WSCollect.exe
- File Path:
C:\WINDOWS\system32\WSCollect.exe
- Description: This tool collects Windows Store log files
Hashes
| Type |
Hash |
| MD5 |
11836752B88DD693C66A643BE973AA93 |
| SHA1 |
4D3A031C9DB587EB32D2441B2BB2B7360B226863 |
| SHA256 |
B1C75231E8E323BBF7119D982F6C35437B27AE0822CE2604FD6B0E16927A5CD3 |
| SHA384 |
3019246B23CE8D1F4BD0E7A1477C0EA51C191952786D0209C735708FD5DDF8976762AB2ECD60C231463F50B28C314837 |
| SHA512 |
4B6CF6CC0BB0B270CB5FF5AE7CF34ED957ED7C080BA35DB335EEDE612C83765596FC18A8AF3D2FB90E72E9DADFD20B474B490DEB27F36243B2EED1A242305A47 |
| SSDEEP |
768:5RUbXTjkABt8NOHLkoBSfQbDNsn4FOBkStBWd:bm9iObBSfQbAg0Yd |
| IMP |
9F02A366D38804E1F04B39C5385F776C |
| PESHA1 |
558358ADBC7717430B2FBF8AA865068ED15B546D |
| PE256 |
E7F86FF441489E7E1CA99BB252B955E4F0930D979E22754532CBF285254B67CA |
Runtime Data
Usage (stdout):
Child Processes:
conhost.exe
Open Handles:
| Path |
Type |
| (R-D) C:\Windows\System32\en-US\WSCollect.exe.mui |
File |
| (RW-) C:\Users\user\AppData\Local\Temp\CAB9FAA.tmp |
File |
| (RW-) C:\Users\user\AppData\Local\Temp\CAB9FAB.tmp |
File |
| (RW-) C:\Users\user\AppData\Local\Temp\CAB9FAC.tmp |
File |
| (RW-) C:\Users\user\AppData\Local\Temp\CABA80A.tmp |
File |
| (RW-) C:\Users\user\AppData\Local\Temp\CABA80B.tmp |
File |
| (RW-) C:\Windows\System32 |
File |
| (RW-) C:\Windows\System32--help |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro |
Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\WINDOWS\System32\KERNEL32.DLL |
| C:\WINDOWS\System32\KERNELBASE.dll |
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\system32\WSCollect.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED
- Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: WSCollect.exe.mui
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/74
- VirusTotal Link: https://www.virustotal.com/gui/file/b1c75231e8e323bbf7119d982f6c35437b27ae0822ce2604fd6b0e16927a5cd3/detection
File Similarity (ssdeep match)
MIT License. Copyright (c) 2020-2021 Strontic.