Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.17031 (winblue_gdr.140221-1952) 2.92%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.83%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.01%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.98%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.01%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.07%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.24%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.01%
6.2.9200.16384 (win8_rtm.120725-1247) 3.79%
6.2.9200.16384 (win8_rtm.120725-1247) 0.17%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.74%
6.1.7600.16385 (win7_rtm.090713-1255) 1.88%
6.1.7600.16385 (win7_rtm.090713-1255) 42.01%
6.1.7600.16385 (win7_rtm.090713-1255) 2.00%
6.1.7600.16385 (win7_rtm.090713-1255) 2.42%
6.1.7600.16385 (win7_rtm.090713-1255) 3.82%
6.1.7600.16385 (win7_rtm.090713-1255) 11.84%
6.1.7600.16385 (win7_rtm.090713-1255) 2.03%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.66%
6.1.7600.16385 (win7_rtm.090713-1255) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
View more

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, RegSetValueExW, RegDeleteKeyExW, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, ConvertStringSidToSidW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateWellKnownSid, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartTraceW, EnableTraceEx, StopTraceW, LsaLookupSids, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, LsaOpenPolicy, LsaFreeMemory, LsaClose, OpenThreadToken, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus, GetUserNameW, RegEnumKeyW, RegOpenCurrentUser, LookupAccountNameW, EqualSid
api-ms-win-core-atoms-l1-1-0.dll
GlobalGetAtomNameW
api-ms-win-core-com-l1-1-0.dll
CoTaskMemFree, CoInitializeEx, CoUninitialize, CreateStreamOnHGlobal, CoGetApartmentType, CoWaitForMultipleHandles, CoFreeUnusedLibraries, CoEnableCallCancellation, CoDisableCallCancellation, CoCancelCall, StringFromGUID2, PropVariantClear, CoMarshalInterThreadInterfaceInStream, CoReleaseMarshalData, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, CoGetInterfaceAndReleaseStream, CoGetMalloc, CoCreateFreeThreadedMarshaler, CoTaskMemAlloc, CLSIDFromString, CoTaskMemRealloc
api-ms-win-core-com-l1-1-1.dll
CoCreateGuid, CoTaskMemRealloc, CoInitializeEx, CLSIDFromString, CoTaskMemFree, CoCreateInstance, CoTaskMemAlloc, CoGetMalloc, PropVariantClear, CoCancelCall, CoRevokeClassObject, StringFromGUID2, CoGetApartmentType, CreateStreamOnHGlobal, CoSetProxyBlanket, CoWaitForMultipleHandles, CoGetInterfaceAndReleaseStream, CoUninitialize, CoReleaseMarshalData, CoMarshalInterThreadInterfaceInStream, CoFreeUnusedLibraries, CoRegisterClassObject, CoDisableCallCancellation, CoEnableCallCancellation, CoCreateFreeThreadedMarshaler, RoGetAgileReference
api-ms-win-core-com-private-l1-1-0.dll
CoRegisterMessageFilter
api-ms-win-core-datetime-l1-1-1.dll
GetDateFormatW, GetDateFormatEx, GetTimeFormatEx
api-ms-win-core-debug-l1-1-1.dll
OutputDebugStringA
api-ms-win-core-delayload-l1-1-1.dll
DelayLoadFailureHook, ResolveDelayLoadedAPI
api-ms-win-core-errorhandling-l1-1-1.dll
SetErrorMode, SetUnhandledExceptionFilter, SetLastError, GetLastError, RaiseException, UnhandledExceptionFilter
api-ms-win-core-file-l1-2-0.dll
GetLongPathNameW, ReadFile, CreateFileW, WriteFile, GetFileSize, FindClose, CompareFileTime, DeleteFileW, FindNextFileW, FindFirstFileW, GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
WriteFile, CreateFileW, FindClose, CreateDirectoryW, FindNextFileW, CompareFileTime, FindFirstFileW, GetFileAttributesW, DeleteFileW, FindFirstFileExW, RemoveDirectoryW, GetLongPathNameW, SetFileTime
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-2-0.dll
HeapFree, HeapDestroy, HeapSetInformation, HeapAlloc, GetProcessHeap
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalFree, GlobalFree, GlobalAlloc, LocalReAlloc, LocalAlloc, GlobalLock, GlobalUnlock
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedPushEntrySList, InterlockedPopEntrySList, InterlockedExchange, InterlockedIncrement, InterlockedCompareExchange, InterlockedDecrement
api-ms-win-core-io-l1-1-1.dll
GetQueuedCompletionStatus, CreateIoCompletionPort
api-ms-win-core-job-l2-1-0.dll
AssignProcessToJobObject, QueryInformationJobObject, CreateJobObjectW, SetInformationJobObject
api-ms-win-core-kernel32-legacy-l1-1-0.dll
CopyFileW, RaiseFailFastException, MulDiv, LoadLibraryW, GetComputerNameW
api-ms-win-core-kernel32-legacy-l1-1-1.dll
RaiseFailFastException, CreateSemaphoreW, PowerCreateRequest, MoveFileW, CopyFileW, MulDiv, LoadLibraryW, PowerSetRequest, RegisterWaitForSingleObject
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, FindResourceExW, LoadResource, LockResource, LoadLibraryExW, GetModuleHandleW, FreeLibrary, GetProcAddress, GetModuleHandleExW, FreeLibraryAndExitThread, GetModuleHandleA, GetModuleFileNameW
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleA, GetProcAddress, LoadStringW, FindResourceExW, LoadLibraryExW, GetModuleHandleExW, FreeLibrary, GetModuleFileNameW, LoadResource, FreeLibraryAndExitThread, SizeofResource, LockResource, GetModuleHandleW
api-ms-win-core-localization-l1-2-0.dll
GetLocaleInfoW, GetThreadUILanguage
api-ms-win-core-localization-l1-2-1.dll
FormatMessageW, GetUserPreferredUILanguages, IsValidLocaleName, GetThreadUILanguage, GetLocaleInfoW
api-ms-win-core-localization-obsolete-l1-1-0.dll
GetUserDefaultUILanguage
api-ms-win-core-localization-obsolete-l1-2-0.dll
GetUserDefaultUILanguage
api-ms-win-core-memory-l1-1-1.dll
MapViewOfFile, VirtualAlloc, UnmapViewOfFile, CreateFileMappingW, VirtualFree
api-ms-win-core-memory-l1-1-2.dll
VirtualFree, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, VirtualAlloc
api-ms-win-core-path-l1-1-0.dll
PathCchCombine, PathCchAppend, PathCchAddExtension
api-ms-win-core-processenvironment-l1-2-0.dll
GetCommandLineW, ExpandEnvironmentStringsW, SearchPathW, GetCurrentDirectoryW
api-ms-win-core-processthreads-l1-1-1.dll
SetProcessShutdownParameters, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, CreateProcessW, GetStartupInfoW, OpenProcessToken, GetThreadPriority, OpenProcess, OpenThreadToken, CreateThread, SetPriorityClass, OpenThread, GetPriorityClass, TerminateProcess, ResumeThread, FlushInstructionCache, IsProcessorFeaturePresent, GetProcessId, GetCurrentProcess, ExitProcess, SetThreadPriority, TerminateThread
api-ms-win-core-processthreads-l1-1-2.dll
TerminateThread, GetExitCodeProcess, SetThreadPriorityBoost, TlsFree, GetPriorityClass, TerminateProcess, OpenProcessToken, QueueUserAPC, ResumeThread, SetPriorityClass, GetCurrentThread, TlsAlloc, FlushInstructionCache, GetCurrentProcess, SetProcessShutdownParameters, CreateThread, GetProcessId, OpenProcess, CreateProcessW, IsProcessorFeaturePresent, TlsSetValue, ExitProcess, GetThreadPriority, OpenThreadToken, GetCurrentThreadId, GetCurrentProcessId, SetThreadPriority, GetStartupInfoW, OpenThread
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter, QueryPerformanceFrequency
api-ms-win-core-psapi-l1-1-0.dll
QueryFullProcessImageNameW
api-ms-win-core-registry-l1-1-0.dll
RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyExW, RegGetValueW, RegEnumValueW, RegOpenCurrentUser, RegSetValueExW
api-ms-win-core-registry-l2-1-0.dll
RegCreateKeyW, RegDeleteKeyW
api-ms-win-core-registryuserspecific-l1-1-0.dll
SHRegGetUSValueW, SHRegGetBoolUSValueW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
PathStripPathW, SHExpandEnvironmentStringsW, PathFindExtensionW, PathParseIconLocationW, PathFileExistsW, PathGetDriveNumberW, PathCommonPrefixW, PathRemoveBlanksW, PathFindFileNameW, PathRemoveExtensionW, PathCombineW, PathIsFileSpecW, PathGetArgsW, PathRemoveFileSpecW, PathQuoteSpacesW, PathStripToRootW, PathIsRootW, PathIsPrefixW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
StrCmpW, StrCmpICA, SHLoadIndirectString, StrCmpIW, StrCmpNIW, StrRStrIW, StrCmpICW, StrChrW, StrToIntW, QISearch, StrCmpNICW, StrChrIW, StrStrIW, StrTrimW, StrCmpNW, StrCmpCW, StrRChrW
api-ms-win-core-sidebyside-l1-1-0.dll
CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, CompareStringOrdinal, WideCharToMultiByte, CompareStringW
api-ms-win-core-string-l2-1-0.dll
IsCharAlphaNumericW, CharPrevW, CharUpperW, CharNextW, CharLowerW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpiW, lstrlenW
api-ms-win-core-synch-l1-2-0.dll
InitOnceExecuteOnce, Sleep, OpenMutexW, ReleaseMutex, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSectionEx, CreateEventExW, WaitForSingleObject, InitializeCriticalSection, CreateMutexW, CreateEventW, WaitForMultipleObjectsEx, OpenSemaphoreW, InitializeSRWLock, ResetEvent, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, ReleaseSemaphore, OpenEventW, SleepEx, SetEvent, WaitForSingleObjectEx
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetTickCount, GetProductInfo, GetVersionExW, GetSystemDirectoryW, GetSystemTimeAsFileTime, GetSystemTime, GetWindowsDirectoryW, GetLocalTime
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount64, GetLocalTime, GetSystemTime, GetProductInfo, GetVersionExW, GetTickCount, GetSystemTimeAsFileTime, GetWindowsDirectoryW, GetSystemDirectoryW, GetOsSafeBootMode
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolTimer, FreeLibraryWhenCallbackReturns, SubmitThreadpoolWork, CallbackMayRunLong, CloseThreadpoolTimer, CreateThreadpoolWork, SetThreadpoolWait, CreateThreadpoolWait, TrySubmitThreadpoolCallback, SetThreadpoolTimer, WaitForThreadpoolTimerCallbacks
api-ms-win-core-threadpool-legacy-l1-1-0.dll
CreateTimerQueueTimer, UnregisterWaitEx, ChangeTimerQueueTimer, DeleteTimerQueueTimer, QueueUserWorkItem
api-ms-win-core-timezone-l1-1-0.dll
GetDynamicTimeZoneInformation, SystemTimeToFileTime, GetTimeZoneInformation
api-ms-win-core-winrt-l1-1-0.dll
RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0.dll
WindowsCreateStringReference, WindowsCreateString, WindowsGetStringRawBuffer, WindowsDeleteString
api-ms-win-eventing-classicprovider-l1-1-0.dll
GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, GetTraceLoggerHandle, TraceMessage
api-ms-win-eventing-controller-l1-1-0.dll
EnableTraceEx2, StartTraceW, StopTraceW
api-ms-win-eventing-provider-l1-1-0.dll
EventWrite, EventRegister, EventUnregister, EventEnabled
api-ms-win-power-base-l1-1-0.dll
CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRoleEx
api-ms-win-security-base-l1-2-0.dll
GetLengthSid, CopySid, CreateWellKnownSid, IsValidSid, CheckTokenMembership, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount
api-ms-win-security-lsalookup-l1-1-1.dll
EnumerateIdentityProviders, ReleaseIdentityProviderEnumContext, GetIdentityProviderInfoByGUID, GetDefaultIdentityProvider
api-ms-win-service-management-l2-1-0.dll
QueryServiceConfigW, NotifyServiceStatusChangeW
d3d11.dll
D3D11CreateDevice
dwmapi.dll
DwmEnableBlurBehindWindow, DwmIsCompositionEnabled, DwmSetWindowAttribute, DwmQueryThumbnailSourceSize, DwmUnregisterThumbnail, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmRegisterThumbnail
gdi32.dll
GetStockObject, SetWindowOrgEx, StretchBlt, GetTextMetricsW, CombineRgn, Polyline, CreatePen, GetTextColor, ExtCreateRegion, GetRegionData, SetLayout, GetLayout, GetTextExtentPoint32W, OffsetRgn, LPtoDP, GetRgnBox, OffsetViewportOrgEx, GdiFlush, ExtTextOutW, SetDIBits, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, SetBkMode, CreateBitmap, PatBlt, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, SetTextColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, GetObjectW, CreateRectRgnIndirect, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, GetDeviceCaps, CreateFontIndirectW, DeleteDC, GdiAlphaBlend, CreatePatternBrush, GetPixel, CreateSolidBrush, SetTextAlign, GetDIBits, Rectangle, StretchDIBits
gdiplus.dll
GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipFree, GdipDeleteGraphics, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetCompositingMode, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage, GdipCreateBitmapFromStream, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipCreateBitmapFromStreamICM
kernel32.dll
DllMain, LoadLibraryExA, DelayLoadFailureHook, CreateFileW, GetFileSize, ReadFile, RaiseException, FlushInstructionCache, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetLocalTime, InterlockedCompareExchange, FindFirstFileW, lstrcmpiW, FindNextFileW, FindClose, GetFileAttributesW, GetSystemTime, SystemTimeToFileTime, ExpandEnvironmentStringsW, InterlockedIncrement, InterlockedDecrement, GetLastError, SetInformationJobObject, CreateJobObjectW, GetPriorityClass, SetPriorityClass, OpenProcess, SearchPathW, GetSystemDefaultUILanguage, UnmapViewOfFile, MapViewOfFile, GetTimeZoneInformation, GetDynamicTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, GetTickCount64, MulDiv, GetLongPathNameW, GetThreadPriority, MultiByteToWideChar, GlobalGetAtomNameW, GetCurrentThread, SetThreadPriority, QueueUserWorkItem, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, DeleteFileW, GetWindowsDirectoryW, GetProcessId, CompareStringW, QueryFullProcessImageNameW, CompareFileTime, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, CloseHandle, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, ResumeThread, AssignProcessToJobObject, CreateThread, CreateProcessW, WaitForSingleObject, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, CreateEventW, lstrlenW, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, HeapDestroy, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetSystemDirectoryW, ExitProcess, RegisterApplicationRestart, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, SetErrorMode, SetProcessDEPPolicy, GetUserDefaultLangID, SetEvent, LeaveCriticalSection, EnterCriticalSection, GetTickCount, OpenEventW, SetTermsrvAppInstallMode, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, CompareStringOrdinal, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, LoadLibraryA, GetSystemWindowsDirectoryW, GetEnvironmentVariableW, GetPrivateProfileIntW, SetFilePointer, GetFileAttributesExW, GetProcessTimes, FormatMessageW, WriteFile, GetDateFormatEx, GetTimeFormatEx, WaitForMultipleObjectsEx, ResolveDelayLoadedAPI, ChangeTimerQueueTimer, DeleteTimerQueueTimer, CreateTimerQueueTimer, GetModuleHandleExW, CreateThreadpoolTimer, FreeLibraryWhenCallbackReturns, SetThreadpoolTimer, CloseThreadpoolTimer, GetSystemInfo, ProcessIdToSessionId, OpenMutexW, SetThreadExecutionState
msvcrt.dll
DllMain
ntdll.dll
WinSqmSetString, NtQueryInformationProcess, NtSetInformationProcess, WinSqmIsOptedIn, NtOpenThreadToken, NtOpenProcessToken, NtClose, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmSetDWORD, EtwEventWrite, EtwEventEnabled, NtQueryInformationToken, RtlGetProductInfo, RtlNtStatusToDosError, RtlUnsubscribeWnfNotificationWaitForCompletion, RtlSubscribeWnfStateChangeNotification, RtlQueryWnfStateData, WinSqmIncrementDWORD, NtQueryWnfStateData
ole32.dll
OleInitialize, StringFromGUID2, CoRegisterMessageFilter, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoRevokeClassObject, CoCreateFreeThreadedMarshaler, CreateBindCtx, PropVariantClear, ReleaseStgMedium, CoInitializeEx, CreateStreamOnHGlobal, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoUninitialize, CoInitialize, CoGetMalloc, CoTaskMemAlloc, CLSIDFromString, CoFreeUnusedLibraries, CoGetClassObject, CoGetObject, DoDragDrop, CoTaskMemRealloc, CoReleaseMarshalData, CoGetApartmentType, CoWaitForMultipleHandles
powrprof.dll
CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRole
propsys.dll
PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToUInt64, PropVariantToBoolean, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, VariantToInt32WithDefault, PSCreateMemoryPropertyStore, PropVariantToInt64, PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyDescription, PSPropertyBag_WriteDWORD, InitVariantFromResource, PropVariantToGUID
rpcrt4.dll
RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, I_RpcExceptionFilter, NdrClientCall2
secur32.dll
GetUserNameExW
shcore.dll
IsOS, SHStrDupW, IUnknown_Set, IUnknown_QueryService, SHUnicodeToAnsi, SetProcessReference, SHCreateThreadRef, SHSetThreadRef, IUnknown_SetSite, SHRegGetValueW, SHGetValueW, SHSetValueW, SHDeleteValueW, SHCreateThread, SetCurrentProcessExplicitAppUserModelID, SHQueryValueExW, SHOpenRegStream2W, IStream_Reset, IStream_Read, SHCreateMemStream, SHAnsiToUnicode, IStream_Write, SHDeleteKeyW, GetDpiForMonitor, SHEnumKeyExW, SHGetThreadRef, SHQueryInfoKeyW, SHCreateStreamOnFileW, SHStrDupA
shell32.dll
DllMain, SHGetPropertyStoreForWindow, SHGetStockIconInfo, Shell_GetCachedImageIndexW, SHGetLocalizedName, SHCreateDataObject, SHCreateShellItemArrayFromShellItem, SHGetKnownFolderPath, SHCreateShellItemArrayFromIDLists, SHBindToFolderIDListParentEx, SHGetFileInfoW, SHCreateItemWithParent, SHGetFolderLocation, SHParseDisplayName, SHGetSpecialFolderPathW, ShellExecuteExW, SHGetKnownFolderIDList, SHBindToObject, SHGetNameFromIDList, SHCreateShellItem, SHGetPathFromIDListW, ShellExecuteW, SHEnableServiceObject, SHGetIDListFromObject, SHChangeNotifyRegisterThread, SHUpdateRecycleBinIcon, SHCreateItemFromIDList, SHFileOperationW, SHGetFolderPathEx, SHGetPathFromIDListA, SHGetFolderPathW, SHBindToParent, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, SHChangeNotify, SHCreateItemFromParsingName, DragQueryFileW, SHGetSpecialFolderLocation, SHBindToFolderIDListParent, SHGetDesktopFolder, DuplicateIcon, SHGetFolderPathAndSubDirW, SHOpenWithDialog, SHCreateAssociationRegistration, SHCreateItemInKnownFolder, SHAppBarMessage, SHGetKnownFolderItem, SHGetItemFromObject, SetCurrentProcessExplicitAppUserModelID, SHCreateShellItemArray
shlwapi.dll
DllMain, SHStrDupA, StrCmpW, PathCommonPrefixW, PathRemoveExtensionW, PathIsFileSpecW, StrRetToStrW, AssocCreate, StrRetToBufW, PathStripToRootW, AssocQueryStringW, PathQuoteSpacesW, SHDeleteKeyW, SHRegGetUSValueW, SHOpenRegStream2W, PathRemoveFileSpecW, SHRegGetBoolUSValueW, PathGetDriveNumberW, PathFileExistsW, PathIsDirectoryW, PathFindExtensionW, StrChrIW, PathAppendW, SHDeleteValueW, SHSetValueW, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathGetArgsW, PathFindFileNameW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, PathCombineW, SHRegGetValueW, StrToIntW, StrChrW, SHStrDupW, PathIsNetworkPathW, StrTrimW, StrCmpNW, SHQueryInfoKeyW, SHCreateStreamOnFileW, PathIsPrefixW, StrCmpIW, PathParseIconLocationW, PathIsRootW, AssocQueryKeyW, PathStripPathW, ChrCmpIW, StrStrIW, StrDupW, SHRegOpenUSKeyW, SHRegQueryUSValueW, PathMatchSpecW, SHQueryValueExW, StrPBrkW
slc.dll
SLGetWindowsInformationDWORD, SLUnregisterWindowsEvent, SLRegisterWindowsEvent
sspicli.dll
GetUserNameExW
user32.dll
DllMain
userenv.dll
GetProfileType
uxtheme.dll
BeginBufferedPaint, IsCompositionActive, IsAppThemed, GetThemeMetric, CloseThemeData, OpenThemeData, SetWindowTheme, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, DrawThemeParentBackground, GetWindowTheme, GetThemePartSize, GetThemeBackgroundContentRect, EndBufferedPaint, GetThemeMargins, DrawThemeTextEx, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, GetThemeColor, GetThemeBool, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, GetThemeBackgroundExtent, GetThemeFont, GetThemeInt, GetCurrentThemeName
wtsapi32.dll
WTSFreeMemory, WTSQuerySessionInformationW

explorer.exe

Windows Explorer by Microsoft Corporation (Signed)

Remove explorer.exe
Version:   6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)
MD5:   7712df0cdde3a5ac89843e61cd5b3658
SHA1:   c090d1d96b28571cd715d7b371b0217b44494a71
SHA256:   83da674402a154078a3f9220abcbca614777d07ce62f15e209a3de21f8e66772
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is explorer.exe?

Windows Explorer also known as File Explorer, is a file manager application and also a navigation tool that is included with releases of the Microsoft Windows operating system. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Located in the C:\Windows directory, it is sometimes referred to as the Windows shell, explorer.exe.

Overview

explorer.exe executes as a process with the local user's privileges. It configures an autoplay handler withing explorer.exe named MSOpenFolder that will launch the program automatically. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.

DetailsDetails

File name:explorer.exe
Publisher:Microsoft Corporation
Product name:Windows Explorer
Description:Microsoft® Windows® Operating System
Typical file path:C:\windows\explorer.exe
Original name:EXPLORER.EXE.MUI
File version:6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)
Product version:6.00.2900.3156
Size:1009 KB (1,033,216 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Tuesday, July 9, 2013
Digital DNA
Entropy:5.934229
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • SHCmdFile
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
  • Handler name 'MSOpenFolderBackup'
  • Handler name 'MSOpenFolder'
Scheduled tasks
  • The task '{AD36F1D3-E56E-44BA-A569-280718EB8C51}' runs on registration in the path '\{AD36F1D3-E56E-44BA-A569-280718EB8C51}'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.01129328%
0.028634%
Kernel CPU:0.00337386%
0.013761%
User CPU:0.00791942%
0.014873%
Kernel CPU time:13,406 ms/min
100,923,805ms/min
Context switches:14/sec
284/sec
Memory
Private memory:20.17 MB
21.59 MB
Private (maximum):32.78 MB
Private (minimum):25.86 MB
Non-paged memory:20.17 MB
21.59 MB
Virtual memory:114.41 MB
140.96 MB
Virtual memory (peak):157.61 MB
169.69 MB
Working set:29.08 MB
18.61 MB
Working set (peak):32.87 MB
37.95 MB
Resource allocations
Threads:16
12
Handles:523
600
GUI GDI count:235
103
GUI USER count:129
49

BehaviorsProcess properties

Tray notification:Yes
Integrety level:Undefined
Platform:32-bit
Command line:C:\windows\explorer.exe
Owner:User

ResourcesThreads

Averages
 
ntdll.dll
Total CPU:0.03297361%
0.272967%
Kernel CPU:0.02946854%
0.107585%
User CPU:0.00350507%
0.165382%
Memory:704 KB
1.16 MB
stobject.dll (Systray shell service object by Microsoft)
Total CPU:0.02896894%
Kernel CPU:0.02026527%
User CPU:0.00870367%
Context switches:7/sec
Memory:132 KB
SHLWAPI.dll
Total CPU:0.02739141%
Kernel CPU:0.02064092%
User CPU:0.00675049%
Context switches:3/sec
Memory:472 KB
Explorer.EXE (main module)
Total CPU:0.01817278%
Kernel CPU:0.01311036%
User CPU:0.00506242%
Context switches:1/sec
Memory:1020 KB
SSDPAPI.dll
Total CPU:0.00363793%
Kernel CPU:0.00220874%
User CPU:0.00142919%
Memory:48 KB
WINHTTP.dll
Total CPU:0.00025605%
Kernel CPU:0.00025605%
User CPU:0.00000000%
Memory:352 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 36.00%
Windows 8.1 Pro 14.00%
Windows 7 Ultimate 12.00%
Windows 8.1 10.50%
Windows 7 Professional 6.50%
Windows 8 6.50%
Windows 8.1 Single Language 6.00%
Windows 8.1 N 4.00%
Windows 8 Single Language 2.50%
Windows 8.1 Pro with Media Center 2.00%

Distribution by countryDistribution by country

United States installs about 51.50% of Windows Explorer.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 23.75%
ASUS 23.33%
Dell 14.17%
Toshiba 13.33%
Acer 12.08%
Lenovo 6.67%
Alienware 3.33%
Samsung 3.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE