UserAccountBroker.exe
- File Path:
C:\Windows\SysWOW64\UserAccountBroker.exe
- Description: User Account Control Panel Host
Hashes
| Type |
Hash |
| MD5 |
23B09A4411EF03A09C9F119139DB9389 |
| SHA1 |
23F9FEB9882B00B520A9B4E37194F2AE5134729A |
| SHA256 |
CD28FE6B1B0ECFECF01AA674326FC250D158908F33EBD023356683CAE108C2BB |
| SHA384 |
AA85DB2E9016B8ABD67E5A2A13AD3BC8065ADD0A841192D58C56602C4EBDF98A9E37E7A43001C829F1D5B9D1A879BD82 |
| SHA512 |
0B9A6F85CE555EB31CF6042B27144CCA3EE2389A76F9A7D5B09970C24F004B65C3FC263124EEF8146ADD19D005C738F884C4389E870D3A286AB8686D0C91D023 |
| SSDEEP |
768:qZJhrvq9Hbs0eJEsnkbQ1zWr6L2WKSF0ADpXPZ+mZlXRI1PcF3J:0JxvsHbs0eJEs7cr6BF9F/Z+mqPcX |
| IMP |
47E33A59D99B513B43234DE272F7D64B |
| PESHA1 |
9F67EC5CABF7C74D448C67DE2BE85D89EC6BE92D |
| PE256 |
53E54539D90126BA962F7FDD742264836C70F868DEA124B9717035F15D9B47BE |
Runtime Data
Open Handles:
| Path |
Type |
| (RW-) C:\Users\user |
File |
| (RW-) C:\Windows |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
| C:\Windows\SysWOW64\UserAccountBroker.exe |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266
- Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: UserAccountBroker.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.1 (WinBuild.160101.0800)
- Product Version: 10.0.19041.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/74
- VirusTotal Link: https://www.virustotal.com/gui/file/cd28fe6b1b0ecfecf01aa674326fc250d158908f33ebd023356683cae108c2bb/detection
MIT License. Copyright (c) 2020-2021 Strontic.