FileCoAuth.exe

  • File Path: C:\Users\user\AppData\Local\Microsoft\OneDrive\21.220.1024.0001\FileCoAuth.exe
  • Description: Microsoft OneDriveFile Co-Authoring Executable

Hashes

Type Hash
MD5 5CB3EFF43567C67B905B118550CDA1D9
SHA1 8EE10BEC88233AECBAA518BD44E8D841744193F2
SHA256 89622766D8B2A09A1341E1BC77FA40D77EB349EDC7F0345ECF78B21F4E52DAB7
SHA384 1A11973EAC33974EE74555F14671F92D10C6A77FB327B152A9E351F795A79CB803C5F7AD1F0175B52E50A64655A98107
SHA512 1802DC66F290FBD14442A3C3B9BEDF227AAEF375669CBAA515888055B14585989D8B3A7D6B712215D547810B51DE2AF3106168A693DE91F3D952C8746391CE64
SSDEEP 12288:uXlBLvZ4PwqFnwtPBCSHmuiMCNEpsvSzZW:uXlBLvZ4P5M3GFMaEpsvS0
IMP 8D8BE415C287072721D028C46E0D7B52
PESHA1 D364BA494BDAC63CB64BE77FBDD48E2DCB151CEE
PE256 83670059D76F8EFC46BDA3ED920585ED5A6C8A2A8241EA9D8D0F454A55A31220

Runtime Data

Open Handles:

Path Type
(R–) C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2021-11-07.2317.5800.1.aodl File
(R-D) C:\Windows\System32\en-US\crypt32.dll.mui File
(R-D) C:\Windows\System32\en-US\mswsock.dll.mui File
(RW-) C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\telemetryCache.otc File
(RW-) C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\telemetryCache.otc-shm File
(RW-) C:\Users\user\AppData\Local\Microsoft\OneDrive\logs\Common\telemetryCache.otc-wal File
(RW-) C:\Windows\System32 File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\F932B6C7-3A20-46A0-B8A0-8894AA421973 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\BaseNamedObjects\UrlZonesSM_TI-ADMIN Section
\Sessions\2\BaseNamedObjects\windows_shell_global_counters Section
\Sessions\2\BaseNamedObjects\windows_webcache_counters_{9B6AB5B3-91BC-4097-835C-EA2DEC95E9CC}_S-1-5-21-1128764013-3361508229-3049782613-1001 Section

Loaded Modules:

Path
C:\Users\user\AppData\Local\Microsoft\OneDrive\21.220.1024.0001\FileCoAuth.exe
C:\Users\user\AppData\Local\Microsoft\OneDrive\21.220.1024.0001\LoggingPlatform.DLL
C:\WINDOWS\System32\GDI32.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\System32\KERNEL32.DLL
C:\WINDOWS\System32\KERNELBASE.dll
C:\WINDOWS\System32\msvcp_win.dll
C:\WINDOWS\SYSTEM32\ntdll.dll
C:\WINDOWS\System32\ucrtbase.dll
C:\WINDOWS\System32\USER32.dll
C:\WINDOWS\System32\win32u.dll

Signature

  • Status: Signature verified.
  • Serial: 33000003F16206E3E7EFDA8ABE0000000003F1
  • Thumbprint: 5362FAEB842C236D05A729B7FAC85BAA1B68BDCA
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: FileCoAuth.exe
  • Product Name: Microsoft OneDrive
  • Company Name: Microsoft Corporation
  • File Version: 21.220.1024.0001
  • Product Version: 21.220.1024.0001
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/74
  • VirusTotal Link: https://www.virustotal.com/gui/file/89622766d8b2a09a1341e1bc77fa40d77eb349edc7f0345ecf78b21f4e52dab7/detection

MIT License. Copyright (c) 2020-2021 Strontic.