usocoreworker.exe
- File Path:
C:\Windows\system32\usocoreworker.exe - Description: USO Core Worker Process
Hashes
| Type | Hash |
|---|---|
| MD5 | 27C961B231DE15DC3CC0D82B6A39B9B2 |
| SHA1 | CFA1F7346F117712B0A5CCA06E814F6C7C631B0C |
| SHA256 | 6F18C71D9C2F065861656B23402FEBB0CBFFFB95A7976CC6BBF5B602353FC2AA |
| SHA384 | ADD9FC499B427C1D2A7FD71D010A592ECF1F48326939DE9F792EB11A204C593AE53230905EB1CB7054F1A4253FB914E0 |
| SHA512 | CBD59ABE689820173105AD6560C78D953C2D1E74B0AE956FC34228B1D6A6620C853431290630BA1F6994D7B2AB25BF89EF2887323D6BAD63FA8C7616BDC7467C |
| SSDEEP | 24576:JNHNxQISVbSxo8GDsmtmVzmJ/yVd1ZX8mK9n5fGaag/CHkGQts9:TMIgRs9DDS9ffGaxCHq |
| IMP | 5832569D3382CE32D02E5DA0D33C4C13 |
| PESHA1 | A55BA420D49D4793AAE4CE7C144DC4FB49E2BACA |
| PE256 | 12D60B32B5B52906979790730F6E59F2A4B789E97D5B4E0386D40C4BA0E2D4E5 |
Runtime Data
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\ProgramData\USOShared\Logs\User\UsoCoreWorker.48feeed5-8047-4052-a7cf-6a713d99a965.1.etl | File |
| (RW-) C:\Users\user | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\advapi32.dll |
| C:\Windows\System32\bcrypt.dll |
| C:\Windows\system32\Cabinet.dll |
| C:\Windows\System32\cfgmgr32.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\CRYPT32.dll |
| C:\Windows\SYSTEM32\cryptsp.dll |
| C:\Windows\system32\DMCmnUtils.dll |
| C:\Windows\system32\dmiso8601utils.dll |
| C:\Windows\system32\DMOleAutUtils.dll |
| C:\Windows\system32\iri.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\system32\msvcp110_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\OLEAUT32.dll |
| C:\Windows\system32\omadmapi.dll |
| C:\Windows\SYSTEM32\powrprof.dll |
| C:\Windows\system32\profapi.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\shcore.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\system32\UMPDC.dll |
| C:\Windows\system32\UpdatePolicy.dll |
| C:\Windows\system32\usocoreworker.exe |
| C:\Windows\System32\WINTRUST.dll |
| C:\Windows\system32\XmlLite.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: USOCoreWorker.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.610 (WinBuild.160101.0800)
- Product Version: 10.0.19041.610
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/76
- VirusTotal Link: https://www.virustotal.com/gui/file/6f18c71d9c2f065861656b23402febb0cbfffb95a7976cc6bbf5b602353fc2aa/detection
MIT License. Copyright (c) 2020-2021 Strontic.