DataExchangeHost.exe Data Exchange Host it is a process that operates as a component object model (COM) application inside the local ‘DataExchange Host’ COM server.
If something you do requires a Hypervisor (virtual machine), then Hyper-V will likely be providing this function. This virtual machine (VM) guest needs a method to communicate with its host, which is your Windows session.
Location of the file C:\Windows\system32\DataExchangeHost.exe size 154.84 kB (158560 B).
DataExchangeHost.exe Data Exchange Host This is save process but some hackers use the same name to hide malware on your computer.
When you download DataExchangeHost.exe from untrusted or hackers websites the risk is high. To prevent the infection of your computer please:
-Use a good antivirus program
-Check the same file with several antivirus programs
-Check location and size of the file, if something is missing it is suspicious
In Winx64 system it can known as DataExchangeHost.exe Data Exchange Host (32-bit).
DataExchangeHost.exe ডেটা বিনিময় আয়োজক
DataExchangeHost.exe Data Exchange Host (32bitové)
DataExchangeHost.exe Data Exchange Host (32 bites)
DataExchangeHost.exe Data Exchange Host (32-біт)
I disagree. This may work with a Virtual Machine but is not for a virtual machine.
The ASCII strings within the program as well as the Registry entries all point back to the fact this file is used for Drag and Drop operations.
The following key
HKEY_CLASSES_ROOT\AppID\{C2E9756F-8155-4EAC-9ED5-0B690169D412}
(DataExchangeHost)
Leads to this next key
HKEY_CLASSES_ROOT\AppID\DataExchangeHost.exe
Which has an appID of
{C2E9756F-8155-4EAC-9ED5-0B690169D412}
Which leads to
HKEY_CLASSES_ROOT\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32
(default) %SystemRoot%\system32\dataexchange.dll
So: {9FC8E510-A27C-4B3B-B9A3-BF65F00256A8} leads to Drag and Drop for work on WinPE work here
http://mistyprojects.co.uk/documents/winpe_tweaks/readme.files/DragNDrop.htm
HKEY_CLASSES_ROOT\CLSID\{CC07F1AC-9ADD-4DEF-93DF-6F755F2A88A1}
AppID {C2E9756F-8155-4EAC-9ED5-0B690169D412}
(default) C:\Windows\System32\DataExchangeHost.exe
Then DatExchangeHost leads to
HKEY_CLASSES_ROOT\OneCoreContracts\Windows.Internal.PlatformExtensions.DragDropExperience\Desktop
Which then leads to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.DataTransfer.DragDrop.Core.CoreDragDropManager
(DllPath) %SystemRoot%\system32\DataExchange.dll
Then you can also see that OLE here also has the same key name that points back to %SystemRoot%\system32\dataexchange.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Extensions
DragDropExtension: {9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}
Then DragDropHost entry has: {228826af-02e1-4226-a9e0-99a855e455a6}
(default) ImmersiveShellBroker
(AppID) {2fd08a73-d1f1-43eb-b888-24c2496f95fd}
ASCII 128 strings inside the binary file
onecore\internal\sdk\inc\wil\opensource\wil\resource.h
WilError_03
RtlNtStatusToDosErrorNoTeb
RtlDllShutdownInProgress
RtlDisownModuleHeapAllocation
pcshell\shell\dataexchange\host\exe\dataexchangehost.cpp
pcshell\shell\dataexchange\host\lib\dragdropbroker.cpp
pcshell\shell\dataexchange\host\lib\olebroker.cpp
Ubad locale name
generic
unknown error
iostream
iostream stream error
system
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
pcshell\shell\dataexchange\host\lib\dragwindow.cpp
invalid string position
string too long
bad cast
UXpcshell\shell\dataexchange\host\lib\DragVisual.h
pcshell\shell\dataexchange\host\lib\dragvisual.cpp
$}Npcshell\shell\dataexchange\host\lib\inputcapture.cpp
RtlQueryFeatureConfiguration
RtlRegisterFeatureConfigurationChangeNotification
RtlUnregisterFeatureConfigurationChangeNotification
RtlNotifyFeatureUsage
NtQueryWnfStateData
NtUpdateWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
onecore\internal\sdk\inc\wil\Staging.h
WilStaging_02
pcshell\shell\dataexchange\host\lib\dragdropoperationinternal.cpp
vector too long
Immersive
DragDropSession
onecore\internal\sdk\inc\wil\opensource/wil/result.h
pcshell\shell\dataexchange\host\lib\oleinteroptarget.cpp
Bmap/set too long
iV2
_pcshell\shell\dataexchange\host\lib\edp.cpp
_WT
pcshell\shell\dataexchange\host\lib\shelldroptargetmediator.cpp
Fapcshell\shell\dataexchange\host\lib\droptargetmediator.cpp
Fpcshell\shell\dataexchange\host\lib\dragdropargs.cpp
bad allocation
onecore\shell\lib\calleridentity\calleridentity.cpp
onecore\shell\lib\calleridentity\calleridentity_window.cpp
onecore\shell\lib\calleridentity\calleridentity_capability.cpp
onecoreuap\shell\dataexchange\common\lib\winrtexclusiontoken.cpp
onecoreuap\shell\dataexchange\common\lib\edp.cpp
So, in a nutshell, that file is for Drag and Drop operations and exchanging the data between apps