CapturePicker.exe
- File Path:
C:\WINDOWS\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe
Hashes
| Type |
Hash |
| MD5 |
4BEAD008E1FF1A1680E4CC7AFA5A7D6F |
| SHA1 |
07A2452EE9F1147CB3EECB3F9A078DB2E1D21F1C |
| SHA256 |
A7B2A847E45DF8FF19DB6036B2C0D12D829CBE8AEEB50F298BDEAB8A3FF7EFE6 |
| SHA384 |
B5CB4E9BFD5A3FAD99A5FFA112C15450D03794D7005E6C7E68AC57FD8EB11DCF49EE582D66A3FDF3B5E61AACA120569F |
| SHA512 |
291788D46517D4943B3A7DE9C6200E00DA71CCD79D30F3164DD4495EDF2538E5A2F8C2BDC5D99D9849403F652BE3EE2EF200E68D626CB049AC881795542D13ED |
| SSDEEP |
12288:RHbBWvw2N2E11lDt3gxptF+HCCNOOBAANrzTNFGFG:5B8w2N2EjNFGFG |
| IMP |
FE346A2E7DA38DD0CE548EDBECEBB5FF |
| PESHA1 |
616C7CBE768F15868DAB89E24FEA77BAD737BB9A |
| PE256 |
689B1FBF9DA4094CD213CB48EAF18E6BD6C5776B3F08D4249F279A4AE960D5C6 |
Runtime Data
Child Processes:
CapturePicker.exe WerFault.exe
Open Handles:
| Path |
Type |
| (RW-) C:\Windows\System32 |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\WINDOWS\System32\combase.dll |
| C:\WINDOWS\System32\KERNEL32.DLL |
| C:\WINDOWS\System32\KERNELBASE.dll |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED
- Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename:
- Product Name:
- Company Name:
- File Version:
- Product Version:
- Language:
- Legal Copyright:
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: Unknown
MIT License. Copyright (c) 2020-2021 Strontic.