Windows
Analysis Report
autocad.exe
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
autocad.exe (PID: 4692 cmdline:
"C:\Users\ user\Deskt op\autocad .exe" MD5: 4C2A76CEEE9BECFEFFE78265166182BA) conhost.exe (PID: 1792 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- cleanup
Click to jump to signature section
Source: | Static PE information: |
Source: | Binary string: |
System Summary |
---|
Source: | Initial file: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Process information set: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1445859 |
Start date and time: | 2024-05-22 17:22:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | autocad.exe |
Detection: | CLEAN |
Classification: | clean1.winEXE@2/1@0/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: autocad.exe
Process: | C:\Users\user\Desktop\autocad.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5575 |
Entropy (8bit): | 4.307652486098576 |
Encrypted: | false |
SSDEEP: | 48:w2x1DQ4x+aXpkIykO5svjnjL6zjxMUxyNIzej+o4ChWzCdz4cztK7GT7ZOczJENz:HopocAW0Ma7Ttfz+JLyvKyAK9fLZkLt |
MD5: | ED9230D5E83F466BFD8741B7E62D659A |
SHA1: | 2B873F9BF9FF4238BAC1DF6A454FA6EE8D480270 |
SHA-256: | 70EC6342FB4712E23C55067A1CF934F05E059BE9635E38779D09FB601A07EB7E |
SHA-512: | E5604CC6A1EE77DFE5FE371B4F5704E0CDC5A85E4E48B038CDB2501DEBF357D225F09A30C958329EC71275C9972402DEE2BA6816D84E20A4D561E3B362366171 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.324166325898655 |
TrID: |
|
File name: | autocad.exe |
File size: | 426'496 bytes |
MD5: | 4c2a76ceee9becfeffe78265166182ba |
SHA1: | c70b71f7aa367d88c6ec5942269a45cbc66510b3 |
SHA256: | ea139458b4e88736a3d48e81569178fd5c11156990b6a90e2d35f41b1ad9bac1 |
SHA512: | c2d9cfc4c9cf596382e0cbe29e3eefc12a9f9a8f158714aa924360d62d0f4d7b2af9ec3cfca25a40869e4b0b2eaa909afb1378b9c6dcaf139231d70ffe2f40bd |
SSDEEP: | 6144:32rmLvg3Ao3DIygbCQf/1uuczYi0zhsy4acfy5sRlTrmjgyRcaKM:3LLv5rFCQf/ouMYi09LcDTQcaKM |
TLSH: | 86946D55EBF400B9F0B7E979CEF64617F6B778491A30874F03AD8A5A1F233609925322 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N....vr..vr..vr..9...vr.....zvr......vr......vr..vs..vr.....evr......vr......vr.Rich.vr.........PE..d...\M.O.........."........ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x1400446f0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4FD34D5C [Sat Jun 9 13:19:24 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 2 |
File Version Major: | 5 |
File Version Minor: | 2 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 2 |
Import Hash: | 4b9cd3ebe4c995fb411345f7fa1d4966 |
Instruction |
---|
dec eax |
sub esp, 28h |
call 00007FC81967113Ch |
dec eax |
add esp, 28h |
jmp 00007FC81966A2CBh |
int3 |
int3 |
dec esp |
lea ecx, dword ptr [00018245h] |
xor eax, eax |
dec ecx |
mov edx, ecx |
inc esp |
lea eax, dword ptr [eax+08h] |
cmp ecx, dword ptr [edx] |
je 00007FC81966A49Dh |
inc eax |
dec ecx |
add edx, eax |
cmp eax, 2Dh |
jc 00007FC81966A464h |
lea eax, dword ptr [ecx-13h] |
cmp eax, 11h |
jnbe 00007FC81966A478h |
mov eax, 0000000Dh |
ret |
add ecx, FFFFFF44h |
mov eax, 00000016h |
cmp ecx, 0Eh |
inc ecx |
cmovbe eax, eax |
ret |
dec eax |
cwde |
inc ecx |
mov eax, dword ptr [ecx+eax*8+04h] |
ret |
int3 |
dec eax |
sub esp, 28h |
call 00007FC81966BAA8h |
dec eax |
test eax, eax |
jne 00007FC81966A47Bh |
dec eax |
lea eax, dword ptr [00018357h] |
jmp 00007FC81966A476h |
dec eax |
add eax, 10h |
dec eax |
add esp, 28h |
ret |
dec eax |
sub esp, 28h |
call 00007FC81966BA88h |
dec eax |
test eax, eax |
jne 00007FC81966A47Bh |
dec eax |
lea eax, dword ptr [0001833Bh] |
jmp 00007FC81966A476h |
dec eax |
add eax, 14h |
dec eax |
add esp, 28h |
ret |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
mov ebx, ecx |
call 00007FC81966BA64h |
dec eax |
test eax, eax |
jne 00007FC81966A47Bh |
dec eax |
lea eax, dword ptr [00018317h] |
jmp 00007FC81966A476h |
dec eax |
add eax, 14h |
mov dword ptr [eax], ebx |
call 00007FC81966BA4Bh |
dec esp |
lea edx, dword ptr [000182FFh] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x59c44 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x73000 | 0x7218 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x6f000 | 0x35dc | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x7b000 | 0x24c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x51600 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x51000 | 0x558 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4fc4e | 0x4fe00 | e1f890ab222e3078143e63a31cf3e5f0 | False | 0.5732681680359938 | data | 6.480990480865944 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x51000 | 0x9e56 | 0xa000 | 79d31b7d0d8c7e1ab1009f63a373f06c | False | 0.4149169921875 | OpenPGP Public Key Version 5 | 5.2082106512561595 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x5b000 | 0x133a0 | 0x2e00 | 6ceafd513a06b58531ba581d4da2caa0 | False | 0.45779551630434784 | data | 4.726189508461243 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x6f000 | 0x35dc | 0x3600 | ce5c2d07c1496af8bbfa6733d027c1c9 | False | 0.47605613425925924 | data | 5.613044934632713 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x73000 | 0x7218 | 0x7400 | 87c5a65f1ec13bd2063c990be2ee36a1 | False | 0.2458917025862069 | data | 3.4811134604421348 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x7b000 | 0x7da | 0x800 | 1c54ca685dfb2030e6f7d1a014eb38e2 | False | 0.21728515625 | data | 2.197289899211127 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_STRING | 0x740c8 | 0x70 | data | English | United States | 0.5535714285714286 |
RT_STRING | 0x74138 | 0x20e | data | English | United States | 0.47338403041825095 |
RT_STRING | 0x74348 | 0x50 | data | English | United States | 0.7 |
RT_STRING | 0x74398 | 0x1d0 | data | English | United States | 0.38362068965517243 |
RT_STRING | 0x74568 | 0x2b2 | Targa image data - RGB - RLE 32 x 32 x 32 +97 +32 " " | English | United States | 0.30144927536231886 |
RT_STRING | 0x74820 | 0x28e | data | English | United States | 0.37003058103975534 |
RT_STRING | 0x74ab0 | 0x298 | data | English | United States | 0.3990963855421687 |
RT_STRING | 0x74d48 | 0x348 | Targa image data - RGB - RLE 32 x 32 x 32 +45 +32 " " | English | United States | 0.3678571428571429 |
RT_STRING | 0x75090 | 0x328 | Targa image data - RGB - RLE 32 x 32 x 32 +97 +115 " " | English | United States | 0.33292079207920794 |
RT_STRING | 0x753b8 | 0x320 | Targa image data - RGB - RLE 32 x 32 x 32 +100 +104 " " | English | United States | 0.3675 |
RT_STRING | 0x756d8 | 0x2d0 | Targa image data - RGB - RLE 32 x 32 x 32 +101 +112 " " | English | United States | 0.3888888888888889 |
RT_STRING | 0x759a8 | 0x2ce | Targa image data - RGB - RLE 114 x 114 x 32 +105 +101 " " | English | United States | 0.4052924791086351 |
RT_STRING | 0x75c78 | 0x39a | data | English | United States | 0.40563991323210413 |
RT_STRING | 0x76018 | 0x2dc | data | English | United States | 0.3797814207650273 |
RT_STRING | 0x762f8 | 0x304 | Targa image data - RGB - RLE 32 x 32 x 32 +114 +32 " " | English | United States | 0.3898963730569948 |
RT_STRING | 0x76600 | 0x322 | data | English | United States | 0.36034912718204487 |
RT_STRING | 0x76928 | 0x3be | data | English | United States | 0.3058455114822547 |
RT_STRING | 0x76ce8 | 0x328 | data | English | United States | 0.3997524752475248 |
RT_STRING | 0x77010 | 0x20a | data | English | United States | 0.45977011494252873 |
RT_STRING | 0x77220 | 0x1b2 | Targa image data - RGB - RLE 82 x 58 x 32 +82 +79 "P" | English | United States | 0.4631336405529954 |
RT_STRING | 0x773d8 | 0x16c | Targa image data - RGB - RLE 111 x 116 x 32 +110 +110 "r" | English | United States | 0.4725274725274725 |
RT_STRING | 0x77548 | 0x1b2 | data | English | United States | 0.4377880184331797 |
RT_STRING | 0x77700 | 0x17e | Targa image data - RGB - RLE 111 x 116 x 32 +110 +110 "c" | English | United States | 0.5314136125654451 |
RT_STRING | 0x77880 | 0x17c | data | English | United States | 0.4868421052631579 |
RT_STRING | 0x77a00 | 0x1c4 | data | English | United States | 0.4314159292035398 |
RT_STRING | 0x77bc8 | 0x176 | data | English | United States | 0.5133689839572193 |
RT_STRING | 0x77d40 | 0x178 | data | English | United States | 0.5319148936170213 |
RT_STRING | 0x77eb8 | 0x186 | data | English | United States | 0.47435897435897434 |
RT_STRING | 0x78040 | 0x1ac | data | English | United States | 0.48364485981308414 |
RT_STRING | 0x781f0 | 0x1ca | data | English | United States | 0.4279475982532751 |
RT_STRING | 0x783c0 | 0x1f2 | data | English | United States | 0.3674698795180723 |
RT_STRING | 0x785b8 | 0x184 | data | English | United States | 0.4690721649484536 |
RT_STRING | 0x78740 | 0xcc | Targa image data - RGB - RLE 82 x 58 x 32 +82 +79 "P" | English | United States | 0.6372549019607843 |
RT_STRING | 0x78810 | 0x22e | data | English | United States | 0.4336917562724014 |
RT_STRING | 0x78a40 | 0x10c | data | English | United States | 0.6119402985074627 |
RT_STRING | 0x78b50 | 0x18c | data | English | United States | 0.5353535353535354 |
RT_STRING | 0x78ce0 | 0x1b8 | Targa image data - RGB - RLE 105 x 116 x 32 +100 +32 "t" | English | United States | 0.45454545454545453 |
RT_STRING | 0x78e98 | 0x240 | data | English | United States | 0.3472222222222222 |
RT_STRING | 0x790d8 | 0x21a | data | English | United States | 0.44423791821561337 |
RT_STRING | 0x792f8 | 0x286 | data | English | United States | 0.3126934984520124 |
RT_STRING | 0x79580 | 0x284 | data | English | United States | 0.4161490683229814 |
RT_STRING | 0x79808 | 0x252 | data | English | United States | 0.44107744107744107 |
RT_STRING | 0x79a60 | 0x190 | Targa image data - RGB - RLE 82 x 58 x 32 +82 +79 "%" | English | United States | 0.47 |
RT_STRING | 0x79bf0 | 0x2a0 | data | English | United States | 0.45982142857142855 |
RT_STRING | 0x79e90 | 0x2c8 | Targa image data - RGB - RLE 32 x 32 x 32 +45 +116 " " | English | United States | 0.44241573033707865 |
RT_STRING | 0x7a158 | 0xbc | data | English | United States | 0.6436170212765957 |
RT_VERSION | 0x73e10 | 0x2b8 | COM executable for DOS | English | United States | 0.46120689655172414 |
RT_MANIFEST | 0x73960 | 0x4af | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4603836530442035 |
DLL | Import |
---|---|
KERNEL32.dll | SetConsoleCtrlHandler, LocalFree, FormatMessageW, CloseHandle, GetCurrentProcess, CreateFileW, BackupRead, BackupSeek, SetFileTime, MoveFileW, FlushFileBuffers, SetFilePointer, SetEndOfFile, GetFileTime, GetFileType, CreateFileA, ReadFile, WriteFile, GetDriveTypeA, GetDiskFreeSpaceA, GetVolumeInformationA, GetFileAttributesA, GetFileAttributesW, SetFileAttributesA, SetFileAttributesW, MoveFileA, DeleteFileA, DeleteFileW, RemoveDirectoryA, RemoveDirectoryW, DeviceIoControl, CreateDirectoryA, CreateDirectoryW, ExpandEnvironmentStringsW, ExpandEnvironmentStringsA, FindClose, FindNextFileA, FindFirstFileA, FindNextFileW, FindFirstFileW, GetVersionExW, CreateThread, Sleep, GetProcessAffinityMask, WaitForSingleObject, SetEvent, ResetEvent, SetThreadPriority, GetCurrentThread, WaitForMultipleObjects, CreateEventW, GetFullPathNameA, GetFullPathNameW, GetModuleFileNameA, GetModuleFileNameW, MultiByteToWideChar, SetErrorMode, FreeLibrary, LoadLibraryW, LoadLibraryExW, GetCurrentProcessId, CompareStringA, SetPriorityClass, SetCurrentDirectoryA, GetCurrentDirectoryA, LocalFileTimeToFileTime, FileTimeToSystemTime, FileTimeToLocalFileTime, WideCharToMultiByte, CompareStringW, IsDBCSLeadByte, GetCPInfo, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, SetEnvironmentVariableA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryW, GetTickCount, GetSystemTime, SystemTimeToFileTime, GetStdHandle, GetConsoleMode, SetConsoleMode, ReadConsoleW, GetCommandLineW, GetModuleHandleW, GetProcAddress, ExitThread, SetLastError, GetStringTypeW, GetStringTypeA, GetConsoleCP, GetSystemTimeAsFileTime, QueryPerformanceCounter, HeapFree, HeapReAlloc, HeapAlloc, RtlLookupFunctionEntry, RtlUnwindEx, ExitProcess, RaiseException, RtlPcToFileHeader, GetCommandLineA, HeapSetInformation, HeapCreate, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlVirtualUnwind, RtlCaptureContext, EncodePointer, DecodePointer, FlsGetValue, FlsSetValue, FlsFree, GetCurrentThreadId, FlsAlloc, GetACP, GetOEMCP, IsValidCodePage, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapSize, LoadLibraryA, InitializeCriticalSectionAndSpinCount, LCMapStringA, LCMapStringW, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetStartupInfoA |
USER32.dll | CharLowerW, ExitWindowsEx, CharUpperA, CharLowerA, LoadStringW, CharUpperW, CharToOemBuffW, CharToOemBuffA, OemToCharA, OemToCharBuffA, CharToOemA |
ADVAPI32.dll | RegQueryValueExW, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, GetFileSecurityW, GetFileSecurityA, GetSecurityDescriptorLength, SetFileSecurityW, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW |
SHELL32.dll | SHGetPathFromIDListW, SHGetMalloc, SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHFileOperationW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:22:38 |
Start date: | 22/05/2024 |
Path: | C:\Users\user\Desktop\autocad.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff785da0000 |
File size: | 426'496 bytes |
MD5 hash: | 4C2A76CEEE9BECFEFFE78265166182BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 11:22:38 |
Start date: | 22/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6684c0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |