PresentationSettings.exe
- File Path:
C:\Windows\system32\PresentationSettings.exe - Description: Microsoft Mobile PC Presentation Adaptability Client
Hashes
| Type | Hash |
|---|---|
| MD5 | 790799A168C41689849310F6C15F98FA |
| SHA1 | A5D213FC1C71A56DE9441B2E35411D83770C01EC |
| SHA256 | 6E59AB1A0B4AC177DC3397A54AFCF68FCEA3C1EE72C33BD08C89F04A6DAC64B8 |
| SHA384 | 11044442BFBC7F3488A51ACD5A99FE5748D66C1998072B584EF29F60C9FFDA60EBFF1ED281A8FE9D2EB988D4C657948E |
| SHA512 | 8153B79D4681F21ADE7AFE995841C386BFF8E491AD347F8E7C287DF5F9053CAE7458E273339146D9A920CEAA2BA0F41CC793D7B2C0FA80EFBB41477D39470866 |
| SSDEEP | 6144:rt0iOUEDwHulF8VC+LM6Ce9U7its2xmhfGKraEH:rtgUoUulW/Cr7p2Gfn |
| IMP | 7B89FBC2ECACD3670D706A9372A38F83 |
| PESHA1 | 865549BFF9397EBF4B3B1B38A903F75C8C74B5F9 |
| PE256 | 4E14878339BA87C39180326A8FBC81D3E4632CF51490B10B93FE6B8092FA2C30 |
Runtime Data
Child Processes:
csrss.exe winlogon.exe
Window Title:
Presentation Settings
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\duser.dll.mui | File |
| (R-D) C:\Windows\System32\en-US\PresentationSettings.exe.mui | File |
| (R-D) C:\Windows\SystemResources\imageres.dll.mun | File |
| (R-D) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_cb612d02732b0fd9\comctl32.dll.mui | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.19041.1_en-us_cb612d02732b0fd9 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.488_none_ca04af081b815d21 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.685_none_faeca4db76168538 | File |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\1\BaseNamedObjects\windows_shell_global_counters | Section |
| \Sessions\1\Windows\Theme1175649999 | Section |
| \Windows\Theme601709542 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\OLEAUT32.dll |
| C:\Windows\SYSTEM32\powrprof.dll |
| C:\Windows\system32\PresentationSettings.exe |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\SHLWAPI.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
330000023241FB59996DCC4DFF000000000232 - Thumbprint:
FF82BC38E1DA5E596DF374C53E3617F7EDA36B06 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: PresentationSettings.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Copyright (C) Microsoft. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/76
- VirusTotal Link: https://www.virustotal.com/gui/file/6e59ab1a0b4ac177dc3397a54afcf68fcea3c1ee72c33bd08c89f04a6dac64b8/detection
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.