usocoreworker.exe
- File Path:
C:\Windows\system32\usocoreworker.exe
- Description: USO Core Worker Process
Hashes
| Type |
Hash |
| MD5 |
AF1F0A12CCB79BCFDE612DADA786C0DD |
| SHA1 |
03F26D42009F09A63FFB1B32F890FD59B5D52AC3 |
| SHA256 |
B390CEEC07180C274955DC84249E41C1BBA011C9F114EAA3124A43468ACA02A8 |
| SHA384 |
3E1FA88D955B658DD107598E8883EFDA3F417794AB23864F8ACB7BF3F5D9E019F199720786F08AF97728605DA4ECF5FD |
| SHA512 |
85CDA3882AA4BD5236AA9CB2707C313AEE223D35307B2109A47E873498F400A0FC547A9D9F88B32C5531056674D70383B5AE9DD2F74E60050EC81B934A5880BD |
| SSDEEP |
24576:5kpC9129Cuyl/kFRB/E+PD2gpN2hznQHiOXaW1fClAuFmkGQf:KM1oRGioQZXa0q |
| IMP |
5832569D3382CE32D02E5DA0D33C4C13 |
| PESHA1 |
FE1FDD08B90F4BA058AF8AF4288097E43BE3EB5E |
| PE256 |
B2C7BEA5807128AEB2B53E43017E88508991962006C2E3A6607DD684DD9BEAA9 |
Runtime Data
Open Handles:
| Path |
Type |
| (R-D) C:\ProgramData\USOShared\Logs\User\UsoCoreWorker.d91d7c50-44da-49b4-a1ec-99e9b6b0e8da.1.etl |
File |
| (RW-) C:\Users\user\Documents |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\system32\usocoreworker.exe |
Signature
- Status: Signature verified.
- Serial:
330000026551AE1BBD005CBFBD000000000265
- Thumbprint:
E168609353F30FF2373157B4EB8CD519D07A2BFF
- Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: USOCoreWorker.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.19041.508 (WinBuild.160101.0800)
- Product Version: 10.0.19041.508
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/68
- VirusTotal Link: https://www.virustotal.com/gui/file/b390ceec07180c274955dc84249e41c1bba011c9f114eaa3124a43468aca02a8/detection/
MIT License. Copyright (c) 2020-2021 Strontic.