prevhost.exe
- File Path:
C:\Windows\SysWOW64\prevhost.exe - Description: Preview Handler Surrogate Host
Hashes
| Type | Hash |
|---|---|
| MD5 | 79FED29A7F3DF4BA67599EFF3CDB4F1A |
| SHA1 | 1B58E24D43CCB62B3B80263ABE8F03ED962C4BFD |
| SHA256 | 32863169DA356243FD74440AB2CE0DE7EACF2A5760027602DAB5159C464621D4 |
| SHA384 | A5927F81E13620229C26177DCB70E90F3810A91E9C1A412E4ECFA20683A99D66ECB3586190E586F076741B253FCAA790 |
| SHA512 | F79558B4A51C280807DF3906DB2608C1495747E3F61E161C6904BA2559F55C15D27497D450414E726539462D166CA37B7E85653B93EF6E0A7F00A61F8D84ADC8 |
| SSDEEP | 384:gSywIAkLlVGW+lWlTbla//hTFrQe07eRuqJ6nm/0PdOya9WvcWmhkn:ZywIAk7VTUzrQd74Lr+Oyaqu |
| IMP | 64AD0500B99B03083D39C3F6AFAF2C66 |
| PESHA1 | 659C3EC97DE5C7580FBA57C80536B6AA89C47F00 |
| PE256 | 1CA486AA5EE9787E42B9865F052882FDBD2C19366F3F184A35A01A9E4980E3BC |
Runtime Data
Child Processes:
explorer.exe
Loaded Modules:
| Path |
|---|
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\prevhost.exe |
Signature
- Status: Signature verified.
- Serial:
33000002EC6579AD1E670890130000000002EC - Thumbprint:
F7C2F2C96A328C13CDA8CDB57B715BDEA2CBD1D9 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: PREVHOST.EXE
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.746 (WinBuild.160101.0800)
- Product Version: 10.0.19041.746
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/32863169da356243fd74440ab2ce0de7eacf2a5760027602dab5159c464621d4/detection
MIT License. Copyright (c) 2020-2021 Strontic.