AuditShD.exe
- File Path:
C:\Windows\system32\oobe\AuditShD.exe
- Description: Audit Mode Desktop Switch Utility
Hashes
| Type |
Hash |
| MD5 |
E93CBE810EC760BB5414C2FF14C80A67 |
| SHA1 |
2EB43180AAB6FC7605DDD16F9ACA0739E3961AEA |
| SHA256 |
1AFEB20B44146398F73C48998A50B9BA42257FFE5620CD188D1971555BA9EEFC |
| SHA384 |
892705E95A74FA24F31633D538628ABF1CCE5A0F052D2EBE1E11066F639E288E540EF26C1758D0EE106DAF9DDE6F36F2 |
| SHA512 |
E749EB6E3EAD6C0DCCFDCA267C9A032D9B54E6914A431840B9CC4DF99DB73ECC3290C9318D72128383467DC3AF99E880CDDBFBDA0CF254C5F23499FEEF7ED6B6 |
| SSDEEP |
384:jxYJ2Y8by12TAIO3KyGFs5tveSGIYeGQOk4g4ti92H9SBOr3fpgHuWGfErnUoskp:jxYWby4TAIOvC8vLO9nPdMWTjdmq3f |
| IMP |
B1A6068BAA73FBE37CC0271811BDCDBC |
| PESHA1 |
0B8137634FBC94396EFBC565C55311273A9BF486 |
| PE256 |
811B0BD83B022F075C4D62F39518A03F84A622E660D1CA6B6E7580DAA3CC0ED7 |
Runtime Data
Loaded Modules:
| Path |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\system32\oobe\AuditShD.exe |
Signature
- Status: Signature verified.
- Serial:
33000002EC6579AD1E670890130000000002EC
- Thumbprint:
F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: AuditShD.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1202 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1202
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/1afeb20b44146398f73c48998a50b9ba42257ffe5620cd188d1971555ba9eefc/detection
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.