RmClient.exe

  • File Path: C:\WINDOWS\SysWOW64\RmClient.exe
  • Description: Restart Manager LUA Restart Client

Hashes

Type Hash
MD5 0E6A287FE85BF5F3EB92ABCEABF0207F
SHA1 8D9E2DABA5C8A79CE48108E6B03723FFDF20E66A
SHA256 6A02F8C9EA821C902EFC979097FF74806FE01314960FEB3303828900D257BB79
SHA384 1356F4CAD4BCEDB7593A2C23FB0FBA220D736DFFBCD87CDFCC211D5308CC362937E0B4A570FE79B833ABFC4911E53C5C
SHA512 1BBBDDD79340A3795FCD61FB562A18EF475ED4CBB1DFF37CEE5264065C44E2CCD977973216539DF364AC074AAB610A4845E4B7809BF678F5AD0D391098327D63
SSDEEP 384:Lvi5dMHeMkL55Ews4IaMkecj17F/WXzWKA0n:zi5dMg55EbkV17FMRv
IMP 515D13B7AD9E8958E42761434A172217
PESHA1 A9B2D2EE4C761707A1FA7120C53E37B0792381B0
PE256 F65331F50D07D6F093E1FCF63F10D06E957AA3FBF0D68617C7D591511991B00F

Runtime Data

Usage (stdout):


 RmClient.exe pipename



Loaded Modules:

Path
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\wow64.dll
C:\WINDOWS\System32\wow64base.dll
C:\WINDOWS\System32\wow64con.dll
C:\WINDOWS\System32\wow64win.dll
C:\WINDOWS\SysWOW64\RmClient.exe

Signature

  • Status: Signature verified.
  • Serial: 33000002ED2C45E4C145CF48440000000002ED
  • Thumbprint: 312860D2047EB81F8F58C29FF19ECDB4C634CF6A
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: RmClient.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.22000.1 (WinBuild.160101.0800)
  • Product Version: 10.0.22000.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/6a02f8c9ea821c902efc979097ff74806fe01314960feb3303828900d257bb79/detection

MIT License. Copyright (c) 2020-2021 Strontic.