home

datacollectionlauncher.exe

PowerChute Personal Edition

American Power Conversion

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Display’.
Publisher:
Schneider Electric  (signed by American Power Conversion)

Product:
PowerChute Personal Edition

Description:
Startup Notification Module

Version:
3.0.1.0

MD5:
23059dcf09340147b443282d7b1c85c2

SHA-1:
43cacab366d2de21d1d10399e941674ba7984d98

SHA-256:
98fcb9dc495f73a49b554b83894ea304bc18bd55d2e8146b380e0486ede95828

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 4:49:54 PM UTC  (today)

File size:
277.4 KB (284,024 bytes)

Product version:
3.0.1.0

Copyright:
Copyright © 2002-2011 Schneider Electric

Original file name:
PowerChute

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\apc\powerchute personal edition\datacollectionlauncher.exe

Digital Signature
Signed by:
American Power Conversion

Authority:
VeriSign, Inc.

Valid from:
4/20/2010 8:00:00 PM

Valid to:
5/4/2012 7:59:59 PM

Subject:
CN=American Power Conversion, OU=132 Fairgrounds Rd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=American Power Conversion, L=West Kingston, S=Rhode Island, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0DAAB5D95410B6338FE16346FEAC7AD5

File PE Metadata
Compilation timestamp:
7/1/2011 10:00:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:MYpD6Nxh4/0MxNdMDiuCBfb+XiGfnxUn7sROh7mDS9p49d3t1as:3pDYabDdx+yGSwROm9dSs

Entry address:
0x1B027

Entry point:
E9, 3C, 76, 00, 00, E9, 12, CB, 00, 00, E9, 15, D6, 00, 00, E9, 52, 30, 02, 00, E9, 20, 47, 00, 00, E9, 83, 27, 03, 00, E9, A7, B1, 01, 00, E9, 41, 57, 00, 00, E9, BD, D5, 00, 00, E9, AC, 29, 02, 00, E9, 8E, 27, 03, 00, E9, F2, 19, 03, 00, E9, 13, A3, 01, 00, E9, EE, 95, 01, 00, E9, 16, 5B, 00, 00, E9, D1, 5B, 00, 00, E9, 64, 46, 00, 00, E9, 05, 27, 03, 00, E9, FA, 31, 02, 00, E9, 55, 36, 00, 00, E9, 40, 96, 02, 00, E9, 68, 31, 02, 00, E9, 9E, 26, 03, 00, E9, 34, B4, 01, 00, E9, 9E, F1, 00, 00, E9, E0, 95...
 
[+]

Entropy:
5.6790

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
220 KB (225,280 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Display

Command:
C:\Program Files\apc\powerchute personal edition\datacollectionlauncher.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.