GameBarPresenceWriter.exe
- File Path:
C:\WINDOWS\system32\GameBarPresenceWriter.exe
- Description: Gamebar Presence Writer
Hashes
| Type |
Hash |
| MD5 |
483911A65EDFB1D339FB86BC3388C477 |
| SHA1 |
CFA815DE9F1428AFD686D77C5DCD81A0BC84D088 |
| SHA256 |
D57C2EA49484C8B5D384D6DDD04F4D7B179671A6E2FB0A51F2E107A518D6AA5B |
| SHA384 |
CF78E122897F9BD007A548F0F1E0352A7045C581BA6A0FBF1253DD7A7404DA9ED0662550CBF7969C36F2D82B2D9F84D0 |
| SHA512 |
1D0A250CC012E446A50A686966F51CC2415E464FBBFD63DDA79346C07BDCA741A13D7143DFF307E95AEF9D537F980E90A09367B26BAF708E8555FDB8B1EC7E98 |
| SSDEEP |
6144:X3+OWnTn+8i79S54VDRr+QQmiq2kxuXBRvGHk1BHUumbIQqo4cdjha/i2gFwI5WZ:X3Rk9i79SQ+8JCKDp4cdjha/i2gFwSY |
| IMP |
FEA42510C0BA3EB0CEA37128165FF77F |
| PESHA1 |
D789C938CD60C3169A479949FAF45E7136A75257 |
| PE256 |
13B8B384D3B3803EBE5A46A42D9D925ACCE2AA7E7762696AFFA13E94DB2756DB |
Runtime Data
Open Handles:
| Path |
Type |
| (RW-) C:\Windows\System32 |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\WINDOWS\System32\ADVAPI32.dll |
| C:\WINDOWS\system32\GameBarPresenceWriter.exe |
| C:\WINDOWS\System32\KERNEL32.DLL |
| C:\WINDOWS\System32\KERNELBASE.dll |
| C:\WINDOWS\System32\msvcrt.dll |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED
- Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: GamebarPresenceWriter.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/72
- VirusTotal Link: https://www.virustotal.com/gui/file/d57c2ea49484c8b5d384d6ddd04f4d7b179671a6e2fb0a51f2e107a518d6aa5b/detection
MIT License. Copyright (c) 2020-2021 Strontic.