PickerHost.exe
- File Path:
C:\Windows\SysWOW64\PickerHost.exe
- Description: File Picker UI Host
Hashes
| Type |
Hash |
| MD5 |
8ABDA2D6AA1091E9F93B304DABC648EF |
| SHA1 |
CECDDBC9C8988E2BCEAE58B24E867A8629D1CF8D |
| SHA256 |
4AFECB9ADDD61BF3F4BF3914B56C1896480498D0F32385058C045B47B3E62280 |
| SHA384 |
2CDD0B7A689BC2DC533188EC8B0A45876DA68E2C859779DE6D6D00EEE61642BE185FB6142F584164E8693E8E0F21A92B |
| SHA512 |
6188C864E559E5A1C69D9DBD7FAA24B3549A68C225AC9C5CC2845BD46ACDF86BF8A27A6DE7BEAC97827A2DCA98559C0E43923BE0FB09782C6CE9E843CC68BF34 |
| SSDEEP |
3072:7+RCjmWDev+lVSVdgwYtmXaZFQsL4YbkPXkyTve:7/SbZYsXaZFQsL4Ybkvky |
| IMP |
E5D303F591EEE2D5EF12C121CDE12115 |
| PESHA1 |
E60F14455EA00D00920916040000AA76BD5703F3 |
| PE256 |
1A464DFB2C589F83E3094FE48C7B2C312AB88229ABFB9767A5723617AB06846A |
Runtime Data
Open Handles:
| Path |
Type |
| (RW-) C:\Users\user |
File |
| (RW-) C:\Windows |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\PickerHost.exe |
Signature
- Status: Signature verified.
- Serial:
33000002EC6579AD1E670890130000000002EC
- Thumbprint:
F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: PickerHost.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1023 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1023
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/4afecb9addd61bf3f4bf3914b56c1896480498d0f32385058c045b47b3e62280/detection
MIT License. Copyright (c) 2020-2021 Strontic.