e192995a...64da | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win10_64 | exe
Classification: Wiper, Ransomware

e192995a42b91bd86aa0c5fe5d4e4aaff1b921bdb10946b1ea67565b5d3164da (SHA256)

scvhost.exe

Windows Exe (x86-32)

Created at 2018-04-15 00:07:00

...

Files Information

Number of sample files submitted for analysis 1
Number of files created and extracted during analysis 18
Number of files modified and extracted during analysis 0
c:\users\ciihmnxmn6ps\desktop\scvhost.exe
Suspicious
»
File Properties
Names c:\users\ciihmnxmn6ps\desktop\scvhost.exe (Sample File)
Size 1.48 MB
Hash Values MD5: 26450fd3595154e4e7934f74e8802879
SHA1: 2f79c3857138e53e96a01cc87d3c10fd61469296
SHA256: e192995a42b91bd86aa0c5fe5d4e4aaff1b921bdb10946b1ea67565b5d3164da
Actions
...
File Reputation Information
»
Information Value
Severity
Suspicious
PE Information
»
Information Value
Image Base 0x400000
Entry Point 0x4014c0
Size Of Code 0xf5000
Size Of Initialized Data 0x17a000
Size Of Uninitialized Data 0x1c00
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-04-24 22:35:21
Compiler/Packer Unknown
Sections (11)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xf4ecc 0xf5000 0x400 CNT_CODE, CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_8BYTES, MEM_EXECUTE, MEM_READ 6.28
.data 0x4f6000 0x1ff4 0x2000 0xf5400 CNT_INITIALIZED_DATA, ALIGN_2BYTES, ALIGN_8BYTES, MEM_READ, MEM_WRITE 1.12
.rdata 0x4f8000 0x11420 0x11600 0xf7400 CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, ALIGN_8BYTES, MEM_READ 5.51
.eh_fram 0x50a000 0x62d50 0x62e00 0x108a00 CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, MEM_READ 4.69
.bss 0x56d000 0x1a80 0x0 0x0 CNT_UNINITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, ALIGN_8BYTES, MEM_READ, MEM_WRITE 0.0
.edata 0x56f000 0x5a 0x200 0x16b800 CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, MEM_READ 1.1
.idata 0x570000 0x1aa0 0x1c00 0x16ba00 CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, MEM_READ, MEM_WRITE 5.13
.CRT 0x572000 0x38 0x200 0x16d600 CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, MEM_READ, MEM_WRITE 0.32
.tls 0x573000 0x20 0x200 0x16d800 CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, MEM_READ, MEM_WRITE 0.21
.rsrc 0x574000 0x4ff8 0x5000 0x16da00 CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, MEM_READ, MEM_WRITE 7.62
.reloc 0x579000 0x7870 0x7a00 0x172a00 CNT_INITIALIZED_DATA, ALIGN_1BYTES, ALIGN_2BYTES, MEM_DISCARDABLE, MEM_READ 6.63
Imports (236)
»
ADVAPI32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CloseServiceHandle 0x0 0x5704b4 0x1700dc 0x16badc
ControlService 0x0 0x5704b8 0x1700e0 0x16bae0
CreateServiceW 0x0 0x5704bc 0x1700e4 0x16bae4
CryptAcquireContextW 0x0 0x5704c0 0x1700e8 0x16bae8
CryptCreateHash 0x0 0x5704c4 0x1700ec 0x16baec
CryptDeriveKey 0x0 0x5704c8 0x1700f0 0x16baf0
CryptDestroyHash 0x0 0x5704cc 0x1700f4 0x16baf4
CryptDestroyKey 0x0 0x5704d0 0x1700f8 0x16baf8
CryptDuplicateKey 0x0 0x5704d4 0x1700fc 0x16bafc
CryptEncrypt 0x0 0x5704d8 0x170100 0x16bb00
CryptGenRandom 0x0 0x5704dc 0x170104 0x16bb04
CryptHashData 0x0 0x5704e0 0x170108 0x16bb08
CryptImportKey 0x0 0x5704e4 0x17010c 0x16bb0c
CryptReleaseContext 0x0 0x5704e8 0x170110 0x16bb10
CryptSetKeyParam 0x0 0x5704ec 0x170114 0x16bb14
DeleteService 0x0 0x5704f0 0x170118 0x16bb18
GetUserNameW 0x0 0x5704f4 0x17011c 0x16bb1c
OpenSCManagerW 0x0 0x5704f8 0x170120 0x16bb20
OpenServiceW 0x0 0x5704fc 0x170124 0x16bb24
QueryServiceStatus 0x0 0x570500 0x170128 0x16bb28
QueryServiceStatusEx 0x0 0x570504 0x17012c 0x16bb2c
RegCloseKey 0x0 0x570508 0x170130 0x16bb30
RegCreateKeyExW 0x0 0x57050c 0x170134 0x16bb34
RegDeleteValueW 0x0 0x570510 0x170138 0x16bb38
RegOpenKeyExW 0x0 0x570514 0x17013c 0x16bb3c
RegSetValueExA 0x0 0x570518 0x170140 0x16bb40
RegSetValueExW 0x0 0x57051c 0x170144 0x16bb44
RegisterServiceCtrlHandlerW 0x0 0x570520 0x170148 0x16bb48
SetServiceStatus 0x0 0x570524 0x17014c 0x16bb4c
StartServiceW 0x0 0x570528 0x170150 0x16bb50
IPHLPAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetAdaptersInfo 0x0 0x570530 0x170158 0x16bb58
KERNEL32.dll (78)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
AddVectoredExceptionHandler 0x0 0x570538 0x170160 0x16bb60
CloseHandle 0x0 0x57053c 0x170164 0x16bb64
CreateEventA 0x0 0x570540 0x170168 0x16bb68
CreateFileW 0x0 0x570544 0x17016c 0x16bb6c
CreateProcessA 0x0 0x570548 0x170170 0x16bb70
CreateSemaphoreA 0x0 0x57054c 0x170174 0x16bb74
DeleteCriticalSection 0x0 0x570550 0x170178 0x16bb78
DeleteFileW 0x0 0x570554 0x17017c 0x16bb7c
DuplicateHandle 0x0 0x570558 0x170180 0x16bb80
EnterCriticalSection 0x0 0x57055c 0x170184 0x16bb84
FindClose 0x0 0x570560 0x170188 0x16bb88
FindFirstFileW 0x0 0x570564 0x17018c 0x16bb8c
FindNextFileW 0x0 0x570568 0x170190 0x16bb90
FindResourceW 0x0 0x57056c 0x170194 0x16bb94
FreeLibrary 0x0 0x570570 0x170198 0x16bb98
FreeResource 0x0 0x570574 0x17019c 0x16bb9c
GetComputerNameW 0x0 0x570578 0x1701a0 0x16bba0
GetCurrentProcess 0x0 0x57057c 0x1701a4 0x16bba4
GetCurrentProcessId 0x0 0x570580 0x1701a8 0x16bba8
GetCurrentThread 0x0 0x570584 0x1701ac 0x16bbac
GetCurrentThreadId 0x0 0x570588 0x1701b0 0x16bbb0
GetFileAttributesW 0x0 0x57058c 0x1701b4 0x16bbb4
GetFileSizeEx 0x0 0x570590 0x1701b8 0x16bbb8
GetHandleInformation 0x0 0x570594 0x1701bc 0x16bbbc
GetLastError 0x0 0x570598 0x1701c0 0x16bbc0
GetLogicalDriveStringsW 0x0 0x57059c 0x1701c4 0x16bbc4
GetModuleFileNameW 0x0 0x5705a0 0x1701c8 0x16bbc8
GetModuleHandleA 0x0 0x5705a4 0x1701cc 0x16bbcc
GetModuleHandleW 0x0 0x5705a8 0x1701d0 0x16bbd0
GetProcAddress 0x0 0x5705ac 0x1701d4 0x16bbd4
GetProcessAffinityMask 0x0 0x5705b0 0x1701d8 0x16bbd8
GetStartupInfoA 0x0 0x5705b4 0x1701dc 0x16bbdc
GetSystemDirectoryA 0x0 0x5705b8 0x1701e0 0x16bbe0
GetSystemTimeAsFileTime 0x0 0x5705bc 0x1701e4 0x16bbe4
GetTempFileNameW 0x0 0x5705c0 0x1701e8 0x16bbe8
GetTempPathW 0x0 0x5705c4 0x1701ec 0x16bbec
GetThreadContext 0x0 0x5705c8 0x1701f0 0x16bbf0
GetThreadPriority 0x0 0x5705cc 0x1701f4 0x16bbf4
GetTickCount 0x0 0x5705d0 0x1701f8 0x16bbf8
InitializeCriticalSection 0x0 0x5705d4 0x1701fc 0x16bbfc
IsDBCSLeadByteEx 0x0 0x5705d8 0x170200 0x16bc00
IsDebuggerPresent 0x0 0x5705dc 0x170204 0x16bc04
LeaveCriticalSection 0x0 0x5705e0 0x170208 0x16bc08
LoadLibraryA 0x0 0x5705e4 0x17020c 0x16bc0c
LoadResource 0x0 0x5705e8 0x170210 0x16bc10
LockResource 0x0 0x5705ec 0x170214 0x16bc14
MoveFileExW 0x0 0x5705f0 0x170218 0x16bc18
MultiByteToWideChar 0x0 0x5705f4 0x17021c 0x16bc1c
OutputDebugStringA 0x0 0x5705f8 0x170220 0x16bc20
QueryPerformanceCounter 0x0 0x5705fc 0x170224 0x16bc24
RaiseException 0x0 0x570600 0x170228 0x16bc28
ReadFile 0x0 0x570604 0x17022c 0x16bc2c
ReleaseSemaphore 0x0 0x570608 0x170230 0x16bc30
RemoveVectoredExceptionHandler 0x0 0x57060c 0x170234 0x16bc34
ResetEvent 0x0 0x570610 0x170238 0x16bc38
ResumeThread 0x0 0x570614 0x17023c 0x16bc3c
SetEvent 0x0 0x570618 0x170240 0x16bc40
SetFileAttributesW 0x0 0x57061c 0x170244 0x16bc44
SetLastError 0x0 0x570620 0x170248 0x16bc48
SetProcessAffinityMask 0x0 0x570624 0x17024c 0x16bc4c
SetThreadContext 0x0 0x570628 0x170250 0x16bc50
SetThreadPriority 0x0 0x57062c 0x170254 0x16bc54
SetUnhandledExceptionFilter 0x0 0x570630 0x170258 0x16bc58
SizeofResource 0x0 0x570634 0x17025c 0x16bc5c
Sleep 0x0 0x570638 0x170260 0x16bc60
SuspendThread 0x0 0x57063c 0x170264 0x16bc64
TerminateProcess 0x0 0x570640 0x170268 0x16bc68
TlsAlloc 0x0 0x570644 0x17026c 0x16bc6c
TlsGetValue 0x0 0x570648 0x170270 0x16bc70
TlsSetValue 0x0 0x57064c 0x170274 0x16bc74
TryEnterCriticalSection 0x0 0x570650 0x170278 0x16bc78
UnhandledExceptionFilter 0x0 0x570654 0x17027c 0x16bc7c
VirtualProtect 0x0 0x570658 0x170280 0x16bc80
VirtualQuery 0x0 0x57065c 0x170284 0x16bc84
WaitForMultipleObjects 0x0 0x570660 0x170288 0x16bc88
WaitForSingleObject 0x0 0x570664 0x17028c 0x16bc8c
WideCharToMultiByte 0x0 0x570668 0x170290 0x16bc90
WriteFile 0x0 0x57066c 0x170294 0x16bc94
MPR.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WNetGetUniversalNameW 0x0 0x570674 0x17029c 0x16bc9c
msvcrt.dll (111)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
__dllonexit 0x0 0x57067c 0x1702a4 0x16bca4
__doserrno 0x0 0x570680 0x1702a8 0x16bca8
__getmainargs 0x0 0x570684 0x1702ac 0x16bcac
__initenv 0x0 0x570688 0x1702b0 0x16bcb0
__lconv_init 0x0 0x57068c 0x1702b4 0x16bcb4
__mb_cur_max 0x0 0x570690 0x1702b8 0x16bcb8
__pioinfo 0x0 0x570694 0x1702bc 0x16bcbc
__set_app_type 0x0 0x570698 0x1702c0 0x16bcc0
__setusermatherr 0x0 0x57069c 0x1702c4 0x16bcc4
_acmdln 0x0 0x5706a0 0x1702c8 0x16bcc8
_amsg_exit 0x0 0x5706a4 0x1702cc 0x16bccc
_beginthreadex 0x0 0x5706a8 0x1702d0 0x16bcd0
_cexit 0x0 0x5706ac 0x1702d4 0x16bcd4
_endthreadex 0x0 0x5706b0 0x1702d8 0x16bcd8
_errno 0x0 0x5706b4 0x1702dc 0x16bcdc
_exit 0x0 0x5706b8 0x1702e0 0x16bce0
_fdopen 0x0 0x5706bc 0x1702e4 0x16bce4
_filelengthi64 0x0 0x5706c0 0x1702e8 0x16bce8
_fileno 0x0 0x5706c4 0x1702ec 0x16bcec
_fileno 0x0 0x5706c8 0x1702f0 0x16bcf0
_fmode 0x0 0x5706cc 0x1702f4 0x16bcf4
_fstat64 0x0 0x5706d0 0x1702f8 0x16bcf8
_initterm 0x0 0x5706d4 0x1702fc 0x16bcfc
_iob 0x0 0x5706d8 0x170300 0x16bd00
_lock 0x0 0x5706dc 0x170304 0x16bd04
_lseeki64 0x0 0x5706e0 0x170308 0x16bd08
_onexit 0x0 0x5706e4 0x17030c 0x16bd0c
_read 0x0 0x5706e8 0x170310 0x16bd10
_setjmp3 0x0 0x5706ec 0x170314 0x16bd14
_snwprintf 0x0 0x5706f0 0x170318 0x16bd18
_strdup 0x0 0x5706f4 0x17031c 0x16bd1c
_strnicmp 0x0 0x5706f8 0x170320 0x16bd20
_ultoa 0x0 0x5706fc 0x170324 0x16bd24
_unlock 0x0 0x570700 0x170328 0x16bd28
_vsnprintf 0x0 0x570704 0x17032c 0x16bd2c
_vsnwprintf 0x0 0x570708 0x170330 0x16bd30
_wfopen 0x0 0x57070c 0x170334 0x16bd34
_wgetcwd 0x0 0x570710 0x170338 0x16bd38
_write 0x0 0x570714 0x17033c 0x16bd3c
_write 0x0 0x570718 0x170340 0x16bd40
abort 0x0 0x57071c 0x170344 0x16bd44
atoi 0x0 0x570720 0x170348 0x16bd48
calloc 0x0 0x570724 0x17034c 0x16bd4c
exit 0x0 0x570728 0x170350 0x16bd50
fclose 0x0 0x57072c 0x170354 0x16bd54
fflush 0x0 0x570730 0x170358 0x16bd58
fgetpos 0x0 0x570734 0x17035c 0x16bd5c
fopen 0x0 0x570738 0x170360 0x16bd60
fprintf 0x0 0x57073c 0x170364 0x16bd64
fputc 0x0 0x570740 0x170368 0x16bd68
fputs 0x0 0x570744 0x17036c 0x16bd6c
fputwc 0x0 0x570748 0x170370 0x16bd70
fread 0x0 0x57074c 0x170374 0x16bd74
free 0x0 0x570750 0x170378 0x16bd78
fsetpos 0x0 0x570754 0x17037c 0x16bd7c
fwprintf 0x0 0x570758 0x170380 0x16bd80
fwprintf 0x0 0x57075c 0x170384 0x16bd84
getwc 0x0 0x570760 0x170388 0x16bd88
fwrite 0x0 0x570764 0x17038c 0x16bd8c
getc 0x0 0x570768 0x170390 0x16bd90
getenv 0x0 0x57076c 0x170394 0x16bd94
isalnum 0x0 0x570770 0x170398 0x16bd98
islower 0x0 0x570774 0x17039c 0x16bd9c
isspace 0x0 0x570778 0x1703a0 0x16bda0
isupper 0x0 0x57077c 0x1703a4 0x16bda4
iswctype 0x0 0x570780 0x1703a8 0x16bda8
isxdigit 0x0 0x570784 0x1703ac 0x16bdac
localeconv 0x0 0x570788 0x1703b0 0x16bdb0
longjmp 0x0 0x57078c 0x1703b4 0x16bdb4
malloc 0x0 0x570790 0x1703b8 0x16bdb8
memchr 0x0 0x570794 0x1703bc 0x16bdbc
memcmp 0x0 0x570798 0x1703c0 0x16bdc0
memcpy 0x0 0x57079c 0x1703c4 0x16bdc4
memmove 0x0 0x5707a0 0x1703c8 0x16bdc8
memset 0x0 0x5707a4 0x1703cc 0x16bdcc
printf 0x0 0x5707a8 0x1703d0 0x16bdd0
putc 0x0 0x5707ac 0x1703d4 0x16bdd4
putwc 0x0 0x5707b0 0x1703d8 0x16bdd8
raise 0x0 0x5707b4 0x1703dc 0x16bddc
realloc 0x0 0x5707b8 0x1703e0 0x16bde0
setlocale 0x0 0x5707bc 0x1703e4 0x16bde4
setvbuf 0x0 0x5707c0 0x1703e8 0x16bde8
signal 0x0 0x5707c4 0x1703ec 0x16bdec
sprintf 0x0 0x5707c8 0x1703f0 0x16bdf0
strcat 0x0 0x5707cc 0x1703f4 0x16bdf4
strchr 0x0 0x5707d0 0x1703f8 0x16bdf8
strcmp 0x0 0x5707d4 0x1703fc 0x16bdfc
strcoll 0x0 0x5707d8 0x170400 0x16be00
strcpy 0x0 0x5707dc 0x170404 0x16be04
strerror 0x0 0x5707e0 0x170408 0x16be08
strftime 0x0 0x5707e4 0x17040c 0x16be0c
strlen 0x0 0x5707e8 0x170410 0x16be10
strncmp 0x0 0x5707ec 0x170414 0x16be14
strtol 0x0 0x5707f0 0x170418 0x16be18
strtoul 0x0 0x5707f4 0x17041c 0x16be1c
strxfrm 0x0 0x5707f8 0x170420 0x16be20
time 0x0 0x5707fc 0x170424 0x16be24
tolower 0x0 0x570800 0x170428 0x16be28
towlower 0x0 0x570804 0x17042c 0x16be2c
towupper 0x0 0x570808 0x170430 0x16be30
ungetc 0x0 0x57080c 0x170434 0x16be34
ungetwc 0x0 0x570810 0x170438 0x16be38
vfprintf 0x0 0x570814 0x17043c 0x16be3c
wcscat 0x0 0x570818 0x170440 0x16be40
wcscmp 0x0 0x57081c 0x170444 0x16be44
wcscoll 0x0 0x570820 0x170448 0x16be48
wcscpy 0x0 0x570824 0x17044c 0x16be4c
wcsftime 0x0 0x570828 0x170450 0x16be50
wcslen 0x0 0x57082c 0x170454 0x16be54
wcstombs 0x0 0x570830 0x170458 0x16be58
wcsxfrm 0x0 0x570834 0x17045c 0x16be5c
NETAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
NetApiBufferFree 0x0 0x57083c 0x170464 0x16be64
NetShareEnum 0x0 0x570840 0x170468 0x16be68
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ShellExecuteW 0x0 0x570848 0x170470 0x16be70
SHLWAPI.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
PathFileExistsW 0x0 0x570850 0x170478 0x16be78
PathMatchSpecW 0x0 0x570854 0x17047c 0x16be7c
PathRemoveFileSpecW 0x0 0x570858 0x170480 0x16be80
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
MessageBoxW 0x0 0x570860 0x170488 0x16be88
SystemParametersInfoW 0x0 0x570864 0x17048c 0x16be8c
WS2_32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WSAStartup 0x0 0x57086c 0x170494 0x16be94
closesocket 0x0 0x570870 0x170498 0x16be98
connect 0x0 0x570874 0x17049c 0x16be9c
getaddrinfo 0x0 0x570878 0x1704a0 0x16bea0
htons 0x0 0x57087c 0x1704a4 0x16bea4
inet_addr 0x0 0x570880 0x1704a8 0x16bea8
socket 0x0 0x570884 0x1704ac 0x16beac
Exports (1)
»
Api name EAT Address Ordinal
ReflectiveLoader@4 0x407644 0x1
c:\hiberfil.sys.nmcrypt, ...
»
File Properties
Names c:\hiberfil.sys.nmcrypt (Created File)
c:\swapfile.sys.nmcrypt (Created File)
c:\program files\common files\microsoft shared\ink\.xxa54e.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxa57e.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxa773.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxa7b3.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxa831.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxa8ce.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxaa27.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxabbe.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxabfd.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxac7b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxadc4.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxadf4.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxae05.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxae83.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxae94.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxaf02.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb28d.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb29e.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb2ce.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb31d.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb33d.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb35d.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb35e.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb36f.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb380.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb390.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb3c0.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb3d1.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb410.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb411.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb422.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb432.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb443.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb454.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb510.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb521.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb531.tmp (Created File)
c:\program files\common files\microsoft shared\ink\.xxb552.tmp (Created File)
c:\program files\common files\microsoft shared\ink\ar-sa\.xxb5d0.tmp (Created File)
c:\program files\common files\microsoft shared\ink\bg-bg\.xxb63e.tmp (Created File)
c:\program files\common files\microsoft shared\ink\cs-cz\.xxb65e.tmp (Created File)
c:\program files\common files\microsoft shared\ink\da-dk\.xxb66f.tmp (Created File)
c:\program files\common files\microsoft shared\ink\de-de\.xxb680.tmp (Created File)
c:\program files\common files\microsoft shared\ink\el-gr\.xxb6a0.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-gb\.xxb6c0.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxb71f.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxb7bc.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxba0f.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxba9c.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxbb97.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc220.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc231.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc251.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc31d.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc37c.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc38d.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc747.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc777.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc787.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc873.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc8c2.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxc9cc.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxca99.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxcaf7.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxcaf8.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxcb28.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxcb58.tmp (Created File)
c:\program files\common files\microsoft shared\ink\en-us\.xxcb69.tmp (Created File)
c:\program files\common files\microsoft shared\ink\es-es\.xxce87.tmp (Created File)
c:\program files\common files\microsoft shared\ink\es-mx\.xxcec6.tmp (Created File)
c:\program files\common files\microsoft shared\ink\et-ee\.xxced7.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fi-fi\.xxcf35.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fr-ca\.xxd050.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fr-fr\.xxd060.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd0fe.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd19b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd1ab.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd20a.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd21b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd24b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd25b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd29b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd2ea.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\.xxd2fb.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\.xxd30b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\insert\.xxd658.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\.xxd678.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\.xxd706.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\.xxd716.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd7e3.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd7f3.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd804.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd863.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd873.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd8a3.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd8b4.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd8c4.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd8d5.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd924.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd935.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd955.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\.xxd9b4.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\oskclearui\.xxda51.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu\.xxda62.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\osknav\.xxde4b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\.xxde6b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred\.xxde9b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\.xxdef9.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\.xxdf49.tmp (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\.xxe0b1.tmp (Created File)
c:\program files\common files\microsoft shared\ink\he-il\.xxe0c2.tmp (Created File)
c:\program files\common files\microsoft shared\ink\hr-hr\.xxe0f1.tmp (Created File)
c:\program files\common files\microsoft shared\ink\hu-hu\.xxe112.tmp (Created File)
c:\program files\common files\microsoft shared\ink\it-it\.xxe132.tmp (Created File)
c:\program files\common files\microsoft shared\ink\ja-jp\.xxe143.tmp (Created File)
c:\program files\common files\microsoft shared\ink\ko-kr\.xxe153.tmp (Created File)
c:\program files\common files\microsoft shared\ink\languagemodel\.xxe164.tmp (Created File)
c:\program files\common files\microsoft shared\ink\lt-lt\.xxe174.tmp (Created File)
c:\program files\common files\microsoft shared\ink\lv-lv\.xxe195.tmp (Created File)
c:\program files\common files\microsoft shared\ink\nb-no\.xxe1a5.tmp (Created File)
c:\program files\common files\microsoft shared\ink\nl-nl\.xxe204.tmp (Created File)
c:\program files\common files\microsoft shared\ink\pl-pl\.xxe4a5.tmp (Created File)
c:\program files\common files\microsoft shared\ink\pt-br\.xxe4c5.tmp (Created File)
c:\program files\common files\microsoft shared\ink\pt-pt\.xxe4d6.tmp (Created File)
c:\program files\common files\microsoft shared\ink\ro-ro\.xxe66d.tmp (Created File)
c:\program files\common files\microsoft shared\ink\ru-ru\.xxe70a.tmp (Created File)
c:\program files\common files\microsoft shared\ink\sk-sk\.xxe72b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\sl-si\.xxe73b.tmp (Created File)
c:\program files\common files\microsoft shared\ink\sr-latn-cs\.xxe74c.tmp (Created File)
c:\program files\common files\microsoft shared\ink\sr-latn-rs\.xxe808.tmp (Created File)
c:\program files\common files\microsoft shared\ink\sv-se\.xxe877.tmp (Created File)
c:\program files\common files\microsoft shared\ink\th-th\.xxe8a7.tmp (Created File)
c:\program files\common files\microsoft shared\ink\tr-tr\.xxe8e6.tmp (Created File)
c:\program files\common files\microsoft shared\ink\uk-ua\.xxe906.tmp (Created File)
c:\program files\common files\microsoft shared\ink\zh-cn\.xxe927.tmp (Created File)
c:\program files\common files\microsoft shared\ink\zh-hk\.xxe937.tmp (Created File)
c:\program files\common files\microsoft shared\ink\zh-tw\.xxe977.tmp (Created File)
c:\program files\common files\microsoft shared\msinfo\en-us\.xxea04.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxee0d.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxee7b.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxefd4.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf004.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf024.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf034.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf064.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf085.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf0f3.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf132.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf182.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf1d1.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf1e1.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf202.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf260.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf36b.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf37c.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf448.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf458.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf479.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf499.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf70b.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf72b.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf73c.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf74c.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf75d.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf78d.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf79d.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf7cd.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf84b.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf8e9.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf918.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxf996.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfa05.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfa25.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfab3.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfb11.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfb22.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfc4c.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfcf9.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfd09.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfd39.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfd4a.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfd5b.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfd7b.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfd8b.tmp (Created File)
c:\program files\common files\microsoft shared\stationery\.xxfd9c.tmp (Created File)
c:\program files\common files\system\ado\.xxff62.tmp (Created File)
c:\program files\common files\system\ado\.xxff73.tmp (Created File)
c:\program files\common files\system\ado\.xx5e.tmp (Created File)
c:\program files\common files\system\ado\.xxec.tmp (Created File)
c:\program files\common files\system\ado\.xx1b8.tmp (Created File)
c:\program files\common files\system\ado\.xx207.tmp (Created File)
c:\program files\common files\system\ado\.xx237.tmp (Created File)
c:\program files\common files\system\ado\.xx2f3.tmp (Created File)
c:\program files\common files\system\ado\.xx41d.tmp (Created File)
c:\program files\common files\system\ado\.xx46c.tmp (Created File)
c:\program files\common files\system\ado\.xx49c.tmp (Created File)
c:\program files\common files\system\ado\.xx4ad.tmp (Created File)
c:\program files\common files\system\ado\en-us\.xx4dd.tmp (Created File)
c:\program files\common files\system\en-us\.xx51c.tmp (Created File)
c:\program files\common files\system\msadc\.xx53d.tmp (Created File)
c:\program files\common files\system\msadc\.xx56c.tmp (Created File)
c:\program files\common files\system\msadc\en-us\.xx6b6.tmp (Created File)
c:\program files\common files\system\msadc\en-us\.xx791.tmp (Created File)
c:\program files\common files\system\msadc\en-us\.xx81f.tmp (Created File)
c:\program files\common files\system\msadc\en-us\.xx949.tmp (Created File)
c:\program files\common files\system\msadc\en-us\.xx988.tmp (Created File)
c:\program files\common files\system\ole db\.xx9d7.tmp (Created File)
c:\program files\common files\system\ole db\.xxa36.tmp (Created File)
c:\program files\common files\system\ole db\.xxac4.tmp (Created File)
c:\program files\common files\system\ole db\.xxad4.tmp (Created File)
c:\program files\common files\system\ole db\en-us\.xxb43.tmp (Created File)
c:\program files\common files\system\ole db\en-us\.xxbc1.tmp (Created File)
c:\program files\common files\system\ole db\en-us\.xxc6e.tmp (Created File)
c:\program files\common files\system\ole db\en-us\.xxd88.tmp (Created File)
Size 0.00 KB
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\program files\common files\designer\msaddndr.olb.nmcrypt
»
File Properties
Names c:\program files\common files\designer\msaddndr.olb.nmcrypt (Created File)
Size 23.20 KB
Hash Values MD5: fb8fffe15baafaeadbb5f5d675e05103
SHA1: a8d1c7167ac0db5439c34d5c414db3f3bb1c2b99
SHA256: a7e4409b84fdfe297ed3c527453908ab043fe94340cb690871d55591e4ad4d74
Actions
...
c:\program files\common files\designer\recovers your files.html, ...
»
File Properties
Names c:\program files\common files\designer\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\clicktorun\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\ar-sa\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\bg-bg\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\cs-cz\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\da-dk\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\de-de\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\el-gr\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\en-gb\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\en-us\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\es-es\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\es-mx\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\et-ee\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fi-fi\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fr-ca\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fr-fr\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\auxpad\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\insert\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\keypad\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\main\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\oskclearui\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\oskmenu\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\osknav\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\osknumpad\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\oskpred\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\fsdefinitions\symbols\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\he-il\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\hr-hr\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\hu-hu\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\it-it\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\ja-jp\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\ko-kr\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\languagemodel\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\lt-lt\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\lv-lv\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\nb-no\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\nl-nl\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\pl-pl\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\pt-br\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\pt-pt\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\ro-ro\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\ru-ru\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\sk-sk\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\sl-si\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\sr-latn-cs\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\sr-latn-rs\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\sv-se\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\th-th\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\tr-tr\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\uk-ua\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\zh-cn\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\zh-hk\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\ink\zh-tw\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\msinfo\en-us\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\office16\office setup controller\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\stationery\recovers your files.html (Created File)
c:\program files\common files\microsoft shared\vsto\recovers your files.html (Created File)
c:\program files\common files\services\recovers your files.html (Created File)
c:\program files\common files\system\ado\recovers your files.html (Created File)
c:\program files\common files\system\ado\en-us\recovers your files.html (Created File)
c:\program files\common files\system\en-us\recovers your files.html (Created File)
c:\program files\common files\system\msadc\recovers your files.html (Created File)
c:\program files\common files\system\msadc\en-us\recovers your files.html (Created File)
c:\program files\common files\system\ole db\recovers your files.html (Created File)
c:\program files\common files\system\ole db\en-us\recovers your files.html (Created File)
c:\program files\microsoft office\recovers your files.html (Created File)
c:\program files\microsoft office\office16\recovers your files.html (Created File)
c:\program files\microsoft office\packagemanifests\recovers your files.html (Created File)
Size 5.10 KB
Hash Values MD5: f083733b2690379e866c06d63d68a19b
SHA1: 4147ac8af22f374401b3f6e84190e8e270717ffa
SHA256: b5026afec9eefce9814f67b8cc67d70dbee14f53242e34aa074cd3b0c4382c9c
Actions
...
c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\clicktorun\c2rheartbeatconfig.xml.nmcrypt (Created File)
Size 4.55 KB
Hash Values MD5: 984aeeb699c14bf83468aa3cfa501026
SHA1: c04516bb29311ea2ef484ffaee1821042bebb56b
SHA256: 18aa96484c88595f89e77da491a82e83f6f8c06c4cd216ba19cfa1aa5f87a36a
Actions
...
c:\program files\common files\microsoft shared\clicktorun\clientcapabilities.json.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\clicktorun\clientcapabilities.json.nmcrypt (Created File)
Size 0.56 KB
Hash Values MD5: 367eec774b2cf4b7e26535bf5a54f86b
SHA1: 6c335b8110953adbd0e25bb0fbf6aa69ff342722
SHA256: abbd3ba22b57970f7823e1f3dea325bc1e84918d5face280b9da93c8bda6f3dc
Actions
...
c:\program files\common files\microsoft shared\clicktorun\i640.hash.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\clicktorun\i640.hash.nmcrypt (Created File)
Size 0.61 KB
Hash Values MD5: 05056ee4fdc78f5be9ddfef9240c3016
SHA1: 49aac4d380fc8aa8c5a008ee2cc3c27bd21293b1
SHA256: 60d892a49b6e237e18e6c6539ebe94d5b93065b2ffc5468630e09f8e879a0ed6
Actions
...
c:\program files\common files\microsoft shared\clicktorun\i641033.hash.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\clicktorun\i641033.hash.nmcrypt (Created File)
Size 0.61 KB
Hash Values MD5: bafc591e734329bfda70448c8483a317
SHA1: 519369b494093eabafc85dc8733c5d8b8da6f6a6
SHA256: 4bb9369c6e8de214e6371248280fc0660ccf7617ff6a789496d957cbf3a8b15a
Actions
...
c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\clicktorun\officeupdateschedule.xml.nmcrypt (Created File)
Size 5.17 KB
Hash Values MD5: 1f86fcbb1c58ea4be96de2657ed782db
SHA1: 4c126ac8511a0a503718d9262ec670bc09bb8866
SHA256: caf4932b03484f45ba57c4782740fe264fe588a30f89a5f04f87469fdec0c201
Actions
...
c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\clicktorun\servicewatcherschedule.xml.nmcrypt (Created File)
Size 4.86 KB
Hash Values MD5: 904785a1d25cdd50c63cbd4eed309c75
SHA1: d2f36ed52cdebc67aac3a971cf178a1d3fd16276
SHA256: 29514e99d6e6386f7cabf8491e0ad276d2f608aaaf858c8384c7d7b57639a2e2
Actions
...
c:\program files\common files\microsoft shared\ink\content.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\content.xml.nmcrypt (Created File)
Size 26.92 KB
Hash Values MD5: 9af1660b546f7889cdf30d538a0080d1
SHA1: 7312ff5ba850d09f808fa838de3e08d26b69d1f8
SHA256: 159ddcb8c9d9d87c59d49b3921aa3650e2197754a07a305208b2dbba09c797d7
Actions
...
c:\program files\common files\microsoft shared\ink\hwrcommonlm.dat.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\hwrcommonlm.dat.nmcrypt (Created File)
Size 46.05 KB
Hash Values MD5: e0658374d7a36ed60df3afa1b20f0a1a
SHA1: c91c1052e3237b43212df9931d650cad543037ca
SHA256: a331357f67d0ac775aecd056d3bfd62b65c153d0b14e7660177879dfd2b994da
Actions
...
c:\program files\common files\microsoft shared\ink\ipsar.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\ipsar.xml.nmcrypt (Created File)
Size 2.88 KB
Hash Values MD5: fa4913ac0c093dd2f254c2f0194b44f3
SHA1: 4c4f8c21982bff1ae34af3237ef2fb2b5522be22
SHA256: 8a7aa51cb15337c7e1810e6abe6a19b3355c80286b49e454a62935c26f5c08e1
Actions
...
c:\program files\common files\microsoft shared\ink\ipscat.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\ipscat.xml.nmcrypt (Created File)
Size 3.05 KB
Hash Values MD5: f4e5447034929a9f082c94afe32e3471
SHA1: fdf5c77570ede32aa1f6e6d049204b7295fef156
SHA256: 6947fb7cef6c4a2eca5113413f7f40a0d3d740228cd75b8542288b60a8551d03
Actions
...
c:\program files\common files\microsoft shared\ink\ipschs.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\ipschs.xml.nmcrypt (Created File)
Size 2.91 KB
Hash Values MD5: bbe3bf1bce297bbeae3da0a7b3760689
SHA1: 457b67b1f1b9384a750b4ba67264cddc2afc06ce
SHA256: d11fd03fe0f8234d85f34caf50ea060d43a158102184b84fb69511a7e08d00cb
Actions
...
c:\program files\common files\microsoft shared\ink\ipscht.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\ipscht.xml.nmcrypt (Created File)
Size 2.89 KB
Hash Values MD5: 2f739a8315e88e24e7d5fec915f6750a
SHA1: 88e0bc283afca591a6b494e7414f388597872393
SHA256: 285eed5a96617be88a7c333c69fc606991f1e378eb66765f2d908019dd86eabb
Actions
...
c:\program files\common files\microsoft shared\ink\ipscsy.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\ipscsy.xml.nmcrypt (Created File)
Size 3.00 KB
Hash Values MD5: 3b7853ef0678d2ac41431a2568b80134
SHA1: 1204dbb590f8dcb5666e515fe2475e785307f82b
SHA256: da5f89def16f0d495f401fd142fa3b25f5fe1905748dc849bf8f492eb814b260
Actions
...
c:\program files\common files\microsoft shared\ink\ipsdan.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\ipsdan.xml.nmcrypt (Created File)
Size 2.97 KB
Hash Values MD5: d60b7531af7928cf3f35263454f4c43f
SHA1: ced63c4969e0c7ec317adf3a2406cf11bce65c9b
SHA256: 374d730f29e74f2100dfedfa5184afb1574afacc6326fdf3bdf7dd8865bfae3e
Actions
...
c:\program files\common files\microsoft shared\ink\ipsdeu.xml.nmcrypt
»
File Properties
Names c:\program files\common files\microsoft shared\ink\ipsdeu.xml.nmcrypt (Created File)
Size 3.06 KB
Hash Values MD5: 884269543395a10be4ab76960e389cbe
SHA1: fe8c68c7176bd8dd86091479ef64a9de91291fe9
SHA256: 83ce57d786d818baacc4dba3c1a892c6db42cec0a4f5bb3a3ab5d675a3cad315
Actions
...
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image