- File Path:
C:\Windows\system32\ThumbnailExtractionHost.exe
- Description: Thumbnail Handler Extraction Host
Hashes
| Type |
Hash |
| MD5 |
4CF1B3BF7F38BE007C62E8317799D3C1 |
| SHA1 |
4D48256C726685E7CCB0E8C2187E8000FCCB1C0D |
| SHA256 |
DFC08877E0BF2B36D1A17EF21857117BD26789558746C19283D1AFFADF070C45 |
| SHA384 |
110389EC6DE58865C98B84D030AE153CAB24DF573933037D811E79792930218937043A4DAA2A5EB40662496F0B0069F1 |
| SHA512 |
1D7C0B71E8A79C9C8EC63F165A82D8E72FD07AB9BA7536582544A9786A664FBF094CA8A310707BD0EFA02E62E6F97A7E6CE564F895EC6304ECBB2E82745F55B7 |
| SSDEEP |
768:gaQwHuqtbxLG5Eu0bh4kqEhKboCTfjqg4Q5yyszf/:JQwHuqLLG5aS7boCT7F4Jyyf/ |
| IMP |
8711951497435C4E20E8335DA3ED1A9D |
| PESHA1 |
8F3418DAA2AF1411D37A6559DCF6E589730E6017 |
| PE256 |
6D36106081456100B5F67F63E54FB49CCECF30253527735AE7016E32614A7C00 |
Runtime Data
Open Handles:
| Path |
Type |
| (RW-) C:\Users\user |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\system32\ThumbnailExtractionHost.exe |
| C:\Windows\System32\USER32.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
33000002EC6579AD1E670890130000000002EC
- Thumbprint:
F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: ThumbnailExtractionHost.EXE
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.746 (WinBuild.160101.0800)
- Product Version: 10.0.19041.746
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/74
- VirusTotal Link: https://www.virustotal.com/gui/file/dfc08877e0bf2b36d1a17ef21857117bd26789558746c19283d1affadf070c45/detection
MIT License. Copyright (c) 2020-2021 Strontic.