UserOOBEBroker.exe
- File Path:
C:\Windows\system32\oobe\UserOOBEBroker.exe
- Description: User OOBE Broker
Hashes
| Type |
Hash |
| MD5 |
21105FF8FD94292A87F0313DD77AAD3C |
| SHA1 |
F512CC64E4D58D2EDEFCD121CA77A009025C651D |
| SHA256 |
59911F2C3BBBEB69233DDFC1C9BE173B00C35372C850FB197E7A73C136649594 |
| SHA384 |
B7AECCD33D570034945F4DC9D4074F62D8B6D8D5B19B0FCED27EACD1F3B1F121922D8E2777FFA22DB3EC71FDA12DA91E |
| SHA512 |
A8C938324353289E7F4CF4C50887F7F0DE5509F984A7601D8423753754CA1BC5823F7D448222FBFB92E8006C3BB02FC3D436427E55894EE8F15F6B49DB33E2FD |
| SSDEEP |
1536:H5f6mOEJxfUl+RZ0pdUumPQ+xkV28ZyGWibzV:HtK+Ry1mI+x+2VRq |
Runtime Data
Open Handles:
| Path |
Type |
| (RW-) C:\Users\user\Documents |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
| \RPC Control\DSEC18D0 |
Section |
Loaded Modules:
| Path |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\system32\oobe\UserOOBEBroker.exe |
Signature
- Status: Signature verified.
- Serial:
33000001C422B2F79B793DACB20000000001C4
- Thumbprint:
AE9C1AE54763822EEC42474983D8B635116C8452
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: UserOOBEBroker.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1 (WinBuild.160101.0800)
- Product Version: 10.0.17763.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.