rstrui.exe
- File Path:
C:\Windows\system32\rstrui.exe
- Description: Microsoft Windows System Restore
Hashes
| Type |
Hash |
| MD5 |
4CAD10846E93E85790865D5C0AB6FFD9 |
| SHA1 |
8A223F4BAB28AFA4C7ED630F29325563C5DCDA1A |
| SHA256 |
9DDCFCAF2EBC810CC2E593446681BC4CCBAD39756B1712CF045DB8DEE6310B4B |
| SHA384 |
7890F0CE2259D18938C331C12F0707E6EF2E21BE4E8738328CCBEC408FC286937C6DD6E2AB2437F55530E7869000C76C |
| SHA512 |
C0DB44DE0D35A70277F8621A318C5099378DA675376E47545CFBFA7412E70A870FD05C92E0D6523EA2E0139D54D9EEAED14973762341FA3154406AE36F4CE7C6 |
| SSDEEP |
6144:x2giB1TuuQl2FRuTsKlpbcUsontang92+UvQ/KpmOq:x2gG5c2FR7kVtK5vQ/Kp |
| IMP |
9D3877D28342FF71396AB7B327C8F5AE |
| PESHA1 |
9365FDBB513942B75142FBE065F6BF8ADED8DA8D |
| PE256 |
37208DC6ED5EC822BA8AF99CABB78CB36C964E7B67ED7D6DD27012EDAFC7D20D |
Runtime Data
Child Processes:
RdpSa.exe
Loaded Modules:
| Path |
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\system32\rstrui.exe |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
33000002EC6579AD1E670890130000000002EC
- Thumbprint:
F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: rstrui.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/9ddcfcaf2ebc810cc2e593446681bc4ccbad39756b1712cf045db8dee6310b4b/detection
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.