Windows 8 Forensics: Reset and Refresh Artifacts
Tags
| attack-pattern: | Data Local Account - T1087.001 Local Account - T1136.001 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 336c658b-ef5c-4c5b-aa30-f2b036780ae5 |
| Fingerprint | b784121ba7a78305 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Aug. 30, 2012, 7:34 a.m. |
| Added to db | Jan. 18, 2023, 9:26 p.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | Windows 8 Forensics: Reset and Refresh Artifacts |
| Title | Windows 8 Forensics: Reset and Refresh Artifacts |
| Detected Hints/Tags/Attributes | 30/1/16 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 6 | setupapi.dev |
|
| Details | File | 1 | reagent.xml |
|
| Details | File | 1 | reload.xml |
|
| Details | File | 1 | quarantinelog.txt |
|
| Details | File | 1 | logrestore.txt |
|
| Details | File | 1 | foldermovelog.txt |
|
| Details | File | 1 | migrationmigration.xml |
|
| Details | File | 1 | miglog.xml |
|
| Details | File | 4 | setupact.log |
|
| Details | File | 1 | systemresetplatform.log |
|
| Details | File | 193 | ntuser.dat |
|
| Details | File | 1 | migstate.dat |
|
| Details | File | 351 | recycle.bin |
|
| Details | File | 1 | webcachev24.dat |
|
| Details | File | 6 | dev.log |
|
| Details | File | 6 | container.dat |