sdchange.exe
- File Path:
C:\Windows\SysWOW64\sdchange.exe
- Description: Windows Remote Assistance SD Server
Hashes
| Type |
Hash |
| MD5 |
46970E8F2F2C362EB21BD9FBD7E14DF1 |
| SHA1 |
E0B54C3385114A09CF1E4E035FA6431207394827 |
| SHA256 |
77BEA7A0371E270B9BFCD6B51433CA8642078BD36E4FDBDB726F9815BF3B6A4F |
| SHA384 |
A547BC0632543D764EEDB05849B165AB0D4A565DBE057D10697D9E1431621D92142876F32B425AB58782D00F94A92A2D |
| SHA512 |
73D78E46ABD95F0470761C37851A79EB5FEA773BE1FDADFE00B4DB1D1959A009EB34252A6C1F97191F8E9914CF58824B7135A79E42327632670C3C72844B8ED1 |
| SSDEEP |
768:T/Y5y+q0Ev5bjsoQqlURS0KarrbMQb7/Fh6BG:U8v5b4oJle2YPmc |
| IMP |
FEBDB8D41B96564D59EF7EC952028FD4 |
| PESHA1 |
8D5ADFCB21BBE29821D67D7CF3883A7CBA5C97DB |
| PE256 |
2C38854F23A1CDB32E7994C77766065AC6CB69DF041E3C403422CFBDFA6EAC19 |
Runtime Data
Open Handles:
| Path |
Type |
| (R-D) C:\Windows\System32\en-US\sdchange.exe.mui |
File |
| (RW-) C:\Users\user |
File |
| (RW-) C:\Windows |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\sdchange.exe |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: sdchange.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/76
- VirusTotal Link: https://www.virustotal.com/gui/file/77bea7a0371e270b9bfcd6b51433ca8642078bd36e4fdbdb726f9815bf3b6a4f/detection
MIT License. Copyright (c) 2020-2021 Strontic.