Microsoft.SharePoint.NativeMessagingClient.exe

  • File Path: C:\Users\user\AppData\Local\Microsoft\OneDrive\21.220.1024.0001\Microsoft.SharePoint.NativeMessagingClient.exe
  • Description: Microsoft SharePoint Native Messaging Client

Hashes

Type Hash
MD5 5710AA2450D8A5C915383FA51BBDC680
SHA1 40EDE4F348F506348C5B983356D6A9FC54F5D077
SHA256 EAB1A3FACFCA1C29B00A635242B1F105A21E0D654766E9B18BAD84BB28F36C00
SHA384 2B9F3230F82E5DBC5128E31C2E7251089A1C1081226271F60D872E4C64F6346301ED208326FAC95394923F4C9AEC741E
SHA512 DE1A5FCD6A5BFEFA2E888DC1E64AD73B019C6CBBEBF43983FD13BD9AED7C05CFAACEE2A5B6167773911FB350DDAA366A2CE59B03AD0D7B0E4713D3A8FFBAC86B
SSDEEP 384:iVVzYPO52p9X4kIEp1EKlLme0fVsVHH9XkW7u4whBWu/Llm0cwewmEy4lGswduuM:iVVzYWqlpHlSvuVHHN8ZFcwzy5WuM
IMP 6409E03DB652BE5613B6BA5E50DDDF69
PESHA1 3FFCBF1329010EA56673E6F87779C45096851081
PE256 D4EB5B4CC71C6C145FEBFB04DC2C0AACCB77B65BB0BCBC6416F8DFF597E40150

Runtime Data

Child Processes:

conhost.exe

Open Handles:

Path Type
(RW-) C:\Windows\System32 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section

Loaded Modules:

Path
C:\Users\user\AppData\Local\Microsoft\OneDrive\21.220.1024.0001\Microsoft.SharePoint.NativeMessagingClient.exe
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000003F16206E3E7EFDA8ABE0000000003F1
  • Thumbprint: 5362FAEB842C236D05A729B7FAC85BAA1B68BDCA
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Microsoft.SharePoint.NativeMessaging.exe
  • Product Name: Microsoft SharePoint Native Messaging Client
  • Company Name: Microsoft Corporation
  • File Version: 21.220.1024.0001
  • Product Version: 21.220.1024.0001
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/eab1a3facfca1c29b00a635242b1f105a21e0d654766e9b18bad84bb28f36c00/detection

MIT License. Copyright (c) 2020-2021 Strontic.