 60A297B4656CCA770C81E6FD09927DFECA51383DA9809565E5E5F428F85494BEB711A6604FE2372896D5F0B805CC3FAC0F5022227D79012D6D50AB5B52889EC1 |
hash_ssdeep | 12288:t4ZkNIN03Ps/n6Vpt8XB04dDuc/04dDuc/vq:t4boEgp/4xI4x7v |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Screen Magnifier |
meta_original_filename | ScreenMagnifier.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | makecab.exe |
file_path | C:\Windows\system32\makecab.exe |
hash_md5 | B51BF14D7B1D6B5CEE13E90B86A99645 |
hash_sha1 | F5ADC20E1674DD99923909A66C64FCCD51C29672 |
hash_sha256 | E73754E12402679C921E4903C4E1130DCA6A3714FF7A42866AA38692AD0874F4 |
hash_sha384 | 558F5264B0BAC8832EF96A240B994BD15C4656C6C8AE9128EBBD54EE23016B7A1BCE708C99B05B7ED8E95CDB361F6625 |
hash_sha512 | 21E8CBA2DB8686EAE37AB9C80E80230874E94CFF39CBF3343B087F57F9559CA34CA477E65ECCF593310A1F6DD0287A54B4C0624D9FDA83CE548D9AC52A66413F |
hash_ssdeep | 1536:2mTPqowqJjEfy8gH+EzP8+ZdfnCNgIT2v+N2iHhHdZYsq3EDrxYS0vJd:JTTNjEfy8ge0t3fnExiv+NnHdWDEDrxq |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Cabinet Maker |
meta_original_filename | makecab.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 5.00 (rs1_release.200407-1730) |
meta_product_version | 5.00 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Cabinet Maker - Lossless Data Compression Tool MAKECAB [/V[n]] [/D var=value ...] [/L dir] source [destination] MAKECAB [/V[n]] [/D var=value ...] /F directive_file [...] source File to compress. destination File name to give compressed file. If omitted, the last character of the source file name is replaced with an underscore (_) and used as the destination. /F directives A file with MakeCAB directives (may be repeated). Refer to Microsoft Cabinet SDK for information on directive_file. /D var=value Defines variable with specified value. /L dir Location to place destination (default is current directory). /V[n] Verbosity level (1..3). |
key | value |
---|---|
file_name | mavinject.exe |
file_path | C:\Windows\system32\mavinject.exe |
hash_md5 | 3196E7F92E0B4367444A185B5A4E757D |
hash_sha1 | 34A26DEA01EA4A421F5512D1DEED5CDD0A4CCE59 |
hash_sha256 | CFBCA5DDE322DD0CC6DD07412589B532B59302D4D7B1739BE248F9CDD24CD8E6 |
hash_sha384 | 6F1A5D44FFF031E592DD685D3A4E6CA141AA7E471CFEA8D17BCFC7D9B9BA6BA90B13B2819A688056A0478F39FB5D4726 |
hash_sha512 | AE0D34ED7377C22715E620C827FAB62801234EC687294BF29BAE2BDD2126BED14464984F197ED70CD3372B3BFA07DFC213C2A6DEF250F0D5E8DEB4AEB0BB9899 |
hash_ssdeep | 3072:1u/7/Qapj1CpO3KTWGNU6ITT9KoN7Dq6DUv:1KQapJCpO4WGNU6ITT9KG0v |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Application Virtualization Injector |
meta_original_filename | mavinject64.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3659 (rs1_release_1.200410-1813) |
meta_product_version | 10.0.14393.3659 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | MbaeParserTask.exe |
file_path | C:\Windows\system32\MbaeParserTask.exe |
hash_md5 | 77B6CB827F0132F41C85EE81B268F6FA |
hash_sha1 | 3C02C7BC78B70D5BDE152DE97FE6B31EA1FBEAF9 |
hash_sha256 | 3D5453FF03CA435AC1196D13F2F3EA0EC17159F02777066E910A8DB17A288B67 |
hash_sha384 | F2F31923630A92AEA458C0CE8B5E64C7A324EFAEFF4921134C3F2DB23F3E751160DEAC6BAC3396D2A1EBA667B98A284C |
hash_sha512 | 6EC96DE7330B376258765258DBEDBB1D83E54A5B92B5FF143129D5AF4B7B4F623877817694AB39AE618176D2018E92FB24913C113B80FC262EF8EDCCB3D5D51B |
hash_ssdeep | 1536:X7KTL3NOpVnehHjUWiApZ8z4My7KjGoiuzS7aVH8J/P+pbv:X7KFOpchHiApU45+jGolzS7aaZP6v |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Mobile Broadband Account Experience Parser Task |
meta_original_filename | MbaeParserTask.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | mblctr.exe |
file_path | C:\Windows\system32\mblctr.exe |
hash_md5 | 0EC4ADC3149C9F85BF96B83C6AD174F5 |
hash_sha1 | F053C88F40E68BEA6442E384429963CFDBA4F4BB |
hash_sha256 | 8232A606889BBE9719ADE8104CF314596CFFBC8A28060D27373C527DA83C340C |
hash_sha384 | FAFB79478C369E67D25994B348B9C60EB18F6CA37F95FC0D9C5344071FD8B45894F838076C24E96C9A2B155979D3A1B9 |
hash_sha512 | 3F8895EEF6BC42020C05CEBC130D907BEB59A69913C4B2422ED35718E31289B67355F6F90B05417D667E77AA071B8D6D7A0F587FEB4A7A1012E161E460948CD3 |
hash_ssdeep | 12288:TGkJjCh6BMZLpgdc5geSMO4nu451qviizQBODAKylkm5ZUxXrc5Zh5ZG5Ze:TjMZLp4cq2u45kRzAKcjY8poA |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Mobility Center |
meta_original_filename | MBLCTR.EXE.MUI |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Copyright (C) Microsoft. All rights reserved. |
key | value |
---|---|
file_name | mcbuilder.exe |
file_path | C:\Windows\system32\mcbuilder.exe |
hash_md5 | 7D98FCF7C13D3E0C5D341907161B2DA8 |
hash_sha1 | CBA8F960DD78905D5AA821A2210300EC99A22EAD |
hash_sha256 | A6AC534E69E316145CB54B31D0D9DE4ADDDD471D790FB031C85D3F3EF61AAA8F |
hash_sha384 | A0F2EC871C30703A5C1010BC621992B374E19834918E8929941107CF1E283685BD51F8736C04970B342619D462927F6F |
hash_sha512 | A90EAF85B45513AD7992664685F7E663FC19287084979A6C988994FA490845ECBDD4105DB579EE6AA68921606A7C7BA4D752218225F4EE8C77D0332532254601 |
hash_ssdeep | 6144:XIrxeHSMzn7EOZbY0iyl0vl+fRE85RUV3Ktnz9:4rwyMD7EOZTiRqE866 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Resource cache builder tool |
meta_original_filename | mcbuilder.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.3659 (rs1_release_1.200410-1813) |
meta_product_version | 10.0.14393.3659 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | MDEServer.exe |
file_path | C:\Windows\system32\MDEServer.exe |
hash_md5 | CD44AD4416345E4D5D2674BD1218B7E2 |
hash_sha1 | C9904F93953BC8CA2851099DEA0F88DCD35096BF |
hash_sha256 | 5C6F11BE84A35C3CFB81B56B666C9BCB63D79F8F7E7347F3BD4F3449020C8C6B |
hash_sha384 | 66876C3597740311D10879EC48F9405D9C69924056CFF35F777F96987965788DC31D08095455A9EE021CA1983721F5D8 |
hash_sha512 | FA3808DB2EBB8087860D9AE28519EAF453F52C16076CF8450628B1D2BCB98D052FB6188D861E2E57E991662AFF8D21927AF35CC4CB3890FEAA9ACEBB8E7BDE4A |
hash_ssdeep | 12288:9HXl00Mr7irR/IhDGxGs8HI1hata9AgiLVZ4Yye:ZXl00Mr7irR/Ih9s8o1hcLLVZ4Y |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Cast to Device Server |
meta_original_filename | MDEServer.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | MDMAgent.exe |
file_path | C:\Windows\system32\MDMAgent.exe |
hash_md5 | 2C811E73970DB48719FA766460A912EE |
hash_sha1 | 3049A84858396494549E52EC63646EDE40B20DEF |
hash_sha256 | 5808752D94BF981798DABAE8B46DFD2A849B7A889724921A505FEE5FE7FD97DD |
hash_sha384 | EE22BE2CAE3CC81CF7DD5323D3C1B17D23583DFE84E340A8291D0D64F6A3237790DF4DC234606D42CA3372C241BD5678 |
hash_sha512 | B33281E081BD8620DC2FA2122A801093348B179A4AED6C4707A668464332D631F32946ECB041E8C9406656A382F43487664318B395C1FC11DB9CA00FA3F32E1C |
hash_ssdeep | 1536:TqPrcMDJopBgIiUaKVunZueH93kHuc4SoZ:WPmpBb3unZuK93kOqG |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | MDMAgent |
meta_original_filename | MDMAgent |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.1794 (rs1_release.171008-1615) |
meta_product_version | 10.0.14393.1794 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | MDMAppInstaller.exe |
file_path | C:\Windows\system32\MDMAppInstaller.exe |
hash_md5 | 036D826413ED8690A0F944CEDA444403 |
hash_sha1 | 5893DC2F3BD01CE598B53E84D41F04F32AF4B440 |
hash_sha256 | 5891ABBAC0E2DB865F9422881B2F861F3C226E4A0470E5596A95170E3CDBE3DF |
hash_sha384 | 9873D2DFDB3B14BAA18B99C467B8A70851CD8BCD81DEC23A4EF7AF83A00D4555E6D7FD2DC1A8D1854E65E3C4FCA1C178 |
hash_sha512 | 68DAFB96EA42EA3646DF241C95B7656A8A0BF85E990CE912E3C4C1071DD08EBCE6C5B84EA6F6AFB0C54787394E69834BB55B9C4915480681CD69EB7749EC9BCA |
hash_ssdeep | 1536:sI3kpyD3l8394t9PNMqb1r5PAXQvu9fiA0++fofBOm7xNng7qo1e+w/P:sj+3tDVru9fiA0++AfBz7xan1eH |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | MDM App Installer |
meta_original_filename | MDMAppInstaller.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.351 (rs1_release_inmarket.161014-1755) |
meta_product_version | 10.0.14393.351 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | MdmDiagnosticsTool.exe |
file_path | C:\Windows\system32\MdmDiagnosticsTool.exe |
hash_md5 | A3EBBF477473AF06EE428238AAB8AB57 |
hash_sha1 | 6F6C663C898410015EA2C3977E11B3EA7C824F9F |
hash_sha256 | 8CF005FB0DA8911C05920F8AB485F92FADDF74251E63550F2D02863D8BDF4138 |
hash_sha384 | 59C58B34177757D3337BF056F3D020CF07C2EBA83623F235CFD60AF774423C339F75926076C2BE5A7D90AE2DCE0FE30C |
hash_sha512 | 3E045B4249354AF6781D1B0B703A8875601F206B857CB66EE19C068542EE50DC254BAC3C8FFED20142B051E59293AD7B120D7EAF86A2286E5612E827EC13C1DB |
hash_ssdeep | 384:cOvq2p3sGLXV1WR31AHZqOmzvl2RygjWQGBrWSi1Wm3:c897VA8kjl07jxGg |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | MdmDiagnosticsTool |
meta_original_filename | MdmDiagnosticsTool.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
output | Report location -help |
key | value |
---|---|
file_name | MdRes.exe |
file_path | C:\Windows\system32\MdRes.exe |
hash_md5 | 65AA6B6B47D01BF36898D5D06617C623 |
hash_sha1 | D556B77A69583447BD45FC7D9BD369EDC213F8F5 |
hash_sha256 | 5F81350F8147E8632C6514F06F4487DAAEE7CE2FF1EC53B821D14D862C21A08E |
hash_sha384 | C9D630960BD54483BB3EF6C8755FF104C1BFC4A03E456D61C9A7E538AE2E02228CE38C9C9AF4F99EF641F8A958AF8846 |
hash_sha512 | CEA0D2B7F4EE529994EB0CF955B4F969D22D5A5487B77DB50C043576AE6CF6500914D682380C99C9FA24663F88BAAC1AD4595F9100BE8CE56794333AC9C3FB22 |
hash_ssdeep | 1536:rZ9Hurm+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:rZ9Ore/FO+VQDUcUNWs+jm6 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Memory Diagnostic |
meta_original_filename | MdRes.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | MdSched.exe |
file_path | C:\Windows\system32\MdSched.exe |
hash_md5 | 8F8886C005711C2EAA283E3DF2CE01EC |
hash_sha1 | DC1DA6F30F6347024161C210BA6CFC96C7DF8843 |
hash_sha256 | 071A7027621AFFE293F6C99AF0700CC26BEEBF0974DC864AB5C9A1A6751CCA2F |
hash_sha384 | F75C4B32D8BE04B4410BD6326220D2BA05A53792F72E135896040D856C5B264C632DB5549A0F149531D0E66A98FCFB6B |
hash_sha512 | 291659582BADB57E1375E3FB1CAD8D9C9C79C207CD86C3A6BD8CDA269D00394201D9C95BE7D94D59EE585E6E2811D0A1E1B765D17CD3FACCA56EADF03A9B3084 |
hash_ssdeep | 1536:XCuhL13HwZEUm+65tFI720+VpmDOzc4JNWxwB1MjVJmRc:txNSEUe/FO+VQDUcUNWs+jm6 |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Windows Memory Diagnostics Tool |
meta_original_filename | MdSched.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | mfpmp.exe |
file_path | C:\Windows\system32\mfpmp.exe |
hash_md5 | CBF29D5D2704D2514ECB322A28011D22 |
hash_sha1 | 11967FEDF6D29ECDBDE289E5719FF636E0AD677A |
hash_sha256 | 178F0164D541B1B178AB3A35A07E924E4C109E09432D2E93556BE4755AD550DE |
hash_sha384 | 166329D0DC1EFFD09148677B039DF586E56020DBEB95F4E4952B544527D54B139C173DF5F27F3D0E427B5329DC316E86 |
hash_sha512 | F0A3C57B130448010D79C00401B04FD0483683A7814F6D42A6B534CB5A4DAC195F48093C979EA4D405577A71453B5845707C5A76289F91BAB35388C03DDB92A0 |
hash_ssdeep | 768:ei/puqUXX+8Uk6lKjZJyI+2toXnHAhLZvqDaI1PK:n5kDB2sZJy2oXHAhLIHPK |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Media Foundation Protected Pipeline EXE |
meta_original_filename | mf.dll.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Microsoft.Uev.CscUnpinTool.exe |
file_path | C:\Windows\system32\Microsoft.Uev.CscUnpinTool.exe |
hash_md5 | 5CBDBAB87879659E797E7447521515A3 |
hash_sha1 | 5F97A5141F403423C13D8DA91EF523791DC03333 |
hash_sha256 | F6E9CF309867A8BDC0FBE9DBC609D7EDADF2B998379E85BE07E7A863C622B133 |
hash_sha384 | DEA3205DCAF65F780F7CBE20BAB18D5F86DC144707E33F2FB15AFFE9C3B39D362EBF4DF4CF3A909198F3170DD8125A87 |
hash_sha512 | F11B61A6428CD3077FDA6CA0EF3D0B0D473165FA13BE400D8E6AA1371BEA2FBA01C902BA5F5E62975F57078A0468CB5C9CEA5AC1B2A74B7AD43769497FECE166 |
hash_ssdeep | 6144:0dtS539T3jy8gKfGA6RxeWB9O/vUihadxdZgIxb+w:OABZ3jbge6jR/O/vUisN |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft.Uev.CscUnpinTool EXE |
meta_original_filename | Microsoft.Uev.CscUnpinTool.exe |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.1737 (rs1_release_inmarket.170914-1249) |
meta_product_version | 10.0.14393.1737 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | Microsoft.Uev.SyncController.exe |
file_path | C:\Windows\system32\Microsoft.Uev.SyncController.exe |
hash_md5 | E0C7CE7B684529C73B6FC6E679611C9C |
hash_sha1 | 8BB57BCD4118A30AF1A4DAF541386B94CF9EF823 |
hash_sha256 | 51960801B7E5B6EE0E97DE9F12A9602DD01112C09FEBAF06568EFF5EADC62745 |
hash_sha384 | D6FAA1F9FB4674E76B45B0ED8E8D8CF06EE03EF98B82449E1E7DE1C0D75455FDFD0BBD0E003EEA44F9B2A2B7046239EF |
hash_sha512 | 1EB50F2215E780B1FAAA122165038A311C0E7F7CB14CE9627E0C4C5EA1F3A71ED0614441902D363B1E2BC946F4EEDD866709E518AC751F6691013C2637DA7DAD |
hash_ssdeep | 1536:1mOzYulqCAV/Qkd1sTNe+6NwiKE10DHlG:zYoqCAV/Qkd1sTNGBl10A |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000001733031072665B8B9B3000000000173 |
signature_thumbprint | 14590DC5C3AAF238FCFD7785B4B93F4071402C34 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | |
meta_original_filename | Microsoft.Uev.SyncController.exe |
meta_product_name | Microsoft (R) Windows (R) Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 |
meta_product_version | 10.0.14393.0 |
meta_language | Language Neutral |
meta_legal_copyright | Copyright (c) Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | mmc.exe |
file_path | C:\Windows\system32\mmc.exe |
hash_md5 | E1328E5A4A87C376927DB685110F8D6F |
hash_sha1 | F11E8FAACF669160579A32A38146C89F61F9E081 |
hash_sha256 | 6BC24C0694AFBC40256239F3C3A9AB1F99D76A7A00E683E53E079BB903149A50 |
hash_sha384 | B3D0D5A2325D5BB7B2249EE71214E679CB3FDA7F107D1B21AB4922209DA671B63AF99AFF8E4E4212508A0735E1FBEF8F |
hash_sha512 | B456EB3AE3B9B749D63E473689C2C0E9BC99C8E32C52F736619962C8F9D63AA631A2997A1BF6659EF94E4882061811F1F8FA10D2E6B31F0F14950A5B30BF2E83 |
hash_ssdeep | 24576:GIuLp3nX9Ofk2Q6uVzpmMIm1YJ5J1q9gtJxEIMo7wMo7DH:GF3tO82Q64pmMH1YdRtH7e7DH |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 3300000266BD1580EFA75CD6D3000000000266 |
signature_thumbprint | A4341B9FD50FB9964283220A36A1EF6F6FAA7840 |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Management Console |
meta_original_filename | mmc.exe.mui |
meta_product_name | Microsoft Windows Operating System |
meta_company_name | Microsoft Corporation |
meta_file_version | 10.0.14393.0 (rs1_release.160715-1616) |
meta_product_version | 10.0.14393.0 |
meta_language | English (United States) |
meta_legal_copyright | Microsoft Corporation. All rights reserved. |
key | value |
---|---|
file_name | mobsync.exe |
file_path | C:\Windows\system32\mobsync.exe |
hash_md5 | 99C4EC4CA3E1A91B3F2D3969BB41E6D8 |
hash_sha1 | A50C03CAE987919BCEE5ADC9C63FDDF9ED8102F5 |
hash_sha256 | 65C2A4AD1E69454BAD5C2BE41828E0025749F132786F394F0D38679EA0C68931 |
hash_sha384 | 981A4C947B83801781A974DA8C169F2D04C59E1FCF66D076A050B294D7C9403F9AB0F5D3DA1E7BFACBFDBB9DA3F99A08 |
hash_sha512 | 906AE5A145A4BD1ECFAF1DC19C0BABA1E3B70871ACA7EB943BFDD92F318D592DF7A49F3660170AB352A3E95A72E462BF6A691303A44F0759B9F56B118759E2E6 |
hash_ssdeep | 1536:1QxE7Zqq8NUfzZGoeWGPoCGVjGWmt8CXZ+63x+w4JD+0NL+fK:n7MTUf0jWGPo9St8WHxSD+09+S |
signature_status | 0 |
signature_status_message | Signature verified. |
signature_serial | 33000000BCE120FDD27CC8EE930000000000BC |
signature_thumbprint | E85459B23C232DB3CB94C7A56D47678F58E8E51E |
signature_issuer | CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
signature_subject | CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
meta_description | Microsoft Sync Center |
meta_original_filename | mobsync.exe |
met |