Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.17031 (winblue_gdr.140221-1952) 2.92%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.83%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.01%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.98%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.01%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.07%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.24%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.01%
6.2.9200.16384 (win8_rtm.120725-1247) 3.79%
6.2.9200.16384 (win8_rtm.120725-1247) 0.17%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.74%
6.1.7600.16385 (win7_rtm.090713-1255) 1.88%
6.1.7600.16385 (win7_rtm.090713-1255) 42.01%
6.1.7600.16385 (win7_rtm.090713-1255) 2.00%
6.1.7600.16385 (win7_rtm.090713-1255) 2.42%
6.1.7600.16385 (win7_rtm.090713-1255) 3.82%
6.1.7600.16385 (win7_rtm.090713-1255) 11.84%
6.1.7600.16385 (win7_rtm.090713-1255) 2.03%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.66%
6.1.7600.16385 (win7_rtm.090713-1255) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
View more

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, RegSetValueExW, RegDeleteKeyExW, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, ConvertStringSidToSidW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateWellKnownSid, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartTraceW, EnableTraceEx, StopTraceW, LsaLookupSids, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, LsaOpenPolicy, LsaFreeMemory, LsaClose, OpenThreadToken, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus, GetUserNameW, RegEnumKeyW, RegOpenCurrentUser, LookupAccountNameW, EqualSid
api-ms-win-core-atoms-l1-1-0.dll
GlobalGetAtomNameW
api-ms-win-core-com-l1-1-0.dll
CoTaskMemFree, CoInitializeEx, CoUninitialize, CreateStreamOnHGlobal, CoGetApartmentType, CoWaitForMultipleHandles, CoFreeUnusedLibraries, CoEnableCallCancellation, CoDisableCallCancellation, CoCancelCall, StringFromGUID2, PropVariantClear, CoMarshalInterThreadInterfaceInStream, CoReleaseMarshalData, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, CoGetInterfaceAndReleaseStream, CoGetMalloc, CoCreateFreeThreadedMarshaler, CoTaskMemAlloc, CLSIDFromString, CoTaskMemRealloc
api-ms-win-core-com-l1-1-1.dll
CoCreateGuid, CoTaskMemRealloc, CoInitializeEx, CLSIDFromString, CoTaskMemFree, CoCreateInstance, CoTaskMemAlloc, CoGetMalloc, PropVariantClear, CoCancelCall, CoRevokeClassObject, StringFromGUID2, CoGetApartmentType, CreateStreamOnHGlobal, CoSetProxyBlanket, CoWaitForMultipleHandles, CoGetInterfaceAndReleaseStream, CoUninitialize, CoReleaseMarshalData, CoMarshalInterThreadInterfaceInStream, CoFreeUnusedLibraries, CoRegisterClassObject, CoDisableCallCancellation, CoEnableCallCancellation, CoCreateFreeThreadedMarshaler, RoGetAgileReference
api-ms-win-core-com-private-l1-1-0.dll
CoRegisterMessageFilter
api-ms-win-core-datetime-l1-1-1.dll
GetDateFormatW, GetDateFormatEx, GetTimeFormatEx
api-ms-win-core-debug-l1-1-1.dll
OutputDebugStringA
api-ms-win-core-delayload-l1-1-1.dll
DelayLoadFailureHook, ResolveDelayLoadedAPI
api-ms-win-core-errorhandling-l1-1-1.dll
SetErrorMode, SetUnhandledExceptionFilter, SetLastError, GetLastError, RaiseException, UnhandledExceptionFilter
api-ms-win-core-file-l1-2-0.dll
GetLongPathNameW, ReadFile, CreateFileW, WriteFile, GetFileSize, FindClose, CompareFileTime, DeleteFileW, FindNextFileW, FindFirstFileW, GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
WriteFile, CreateFileW, FindClose, CreateDirectoryW, FindNextFileW, CompareFileTime, FindFirstFileW, GetFileAttributesW, DeleteFileW, FindFirstFileExW, RemoveDirectoryW, GetLongPathNameW, SetFileTime
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-2-0.dll
HeapFree, HeapDestroy, HeapSetInformation, HeapAlloc, GetProcessHeap
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalFree, GlobalFree, GlobalAlloc, LocalReAlloc, LocalAlloc, GlobalLock, GlobalUnlock
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedPushEntrySList, InterlockedPopEntrySList, InterlockedExchange, InterlockedIncrement, InterlockedCompareExchange, InterlockedDecrement
api-ms-win-core-io-l1-1-1.dll
GetQueuedCompletionStatus, CreateIoCompletionPort
api-ms-win-core-job-l2-1-0.dll
AssignProcessToJobObject, QueryInformationJobObject, CreateJobObjectW, SetInformationJobObject
api-ms-win-core-kernel32-legacy-l1-1-0.dll
CopyFileW, RaiseFailFastException, MulDiv, LoadLibraryW, GetComputerNameW
api-ms-win-core-kernel32-legacy-l1-1-1.dll
RaiseFailFastException, CreateSemaphoreW, PowerCreateRequest, MoveFileW, CopyFileW, MulDiv, LoadLibraryW, PowerSetRequest, RegisterWaitForSingleObject
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, FindResourceExW, LoadResource, LockResource, LoadLibraryExW, GetModuleHandleW, FreeLibrary, GetProcAddress, GetModuleHandleExW, FreeLibraryAndExitThread, GetModuleHandleA, GetModuleFileNameW
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleA, GetProcAddress, LoadStringW, FindResourceExW, LoadLibraryExW, GetModuleHandleExW, FreeLibrary, GetModuleFileNameW, LoadResource, FreeLibraryAndExitThread, SizeofResource, LockResource, GetModuleHandleW
api-ms-win-core-localization-l1-2-0.dll
GetLocaleInfoW, GetThreadUILanguage
api-ms-win-core-localization-l1-2-1.dll
FormatMessageW, GetUserPreferredUILanguages, IsValidLocaleName, GetThreadUILanguage, GetLocaleInfoW
api-ms-win-core-localization-obsolete-l1-1-0.dll
GetUserDefaultUILanguage
api-ms-win-core-localization-obsolete-l1-2-0.dll
GetUserDefaultUILanguage
api-ms-win-core-memory-l1-1-1.dll
MapViewOfFile, VirtualAlloc, UnmapViewOfFile, CreateFileMappingW, VirtualFree
api-ms-win-core-memory-l1-1-2.dll
VirtualFree, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, VirtualAlloc
api-ms-win-core-path-l1-1-0.dll
PathCchCombine, PathCchAppend, PathCchAddExtension
api-ms-win-core-processenvironment-l1-2-0.dll
GetCommandLineW, ExpandEnvironmentStringsW, SearchPathW, GetCurrentDirectoryW
api-ms-win-core-processthreads-l1-1-1.dll
SetProcessShutdownParameters, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, CreateProcessW, GetStartupInfoW, OpenProcessToken, GetThreadPriority, OpenProcess, OpenThreadToken, CreateThread, SetPriorityClass, OpenThread, GetPriorityClass, TerminateProcess, ResumeThread, FlushInstructionCache, IsProcessorFeaturePresent, GetProcessId, GetCurrentProcess, ExitProcess, SetThreadPriority, TerminateThread
api-ms-win-core-processthreads-l1-1-2.dll
TerminateThread, GetExitCodeProcess, SetThreadPriorityBoost, TlsFree, GetPriorityClass, TerminateProcess, OpenProcessToken, QueueUserAPC, ResumeThread, SetPriorityClass, GetCurrentThread, TlsAlloc, FlushInstructionCache, GetCurrentProcess, SetProcessShutdownParameters, CreateThread, GetProcessId, OpenProcess, CreateProcessW, IsProcessorFeaturePresent, TlsSetValue, ExitProcess, GetThreadPriority, OpenThreadToken, GetCurrentThreadId, GetCurrentProcessId, SetThreadPriority, GetStartupInfoW, OpenThread
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter, QueryPerformanceFrequency
api-ms-win-core-psapi-l1-1-0.dll
QueryFullProcessImageNameW
api-ms-win-core-registry-l1-1-0.dll
RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyExW, RegGetValueW, RegEnumValueW, RegOpenCurrentUser, RegSetValueExW
api-ms-win-core-registry-l2-1-0.dll
RegCreateKeyW, RegDeleteKeyW
api-ms-win-core-registryuserspecific-l1-1-0.dll
SHRegGetUSValueW, SHRegGetBoolUSValueW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
PathStripPathW, SHExpandEnvironmentStringsW, PathFindExtensionW, PathParseIconLocationW, PathFileExistsW, PathGetDriveNumberW, PathCommonPrefixW, PathRemoveBlanksW, PathFindFileNameW, PathRemoveExtensionW, PathCombineW, PathIsFileSpecW, PathGetArgsW, PathRemoveFileSpecW, PathQuoteSpacesW, PathStripToRootW, PathIsRootW, PathIsPrefixW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
StrCmpW, StrCmpICA, SHLoadIndirectString, StrCmpIW, StrCmpNIW, StrRStrIW, StrCmpICW, StrChrW, StrToIntW, QISearch, StrCmpNICW, StrChrIW, StrStrIW, StrTrimW, StrCmpNW, StrCmpCW, StrRChrW
api-ms-win-core-sidebyside-l1-1-0.dll
CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, CompareStringOrdinal, WideCharToMultiByte, CompareStringW
api-ms-win-core-string-l2-1-0.dll
IsCharAlphaNumericW, CharPrevW, CharUpperW, CharNextW, CharLowerW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpiW, lstrlenW
api-ms-win-core-synch-l1-2-0.dll
InitOnceExecuteOnce, Sleep, OpenMutexW, ReleaseMutex, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSectionEx, CreateEventExW, WaitForSingleObject, InitializeCriticalSection, CreateMutexW, CreateEventW, WaitForMultipleObjectsEx, OpenSemaphoreW, InitializeSRWLock, ResetEvent, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, ReleaseSemaphore, OpenEventW, SleepEx, SetEvent, WaitForSingleObjectEx
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetTickCount, GetProductInfo, GetVersionExW, GetSystemDirectoryW, GetSystemTimeAsFileTime, GetSystemTime, GetWindowsDirectoryW, GetLocalTime
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount64, GetLocalTime, GetSystemTime, GetProductInfo, GetVersionExW, GetTickCount, GetSystemTimeAsFileTime, GetWindowsDirectoryW, GetSystemDirectoryW, GetOsSafeBootMode
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolTimer, FreeLibraryWhenCallbackReturns, SubmitThreadpoolWork, CallbackMayRunLong, CloseThreadpoolTimer, CreateThreadpoolWork, SetThreadpoolWait, CreateThreadpoolWait, TrySubmitThreadpoolCallback, SetThreadpoolTimer, WaitForThreadpoolTimerCallbacks
api-ms-win-core-threadpool-legacy-l1-1-0.dll
CreateTimerQueueTimer, UnregisterWaitEx, ChangeTimerQueueTimer, DeleteTimerQueueTimer, QueueUserWorkItem
api-ms-win-core-timezone-l1-1-0.dll
GetDynamicTimeZoneInformation, SystemTimeToFileTime, GetTimeZoneInformation
api-ms-win-core-winrt-l1-1-0.dll
RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0.dll
WindowsCreateStringReference, WindowsCreateString, WindowsGetStringRawBuffer, WindowsDeleteString
api-ms-win-eventing-classicprovider-l1-1-0.dll
GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, GetTraceLoggerHandle, TraceMessage
api-ms-win-eventing-controller-l1-1-0.dll
EnableTraceEx2, StartTraceW, StopTraceW
api-ms-win-eventing-provider-l1-1-0.dll
EventWrite, EventRegister, EventUnregister, EventEnabled
api-ms-win-power-base-l1-1-0.dll
CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRoleEx
api-ms-win-security-base-l1-2-0.dll
GetLengthSid, CopySid, CreateWellKnownSid, IsValidSid, CheckTokenMembership, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount
api-ms-win-security-lsalookup-l1-1-1.dll
EnumerateIdentityProviders, ReleaseIdentityProviderEnumContext, GetIdentityProviderInfoByGUID, GetDefaultIdentityProvider
api-ms-win-service-management-l2-1-0.dll
QueryServiceConfigW, NotifyServiceStatusChangeW
d3d11.dll
D3D11CreateDevice
dwmapi.dll
DwmEnableBlurBehindWindow, DwmIsCompositionEnabled, DwmSetWindowAttribute, DwmQueryThumbnailSourceSize, DwmUnregisterThumbnail, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmRegisterThumbnail
gdi32.dll
GetStockObject, SetWindowOrgEx, StretchBlt, GetTextMetricsW, CombineRgn, Polyline, CreatePen, GetTextColor, ExtCreateRegion, GetRegionData, SetLayout, GetLayout, GetTextExtentPoint32W, OffsetRgn, LPtoDP, GetRgnBox, OffsetViewportOrgEx, GdiFlush, ExtTextOutW, SetDIBits, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, SetBkMode, CreateBitmap, PatBlt, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, SetTextColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, GetObjectW, CreateRectRgnIndirect, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, GetDeviceCaps, CreateFontIndirectW, DeleteDC, GdiAlphaBlend, CreatePatternBrush, GetPixel, CreateSolidBrush, SetTextAlign, GetDIBits, Rectangle, StretchDIBits
gdiplus.dll
GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipFree, GdipDeleteGraphics, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetCompositingMode, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage, GdipCreateBitmapFromStream, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipCreateBitmapFromStreamICM
kernel32.dll
DllMain, LoadLibraryExA, DelayLoadFailureHook, CreateFileW, GetFileSize, ReadFile, RaiseException, FlushInstructionCache, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetLocalTime, InterlockedCompareExchange, FindFirstFileW, lstrcmpiW, FindNextFileW, FindClose, GetFileAttributesW, GetSystemTime, SystemTimeToFileTime, ExpandEnvironmentStringsW, InterlockedIncrement, InterlockedDecrement, GetLastError, SetInformationJobObject, CreateJobObjectW, GetPriorityClass, SetPriorityClass, OpenProcess, SearchPathW, GetSystemDefaultUILanguage, UnmapViewOfFile, MapViewOfFile, GetTimeZoneInformation, GetDynamicTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, GetTickCount64, MulDiv, GetLongPathNameW, GetThreadPriority, MultiByteToWideChar, GlobalGetAtomNameW, GetCurrentThread, SetThreadPriority, QueueUserWorkItem, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, DeleteFileW, GetWindowsDirectoryW, GetProcessId, CompareStringW, QueryFullProcessImageNameW, CompareFileTime, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, CloseHandle, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, ResumeThread, AssignProcessToJobObject, CreateThread, CreateProcessW, WaitForSingleObject, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, CreateEventW, lstrlenW, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, HeapDestroy, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetSystemDirectoryW, ExitProcess, RegisterApplicationRestart, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, SetErrorMode, SetProcessDEPPolicy, GetUserDefaultLangID, SetEvent, LeaveCriticalSection, EnterCriticalSection, GetTickCount, OpenEventW, SetTermsrvAppInstallMode, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, CompareStringOrdinal, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, LoadLibraryA, GetSystemWindowsDirectoryW, GetEnvironmentVariableW, GetPrivateProfileIntW, SetFilePointer, GetFileAttributesExW, GetProcessTimes, FormatMessageW, WriteFile, GetDateFormatEx, GetTimeFormatEx, WaitForMultipleObjectsEx, ResolveDelayLoadedAPI, ChangeTimerQueueTimer, DeleteTimerQueueTimer, CreateTimerQueueTimer, GetModuleHandleExW, CreateThreadpoolTimer, FreeLibraryWhenCallbackReturns, SetThreadpoolTimer, CloseThreadpoolTimer, GetSystemInfo, ProcessIdToSessionId, OpenMutexW, SetThreadExecutionState
msvcrt.dll
DllMain
ntdll.dll
WinSqmSetString, NtQueryInformationProcess, NtSetInformationProcess, WinSqmIsOptedIn, NtOpenThreadToken, NtOpenProcessToken, NtClose, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmSetDWORD, EtwEventWrite, EtwEventEnabled, NtQueryInformationToken, RtlGetProductInfo, RtlNtStatusToDosError, RtlUnsubscribeWnfNotificationWaitForCompletion, RtlSubscribeWnfStateChangeNotification, RtlQueryWnfStateData, WinSqmIncrementDWORD, NtQueryWnfStateData
ole32.dll
OleInitialize, StringFromGUID2, CoRegisterMessageFilter, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoRevokeClassObject, CoCreateFreeThreadedMarshaler, CreateBindCtx, PropVariantClear, ReleaseStgMedium, CoInitializeEx, CreateStreamOnHGlobal, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoUninitialize, CoInitialize, CoGetMalloc, CoTaskMemAlloc, CLSIDFromString, CoFreeUnusedLibraries, CoGetClassObject, CoGetObject, DoDragDrop, CoTaskMemRealloc, CoReleaseMarshalData, CoGetApartmentType, CoWaitForMultipleHandles
powrprof.dll
CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRole
propsys.dll
PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToUInt64, PropVariantToBoolean, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, VariantToInt32WithDefault, PSCreateMemoryPropertyStore, PropVariantToInt64, PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyDescription, PSPropertyBag_WriteDWORD, InitVariantFromResource, PropVariantToGUID
rpcrt4.dll
RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, I_RpcExceptionFilter, NdrClientCall2
secur32.dll
GetUserNameExW
shcore.dll
IsOS, SHStrDupW, IUnknown_Set, IUnknown_QueryService, SHUnicodeToAnsi, SetProcessReference, SHCreateThreadRef, SHSetThreadRef, IUnknown_SetSite, SHRegGetValueW, SHGetValueW, SHSetValueW, SHDeleteValueW, SHCreateThread, SetCurrentProcessExplicitAppUserModelID, SHQueryValueExW, SHOpenRegStream2W, IStream_Reset, IStream_Read, SHCreateMemStream, SHAnsiToUnicode, IStream_Write, SHDeleteKeyW, GetDpiForMonitor, SHEnumKeyExW, SHGetThreadRef, SHQueryInfoKeyW, SHCreateStreamOnFileW, SHStrDupA
shell32.dll
DllMain, SHGetPropertyStoreForWindow, SHGetStockIconInfo, Shell_GetCachedImageIndexW, SHGetLocalizedName, SHCreateDataObject, SHCreateShellItemArrayFromShellItem, SHGetKnownFolderPath, SHCreateShellItemArrayFromIDLists, SHBindToFolderIDListParentEx, SHGetFileInfoW, SHCreateItemWithParent, SHGetFolderLocation, SHParseDisplayName, SHGetSpecialFolderPathW, ShellExecuteExW, SHGetKnownFolderIDList, SHBindToObject, SHGetNameFromIDList, SHCreateShellItem, SHGetPathFromIDListW, ShellExecuteW, SHEnableServiceObject, SHGetIDListFromObject, SHChangeNotifyRegisterThread, SHUpdateRecycleBinIcon, SHCreateItemFromIDList, SHFileOperationW, SHGetFolderPathEx, SHGetPathFromIDListA, SHGetFolderPathW, SHBindToParent, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, SHChangeNotify, SHCreateItemFromParsingName, DragQueryFileW, SHGetSpecialFolderLocation, SHBindToFolderIDListParent, SHGetDesktopFolder, DuplicateIcon, SHGetFolderPathAndSubDirW, SHOpenWithDialog, SHCreateAssociationRegistration, SHCreateItemInKnownFolder, SHAppBarMessage, SHGetKnownFolderItem, SHGetItemFromObject, SetCurrentProcessExplicitAppUserModelID, SHCreateShellItemArray
shlwapi.dll
DllMain, SHStrDupA, StrCmpW, PathCommonPrefixW, PathRemoveExtensionW, PathIsFileSpecW, StrRetToStrW, AssocCreate, StrRetToBufW, PathStripToRootW, AssocQueryStringW, PathQuoteSpacesW, SHDeleteKeyW, SHRegGetUSValueW, SHOpenRegStream2W, PathRemoveFileSpecW, SHRegGetBoolUSValueW, PathGetDriveNumberW, PathFileExistsW, PathIsDirectoryW, PathFindExtensionW, StrChrIW, PathAppendW, SHDeleteValueW, SHSetValueW, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathGetArgsW, PathFindFileNameW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, PathCombineW, SHRegGetValueW, StrToIntW, StrChrW, SHStrDupW, PathIsNetworkPathW, StrTrimW, StrCmpNW, SHQueryInfoKeyW, SHCreateStreamOnFileW, PathIsPrefixW, StrCmpIW, PathParseIconLocationW, PathIsRootW, AssocQueryKeyW, PathStripPathW, ChrCmpIW, StrStrIW, StrDupW, SHRegOpenUSKeyW, SHRegQueryUSValueW, PathMatchSpecW, SHQueryValueExW, StrPBrkW
slc.dll
SLGetWindowsInformationDWORD, SLUnregisterWindowsEvent, SLRegisterWindowsEvent
sspicli.dll
GetUserNameExW
user32.dll
DllMain
userenv.dll
GetProfileType
uxtheme.dll
BeginBufferedPaint, IsCompositionActive, IsAppThemed, GetThemeMetric, CloseThemeData, OpenThemeData, SetWindowTheme, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, DrawThemeParentBackground, GetWindowTheme, GetThemePartSize, GetThemeBackgroundContentRect, EndBufferedPaint, GetThemeMargins, DrawThemeTextEx, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, GetThemeColor, GetThemeBool, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, GetThemeBackgroundExtent, GetThemeFont, GetThemeInt, GetCurrentThemeName
wtsapi32.dll
WTSFreeMemory, WTSQuerySessionInformationW

explorer.exe

Windows Explorer by Microsoft Corporation (Signed)

Remove explorer.exe
Version:   6.00.2900.3244 (xpsp.071030-1535)
MD5:   54b20714bcf2c49a4c3a182ee24e7736
SHA1:   6f950fc349c33e98ff1d622a03263f655e7382fb
SHA256:   821986a9fd5e38668174dcaa4f07361e7f81b7814b1f72b13d08d9388d65ae2f
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is explorer.exe?

Windows Explorer also known as File Explorer, is a file manager application and also a navigation tool that is included with releases of the Microsoft Windows operating system. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Located in the C:\Windows directory, it is sometimes referred to as the Windows shell, explorer.exe.

Overview

explorer.exe executes as a process with the local user's privileges. It configures an autoplay handler withing explorer.exe named MSOpenFolder that will launch the program automatically. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program. Note, some antivirus scanners have flagged this file, however it is not necessarily considered malware (see below for details).

DetailsDetails

File name:explorer.exe
Publisher:Microsoft Corporation
Product name:Windows Explorer
Description:Microsoft® Windows® Operating System
Typical file path:C:\windows\explorer.exe
Original name:EXPLORER.EXE.MUI
File version:6.00.2900.3244 (xpsp.071030-1535)
Product version:6.00.2900.3244
Size:1009.5 KB (1,033,728 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Tuesday, July 9, 2013
Digital DNA
Entropy:5.934229
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • SHCmdFile
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
  • Handler name 'MSOpenFolderBackup'
  • Handler name 'MSOpenFolder'
Scheduled tasks
  • The task '{AD36F1D3-E56E-44BA-A569-280718EB8C51}' runs on registration in the path '\{AD36F1D3-E56E-44BA-A569-280718EB8C51}'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00160144%
0.028634%
Kernel CPU:0.00106953%
0.013761%
User CPU:0.00053191%
0.014873%
Kernel CPU time:40,234 ms/min
100,923,805ms/min
Context switches:13/sec
284/sec
Memory
Private memory:20.55 MB
21.59 MB
Private (maximum):28.01 MB
Private (minimum):3.77 MB
Non-paged memory:20.55 MB
21.59 MB
Virtual memory:86.78 MB
140.96 MB
Virtual memory (peak):191.62 MB
169.69 MB
Working set:10.28 MB
18.61 MB
Working set (peak):28.46 MB
37.95 MB
Page faults:70,473/min
2,039/min
I/O
I/O read transfer:2.23 MB/sec
1.02 MB/min
I/O read operations:46/sec
343/min
I/O write transfer:2.19 MB/sec
274.99 KB/min
I/O write operations:35/sec
227/min
I/O other transfer:74.61 KB/sec
448.09 KB/min
I/O other operations:1,083/sec
1,671/min
Resource allocations
Threads:11
12
Handles:496
600
GUI GDI count:270
103
GUI USER count:105
49

BehaviorsProcess properties

Tray notification:Yes
Integrety level:Undefined
Platform:32-bit
Command line:C:\windows\explorer.exe
Owner:User

ResourcesThreads

Averages
 
stobject.dll (Systray shell service object by Microsoft)
Total CPU:0.01525767%
0.272967%
Kernel CPU:0.01186707%
0.107585%
User CPU:0.00339059%
0.165382%
Context switches:8/sec
79/sec
Memory:132 KB
1.16 MB
SHLWAPI.dll
Total CPU:0.00949921%
Kernel CPU:0.00642200%
User CPU:0.00307721%
Context switches:2/sec
Memory:472 KB
Explorer.EXE (main module)
Total CPU:0.00553002%
Kernel CPU:0.00383533%
User CPU:0.00169468%
Memory:1020 KB
ntdll.dll
Total CPU:0.00370967%
Kernel CPU:0.00329749%
User CPU:0.00041219%
Memory:700 KB
WINMM.dll
Total CPU:0.00026867%
Kernel CPU:0.00026867%
User CPU:0.00000000%
Memory:180 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 36.00%
Windows 8.1 Pro 14.00%
Windows 7 Ultimate 12.00%
Windows 8.1 10.50%
Windows 7 Professional 6.50%
Windows 8 6.50%
Windows 8.1 Single Language 6.00%
Windows 8.1 N 4.00%
Windows 8 Single Language 2.50%
Windows 8.1 Pro with Media Center 2.00%

Distribution by countryDistribution by country

United States installs about 51.50% of Windows Explorer.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 23.75%
ASUS 23.33%
Dell 14.17%
Toshiba 13.33%
Acer 12.08%
Lenovo 6.67%
Alienware 3.33%
Samsung 3.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE