Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.17031 (winblue_gdr.140221-1952) 2.92%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.83%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.01%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.98%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.01%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.07%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.24%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.01%
6.2.9200.16384 (win8_rtm.120725-1247) 3.79%
6.2.9200.16384 (win8_rtm.120725-1247) 0.17%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.74%
6.1.7600.16385 (win7_rtm.090713-1255) 1.88%
6.1.7600.16385 (win7_rtm.090713-1255) 42.01%
6.1.7600.16385 (win7_rtm.090713-1255) 2.00%
6.1.7600.16385 (win7_rtm.090713-1255) 2.42%
6.1.7600.16385 (win7_rtm.090713-1255) 3.82%
6.1.7600.16385 (win7_rtm.090713-1255) 11.84%
6.1.7600.16385 (win7_rtm.090713-1255) 2.03%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.66%
6.1.7600.16385 (win7_rtm.090713-1255) 0.05%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
6.1.7600.16385 (win7_rtm.090713-1255) 0.01%
View more

Relationships

Parent process
Child processes

PE structurePE file structure

Show functions
Import table
advapi32.dll
RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, RegSetValueExW, RegDeleteKeyExW, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, ConvertStringSidToSidW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateWellKnownSid, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartTraceW, EnableTraceEx, StopTraceW, LsaLookupSids, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, LsaOpenPolicy, LsaFreeMemory, LsaClose, OpenThreadToken, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus, GetUserNameW, RegEnumKeyW, RegOpenCurrentUser, LookupAccountNameW, EqualSid
api-ms-win-core-atoms-l1-1-0.dll
GlobalGetAtomNameW
api-ms-win-core-com-l1-1-0.dll
CoTaskMemFree, CoInitializeEx, CoUninitialize, CreateStreamOnHGlobal, CoGetApartmentType, CoWaitForMultipleHandles, CoFreeUnusedLibraries, CoEnableCallCancellation, CoDisableCallCancellation, CoCancelCall, StringFromGUID2, PropVariantClear, CoMarshalInterThreadInterfaceInStream, CoReleaseMarshalData, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, CoGetInterfaceAndReleaseStream, CoGetMalloc, CoCreateFreeThreadedMarshaler, CoTaskMemAlloc, CLSIDFromString, CoTaskMemRealloc
api-ms-win-core-com-l1-1-1.dll
CoCreateGuid, CoTaskMemRealloc, CoInitializeEx, CLSIDFromString, CoTaskMemFree, CoCreateInstance, CoTaskMemAlloc, CoGetMalloc, PropVariantClear, CoCancelCall, CoRevokeClassObject, StringFromGUID2, CoGetApartmentType, CreateStreamOnHGlobal, CoSetProxyBlanket, CoWaitForMultipleHandles, CoGetInterfaceAndReleaseStream, CoUninitialize, CoReleaseMarshalData, CoMarshalInterThreadInterfaceInStream, CoFreeUnusedLibraries, CoRegisterClassObject, CoDisableCallCancellation, CoEnableCallCancellation, CoCreateFreeThreadedMarshaler, RoGetAgileReference
api-ms-win-core-com-private-l1-1-0.dll
CoRegisterMessageFilter
api-ms-win-core-datetime-l1-1-1.dll
GetDateFormatW, GetDateFormatEx, GetTimeFormatEx
api-ms-win-core-debug-l1-1-1.dll
OutputDebugStringA
api-ms-win-core-delayload-l1-1-1.dll
DelayLoadFailureHook, ResolveDelayLoadedAPI
api-ms-win-core-errorhandling-l1-1-1.dll
SetErrorMode, SetUnhandledExceptionFilter, SetLastError, GetLastError, RaiseException, UnhandledExceptionFilter
api-ms-win-core-file-l1-2-0.dll
GetLongPathNameW, ReadFile, CreateFileW, WriteFile, GetFileSize, FindClose, CompareFileTime, DeleteFileW, FindNextFileW, FindFirstFileW, GetFileAttributesW
api-ms-win-core-file-l1-2-1.dll
WriteFile, CreateFileW, FindClose, CreateDirectoryW, FindNextFileW, CompareFileTime, FindFirstFileW, GetFileAttributesW, DeleteFileW, FindFirstFileExW, RemoveDirectoryW, GetLongPathNameW, SetFileTime
api-ms-win-core-handle-l1-1-0.dll
DuplicateHandle, CloseHandle
api-ms-win-core-heap-l1-2-0.dll
HeapFree, HeapDestroy, HeapSetInformation, HeapAlloc, GetProcessHeap
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalFree, GlobalFree, GlobalAlloc, LocalReAlloc, LocalAlloc, GlobalLock, GlobalUnlock
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedPushEntrySList, InterlockedPopEntrySList, InterlockedExchange, InterlockedIncrement, InterlockedCompareExchange, InterlockedDecrement
api-ms-win-core-io-l1-1-1.dll
GetQueuedCompletionStatus, CreateIoCompletionPort
api-ms-win-core-job-l2-1-0.dll
AssignProcessToJobObject, QueryInformationJobObject, CreateJobObjectW, SetInformationJobObject
api-ms-win-core-kernel32-legacy-l1-1-0.dll
CopyFileW, RaiseFailFastException, MulDiv, LoadLibraryW, GetComputerNameW
api-ms-win-core-kernel32-legacy-l1-1-1.dll
RaiseFailFastException, CreateSemaphoreW, PowerCreateRequest, MoveFileW, CopyFileW, MulDiv, LoadLibraryW, PowerSetRequest, RegisterWaitForSingleObject
api-ms-win-core-libraryloader-l1-1-1.dll
LoadStringW, FindResourceExW, LoadResource, LockResource, LoadLibraryExW, GetModuleHandleW, FreeLibrary, GetProcAddress, GetModuleHandleExW, FreeLibraryAndExitThread, GetModuleHandleA, GetModuleFileNameW
api-ms-win-core-libraryloader-l1-2-0.dll
GetModuleHandleA, GetProcAddress, LoadStringW, FindResourceExW, LoadLibraryExW, GetModuleHandleExW, FreeLibrary, GetModuleFileNameW, LoadResource, FreeLibraryAndExitThread, SizeofResource, LockResource, GetModuleHandleW
api-ms-win-core-localization-l1-2-0.dll
GetLocaleInfoW, GetThreadUILanguage
api-ms-win-core-localization-l1-2-1.dll
FormatMessageW, GetUserPreferredUILanguages, IsValidLocaleName, GetThreadUILanguage, GetLocaleInfoW
api-ms-win-core-localization-obsolete-l1-1-0.dll
GetUserDefaultUILanguage
api-ms-win-core-localization-obsolete-l1-2-0.dll
GetUserDefaultUILanguage
api-ms-win-core-memory-l1-1-1.dll
MapViewOfFile, VirtualAlloc, UnmapViewOfFile, CreateFileMappingW, VirtualFree
api-ms-win-core-memory-l1-1-2.dll
VirtualFree, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, VirtualAlloc
api-ms-win-core-path-l1-1-0.dll
PathCchCombine, PathCchAppend, PathCchAddExtension
api-ms-win-core-processenvironment-l1-2-0.dll
GetCommandLineW, ExpandEnvironmentStringsW, SearchPathW, GetCurrentDirectoryW
api-ms-win-core-processthreads-l1-1-1.dll
SetProcessShutdownParameters, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, CreateProcessW, GetStartupInfoW, OpenProcessToken, GetThreadPriority, OpenProcess, OpenThreadToken, CreateThread, SetPriorityClass, OpenThread, GetPriorityClass, TerminateProcess, ResumeThread, FlushInstructionCache, IsProcessorFeaturePresent, GetProcessId, GetCurrentProcess, ExitProcess, SetThreadPriority, TerminateThread
api-ms-win-core-processthreads-l1-1-2.dll
TerminateThread, GetExitCodeProcess, SetThreadPriorityBoost, TlsFree, GetPriorityClass, TerminateProcess, OpenProcessToken, QueueUserAPC, ResumeThread, SetPriorityClass, GetCurrentThread, TlsAlloc, FlushInstructionCache, GetCurrentProcess, SetProcessShutdownParameters, CreateThread, GetProcessId, OpenProcess, CreateProcessW, IsProcessorFeaturePresent, TlsSetValue, ExitProcess, GetThreadPriority, OpenThreadToken, GetCurrentThreadId, GetCurrentProcessId, SetThreadPriority, GetStartupInfoW, OpenThread
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter, QueryPerformanceFrequency
api-ms-win-core-psapi-l1-1-0.dll
QueryFullProcessImageNameW
api-ms-win-core-registry-l1-1-0.dll
RegDeleteValueW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyExW, RegGetValueW, RegEnumValueW, RegOpenCurrentUser, RegSetValueExW
api-ms-win-core-registry-l2-1-0.dll
RegCreateKeyW, RegDeleteKeyW
api-ms-win-core-registryuserspecific-l1-1-0.dll
SHRegGetUSValueW, SHRegGetBoolUSValueW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll
PathStripPathW, SHExpandEnvironmentStringsW, PathFindExtensionW, PathParseIconLocationW, PathFileExistsW, PathGetDriveNumberW, PathCommonPrefixW, PathRemoveBlanksW, PathFindFileNameW, PathRemoveExtensionW, PathCombineW, PathIsFileSpecW, PathGetArgsW, PathRemoveFileSpecW, PathQuoteSpacesW, PathStripToRootW, PathIsRootW, PathIsPrefixW
api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
StrCmpW, StrCmpICA, SHLoadIndirectString, StrCmpIW, StrCmpNIW, StrRStrIW, StrCmpICW, StrChrW, StrToIntW, QISearch, StrCmpNICW, StrChrIW, StrStrIW, StrTrimW, StrCmpNW, StrCmpCW, StrRChrW
api-ms-win-core-sidebyside-l1-1-0.dll
CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx
api-ms-win-core-string-l1-1-0.dll
MultiByteToWideChar, CompareStringOrdinal, WideCharToMultiByte, CompareStringW
api-ms-win-core-string-l2-1-0.dll
IsCharAlphaNumericW, CharPrevW, CharUpperW, CharNextW, CharLowerW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrcmpiW, lstrlenW
api-ms-win-core-synch-l1-2-0.dll
InitOnceExecuteOnce, Sleep, OpenMutexW, ReleaseMutex, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSectionEx, CreateEventExW, WaitForSingleObject, InitializeCriticalSection, CreateMutexW, CreateEventW, WaitForMultipleObjectsEx, OpenSemaphoreW, InitializeSRWLock, ResetEvent, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, ReleaseSemaphore, OpenEventW, SleepEx, SetEvent, WaitForSingleObjectEx
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetTickCount, GetProductInfo, GetVersionExW, GetSystemDirectoryW, GetSystemTimeAsFileTime, GetSystemTime, GetWindowsDirectoryW, GetLocalTime
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount64, GetLocalTime, GetSystemTime, GetProductInfo, GetVersionExW, GetTickCount, GetSystemTimeAsFileTime, GetWindowsDirectoryW, GetSystemDirectoryW, GetOsSafeBootMode
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpoolTimer, FreeLibraryWhenCallbackReturns, SubmitThreadpoolWork, CallbackMayRunLong, CloseThreadpoolTimer, CreateThreadpoolWork, SetThreadpoolWait, CreateThreadpoolWait, TrySubmitThreadpoolCallback, SetThreadpoolTimer, WaitForThreadpoolTimerCallbacks
api-ms-win-core-threadpool-legacy-l1-1-0.dll
CreateTimerQueueTimer, UnregisterWaitEx, ChangeTimerQueueTimer, DeleteTimerQueueTimer, QueueUserWorkItem
api-ms-win-core-timezone-l1-1-0.dll
GetDynamicTimeZoneInformation, SystemTimeToFileTime, GetTimeZoneInformation
api-ms-win-core-winrt-l1-1-0.dll
RoGetActivationFactory
api-ms-win-core-winrt-string-l1-1-0.dll
WindowsCreateStringReference, WindowsCreateString, WindowsGetStringRawBuffer, WindowsDeleteString
api-ms-win-eventing-classicprovider-l1-1-0.dll
GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, GetTraceLoggerHandle, TraceMessage
api-ms-win-eventing-controller-l1-1-0.dll
EnableTraceEx2, StartTraceW, StopTraceW
api-ms-win-eventing-provider-l1-1-0.dll
EventWrite, EventRegister, EventUnregister, EventEnabled
api-ms-win-power-base-l1-1-0.dll
CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRoleEx
api-ms-win-security-base-l1-2-0.dll
GetLengthSid, CopySid, CreateWellKnownSid, IsValidSid, CheckTokenMembership, GetTokenInformation, GetSidSubAuthority, GetSidSubAuthorityCount
api-ms-win-security-lsalookup-l1-1-1.dll
EnumerateIdentityProviders, ReleaseIdentityProviderEnumContext, GetIdentityProviderInfoByGUID, GetDefaultIdentityProvider
api-ms-win-service-management-l2-1-0.dll
QueryServiceConfigW, NotifyServiceStatusChangeW
d3d11.dll
D3D11CreateDevice
dwmapi.dll
DwmEnableBlurBehindWindow, DwmIsCompositionEnabled, DwmSetWindowAttribute, DwmQueryThumbnailSourceSize, DwmUnregisterThumbnail, DwmUpdateThumbnailProperties, DwmGetColorizationColor, DwmRegisterThumbnail
gdi32.dll
GetStockObject, SetWindowOrgEx, StretchBlt, GetTextMetricsW, CombineRgn, Polyline, CreatePen, GetTextColor, ExtCreateRegion, GetRegionData, SetLayout, GetLayout, GetTextExtentPoint32W, OffsetRgn, LPtoDP, GetRgnBox, OffsetViewportOrgEx, GdiFlush, ExtTextOutW, SetDIBits, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, SetBkMode, CreateBitmap, PatBlt, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, SetTextColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, GetObjectW, CreateRectRgnIndirect, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, GetDeviceCaps, CreateFontIndirectW, DeleteDC, GdiAlphaBlend, CreatePatternBrush, GetPixel, CreateSolidBrush, SetTextAlign, GetDIBits, Rectangle, StretchDIBits
gdiplus.dll
GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipFree, GdipDeleteGraphics, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetCompositingMode, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage, GdipCreateBitmapFromStream, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipCreateBitmapFromStreamICM
kernel32.dll
DllMain, LoadLibraryExA, DelayLoadFailureHook, CreateFileW, GetFileSize, ReadFile, RaiseException, FlushInstructionCache, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetLocalTime, InterlockedCompareExchange, FindFirstFileW, lstrcmpiW, FindNextFileW, FindClose, GetFileAttributesW, GetSystemTime, SystemTimeToFileTime, ExpandEnvironmentStringsW, InterlockedIncrement, InterlockedDecrement, GetLastError, SetInformationJobObject, CreateJobObjectW, GetPriorityClass, SetPriorityClass, OpenProcess, SearchPathW, GetSystemDefaultUILanguage, UnmapViewOfFile, MapViewOfFile, GetTimeZoneInformation, GetDynamicTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, GetTickCount64, MulDiv, GetLongPathNameW, GetThreadPriority, MultiByteToWideChar, GlobalGetAtomNameW, GetCurrentThread, SetThreadPriority, QueueUserWorkItem, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, DeleteFileW, GetWindowsDirectoryW, GetProcessId, CompareStringW, QueryFullProcessImageNameW, CompareFileTime, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, CloseHandle, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, ResumeThread, AssignProcessToJobObject, CreateThread, CreateProcessW, WaitForSingleObject, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, CreateEventW, lstrlenW, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, HeapDestroy, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetSystemDirectoryW, ExitProcess, RegisterApplicationRestart, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, SetErrorMode, SetProcessDEPPolicy, GetUserDefaultLangID, SetEvent, LeaveCriticalSection, EnterCriticalSection, GetTickCount, OpenEventW, SetTermsrvAppInstallMode, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, TerminateProcess, UnhandledExceptionFilter, CompareStringOrdinal, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, LoadLibraryA, GetSystemWindowsDirectoryW, GetEnvironmentVariableW, GetPrivateProfileIntW, SetFilePointer, GetFileAttributesExW, GetProcessTimes, FormatMessageW, WriteFile, GetDateFormatEx, GetTimeFormatEx, WaitForMultipleObjectsEx, ResolveDelayLoadedAPI, ChangeTimerQueueTimer, DeleteTimerQueueTimer, CreateTimerQueueTimer, GetModuleHandleExW, CreateThreadpoolTimer, FreeLibraryWhenCallbackReturns, SetThreadpoolTimer, CloseThreadpoolTimer, GetSystemInfo, ProcessIdToSessionId, OpenMutexW, SetThreadExecutionState
msvcrt.dll
DllMain
ntdll.dll
WinSqmSetString, NtQueryInformationProcess, NtSetInformationProcess, WinSqmIsOptedIn, NtOpenThreadToken, NtOpenProcessToken, NtClose, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmSetDWORD, EtwEventWrite, EtwEventEnabled, NtQueryInformationToken, RtlGetProductInfo, RtlNtStatusToDosError, RtlUnsubscribeWnfNotificationWaitForCompletion, RtlSubscribeWnfStateChangeNotification, RtlQueryWnfStateData, WinSqmIncrementDWORD, NtQueryWnfStateData
ole32.dll
OleInitialize, StringFromGUID2, CoRegisterMessageFilter, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoRevokeClassObject, CoCreateFreeThreadedMarshaler, CreateBindCtx, PropVariantClear, ReleaseStgMedium, CoInitializeEx, CreateStreamOnHGlobal, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoUninitialize, CoInitialize, CoGetMalloc, CoTaskMemAlloc, CLSIDFromString, CoFreeUnusedLibraries, CoGetClassObject, CoGetObject, DoDragDrop, CoTaskMemRealloc, CoReleaseMarshalData, CoGetApartmentType, CoWaitForMultipleHandles
powrprof.dll
CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRole
propsys.dll
PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToUInt64, PropVariantToBoolean, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, VariantToInt32WithDefault, PSCreateMemoryPropertyStore, PropVariantToInt64, PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetNameFromPropertyKey, PSGetPropertyDescription, PSPropertyBag_WriteDWORD, InitVariantFromResource, PropVariantToGUID
rpcrt4.dll
RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, I_RpcExceptionFilter, NdrClientCall2
secur32.dll
GetUserNameExW
shcore.dll
IsOS, SHStrDupW, IUnknown_Set, IUnknown_QueryService, SHUnicodeToAnsi, SetProcessReference, SHCreateThreadRef, SHSetThreadRef, IUnknown_SetSite, SHRegGetValueW, SHGetValueW, SHSetValueW, SHDeleteValueW, SHCreateThread, SetCurrentProcessExplicitAppUserModelID, SHQueryValueExW, SHOpenRegStream2W, IStream_Reset, IStream_Read, SHCreateMemStream, SHAnsiToUnicode, IStream_Write, SHDeleteKeyW, GetDpiForMonitor, SHEnumKeyExW, SHGetThreadRef, SHQueryInfoKeyW, SHCreateStreamOnFileW, SHStrDupA
shell32.dll
DllMain, SHGetPropertyStoreForWindow, SHGetStockIconInfo, Shell_GetCachedImageIndexW, SHGetLocalizedName, SHCreateDataObject, SHCreateShellItemArrayFromShellItem, SHGetKnownFolderPath, SHCreateShellItemArrayFromIDLists, SHBindToFolderIDListParentEx, SHGetFileInfoW, SHCreateItemWithParent, SHGetFolderLocation, SHParseDisplayName, SHGetSpecialFolderPathW, ShellExecuteExW, SHGetKnownFolderIDList, SHBindToObject, SHGetNameFromIDList, SHCreateShellItem, SHGetPathFromIDListW, ShellExecuteW, SHEnableServiceObject, SHGetIDListFromObject, SHChangeNotifyRegisterThread, SHUpdateRecycleBinIcon, SHCreateItemFromIDList, SHFileOperationW, SHGetFolderPathEx, SHGetPathFromIDListA, SHGetFolderPathW, SHBindToParent, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, SHChangeNotify, SHCreateItemFromParsingName, DragQueryFileW, SHGetSpecialFolderLocation, SHBindToFolderIDListParent, SHGetDesktopFolder, DuplicateIcon, SHGetFolderPathAndSubDirW, SHOpenWithDialog, SHCreateAssociationRegistration, SHCreateItemInKnownFolder, SHAppBarMessage, SHGetKnownFolderItem, SHGetItemFromObject, SetCurrentProcessExplicitAppUserModelID, SHCreateShellItemArray
shlwapi.dll
DllMain, SHStrDupA, StrCmpW, PathCommonPrefixW, PathRemoveExtensionW, PathIsFileSpecW, StrRetToStrW, AssocCreate, StrRetToBufW, PathStripToRootW, AssocQueryStringW, PathQuoteSpacesW, SHDeleteKeyW, SHRegGetUSValueW, SHOpenRegStream2W, PathRemoveFileSpecW, SHRegGetBoolUSValueW, PathGetDriveNumberW, PathFileExistsW, PathIsDirectoryW, PathFindExtensionW, StrChrIW, PathAppendW, SHDeleteValueW, SHSetValueW, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathGetArgsW, PathFindFileNameW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, PathCombineW, SHRegGetValueW, StrToIntW, StrChrW, SHStrDupW, PathIsNetworkPathW, StrTrimW, StrCmpNW, SHQueryInfoKeyW, SHCreateStreamOnFileW, PathIsPrefixW, StrCmpIW, PathParseIconLocationW, PathIsRootW, AssocQueryKeyW, PathStripPathW, ChrCmpIW, StrStrIW, StrDupW, SHRegOpenUSKeyW, SHRegQueryUSValueW, PathMatchSpecW, SHQueryValueExW, StrPBrkW
slc.dll
SLGetWindowsInformationDWORD, SLUnregisterWindowsEvent, SLRegisterWindowsEvent
sspicli.dll
GetUserNameExW
user32.dll
DllMain
userenv.dll
GetProfileType
uxtheme.dll
BeginBufferedPaint, IsCompositionActive, IsAppThemed, GetThemeMetric, CloseThemeData, OpenThemeData, SetWindowTheme, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, DrawThemeParentBackground, GetWindowTheme, GetThemePartSize, GetThemeBackgroundContentRect, EndBufferedPaint, GetThemeMargins, DrawThemeTextEx, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, GetThemeColor, GetThemeBool, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, GetThemeBackgroundExtent, GetThemeFont, GetThemeInt, GetCurrentThemeName
wtsapi32.dll
WTSFreeMemory, WTSQuerySessionInformationW

explorer.exe

Windows Explorer by Microsoft Corporation (Signed)

Remove explorer.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   d8717966e9ee372b3c2c02c1e00ed2ca
SHA1:   bdc9ef726965a5cbba32034ab072159e20667b1f
SHA256:   0edb37b031db8461a95ce6fdaece39a5a7a7f3a5b258482edb2e9c7e16d1082c
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is explorer.exe?

Windows Explorer also known as File Explorer, is a file manager application and also a navigation tool that is included with releases of the Microsoft Windows operating system. It provides a graphical user interface for accessing the file systems. It is also the component of the operating system that presents many user interface items on the monitor such as the taskbar and desktop. Located in the C:\Windows directory, it is sometimes referred to as the Windows shell, explorer.exe.

Overview

explorer.exe executes as a process with the local user's privileges typically within the context of its parent syntpenh.exe (Synaptics Pointing Device Driver by Synaptics Incorporated). It configures an autoplay handler withing explorer.exe named MSOpenFolder that will launch the program automatically. The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows 7 and is compiled as a 64 bit program.

DetailsDetails

File name:explorer.exe
Publisher:Microsoft Corporation
Product name:Windows Explorer
Description:Microsoft® Windows® Operating System
Typical file path:C:\windows\explorer.exe
Original name:EXPLORER.EXE.MUI
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:2.77 MB (2,903,552 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Tuesday, July 9, 2013
Digital DNA
Entropy:5.934229
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • SHCmdFile
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
  • Handler name 'MSOpenFolderBackup'
  • Handler name 'MSOpenFolder'
Scheduled tasks
  • The task '{AD36F1D3-E56E-44BA-A569-280718EB8C51}' runs on registration in the path '\{AD36F1D3-E56E-44BA-A569-280718EB8C51}'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00030946%
0.028634%
Kernel CPU:0.00025737%
0.013761%
User CPU:0.00005209%
0.014873%
Kernel CPU time:55,630 ms/min
100,923,805ms/min
Memory
Private memory:58.35 MB
21.59 MB
Private (maximum):86.9 MB
Private (minimum):9.88 MB
Non-paged memory:58.35 MB
21.59 MB
Virtual memory:510.11 MB
140.96 MB
Virtual memory (peak):540.01 MB
169.69 MB
Working set:37.81 MB
18.61 MB
Working set (peak):87.96 MB
37.95 MB
Resource allocations
Threads:38
12
Handles:1155
600
GUI GDI count:886
103
GUI GDI peak:922
142
GUI USER count:391
49
GUI USER peak:480
71

BehaviorsProcess properties

Tray notification:Yes
Integrety level:Undefined
Platform:64-bit
Command line:"explorer.exe"
Owner:User
Parent process:syntpenh.exe (Synaptics Pointing Device Driver by Synaptics Incorporated)

ResourcesThreads

Averages
 
explorer.exe (main module)
Total CPU:0.02574977%
0.272967%
Kernel CPU:0.01134642%
0.107585%
User CPU:0.01440335%
0.165382%
CPU cycles:702,174/sec
5,741,424/sec
Memory:2.78 MB
1.16 MB
ntdll.dll
Total CPU:0.02357159%
Kernel CPU:0.01525963%
User CPU:0.00831195%
CPU cycles:558,085/sec
Memory:1.66 MB
pnidui.dll
Total CPU:0.01175721%
Kernel CPU:0.00411502%
User CPU:0.00764218%
CPU cycles:275,747/sec
Memory:1.82 MB
SHLWAPI.dll
Total CPU:0.00574760%
Kernel CPU:0.00345525%
User CPU:0.00229235%
CPU cycles:313,645/sec
Memory:452 KB
Wlanapi.dll
Total CPU:0.00054051%
Kernel CPU:0.00039163%
User CPU:0.00014888%
CPU cycles:19,221/sec
Memory:128 KB
WINMM.dll
Total CPU:0.00008475%
Kernel CPU:0.00002825%
User CPU:0.00005650%
CPU cycles:1,067/sec
Memory:236 KB
ole32.dll
Total CPU:0.00002755%
Kernel CPU:0.00002755%
User CPU:0.00000000%
CPU cycles:1,043/sec
Memory:2.01 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Home Premium 36.00%
Windows 8.1 Pro 14.00%
Windows 7 Ultimate 12.00%
Windows 8.1 10.50%
Windows 7 Professional 6.50%
Windows 8 6.50%
Windows 8.1 Single Language 6.00%
Windows 8.1 N 4.00%
Windows 8 Single Language 2.50%
Windows 8.1 Pro with Media Center 2.00%

Distribution by countryDistribution by country

United States installs about 51.50% of Windows Explorer.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 23.75%
ASUS 23.33%
Dell 14.17%
Toshiba 13.33%
Acer 12.08%
Lenovo 6.67%
Alienware 3.33%
Samsung 3.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE