pendmoves.exe
- File Path:
C:\SysinternalsSuite\pendmoves.exe
- Description: Lists pending delayed movefile operations
Hashes
| Type |
Hash |
| MD5 |
2643293808FC9586788E0D934A8A07B6 |
| SHA1 |
555C125CCBD6D5E4DC767AF5E1132C4C26FF41DC |
| SHA256 |
E6FB98119483D466C62EB3D51E557FB561595764D3BA474D13591D5C7AA940F6 |
| SHA384 |
95866AB178EC18555A8541882676942C8CDABEFDEAF5CE355452FFFA78537D38A5781505CCA3FB577AEE70F01C72AA5D |
| SHA512 |
0FBED4D6335C79F642876C1E99921D9C615AEB2B6CCB8B984820FC722C3A7BB8551A6A57AF0E3E1CD171D88B461E422F85D1C9D9067B78A501AFACFBBB1B006A |
| SSDEEP |
6144:+yFm34ds0MvYtQb2QtUe4AgnLysKcScK6FMFFa:hmods0MwtQaKDWnSYaa |
| IMP |
DD005E4F996645B1B6E14F7480921380 |
| PESHA1 |
F2EF600A4EF37C63CBDB058F079A91A7978A52AA |
| PE256 |
41AAABBF69B689A47D7DE67F88E5A856896E41279F4D157458C40E64068B3507 |
Runtime Data
Usage (stdout):
PendMoves v1.3 - Lists pending delayed movefile operations
Copyright (C) 2004-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
Source: C:\Users\user\AppData\Local\Temp\ADInsight64.EXE
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsight64.EXE
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\SysinternalsSuite\ADInsightDll64.dll
*** Source file lookup error: Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsight64.EXE
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsight64.EXE
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsight64.EXE
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsight64.EXE
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\SysinternalsSuite\ADInsightDll64.dll
*** Source file lookup error: Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\SysinternalsSuite\ADInsightDll64.dll
*** Source file lookup error: Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\SysinternalsSuite\ADInsightDll64.dll
*** Source file lookup error: Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Source: C:\SysinternalsSuite\ADInsightDll64.dll
*** Source file lookup error: Target: DELETE
Source: C:\Users\user\AppData\Local\Temp\ADInsightDll64.dll
Target: DELETE
Time of last update to pending moves key: 9/25/2020 8:30 AM
Loaded Modules:
| Path |
| C:\SysinternalsSuite\pendmoves.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
3300000187721772155940C709000000000187
- Thumbprint:
2485A7AFA98E178CB8F30C9838346B514AEA4769
- Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: pendmoves.exe
- Product Name: Sysinternals Pendmoves
- Company Name: Sysinternals - www.sysinternals.com
- File Version: 1.3
- Product Version: 1.3
- Language: English (United States)
- Legal Copyright: Copyright (C) 2004-2016 Mark Russinovich
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/71
- VirusTotal Link: https://www.virustotal.com/gui/file/e6fb98119483d466c62eb3d51e557fb561595764d3ba474d13591d5c7aa940f6/detection/
Possible Misuse
The following table contains possible examples of pendmoves.exe being misused. While pendmoves.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.