Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.17031 (winblue_gdr.140221-1952) 2.92%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.83%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.01%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.98%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.01%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.07%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.24%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.01%
6.2.9200.16384 (win8_rtm.120725-1247) 3.79%
6.2.9200.16384 (win8_rtm.120725-1247) 0.17%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.74%
6.1.7600.16385 (win7_rtm.090713-1255) 1.88%
6.1.7600.16385 (win7_rtm.090713-1255) 42.01%
6.1.7600.16385 (win7_rtm.090713-1255) 2.00%
6.1.7600.16385 (win7_rtm.090713-1255) 2.42%
6.1.7600.16385 (win7_rtm.090713-1255) 3.82%
6.1.7600.16385 (win7_rtm.090713-1255) 11.84%
6.1.7600.16385 (win7_rtm.090713-1255) 2.03%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.66%
6.1.7600.16385 (win7_rtm.090713-1255) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
View more

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, RegSetValueExW, RegDeleteKeyExW, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, ConvertStringSidToSidW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateWellKnownSid, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartTraceW, EnableTraceEx, StopTraceW, LsaLookupSids, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, LsaOpenPolicy, LsaFreeMemory, LsaClose, OpenThreadToken, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus, GetUserNameW, RegEnumKeyW, RegOpenCurrentUser, LookupAccountNameW, EqualSid
api-ms-win-core-atoms-l1-1-0.dll
GlobalGetAtomNameW
api-ms-win-core-com-l1-1-0.dll
CoTaskMemFree, CoInitializeEx, CoUninitialize, CreateStreamOnHGlobal, CoGetApartmentType, CoWaitForMultipleHandles, CoFreeUnusedLibraries, CoEnableCallCancellation, CoDisableCallCancellation, CoCancelCall, StringFromGUID2, PropVariantClear, CoMarshalInterThreadInterfaceInStream, CoReleaseMarshalData, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, CoGetInterfaceAndReleaseStream, CoGetMalloc, CoCreateFreeThreadedMarshaler, CoTaskMemAlloc, CLSIDFromString, CoTaskMemRealloc
api-ms-win-core-com-l1-1-1.dll
CoCreateGuid, CoTaskMemRealloc, CoInitializeEx, CLSIDFromString, CoTaskMemFree, CoCreateInstance, CoTaskMemAlloc, CoGetMalloc, PropVariantClear, CoCancelCall, CoRevokeClassObject, StringFromGUID2, CoGetApartmentType, CreateStreamOnHGlobal, CoSetProxyBlanket, CoWaitForMultipleHandles, CoGetInterfaceAndReleaseStream, CoUninitialize, CoReleaseMarshalData, CoMarshalInterThreadInterfaceInStream, CoFreeUnusedLibraries, CoRegisterClassObject, CoDisableCallCancellation, CoEnableCallCancellation, CoCreateFreeThreadedMarshaler, RoGetAgileReference
api-ms-win-core-com-private-l1-1-0.dll
CoRegisterMessageFilter
api-ms-win-core-datetime-l1-1-1.dll
GetDateFormatW, GetDateFormatEx, GetTimeFormatEx
api-ms-win-core-debug-l1-1-1.dll
OutputDebugStringA
api-ms-win-core-delayload-l1-1-1.dll
DelayLoadFailureHook, ResolveDelayLoadedAPI
api-ms-win-core-errorhandling-l1-1-1.dll
SetErrorMode, SetUnhandledExceptionFilter, SetLastError, GetLastError, RaiseException, UnhandledExceptionFilter
api-ms-win-core-file-l1-2-0.dll
GetLongPathNameW, ReadFile, CreateFileW, WriteFile, GetFileSize, FindClose, CompareFileTime, DeleteFileW, FindNextFileW, FindFirstFileW, GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
WriteFile, CreateFileW, FindClose, CreateDirectoryW, FindNextFileW, CompareFileTime, FindFirstFileW, GetFileAttributesW, DeleteFileW, FindFirstFileExW, RemoveDirectoryW, GetLongPathNameW, SetFileTime
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-2-0.dll
HeapFree, HeapDestroy, HeapSetInformation, HeapAlloc, GetProcessHeap
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalFree, GlobalFree, GlobalAlloc, LocalReAlloc, LocalAlloc, GlobalLock, GlobalUnlock
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedPushEntrySList, InterlockedPopEntrySList, InterlockedExchange, InterlockedIncrement, InterlockedCompareExchange, InterlockedDecrement
api-ms-win-core-io-l1-1-1.dll
GetQueuedCompletionStatus, CreateIoCompletionPort
api-ms-win-core-job-l2-1-0.dll
AssignProcessToJobObject, QueryInformationJobObject, CreateJobObjectW, SetInformationJobObject
api-ms-win-core-kernel32-legacy-l1-1-0.dll
CopyFileW, RaiseFailFastException, MulDiv, LoadLibraryW, GetComputerNameW
api-ms-win-core-kernel32-legacy-l1-1-1.dll
RaiseFailFastException, CreateSemaphoreW, PowerCreateRequest, MoveFileW, CopyFileW, MulDiv, LoadLibraryW, PowerSetRequest, RegisterWaitForSingleObject
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, FindResourceExW, LoadResource, LockResource, LoadLibraryExW, GetModuleHandleW, FreeLibrary, GetProcAddress, GetModuleHandleExW, FreeLibraryAndExitThread, GetModuleHandleA, GetModuleFileNameW
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleA, GetProcAddress, LoadStringW, FindResourceExW, LoadLibraryExW, GetModuleHandleExW, FreeLibrary, GetModuleFileNameW, LoadResource, FreeLibraryAndExitThread, SizeofResource, LockResource, GetModuleHandleW
api-ms-win-core-localization-l1-2-0.dll
GetLocaleInfoW, GetThreadUILanguage
api-ms-win-core-localization-l1-2-1.dll
FormatMessageW, GetUserPreferredUILanguages, IsValidLocaleName, GetThreadUILanguage, GetLocaleInfoW
api-ms-win-core-localization-obsolete-l1-1-0.dll
GetUserDefaultUILanguage
api-ms-win-core-localization-obsolete-l1-2-0.dll
GetUserDefaultUILanguage
api-ms-win-core-memory-l1-1-1.dll
MapViewOfFile, VirtualAlloc, UnmapViewOfFile, CreateFileMappingW, VirtualFree
api-ms-win-core-memory-l1-1-2.dll
VirtualFree, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, VirtualAlloc
api-ms-win-core-path-l1-1-0.dll
PathCchCombine, PathCchAppend, PathCchAddExtension
api-ms-win-core-processenvironment-l1-2-0.dll
GetCommandLineW, ExpandEnvironmentStringsW, SearchPathW, GetCurrentDirectoryW
api-ms-win-core-processthreads-l1-1-1.dll
SetProcessShutdownParameters, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, CreateProcessW, GetStartupInfoW, OpenProcessToken, GetThreadPriority, OpenProcess, OpenThreadToken, CreateThread, SetPriorityClass, OpenThread, GetPriorityClass, TerminateProcess, ResumeThread, FlushInstructionCache, IsProcessorFeaturePresent, GetProcessId, GetCurrentProcess, ExitProcess, SetThreadPriority, TerminateThread
api-ms-win-core-processthreads-l1-1-2.dll
TerminateThread, GetExitCodeProcess, SetThreadPriorityBoost, TlsFree, GetPriorityClass, TerminateProcess, OpenProcessToken, QueueUserAPC, ResumeThread, SetPriorityClass, GetCurrentThread, TlsAlloc, FlushInstructionCache, GetCurrentProcess, SetProcessShutdownParameters, CreateThread, GetProcessId, OpenProcess, CreateProcessW, IsProcessorFeaturePresent, TlsSetValue, ExitProcess, GetThreadPriority, OpenThreadToken, GetCurrentThreadId, GetCurrentProcessId, SetThreadPriority, GetStartupInfoW, OpenThread
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter, QueryPerformanceFrequency
api-ms-win-core-psapi-l1-1-0.dll
QueryFullProcessImageNameW
api-ms-win-core-registry-l1-1-0.dll
RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyExW, RegGetValueW, RegEnumValueW, RegOpenCurrentUser, RegSetValueExW
api-ms-win-core-registry-l2-1-0.dll
RegCreateKeyW, RegDeleteKeyW
api-ms-win-core-registryuserspecific-l1-1-0.dll
SHRegGetUSValueW, SHRegGetBoolUSValueW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
PathStripPathW, SHExpandEnvironmentStringsW, PathFindExtensionW, PathParseIconLocationW, PathFileExistsW, PathGetDriveNumberW, PathCommonPrefixW, PathRemoveBlanksW, PathFindFileNameW, PathRemoveExtensionW, PathCombineW, PathIsFileSpecW, PathGetArgsW, PathRemoveFileSpecW, PathQuoteSpacesW, PathStripToRootW, PathIsRootW, PathIsPrefixW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
StrCmpW, StrCmpICA, SHLoadIndirectString, StrCmpIW, StrCmpNIW, StrRStrIW, StrCmpICW, StrChrW, StrToIntW, QISearch, StrCmpNICW, StrChrIW, StrStrIW, StrTrimW, StrCmpNW, StrCmpCW, StrRChrW
api-ms-win-core-sidebyside-l1-1-0.dll
CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, CompareStringOrdinal, WideCharToMultiByte, CompareStringW
api-ms-win-core-string-l2-1-0.dll
IsCharAlphaNumericW, CharPrevW, CharUpperW, CharNextW, CharLowerW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpiW, lstrlenW
api-ms-win-core-synch-l1-2-0.dll
InitOnceExecuteOnce, Sleep, OpenMutexW, ReleaseMutex, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSectionEx, CreateEventExW, WaitForSingleObject, InitializeCriticalSection, CreateMutexW, CreateEventW, WaitForMultipleObjectsEx, OpenSemaphoreW, InitializeSRWLock, ResetEvent, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, ReleaseSemaphore, OpenEventW, SleepEx, SetEvent, WaitForSingleObjectEx
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetTickCount, GetProductInfo, GetVersionExW, GetSystemDirectoryW, GetSystemTimeAsFileTime, GetSystemTime, GetWindowsDirectoryW, GetLocalTime
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount64, GetLocalTime, GetSystemTime, GetProductInfo, GetVersionExW, GetTickCount, GetSystemTimeAsFileTime, GetWindowsDirectoryW, GetSystemDirectoryW, GetOsSafeBootMode
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolTimer, FreeLibraryWhenCallbackReturns, SubmitThreadpoolWork, CallbackMayRunLong, CloseThreadpoolTimer, CreateThreadpoolWork, SetThreadpoolWait, CreateThreadpoolWait, TrySubmitThreadpoolCallback, SetThreadpoolTimer, WaitForThreadpoolTimerCallbacks
api-ms-win-core-threadpool-legacy-l1-1-0.dll
CreateTimerQueueTimer, UnregisterWaitEx, ChangeTimerQueueTimer, DeleteTimerQueueTimer, QueueUserWorkItem
api-ms-win-core-timezone-l1-1-0.dll
GetDynamicTimeZoneInformation, SystemTimeToFileTime, GetTimeZoneInformation
api-ms-win-core-winrt-l1-1-0.dll
RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0.dll
WindowsCreateStringReference, WindowsCreateString, WindowsGetStringRawBuffer, WindowsDeleteString
api-ms-win-eventing-classicprovider-l1-1-0.dll
GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, GetTraceLoggerHandle, TraceMessage
api-ms-win-eventing-controller-l1-1-0.dll
EnableTraceEx2, StartTraceW, StopTraceW
api-ms-win-eventing-provider-l1-1-0.dll
EventWrite, EventRegister, EventUnregister, EventEnabled
api-ms-win-power-base-l1-1-0.dll
CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRoleEx
api-ms-win-security-base-l1-2-0.dll
GetLengthSid, CopySid, CreateWellKnownSid, IsValidSid, CheckTokenMembership, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount
api-ms-win-security-lsalookup-l1-1-1.dll
EnumerateIdentityProviders, ReleaseIdentityProviderEnumContext, GetIdentityProviderInfoByGUID, GetDefaultIdentityProvider
api-ms-win-service-management-l2-1-0.dll
QueryServiceConfigW, NotifyServiceStatusChangeW
d3d11.dll
D3D11CreateDevice
dwmapi.dll
DwmEnableBlurBehindWindow, DwmIsCompositionEnabled, DwmSetWindowAttribute, DwmQueryThumbnailSourceSize, DwmUnregisterThumbnail, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmRegisterThumbnail
gdi32.dll
GetStockObject, SetWindowOrgEx, StretchBlt, GetTextMetricsW, CombineRgn, Polyline, CreatePen, GetTextColor, ExtCreateRegion, GetRegionData, SetLayout, GetLayout, GetTextExtentPoint32W, OffsetRgn, LPtoDP, GetRgnBox, OffsetViewportOrgEx, GdiFlush, ExtTextOutW, SetDIBits, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, SetBkMode, CreateBitmap, PatBlt, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, SetTextColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, GetObjectW, CreateRectRgnIndirect, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, GetDeviceCaps, CreateFontIndirectW, DeleteDC, GdiAlphaBlend, CreatePatternBrush, GetPixel, CreateSolidBrush, SetTextAlign, GetDIBits, Rectangle, StretchDIBits
gdiplus.dll
GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipFree, GdipDeleteGraphics, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetCompositingMode, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage, GdipCreateBitmapFromStream, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipCreateBitmapFromStreamICM
kernel32.dll
DllMain, LoadLibraryExA, DelayLoadFailureHook, CreateFileW, GetFileSize, ReadFile, RaiseException, FlushInstructionCache, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetLocalTime, InterlockedCompareExchange, FindFirstFileW, lstrcmpiW, FindNextFileW, FindClose, GetFileAttributesW, GetSystemTime, SystemTimeToFileTime, ExpandEnvironmentStringsW, InterlockedIncrement, InterlockedDecrement, GetLastError, SetInformationJobObject, CreateJobObjectW, GetPriorityClass, SetPriorityClass, OpenProcess, SearchPathW, GetSystemDefaultUILanguage, UnmapViewOfFile, MapViewOfFile, GetTimeZoneInformation, GetDynamicTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, GetTickCount64, MulDiv, GetLongPathNameW, GetThreadPriority, MultiByteToWideChar, GlobalGetAtomNameW, GetCurrentThread, SetThreadPriority, QueueUserWorkItem, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, DeleteFileW, GetWindowsDirectoryW, GetProcessId, CompareStringW, QueryFullProcessImageNameW, CompareFileTime, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, CloseHandle, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, ResumeThread, AssignProcessToJobObject, CreateThread, CreateProcessW, WaitForSingleObject, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, CreateEventW, lstrlenW, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, HeapDestroy, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetSystemDirectoryW, ExitProcess, RegisterApplicationRestart, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, SetErrorMode, SetProcessDEPPolicy, GetUserDefaultLangID, SetEvent, LeaveCriticalSection, EnterCriticalSection, GetTickCount, OpenEventW, SetTermsrvAppInstallMode, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, CompareStringOrdinal, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, LoadLibraryA, GetSystemWindowsDirectoryW, GetEnvironmentVariableW, GetPrivateProfileIntW, SetFilePointer, GetFileAttributesExW, GetProcessTimes, FormatMessageW, WriteFile, GetDateFormatEx, GetTimeFormatEx, WaitForMultipleObjectsEx, ResolveDelayLoadedAPI, ChangeTimerQueueTimer, DeleteTimerQueueTimer, CreateTimerQueueTimer, GetModuleHandleExW, CreateThreadpoolTimer, FreeLibraryWhenCallbackReturns, SetThreadpoolTimer, CloseThreadpoolTimer, GetSystemInfo, ProcessIdToSessionId, OpenMutexW, SetThreadExecutionState
msvcrt.dll
DllMain
ntdll.dll
WinSqmSetString, NtQueryInformationProcess, NtSetInformationProcess, WinSqmIsOptedIn, NtOpenThreadToken, NtOpenProcessToken, NtClose, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmSetDWORD, EtwEventWrite, EtwEventEnabled, NtQueryInformationToken, RtlGetProductInfo, RtlNtStatusToDosError, RtlUnsubscribeWnfNotificationWaitForCompletion, RtlSubscribeWnfStateChangeNotification, RtlQueryWnfStateData, WinSqmIncrementDWORD, NtQueryWnfStateData
ole32.dll
OleInitialize, StringFromGUID2, CoRegisterMessageFilter, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoRevokeClassObject, CoCreateFreeThreadedMarshaler, CreateBindCtx, PropVariantClear, ReleaseStgMedium, CoInitializeEx, CreateStreamOnHGlobal, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoUninitialize, CoInitialize, CoGetMalloc, CoTaskMemAlloc, CLSIDFromString, CoFreeUnusedLibraries, CoGetClassObject, CoGetObject, DoDragDrop, CoTaskMemRealloc, CoReleaseMarshalData, CoGetApartmentType, CoWaitForMultipleHandles
powrprof.dll
CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRole
propsys.dll
PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToUInt64, PropVariantToBoolean, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, VariantToInt32WithDefault, PSCreateMemoryPropertyStore, PropVariantToInt64, PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyDescription, PSPropertyBag_WriteDWORD, InitVariantFromResource, PropVariantToGUID
rpcrt4.dll
RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, I_RpcExceptionFilter, NdrClientCall2
secur32.dll
GetUserNameExW
shcore.dll
IsOS, SHStrDupW, IUnknown_Set, IUnknown_QueryService, SHUnicodeToAnsi, SetProcessReference, SHCreateThreadRef, SHSetThreadRef, IUnknown_SetSite, SHRegGetValueW, SHGetValueW, SHSetValueW, SHDeleteValueW, SHCreateThread, SetCurrentProcessExplicitAppUserModelID, SHQueryValueExW, SHOpenRegStream2W, IStream_Reset, IStream_Read, SHCreateMemStream, SHAnsiToUnicode, IStream_Write, SHDeleteKeyW, GetDpiForMonitor, SHEnumKeyExW, SHGetThreadRef, SHQueryInfoKeyW, SHCreateStreamOnFileW, SHStrDupA
shell32.dll
DllMain, SHGetPropertyStoreForWindow, SHGetStockIconInfo, Shell_GetCachedImageIndexW, SHGetLocalizedName, SHCreateDataObject, SHCreateShellItemArrayFromShellItem, SHGetKnownFolderPath, SHCreateShellItemArrayFromIDLists, SHBindToFolderIDListParentEx, SHGetFileInfoW, SHCreateItemWithParent, SHGetFolderLocation, SHParseDisplayName, SHGetSpecialFolderPathW, ShellExecuteExW, SHGetKnownFolderIDList, SHBindToObject, SHGetNameFromIDList, SHCreateShellItem, SHGetPathFromIDListW, ShellExecuteW, SHEnableServiceObject, SHGetIDListFromObject, SHChangeNotifyRegisterThread, SHUpdateRecycleBinIcon, SHCreateItemFromIDList, SHFileOperationW, SHGetFolderPathEx, SHGetPathFromIDListA, SHGetFolderPathW, SHBindToParent, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, SHChangeNotify, SHCreateItemFromParsingName, DragQueryFileW, SHGetSpecialFolderLocation, SHBindToFolderIDListParent, SHGetDesktopFolder, DuplicateIcon, SHGetFolderPathAndSubDirW, SHOpenWithDialog, SHCreateAssociationRegistration, SHCreateItemInKnownFolder, SHAppBarMessage, SHGetKnownFolderItem, SHGetItemFromObject, SetCurrentProcessExplicitAppUserModelID, SHCreateShellItemArray
shlwapi.dll
DllMain, SHStrDupA, StrCmpW, PathCommonPrefixW, PathRemoveExtensionW, PathIsFileSpecW, StrRetToStrW, AssocCreate, StrRetToBufW, PathStripToRootW, AssocQueryStringW, PathQuoteSpacesW, SHDeleteKeyW, SHRegGetUSValueW, SHOpenRegStream2W, PathRemoveFileSpecW, SHRegGetBoolUSValueW, PathGetDriveNumberW, PathFileExistsW, PathIsDirectoryW, PathFindExtensionW, StrChrIW, PathAppendW, SHDeleteValueW, SHSetValueW, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathGetArgsW, PathFindFileNameW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, PathCombineW, SHRegGetValueW, StrToIntW, StrChrW, SHStrDupW, PathIsNetworkPathW, StrTrimW, StrCmpNW, SHQueryInfoKeyW, SHCreateStreamOnFileW, PathIsPrefixW, StrCmpIW, PathParseIconLocationW, PathIsRootW, AssocQueryKeyW, PathStripPathW, ChrCmpIW, StrStrIW, StrDupW, SHRegOpenUSKeyW, SHRegQueryUSValueW, PathMatchSpecW, SHQueryValueExW, StrPBrkW
slc.dll
SLGetWindowsInformationDWORD, SLUnregisterWindowsEvent, SLRegisterWindowsEvent
sspicli.dll
GetUserNameExW
user32.dll
DllMain
userenv.dll
GetProfileType
uxtheme.dll
BeginBufferedPaint, IsCompositionActive, IsAppThemed, GetThemeMetric, CloseThemeData, OpenThemeData, SetWindowTheme, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, DrawThemeParentBackground, GetWindowTheme, GetThemePartSize, GetThemeBackgroundContentRect, EndBufferedPaint, GetThemeMargins, DrawThemeTextEx, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, GetThemeColor, GetThemeBool, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, GetThemeBackgroundExtent, GetThemeFont, GetThemeInt, GetCurrentThemeName
wtsapi32.dll
WTSFreeMemory, WTSQuerySessionInformationW

explorer.exe

Windows Explorer by Microsoft Corporation (Signed)

Remove explorer.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   b95eeb0f4e5efbf1038a35b3351cf047
SHA1:   131d489169c9af3660c79976fb57430a60945147
SHA256:   5a13d3dc56a479dd514d8d1a32233d3b4ea13b6a6ac26d138a25696a5e4eec0c
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is explorer.exe?

Windows Explorer also known as File Explorer, is a file manager application and also a navigation tool that is included with releases of the Microsoft Windows operating system. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Located in the C:\Windows directory, it is sometimes referred to as the Windows shell, explorer.exe.

Overview

explorer.exe executes as a process with the local user's privileges. It configures an autoplay handler withing explorer.exe named MSOpenFolder that will launch the program automatically. The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows 7 and is compiled as a 32 bit program.

DetailsDetails

File name:explorer.exe
Publisher:Microsoft Corporation
Product name:Windows Explorer
Description:Microsoft® Windows® Operating System
Typical file path:C:\windows\explorer.exe
Original name:EXPLORER.EXE.MUI
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:2.49 MB (2,613,248 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Tuesday, July 9, 2013
Digital DNA
Entropy:5.934229
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • SHCmdFile
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
  • Handler name 'MSOpenFolderBackup'
  • Handler name 'MSOpenFolder'
Scheduled tasks
  • The task '{AD36F1D3-E56E-44BA-A569-280718EB8C51}' runs on registration in the path '\{AD36F1D3-E56E-44BA-A569-280718EB8C51}'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00072513%
0.028634%
Kernel CPU:0.00055046%
0.013761%
User CPU:0.00017467%
0.014873%
Kernel CPU time:1,080,408 ms/min
100,923,805ms/min
CPU cycles:4,993,263/sec
17,470,203/sec
Memory
Private memory:42.1 MB
21.59 MB
Private (maximum):58.74 MB
Private (minimum):25.32 MB
Non-paged memory:42.1 MB
21.59 MB
Virtual memory:286.63 MB
140.96 MB
Virtual memory (peak):385.49 MB
169.69 MB
Working set:36.51 MB
18.61 MB
Working set (peak):66.5 MB
37.95 MB
Page faults:259,669/min
2,039/min
I/O
I/O read transfer:58.95 MB/sec
1.02 MB/min
I/O read operations:45,030/sec
343/min
I/O write transfer:4.13 KB/sec
274.99 KB/min
I/O write operations:8/sec
227/min
I/O other transfer:354.41 KB/sec
448.09 KB/min
I/O other operations:77/sec
1,671/min
Resource allocations
Threads:34
12
Handles:1080
600
GUI GDI count:544
103
GUI GDI peak:717
142
GUI USER count:334
49
GUI USER peak:476
71

BehaviorsProcess properties

Tray notification:Yes
Integrety level:High
Platform:32-bit
Command line:C:\windows\explorer.exe
Owner:User

ResourcesThreads

Averages
 
SHLWAPI.dll
Total CPU:0.09476009%
0.272967%
Kernel CPU:0.03171335%
0.107585%
User CPU:0.06304674%
0.165382%
CPU cycles:3,382,343/sec
5,741,424/sec
Context switches:2/sec
79/sec
Memory:348 KB
1.16 MB
Explorer.EXE (main module)
Total CPU:0.08307006%
Kernel CPU:0.05369674%
User CPU:0.02937332%
CPU cycles:1,606,416/sec
Context switches:1/sec
Memory:2.5 MB
ntdll.dll
Total CPU:0.07053746%
Kernel CPU:0.04182285%
User CPU:0.02871461%
CPU cycles:1,732,637/sec
Context switches:1/sec
Memory:1.23 MB
wcnapi.dll
Total CPU:0.00872025%
Kernel CPU:0.00872025%
User CPU:0.00000000%
CPU cycles:215,859/sec
Context switches:1/sec
Memory:100 KB
FunDisc.dll
Total CPU:0.00871873%
Kernel CPU:0.00000000%
User CPU:0.00871873%
CPU cycles:32,865/sec
Memory:172 KB
WINMM.dll
Total CPU:0.00130844%
Kernel CPU:0.00056669%
User CPU:0.00074175%
CPU cycles:20,812/sec
Memory:200 KB
pnidui.dll
Total CPU:0.00076273%
Kernel CPU:0.00033370%
User CPU:0.00042904%
CPU cycles:15,955/sec
Memory:1.68 MB
Wlanapi.dll
Total CPU:0.00021836%
Kernel CPU:0.00010404%
User CPU:0.00011433%
CPU cycles:9,796/sec
Memory:88 KB
ole32.dll
Total CPU:0.00002273%
Kernel CPU:0.00002273%
User CPU:0.00000000%
CPU cycles:1,341/sec
Memory:1.36 MB
msvcrt.dll
Total CPU:0.00002272%
Kernel CPU:0.00000000%
User CPU:0.00002272%
CPU cycles:14/sec
Memory:688 KB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 36.00%
Windows 8.1 Pro 14.00%
Windows 7 Ultimate 12.00%
Windows 8.1 10.50%
Windows 7 Professional 6.50%
Windows 8 6.50%
Windows 8.1 Single Language 6.00%
Windows 8.1 N 4.00%
Windows 8 Single Language 2.50%
Windows 8.1 Pro with Media Center 2.00%

Distribution by countryDistribution by country

United States installs about 51.50% of Windows Explorer.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 23.75%
ASUS 23.33%
Dell 14.17%
Toshiba 13.33%
Acer 12.08%
Lenovo 6.67%
Alienware 3.33%
Samsung 3.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE