nmscrub.exe

File Path: C:\Windows\system32\nmscrub.exe

Hashes

Type	Hash
MD5	`74C4FCF594933760AF8DD4057F25A31C`
SHA1	`91C7304057F2C5C8437D387A40069A4FE5FD14BD`
SHA256	`924476DE397FFAC1B8931AD85ABEBF48AA2FA185C0AEB3C46F0B0D96279DBBEB`
SHA384	`74101AE179835473C024D352DACB0FD5F49026324C7054FF2E709DE988960DC3A4D209FE8FD575A285D0DCB5B0F175F6`
SHA512	`187DA74D60647F16C0CDFAE7FC754E0954CDE73D94CF3824BF318532E9B0EA125DFBEED1ADED2A58AEF6C0CE2B59E6EA04E19F939EDB39F8A698B4C98F794DAD`
SSDEEP	`3072:LiAlsh/sksho2pHumpicZopDT69LGsCda+bZcmaYoldhTM7PRqH8hJY:LiAl2/sksi2JuLyopDda+bbUH8hy`

Runtime Data

Usage (stdout):

VmSwitch is loaded
VmSwitch initialization is complete
Service 'vmms' does not exist
Service 'hns' does exist
Service 'hvsics' does not exist

SwitchCount = 1 (0000017135B00AD0)

SwitchFriendlyName = 'nat'
   SwitchName = '8D712801-4653-489B-87A7-6AF1F2953BED':
   OwnerService = '1'
   Internal Port 90172ED4-07C9-449C-8994-5D5143707090:
      PortFriendlyName = 'Container NIC 2e5c9677'
      OwnerService = '1'
      ConnectedNicName = '9BB09FD9-0BEF-4824-9A7F-557E63D8DED5':
         NicName = '9BB09FD9-0BEF-4824-9A7F-557E63D8DED5'
         NicFriendlyName = 'nat'
         IsLightWeight = 0

Signature

Status: Signature verified.
Serial: 3300000266BD1580EFA75CD6D3000000000266
Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

Original Filename:
Product Name:
Company Name:
File Version:
Product Version:
Language:
Legal Copyright:

File Similarity (ssdeep match)

File	Score
C:\Windows\system32\nmbind.exe	43
C:\WINDOWS\system32\nmbind.exe	38
C:\WINDOWS\system32\nmscrub.exe	36