VMRay Analyzer Report
| ID | #268671 |
| MD5 Hash Value | cb91b8695d3990b5b5eae8a714bd357e |
| SHA1 Hash Value | 3cd6ef10dd6cbe6f158a360cf5b112cef2e18304 |
| SHA256 Hash Value | eec6bfe112155ab94029f0f8f27a484edf35b5d743503e0199637084d9520ebc |
| Filename | cb91b8695d3990b5b5eae8a714bd357e |
| File Size | 225.50 KB (230912 bytes) |
| File Type | PE32 (gui) |
| Analyzer Version | 1.8.0 |
| Analyzer Build Date | 2015-11-06 14:08 (UTC+2) |
| Artifacts Database Version | 1.09 |
| VM Name | win8.1_64 |
| VM Description | Windows 8.1 (64-bit) |
| VM Architecture | x86 64-bit |
| VM OS | Windows 8.1 |
| VM Kernel Version | 6.3.9600.17415 (4a1e2990-c0d9-4049-afea-eada5768eab3) |
| Creation Time | 2015-12-03 11:37 (UTC+1) |
| Analysis Duration Time | 00:02:10 |
| Execution Successful |  |
| Prescript |  |
| Command Line Parameters | |
| Number of Processes | 20 |
| Termination Reason | Maximum binlog size reached |
| Download | Archive Function Logfile Generic Logfile PCAP Result XML |
| Remarks | Boot sector was modified VM rebooted Kernel code was executed |
| ID | PID | Monitor Reason | Image Name | Command Line | Origin ID |
|---|---|---|---|---|---|
| #1 | 0x7a8 | Analysis Target | cb91b8695d3990b5b5eae8a714bd357e.exe | "C:\Users\uWZPA0LPqa\Desktop\cb91b8695d3990b5b5eae8a714bd357e.exe" | |
| #2 | 0x4 | Kernel Analysis | System | ||
| #3 | 0xec | Child Process | smss.exe | \SystemRoot\System32\smss.exe | #2 |
| #4 | 0x12c | Child Process | smss.exe | \SystemRoot\System32\smss.exe 00000000 00000050 | #3 |
| #5 | 0x134 | Child Process | csrss.exe | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | #4 |
| #6 | 0x15c | Child Process | smss.exe | \SystemRoot\System32\smss.exe 00000001 00000050 | #3 |
| #7 | 0x164 | Child Process | wininit.exe | wininit.exe | #4 |
| #8 | 0x16c | Child Process | csrss.exe | %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 | #6 |
| #9 | 0x194 | Child Process | winlogon.exe | winlogon.exe | #6 |
| #10 | 0x1ac | Child Process | services.exe | X:\windows\system32\services.exe -setup | #7 |
| #11 | 0x1b4 | Child Process | lsass.exe | X:\windows\system32\lsass.exe -setup | #7 |
| #12 | 0x210 | Child Process | svchost.exe | X:\windows\system32\svchost.exe -k DcomLaunch | #10 |
| #13 | 0x238 | Child Process | svchost.exe | X:\windows\system32\svchost.exe -k RPCSS | #10 |
| #14 | 0x278 | Child Process | winpeshl.exe | winpeshl.exe | #9 |
| #15 | 0x26c | Child Process | winlogon.exe | winlogon.exe | #9 |
| #16 | 0x290 | Child Process | wallpaperhost.exe | X:\windows\system32\WallpaperHost.exe | #14 |
| #17 | 0x298 | Child Process | recenv.exe | X:\sources\recovery\recenv.exe | #14 |
| #18 | 0x2b0 | Child Process | svchost.exe | X:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted | #10 |
| #19 | 0x2ac | Child Process | wallpaperhost.exe | X:\windows\system32\WallpaperHost.exe | #16 |
| #20 | 0x2b8 | Child Process | wallpaperhost.exe | X:\windows\system32\WallpaperHost.exe | #16 |
| Process ID | Filename | File Size | Hash Values |
|---|---|---|---|
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbxhci.pnf | 11.26 KB (11528 bytes) | MD5: 72a7d52c829219fe574e86638fb6a23b SHA1: e59da7ae2aab26f70663f39adf91efcb191aad2c SHA256: ffff12546c87da3388192d28602e3fdaa9a1aaf30d43335b17e5af27867b97ce |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hdaudbus.pnf | 9.04 KB (9256 bytes) | MD5: cae8133113b0fa8eb45181f9c5d6dbdb SHA1: ec18aa17bdc203b0d550c8fd8c6300b3df857b6f SHA256: 76ab1f207f5c4c1bbac23e93fac1526804230fb8b3b2bb5c2d67396d8088111d |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat | 256.00 KB (262144 bytes) | MD5: 2aa9bd6793f83cef98d5d7fd60ab405b SHA1: 21c2f6d19d1b0bacbc3f77e3d65e268de288a4e4 SHA256: 5c082b5c231e8b2543ae6add7a80da48de09b3a17f67e79bdd465be59b3a3d84 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat | 256.00 KB (262144 bytes) | MD5: 2aa9bd6793f83cef98d5d7fd60ab405b SHA1: 21c2f6d19d1b0bacbc3f77e3d65e268de288a4e4 SHA256: 5c082b5c231e8b2543ae6add7a80da48de09b3a17f67e79bdd465be59b3a3d84 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\msmouse.pnf | 90.35 KB (92520 bytes) | MD5: 348c682409045af377e6a1dca770dc90 SHA1: 2bae29b156217f52678974af1c94aca774a28736 SHA256: 7f4f7089b57310b37eab34376b7dfc2950630a7f1b4aeec32fe397b543142d2c |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\errdev.pnf | 8.43 KB (8628 bytes) | MD5: 913f6bc3d9c97be46972c278ba84e164 SHA1: 7a40bf25292697394f6a5e3fe0e27e1b31da778c SHA256: 3bcfc47aa85bda59cebebb0f950d97a3f3c6fd5fb144c4a90e4514416d69a9cb |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cdrom.pnf | 13.08 KB (13396 bytes) | MD5: ea8c9d9fd77d6fa9d3fe8cadf4b15d99 SHA1: a3318b388daf7c943d3d3f0dab70187fa450568e SHA256: 060a3c11e01858498e7867135d78acb5126cad3167590a5dbe8d08e063e47bf0 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms | 512.00 KB (524288 bytes) | MD5: 61bb82ecefdac3b60b11441cc6c780b0 SHA1: da763f11762558805d9b32096c8e47bd03132b5e SHA256: ca0e01a9ed63401c0d0458a315adbc586e19d7638272aafb5ecadd4817efc5c7 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms | 512.00 KB (524288 bytes) | MD5: 61bb82ecefdac3b60b11441cc6c780b0 SHA1: da763f11762558805d9b32096c8e47bd03132b5e SHA256: ca0e01a9ed63401c0d0458a315adbc586e19d7638272aafb5ecadd4817efc5c7 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\qlfcoei.pnf | 10.95 KB (11216 bytes) | MD5: 62816a91b4b87f7dc7f57f2503502325 SHA1: bd3fdee1b75f0674723f66cee4f0b2ea0bd33ce4 SHA256: cc07c110eaf6a978c3a67642c58f5230d1188cab4766578e68e604dc1ea9f275 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cht4vx64.pnf | 25.11 KB (25708 bytes) | MD5: 60222a0f4c6c8de63f3d768f74aa73e4 SHA1: 2061d813df910a2fbd525928eaf0eead093ee607 SHA256: 1e04432c12cfcf7ac033fb0ebf1267e23a48686942b8b10ea29fc3391c8b3fac |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bxois.pnf | 17.07 KB (17480 bytes) | MD5: b8cf94487fa53de1e07885eb5a03b13c SHA1: a29d0433472bea0bd0245674bfad3d0d6d5a42e0 SHA256: cec39cf75e876d284ce5eb58df6e5eb9844c7b841b550606fe9e7959ffcf7662 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\agp.pnf | 15.05 KB (15408 bytes) | MD5: b91108bbe0218f1c933f540dcfcd4559 SHA1: bfa39b3a402fd707f07ecb2ce223fc35ed86bc97 SHA256: dad053eab78fd20eb15e06525b54349c9bdf0a0988d023132faaf3cdfa64a16f |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usb.pnf | 71.04 KB (72748 bytes) | MD5: 0ea6f3c600dd9b540faf720d418be41d SHA1: d639d62e21e966c50d4fb5b434d68c0fcd950e90 SHA256: 31ac1218f82d67a4ff37423ed037776fd9fef2d5ff5b12040696fc2d812f61a8 |
| #11 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\microsoft\protect\s-1-5-18\user\968b739e-d207-46ed-a53d-aed260dbc1d6 | 0.46 KB (468 bytes) | MD5: d04b3035912004a5cb295bcb9530453e SHA1: 7303d29121a871487d9aa10620829061b29d7a3b SHA256: 8a93024371ca325399b2e2d3793194779dd4e10aecc2d7dfbc4f8cd21748381b |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\system tools\command prompt.lnk | 1.12 KB (1142 bytes) | MD5: 9c82e435db86860edb5ced5f369bdfb3 SHA1: a63c6007e8679aac89632ff7ac88b29df4a11b9e SHA256: 23db6dd5bb4644850d5afe83f1126d582238162ab480479fb12a6b9998a82511 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\system tools\command prompt.lnk | 1.12 KB (1142 bytes) | MD5: 9c82e435db86860edb5ced5f369bdfb3 SHA1: a63c6007e8679aac89632ff7ac88b29df4a11b9e SHA256: 23db6dd5bb4644850d5afe83f1126d582238162ab480479fb12a6b9998a82511 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mssmbios.pnf | 7.59 KB (7768 bytes) | MD5: 47bc949bb6ff56c1cd36c2c0350bc4c6 SHA1: 4610333269123f7eeb62a9995ea8511c2cd3bfa6 SHA256: 4156895c97ab1ebd9f9ca34944eace2f79909ba88929c42e29ee61ca4aa358e9 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tm.blf | 64.00 KB (65536 bytes) | MD5: f05bb5e3d62100de94995032e40318cd SHA1: 316e1aa45ca7d1026ce8243c34ee9adb32939923 SHA256: 29ca52555753d55ac9d1940ad746ad540d6beaac8209fddadfb7d74f37ec3e90 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tm.blf | 64.00 KB (65536 bytes) | MD5: f05bb5e3d62100de94995032e40318cd SHA1: 316e1aa45ca7d1026ce8243c34ee9adb32939923 SHA256: 29ca52555753d55ac9d1940ad746ad540d6beaac8209fddadfb7d74f37ec3e90 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tm.blf | 64.00 KB (65536 bytes) | MD5: 287d4d682e1c88640cbeebe11fac2f85 SHA1: d5a3b04c46d5ff20170d8c63ca6996b575100475 SHA256: 22db3ce0e70a6b5975906794e5c2c3459d7f7353890638e4c25598d02fe5b824 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tm.blf | 64.00 KB (65536 bytes) | MD5: 287d4d682e1c88640cbeebe11fac2f85 SHA1: d5a3b04c46d5ff20170d8c63ca6996b575100475 SHA256: 22db3ce0e70a6b5975906794e5c2c3459d7f7353890638e4c25598d02fe5b824 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\arcsas.pnf | 59.45 KB (60880 bytes) | MD5: a2a4e415e53c25caa790c4178227df85 SHA1: d7a41ad4470f3f6794428ed87e2361f013c479e9 SHA256: a87689bf630dfe0a52fdbedc428242cf97c8c0c620a7cd8361670dc8417def9b |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iastorav.pnf | 11.79 KB (12068 bytes) | MD5: 105c62370e5c9f9126893cb464701bb9 SHA1: 53126901723d0bd87095a00c3b8212ef3908d1d9 SHA256: 4d20985fc88f173cdba2e141a2041ca535cd19469200ffa52cceaa03fe5678aa |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpipagr.pnf | 6.66 KB (6820 bytes) | MD5: 4a6bf9c2a829cf4d1b96a66e42e88632 SHA1: cb1fe3699f00a3b27280432283006797177ed9be SHA256: 369d0b0a8076207617c5fb414e434f98281b41a597d8bda7ae1781b2c7e7ebe8 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iscsi.pnf | 10.80 KB (11056 bytes) | MD5: aff57dbe66f472508a675099d19ea93f SHA1: b941f03eeb507efee9bd9d076a5ad7b1995cd203 SHA256: 09a00b446c358f759e70ed188f0cc0755405cf2449cb09f7d2983e58c63bb155 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\stornvme.pnf | 10.67 KB (10928 bytes) | MD5: 9f32d460d749e4622855bb0a37d4383a SHA1: c9289529f91964d50b01d1d8cd55eebbbd0d6bb3 SHA256: e419cb3d2e6cdf80af892e376cb7621f59fcfe556b8b083b2d7d78984f265b27 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mlx4_bus.pnf | 42.48 KB (43500 bytes) | MD5: 944671ca7c6b2f500b8d22be8bb3d3b4 SHA1: c4682261d5ccee536d15761b9e1a9e0d73af2d7c SHA256: 6c77e42da8c288ffe671b5bbd89e86ab559d48e3d6d9d0e3696cc7c7e77d6484 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bcmfn2.pnf | 6.85 KB (7012 bytes) | MD5: 395fac9d715c0fcdb4bd67f5f35b8139 SHA1: ea1935ec1ef0cc542b431b224d588f57af303c3f SHA256: 088f67825e30087fb14c060945c700cd444c6c2d03c35e7da253a48f0c9dd99c |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hiddigi.pnf | 8.23 KB (8424 bytes) | MD5: d13ec5c97793dd65f4f736c218c96978 SHA1: 14089394e9628bb62e5561f343a5fae7f8d76711 SHA256: dbe5d2cadb841aee93e69ef91674e64445e72ededdc5e8026ce03a6814a7b625 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\wmiacpi.pnf | 8.42 KB (8620 bytes) | MD5: 77604f04a353eb260633e7bbe855f674 SHA1: 540d62060faade559c4a4d52880855e5ce7f1992 SHA256: e70208995a288adda18e57b38c17c77d707e7486b172056cc53f75d27ab9ff8d |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpitime.pnf | 7.26 KB (7436 bytes) | MD5: a5b48c42f2e98e2607edf30231cb6023 SHA1: 3fba6e9464fdc544351d9ffb694767d945be7a60 SHA256: eb2ad0f6616dd07e96f7665cf2b86c88063f749efc81ae182bdf86e5c224c43c |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat.log1 | 40.00 KB (40960 bytes) | MD5: 639b969e8dd1c282e9825028177b18ff SHA1: b550008e1b974ee1d7a7d2ba7b1ed5554a2b7275 SHA256: 032103171a4ce9388e2791d63055101b2034c7440be8a5e1849049ba906dbaf5 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat.log1 | 40.00 KB (40960 bytes) | MD5: 639b969e8dd1c282e9825028177b18ff SHA1: b550008e1b974ee1d7a7d2ba7b1ed5554a2b7275 SHA256: 032103171a4ce9388e2791d63055101b2034c7440be8a5e1849049ba906dbaf5 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\uaspstor.pnf | 8.01 KB (8204 bytes) | MD5: 8cb26037632d2b7ff36c9ac526ebff16 SHA1: c1f3b2c9d7ecf4f6fef1481f85fb29d50a67341a SHA256: 056e165a7a876d15a6a5bc5538e6f418185ca1a7e017414f8ebef90ae7c31cb3 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ialpssi_i2c.pnf | 8.52 KB (8720 bytes) | MD5: 8ba2ca105e90b447660af73f12d6fda5 SHA1: 56e7d2985a9c71e3c9bbeb3b46583fb3a870a1ec SHA256: 30373ae81ecc7e3425036718fbb9aaa5b5184fcdf8e10f9e0c98a21057384bc4 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\keyboard.pnf | 119.92 KB (122800 bytes) | MD5: 6c6312b24a1d82a99745754ad75a7407 SHA1: a264405060499c7a6093e02371aef6cf5809811c SHA256: 32afc799fbc8f4351cedc36783bd1c107e084037de1babec75928d541be3376b |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\sbp2.pnf | 7.39 KB (7572 bytes) | MD5: e8fb4e90af26ce8b6f6ab0feadeb89eb SHA1: 1d012a60cd34f2519d9c1b59d04d90be527c7d62 SHA256: 3f0c39717c726f19a063b131ca629d35d7aa7a97f0b17e3fc91e4242ef75b031 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms | 512.00 KB (524288 bytes) | MD5: 59071590099d21dd439896592338bf95 SHA1: 6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c SHA256: 07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms | 512.00 KB (524288 bytes) | MD5: 59071590099d21dd439896592338bf95 SHA1: 6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c SHA256: 07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{2df2d1e8-0b32-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms | 512.00 KB (524288 bytes) | MD5: 59071590099d21dd439896592338bf95 SHA1: 6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c SHA256: 07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000002.regtrans-ms | 512.00 KB (524288 bytes) | MD5: 59071590099d21dd439896592338bf95 SHA1: 6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c SHA256: 07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\accessories\desktop.ini | 0.08 KB (79 bytes) | MD5: 52b31354ef1082f6a5a2490dc80aabcd SHA1: 571db4c0054bed9444336667556d81edbf3a9af8 SHA256: ede4a40a65f7e13e841d682880af3f1ca9263b4a25ba3f838aac7432092715a8 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\accessories\desktop.ini | 0.08 KB (79 bytes) | MD5: 52b31354ef1082f6a5a2490dc80aabcd SHA1: 571db4c0054bed9444336667556d81edbf3a9af8 SHA256: ede4a40a65f7e13e841d682880af3f1ca9263b4a25ba3f838aac7432092715a8 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hidbatt.pnf | 7.17 KB (7344 bytes) | MD5: 1500cba16750cb4d2fa78cb6e00d1008 SHA1: dd65f8795cc656196169b2a43e77a5f4c387c1d0 SHA256: 0e5e82ddc46e5a338a9e9cb575030db90d08e521ba2e58cf362389a6ed8d0587 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\uefi.pnf | 8.15 KB (8348 bytes) | MD5: 3432928245eac49ed9a6036c1c71bb5c SHA1: 281065c2954be6e68b8d53e389ebb729adaed868 SHA256: bf633c814b1f3ffc8ea2fbe0974a16d98825ab9d2c50889c7f4ff4e00c8e229f |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\vdrvroot.pnf | 7.38 KB (7556 bytes) | MD5: ca21e9ffd1c74354929e5c27f05a0c18 SHA1: 056ae20a7f3513137c1bc4c9c8901f1ea97dc5b2 SHA256: 99e4316f2ef81afbf4a7d61ee485d19c230edd50af63177fd113181b28a8c013 |
| #11 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\system32\microsoft\protect\s-1-5-18\user\preferred | 0.02 KB (24 bytes) | MD5: 0f0b3948f429deda2ed5b504c705b9e7 SHA1: 29def00392c60f70f7102aeab134f79241ff01a0 SHA256: 0b1a1c7eb3734a03ee8f58bed7ef11b6fc98909f7c5c480a05ab3d879a617a8d |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\accessories\notepad.lnk | 1.13 KB (1158 bytes) | MD5: ee27db3652032a3498c54a12407b0cb5 SHA1: c4d29c8a67c81c1ada0323ac7c857b113cf5271b SHA256: 5e7a26e2d64f644e159a6bd5bceb5736c5c71fefe3d648425338b22dc840cbc2 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\accessories\notepad.lnk | 1.13 KB (1158 bytes) | MD5: ee27db3652032a3498c54a12407b0cb5 SHA1: c4d29c8a67c81c1ada0323ac7c857b113cf5271b SHA256: 5e7a26e2d64f644e159a6bd5bceb5736c5c71fefe3d648425338b22dc840cbc2 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\start menu\programs\system tools\desktop.ini | 0.08 KB (86 bytes) | MD5: 68fa444f95dda594dac226f7f13d7e95 SHA1: bc136a7b4bcb9b59c0f51b23c4df7e183cbd02f4 SHA256: 68b6dec0ef20bc8c955650b420432458d808c24dcc4c5126b33618bbf30152a6 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\start menu\programs\system tools\desktop.ini | 0.08 KB (86 bytes) | MD5: 68fa444f95dda594dac226f7f13d7e95 SHA1: bc136a7b4bcb9b59c0f51b23c4df7e183cbd02f4 SHA256: 68b6dec0ef20bc8c955650b420432458d808c24dcc4c5126b33618bbf30152a6 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cpu.pnf | 26.42 KB (27052 bytes) | MD5: 6ab6fdc53b047c790294ae9ba40c8692 SHA1: 41c97e16204dacc9994244c9a82632099975ce71 SHA256: 6ac37fa9a68a1bbc40178bba0f783ed30b243f03f0673cf7cf31674f169f59c3 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\sdstor.pnf | 9.31 KB (9532 bytes) | MD5: 07ab5f7222e3f030ab9bec198bbc3f9f SHA1: 13fd6c63a60c32ad7d4e6626b71e3197178494ce SHA256: 7d611c389cd4941bc6f31dec27a2bead46ed5271dc2e1d6e3f72ace0d616bc20 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\flpydisk.pnf | 9.44 KB (9668 bytes) | MD5: 174b470c234bed33613e1a0c499e62d9 SHA1: 952c0d6b42dfdfa76bf3db186cc6cf7fcaed0c17 SHA256: 8a25902fdd4ef7a743eb6af1aca4a1aaee4d2befe4e5651ea4f72400b6149230 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\volmgr.pnf | 8.20 KB (8396 bytes) | MD5: 2570146c184248ae2a7bf41327c74fc7 SHA1: 8333c9a15ad7b8a79237b924df9005812b0b27ec SHA256: b53b5e4323877a2a243df43b3f3b5eeb02748ee80e0d9f010a0e9585f35e1271 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ql40xx2i.pnf | 9.68 KB (9908 bytes) | MD5: 58e98db83fbfeb7301792321db60ebe5 SHA1: c4ef56ad20d1f9392c50e77ede58e13157cbaad9 SHA256: a3f29b82117dfd1893da2c52ee90f1a9d1ae6228bcc3e98b06e3e5a33568fb9f |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\cmbatt.pnf | 9.41 KB (9636 bytes) | MD5: 72d5f7706d946face710b3384a3bd5fe SHA1: 2ad1d13ad664bb106c4dde8a14533a337f1dcb69 SHA256: 0bf020671615d7909e5ca709c4e3a14bcf8db949a354629736380bfd5e5b9477 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\input.pnf | 142.47 KB (145892 bytes) | MD5: ceea6a3a28e766277dcc2c754c3da7a9 SHA1: 02ffa9f41834ffe4f9f369c20ff194b7e784c392 SHA256: 10e62a39d7413a87eddc1805832f4336aa2eb5879d22370913995f00d797b861 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\networkservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms | 512.00 KB (524288 bytes) | MD5: 78bb580446808b4e17992b29c68d308d SHA1: cf8877eba13b2790149871abec5411acb89d0a56 SHA256: 5d0af58700c3ee7d81d98e13b19010c31933b2cdcedf4465ad53e89d98017597 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\serviceprofiles\localservice\ntuser.dat{42b82178-0b2e-11e3-93f4-90b11c2eb9f2}.tmcontainer00000000000000000001.regtrans-ms | 512.00 KB (524288 bytes) | MD5: 78bb580446808b4e17992b29c68d308d SHA1: cf8877eba13b2790149871abec5411acb89d0a56 SHA256: 5d0af58700c3ee7d81d98e13b19010c31933b2cdcedf4465ad53e89d98017597 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\umbus.pnf | 9.67 KB (9904 bytes) | MD5: 810010be4ec7fdf9cd46350e4b278355 SHA1: 9dca7edecd59ec388b0e3b9dbd2bc1def1113c37 SHA256: cbd177ca1695dda5bbfa8082fae78491ced69a9001cf6939be2468c9ee03480e |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\netbvbda.pnf | 12.30 KB (12596 bytes) | MD5: a085f574aa7085b8cf7d1d13fc24f14d SHA1: b5ebb92c5d30912ed9f7383a8235c4c79c346d9e SHA256: 535b410d5d758acbea71f9780449757a6fd2ed1be045912a1f63d8113e711057 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbhub3.pnf | 17.40 KB (17816 bytes) | MD5: fa88958f77c7b06b94b903b0c167c826 SHA1: 74dbdcbdd769e9c6ab528045e1d6f2b8ecd2680e SHA256: 4d8771840b44e8c79074508d539ceee708e34e71ae66bafa05138565ad458419 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ehstortcgdrv.pnf | 7.59 KB (7768 bytes) | MD5: ec0e144c257d1818500e7860a5eb6e53 SHA1: 1ad8c2bdf7df6eb7a84261d2c02760ca15cc36fe SHA256: 00ea279d6c049fc4a5a4876fdea0ac4b7cd21f08e3117ffaa40ca614308fac72 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ql2300.pnf | 11.91 KB (12200 bytes) | MD5: 0c1c17ad4c67889a3cd3f0d9ba124a63 SHA1: 6e4884d2b91266a68891646cc03f3bf2d67eba00 SHA256: 3fb0c9bd9f291dab031551f8dfefc33c09e626ffa6b06a3789fcd86832013152 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbstor.pnf | 56.27 KB (57620 bytes) | MD5: fa256ba8288fdd9d4fd8162ca35e1204 SHA1: df575db7846bf2f26caffb9c7c875f47897aef9e SHA256: 356c923cf7b4f53881c981754712302cba73fcd7889f0ffce77a02b190015b16 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\volume.pnf | 6.19 KB (6336 bytes) | MD5: 0661cf512d8bc38ca3ddb2edffa4a3af SHA1: 9e871f12040f831051bd83112aa571db63575ba8 SHA256: 2f5c1b56f232e564a8aedc000a07c168c806ddd241e8c2428ca11080fe916c4c |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\tpm.pnf | 14.66 KB (15008 bytes) | MD5: b3ddd68f33b4fc84e4e6e00c4c4977e3 SHA1: 12393985de8a52706bed6ad17f2d276a12bcde4f SHA256: a4564d3defb32c11f9d621821de8a1734f9ce79f22c4e2583a0c59db5a2714a8 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\msports.pnf | 36.00 KB (36860 bytes) | MD5: 4649eaec14108d770fcde9a63d470a03 SHA1: d486645998ac9896cd311f0a24e7cb9e04bcf36c SHA256: c4003a02d27d896b0efa8134d32a58038e6fd2354f2521ca9f06beffdc95ae1d |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\usbport.pnf | 136.06 KB (139324 bytes) | MD5: 4c5f2d79ccadbcc6dc5ec96b8a9785e1 SHA1: a6692d6622b1e37017201de04229ead3ef27e403 SHA256: 969db08d55563962e5226e57d0ae9188b013c8ab8bfe2f5661c83507ca23ad9d |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\vstxraid.pnf | 10.34 KB (10592 bytes) | MD5: 7304944d73f7bab4df1ea31e198dc2c6 SHA1: 5175936c0b57e82939a6d740470a65badb8944eb SHA256: 5383cab81ccdf2a0e5c010bfb95f1f73fee5aa206f28b547656f4cd2ab278f86 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\acpi.pnf | 9.90 KB (10140 bytes) | MD5: b88aafdf5775449a5b6b77e3f56c737b SHA1: feec758c3539200971e8429d803cf6af5d9070d7 SHA256: 9c017cdcdb3974f749f2c8b07a175823b06cf57e8e3f78d6b021e237a4fc535f |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mshdc.pnf | 67.99 KB (69624 bytes) | MD5: dfd0ed3867d3a43ebcd24849386913d1 SHA1: 66b965c6d3be21c9edc769cbee8b330cd6206289 SHA256: 7b4b6012c373fc102c2b3943de0b4e13bdad3481d61b8213a57efb8925fa4366 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\1394.pnf | 18.35 KB (18792 bytes) | MD5: adc6b6528b885ff957911839db69cbe2 SHA1: bdb7044b54158b005129b9b10486079c4e060955 SHA256: b8f065a0894707522da3b497e90c7e3bf57501afcf16c1e1c96e26a4b1cce06e |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\machine.pnf | 894.85 KB (916324 bytes) | MD5: 61dc874f6580aae1b40dd05679045d62 SHA1: c3672715f73e246f087b57208783da4036df96ca SHA256: c72d05f60617277399eac46647904a80da6b3b9c7151767809e2f88c2b699335 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\mtconfig.pnf | 7.45 KB (7632 bytes) | MD5: 41a00f76e25ec68f62f260919889f87b SHA1: eb6dffff887bda06ff7545a4521898773ba03590 SHA256: 5c8b8a82091220df55fff7836baeb9a11ea2eb18e8e76438324e03b1bc929b52 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\iastorv.pnf | 15.80 KB (16180 bytes) | MD5: 71803429cd83bf1324dbdf64d09cfc64 SHA1: 8b2c2fc6c0ca8dd27dddb4f5efe5dfb16c9539cd SHA256: 08902ee95a4fc39d1ba16c798b43f0e63ab8e82b3b1425e758c3cac61d725b02 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\fdc.pnf | 6.00 KB (6148 bytes) | MD5: f296bb6a6d5c830d0e3a9e3f7b26a4b9 SHA1: 760704b53ef2642cbfae94693ae02dc4f9786396 SHA256: 9bccfeb66d7b2428138b43aa3a72543f51a54ba304af0688ba5e1ae666098a02 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\ialpssi_gpio.pnf | 7.89 KB (8084 bytes) | MD5: 5e62f93fcc24f65c987a687dc9c32f9f SHA1: d0bae0b2bade8584b1f47f0746381a735aaf1db9 SHA256: 899d4ae378e16e445cd2911fdc27e4de554675d6362e291397f701fe1072e355 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\umpass.pnf | 6.11 KB (6252 bytes) | MD5: 6724aff7377facac08c967bbc98d5b6a SHA1: e87187f06fe172334709c73f5b176d58edec6092 SHA256: 99c63cd3dd78bd79255978303989ecabaa2267f365d5fbcc2413978c0950fe1f |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\bxfcoe.pnf | 11.47 KB (11744 bytes) | MD5: 24407f7a809b08200bc3856b6ead38f2 SHA1: b7c973701240542f039a04b9d23c7b47f5e0e0f0 SHA256: 6a1bbfe839df2553b8a5c907a51bbf8c1875695604600642f903f9bbbd842f29 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\swenum.pnf | 7.34 KB (7520 bytes) | MD5: 4a40c5a21aaa9570778e2100f05905a4 SHA1: 7ba6ff6944dd2f74c198186aaf0e0878392ed03a SHA256: bc3e973d1bf0dafefd9e3bfb71c363dd9b674b80efeeb04cba0ea688fbb0a1ef |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\disk.pnf | 16.29 KB (16680 bytes) | MD5: 1250eea5907f483d94f504b50e92b78c SHA1: e7de6c9341f50037d763ff0b5368fdb9bfb3c5dd SHA256: 3958a558ecaffb60ccadaad7cab012c262c4754bb5965451f00c62b5afec0154 |
| #1 | c:\users\uwzpa0~1\appdata\local\temp\3e0d.tmp | 225.50 KB (230912 bytes) | MD5: cb91b8695d3990b5b5eae8a714bd357e SHA1: 3cd6ef10dd6cbe6f158a360cf5b112cef2e18304 SHA256: eec6bfe112155ab94029f0f8f27a484edf35b5d743503e0199637084d9520ebc |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\netevbda.pnf | 119.88 KB (122760 bytes) | MD5: 5e1a3bd4845a9ccbe630838693db7587 SHA1: 4dc87fc04ea071f7bece13d22acb6c22c3f050a2 SHA256: ff1794ea19970060dd75f59401d7ab738276f5f7d43504b19107e247a68eff65 |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\spaceport.pnf | 7.19 KB (7360 bytes) | MD5: df62091305a3e5c5d244203a18a89dca SHA1: 506ab944fb7e751cf9cfff7239dd487b63738a03 SHA256: 16f77bbb478f02db1c973df558a2b4fe6232adeb4a408d9035da99734998cd9c |
| #10 | \device\ramdisk{d9b257fc-684e-4dcb-ab79-03cfa2f6b750}\windows\inf\hidi2c.pnf | 8.84 KB (9048 bytes) | MD5: d399e897be0e66932326f9740aa8807d SHA1: 84e7e8cd02ad22b3c9cd32811770197a3afeeae9 SHA256: 6e6b0daf89cc03960a8f8f6f02c2f2dda57ee12e4008ccb5be1d70cfc9c073ba |
This feature requires an online-connection to the VMRay backend.
An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox
with deactivated setting "security.fileuri.strict_origin_policy".
