LoadOrd.exe
- File Path:
C:\SysinternalsSuite\LoadOrd.exe - Description: Startup order viewer
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | B68843BA92EC1FE57DC259337CDDDBD1 |
| SHA1 | 06AD9B3B5FB3C1731F405DA9542CDC8906CEA71A |
| SHA256 | AF170DC6241BD5C11F9BCF79CABDCB3C7691F3DA4F989E991B144818DDAD91EA |
| SHA384 | 59F8F54660BDB231704602CCD09A334A46BCB506073E0E8AF04186A691598625B2E775965783C523CBDB55D905AA1C54 |
| SHA512 | E630E9647B4BEFCCFA0E1D2B42BB134344BD1FE024B8931327DC346FE5BCD29DE652742E90C0ECEF05AC4B066856F22C9204D6F8417339537CE424A2F25D4C8F |
| SSDEEP | 1536:THyqOHf2lF9gK7xsX7BzTjo+Txz9PZrHTN54H6STYSs+RYpcFYqIsWjcdaF1GJfW:TDO5LxoC9PZUFfYS3azGJfOqNEZT |
| IMP | B900DC5AB09E702140C5C289F35FB91F |
| PESHA1 | 3737ABC6FF736D385A150ACB5F819E63C49CA714 |
| PE256 | 240B9B85A9B7144D4E577AD290DC731B19DD399688855662277BCE4D9E2D3EAA |
Runtime Data
Window Title:
LoadOrder
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (RW-) C:\Windows | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_11b1e5df2ffd8627 | File |
| (RW-) C:\xCyclopedia | File |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\Windows\Theme2036293991 | Section |
| \Windows\Theme1324212991 | Section |
Loaded Modules:
| Path |
|---|
| C:\SysinternalsSuite\LoadOrd.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
330000010A2C79AED7797BA6AC00010000010A - Thumbprint:
3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC - Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: Loadord
- Product Name: Sysinternals Loadord
- Company Name: Sysinternals - www.sysinternals.com
- File Version: 1.01
- Product Version: 1.01
- Language: English (United States)
- Legal Copyright: Copyright (C) 1998-2016 Mark Russinovich
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/69
- VirusTotal Link: https://www.virustotal.com/gui/file/af170dc6241bd5c11f9bcf79cabdcb3c7691f3da4f989e991b144818ddad91ea/detection/
Possible Misuse
The following table contains possible examples of LoadOrd.exe being misused. While LoadOrd.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | proc_creation_win_false_sysinternalsuite.yml | - '\loadOrd.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.