RMActivate.exe
- File Path:
C:\Windows\SysWOW64\RMActivate.exe
- Description: Windows Rights Management Services Activation for Desktop Security Processor
Hashes
| Type |
Hash |
| MD5 |
F3C14E99DD1854F66EC94B389FF6AB1A |
| SHA1 |
A266D5B561EB31AE4C7F56C1A239B0263F265667 |
| SHA256 |
9162B0FF6453363794763BFCF06BD80F560780A20F8A2B590BAE987034F3A48E |
| SHA384 |
A35AF18CCE1FC7C233092A712D46BCD0852BBB7E0B13239C99183A851F154E428E037FE8F6934258A15E20C7A8C9327B |
| SHA512 |
6692205E8ADC7879A5D36842A66D8C2E4876B4F15BAEFD4D661367162BBF23439B59AEFC9039372C338F6484482C2609EE91F2EABA8D7962088DD1F056B8C07F |
| SSDEEP |
12288:dcbjRXYik0+0TAFJ/m2lmdfk8/ZdZpECITu8tutVNf/yTlZ3:2jFj7+xD/mGmdfk8/ZREbu8tutPXyZZ3 |
| IMP |
EBCDFF4FE394A3E0CD90455A8A72EF29 |
| PESHA1 |
051305F4D35DDC2CDB732765144D4485C2607FC6 |
| PE256 |
DD9ED24EA508B5EE0A2731882FEDD88B83C462F9BA220E54F8D8096957086070 |
Runtime Data
Child Processes:
conhost.exe
Open Handles:
| Path |
Type |
| (R-D) C:\Windows\System32\en-US\crypt32.dll.mui |
File |
| (RW-) C:\Users\user |
File |
| (RW-) C:\Windows |
File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\RMActivate.exe |
Signature
- Status: Signature verified.
- Serial:
33000001C422B2F79B793DACB20000000001C4
- Thumbprint:
AE9C1AE54763822EEC42474983D8B635116C8452
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: rmactivate.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/9162b0ff6453363794763bfcf06bd80f560780a20f8a2b590bae987034f3a48e/detection/
MIT License. Copyright (c) 2020-2021 Strontic.