Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.17031 (winblue_gdr.140221-1952) 1.69%
6.3.9600.17031 (winblue_gdr.140221-1952) 0.28%
6.3.9600.17031 (winblue_gdr.140221-1952) 0.00%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.59%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.00%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.40%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.08%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.08%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.00%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.08%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.16%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.00%
6.2.9200.16496 (win8_gdr.130108-1504) 2.16%
6.2.9200.16496 (win8_gdr.130108-1504) 0.32%
6.2.9200.16496 (win8_gdr.130108-1504) 0.29%
6.2.9200.16496 (win8_gdr.130108-1504) 3.16%
6.2.9200.16496 (win8_gdr.130108-1504) 1.37%
6.2.9200.16496 (win8_gdr.130108-1504) 0.13%
6.2.9200.16496 (win8_gdr.130108-1504) 0.00%
6.2.9200.16496 (win8_gdr.130108-1504) 0.55%
6.2.9200.16496 (win8_gdr.130108-1504) 0.00%
6.2.9200.16496 (win8_gdr.130108-1504) 0.00%
6.2.9200.16451 (win8_gdr.121105-1502) 0.07%
6.2.9200.16451 (win8_gdr.121105-1502) 2.24%
6.2.9200.16451 (win8_gdr.121105-1502) 0.16%
View more

Relationships

Hosts
Parent processes
Child process

PE structurePE file structure

Show functions
Import table
api-ms-win-core-debug-l1-1-0.dll
OutputDebugStringW, OutputDebugStringA
api-ms-win-core-errorhandling-l1-1-0.dll
SetLastError, SetErrorMode, RaiseException, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetLastError
api-ms-win-core-file-l1-1-0.dll
GetFileAttributesExW, GetVolumeInformationW, GetLogicalDrives, GetFileSize, GetShortPathNameW, GetFileAttributesA, GetDriveTypeW, ReadFile, SetFilePointer, CompareFileTime, WriteFile, RemoveDirectoryW, CreateDirectoryW, DeleteFileW, SetFileAttributesW, GetFileAttributesW, QueryDosDeviceW, CreateFileW, GetFileSizeEx, SetFileTime, GetDiskFreeSpaceW, GetLongPathNameW, FindClose, FindNextFileW, GetDiskFreeSpaceExW, FindFirstFileW, FindCloseChangeNotification, GetFullPathNameW, FindNextChangeNotification, FindFirstChangeNotificationW, FlushFileBuffers, GetVolumePathNameW, GetFileInformationByHandle, GetTempFileNameW, FileTimeToSystemTime, FindFirstFileExW, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, SetEndOfFile
api-ms-win-core-handle-l1-1-0.dll
CloseHandle, DuplicateHandle
api-ms-win-core-heap-l1-1-0.dll
HeapAlloc, GetProcessHeap, HeapDestroy, HeapReAlloc, HeapFree
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedExchange, InterlockedDecrement, InterlockedIncrement, InterlockedCompareExchange, InterlockedCompareExchange64
api-ms-win-core-io-l1-1-0.dll
CancelIoEx, GetOverlappedResult, DeviceIoControl
api-ms-win-core-libraryloader-l1-1-0.dll
GetModuleFileNameW, FreeResource, LoadResource, LoadStringW, FreeLibrary, GetModuleHandleW, LoadStringA, GetProcAddress, LoadLibraryExA, FreeLibraryAndExitThread, DisableThreadLibraryCalls, LoadLibraryExW, SizeofResource, GetModuleHandleExW, LockResource
api-ms-win-core-localization-l1-1-0.dll
FindNLSString, GetCPInfoExW, GetLocaleInfoEx, GetSystemDefaultLangID, GetCPInfo, GetLocaleInfoW, GetACP, LCMapStringW, GetThreadLocale, GetUserDefaultLCID, GetThreadUILanguage, GetSystemDefaultLCID, VerLanguageNameW, GetOEMCP
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegEnumValueW, RegDeleteKeyExW, RegDeleteValueW, RegGetValueW, RegQueryInfoKeyW, RegQueryInfoKeyA, RegEnumKeyExW, RegDeleteTreeW, RegOpenKeyExA, RegOpenCurrentUser, RegQueryValueExA, RegQueryValueExW
api-ms-win-core-memory-l1-1-0.dll
UnmapViewOfFile, VirtualProtect, CreateFileMappingW, OpenFileMappingW, ReadProcessMemory, VirtualFree, VirtualAlloc, VirtualQuery, MapViewOfFile
api-ms-win-core-misc-l1-1-0.dll
lstrlenA, Wow64DisableWow64FsRedirection, GlobalAlloc, GlobalFree, Sleep, IsWow64Process, lstrcmpiA, lstrcmpA, LocalReAlloc, FormatMessageW, LocalFree, LocalAlloc, lstrlenW, lstrcmpiW, lstrcmpW, Wow64RevertWow64FsRedirection
api-ms-win-core-processenvironment-l1-1-0.dll
ExpandEnvironmentStringsW, FreeEnvironmentStringsW, GetCurrentDirectoryW, GetEnvironmentVariableW, SearchPathW, SetEnvironmentVariableW, SetCurrentDirectoryW, GetEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll
ExitProcess, TerminateProcess, GetExitCodeProcess, GetCurrentThread, OpenThreadToken, GetExitCodeThread, GetThreadId, OpenThread, SetThreadPriority, GetThreadPriority, InitializeProcThreadAttributeList, ResumeThread, GetStartupInfoW, GetProcessTimes, TlsAlloc, TlsFree, ProcessIdToSessionId, GetCurrentProcessId, TlsGetValue, TlsSetValue, CreateThread, GetCurrentProcess, OpenProcessToken, GetCurrentThreadId, DeleteProcThreadAttributeList, CreateProcessAsUserW, SetThreadToken, CreateProcessW
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceFrequency, QueryPerformanceCounter
api-ms-win-core-string-l1-1-0.dll
WideCharToMultiByte, MultiByteToWideChar, CompareStringOrdinal, GetStringTypeExW, CompareStringEx, GetStringTypeW, CompareStringW
api-ms-win-core-synch-l1-1-0.dll
ReleaseSRWLockExclusive, CreateEventW, ResetEvent, WaitForSingleObject, ReleaseSemaphore, SetEvent, DeleteCriticalSection, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, CreateMutexW, TryEnterCriticalSection, InitializeSRWLock, OpenMutexW, OpenProcess, AcquireSRWLockShared, ReleaseSRWLockShared, ReleaseMutex, OpenEventW, AcquireSRWLockExclusive, SetWaitableTimer
api-ms-win-core-sysinfo-l1-1-0.dll
GetVersionExW, SystemTimeToFileTime, GetSystemInfo, GetSystemTime, GetTickCount, GetSystemTimeAsFileTime, GetSystemDirectoryW, GetTickCount64, GetSystemWindowsDirectoryW, GetLocalTime, GlobalMemoryStatusEx, GetComputerNameExW, GetWindowsDirectoryW
api-ms-win-security-base-l1-1-0.dll
AddAccessAllowedAce, GetSecurityDescriptorControl, GetLengthSid, InitializeAcl, AddAce, GetAclInformation, GetAce, DeleteAce, QuerySecurityAccessMask, GetKernelObjectSecurity, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetSidSubAuthorityCount, GetSidLengthRequired, AdjustTokenPrivileges, GetSidSubAuthority, GetSidIdentifierAuthority, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, IsWellKnownSid, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, ImpersonateSelf, RevertToSelf, AllocateAndInitializeSid, FreeSid, CreateWellKnownSid, CheckTokenMembership, GetFileSecurityW, AccessCheck, EqualSid, GetTokenInformation, SetFileSecurityW, SetSecurityDescriptorOwner, DuplicateTokenEx, CopySid, IsValidSid, DuplicateToken, AddAccessAllowedAceEx, AddAccessDeniedAceEx, SetTokenInformation, InitializeSid
gdi32.dll
GetViewportOrgEx, GetClipBox, CreateRectRgn, GetClipRgn, IntersectClipRect, SelectClipRgn, SetMetaFileBitsEx, PlayMetaFile, DeleteMetaFile, LPtoDP, SetStretchBltMode, StretchBlt, GetTextAlign, SetTextAlign, SetMapMode, SetViewportOrgEx, SetWindowExtEx, SetViewportExtEx, CreatePolygonRgn, MoveToEx, LineTo, GetCurrentObject, CreatePen, Rectangle, GetTextColor, GdiTransparentBlt, CreateBitmap, TextOutW, CreateDIBSection, GdiFlush, GetPixel, GdiAlphaBlend, GetDeviceCaps, GetTextExtentPointW, SetBkMode, OffsetWindowOrgEx, SetWindowOrgEx, EnumFontFamiliesA, AddFontResourceW, CreateFontA, GetLayout, SetLayout, CreateCompatibleBitmap, SetFontEnumeration, GetTextFaceW, CreateDCW, EnumFontFamiliesExW, GetTextExtentPoint32W, CreateFontIndirectW, GetObjectW, GetTextMetricsW, PatBlt, CreateCompatibleDC, BitBlt, DeleteDC, SetTextColor, SetBkColor, SelectObject, GetNearestColor, PlgBlt, GetObjectType, GetWindowOrgEx, CreateRectRgnIndirect, RestoreDC, SaveDC, GetDIBColorTable, ExtTextOutW, CreateFontW, TextOutA, GetTextExtentPoint32A, CreateSolidBrush, GetStockObject, TranslateCharsetInfo, DeleteObject
kernel32.dll
ResolveLocaleName, LocaleNameToLCID, AssignProcessToJobObject, TerminateThread, GetProcessId, CreateIoCompletionPort, SetInformationJobObject, GetQueuedCompletionStatus, IsProcessInJob, CreateJobObjectW, ExpandEnvironmentStringsA, GetAtomNameW, FindResourceExW, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, LocalFileTimeToFileTime, FileTimeToLocalFileTime, LoadLibraryA, GetPhysicallyInstalledSystemMemory, FlushInstructionCache, QueueUserWorkItem, CloseThreadpoolTimer, CreateThreadpoolTimer, SetThreadpoolTimer, CreateHardLinkW, CreateTimerQueueTimer, DeleteTimerQueueTimer, GetSystemWow64DirectoryW, GetProductInfo, FindAtomW, CancelSynchronousIo, UnregisterWait, GlobalFlags, SetVolumeLabelW, WaitForMultipleObjects, CreateSemaphoreW, LocalSize, RegisterWaitForSingleObject, UnregisterWaitEx, WritePrivateProfileStringW, WritePrivateProfileSectionW, QueryFullProcessImageNameW, GetPrivateProfileSectionNamesW, ActivateActCtx, DeactivateActCtx, DosDateTimeToFileTime, FileTimeToDosDateTime, GlobalGetAtomNameW, FindResourceW, GetComputerNameW, MoveFileExW, EnumResourceNamesW, LoadLibraryW, GetPrivateProfileStringW, MulDiv, GetPrivateProfileIntW, GetProfileIntW, GetShortPathNameA, GlobalUnlock, GlobalLock, GlobalReAlloc, DelayLoadFailureHook, GetTempPathW, GetDateFormatW, PowerClearRequest, PowerSetRequest, PowerCreateRequest, CheckElevationEnabled, GetProfileSectionW, GetVolumeNameForVolumeMountPointW, GlobalSize, ReplaceFileW, MoveFileW, QueryActCtxW, GlobalDeleteAtom, GlobalAddAtomW, GetNativeSystemInfo, CreateActCtxW, ReleaseActCtx, CheckElevation, Wow64EnableWow64FsRedirection, GetBinaryTypeW, GetCompressedFileSizeW, CopyFileW, WerpNotifyUseStringResource, CreateWaitableTimerW, ReadDirectoryChangesW, GetFileInformationByHandleEx, WTSGetActiveConsoleSessionId, GetPrivateProfileSectionW, GetVolumePathNamesForVolumeNameW, InitOnceExecuteOnce, GetSystemPreferredUILanguages
kernelbase.dll
EnumSystemLocalesEx, GetNumberFormatW, LCIDToLocaleName, GetUserDefaultUILanguage, EnumUILanguagesW, NotifyRedirectedStringChange, IsDBCSLeadByte
msvcrt.dll
DllMain
ntdll.dll
RtlFreeHeap, RtlUnicodeStringToOemString, NtSetInformationFile, NtOpenFile, RtlInitUnicodeString, RtlDosPathNameToNtPathName_U_WithStatus, NtQueryInformationFile, RtlNtStatusToDosError, NtCreateFile, NtClose, NtFsControlFile, EtwEventWrite, RtlGetLastNtStatus, RtlExpandEnvironmentStrings_U, RtlInitUnicodeStringEx, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlDestroyEnvironment, RtlSetCurrentEnvironment, RtlCreateEnvironment, NtQueryLicenseValue, WinSqmIncrementDWORD, EtwTraceMessage, EtwEventEnabled, WinSqmAddToStream, RtlMapGenericMask, NtQueryInformationProcess, NtQueryInformationToken, NtOpenProcessToken, NtSetInformationToken, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwEventRegister, EtwEventUnregister, NtQuerySystemInformation, RtlGetNtProductType, WinSqmIsOptedIn, NtQueryVolumeInformationFile, NtSetInformationThread, NtQueryInformationThread, WinSqmSetDWORD, wcsncpy_s, wcscat_s, RtlFreeUnicodeString, RtlCreateUnicodeString, RtlRandomEx, NtQueryDirectoryFile, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, RtlReleaseRelativeName, RtlDosPathNameToRelativeNtPathName_U, NtSetSecurityObject, NtSetEaFile, NtQuerySecurityObject, NtQueryEaFile, RtlDowncaseUnicodeString, RtlOemStringToUnicodeString, RtlInitString, RtlDosPathNameToNtPathName_U, ShipAssert, NtQueryObject, EtwLogTraceEvent, NtOpenThreadToken, RtlPrefixString
shlwapi.dll
DllMain
user32.dll
DllMain
Export table
AppCompat_RunDLLW
AssocCreateForClasses
AssocGetDetailsOfPropKey
CDefFolderMenu_Create2
CheckEscapesW
CIDLData_CreateFromIDArray
CommandLineToArgvW
Control_RunDLL
Control_RunDLLA
Control_RunDLLAsUserW
Control_RunDLLW
DAD_AutoScroll
DAD_DragEnterEx
DAD_DragEnterEx2
DAD_DragLeave
DAD_DragMove
DAD_SetDragImage
DAD_ShowDragImage
DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllInstall
DllRegisterServer
DllUnregisterServer
DoEnvironmentSubstA
DoEnvironmentSubstW
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DragQueryFileW
DragQueryPoint
DriveType
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconA
ExtractIconEx
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
FreeIconList
GetCurrentProcessExplicitAppUserModelID
GetFileNameFromBrowse
ILAppendID
ILClone
ILCloneFirst
ILCombine
ILCreateFromPath
ILCreateFromPathA
ILCreateFromPathW
ILFindChild
ILFindLastID
ILFree
ILGetNext
ILGetSize
ILIsEqual
ILIsParent
ILLoadFromStreamEx
ILRemoveLastID
ILSaveToStream
InitNetworkAddressControl
InternalExtractIconListA
InternalExtractIconListW
IsLFNDrive
IsLFNDriveA
IsLFNDriveW
IsNetDrive
IsUserAnAdmin
LaunchMSHelp_RunDLLW
OpenAs_RunDLL
OpenAs_RunDLLA
OpenAs_RunDLLW
OpenRegStream
Options_RunDLL
Options_RunDLLA
Options_RunDLLW
PathCleanupSpec
PathGetShortPath
PathIsExe
PathIsSlowA
PathIsSlowW
PathMakeUniqueName
PathQualify
PathResolve
PathYetAnotherMakeUniqueName
PickIconDlg
PifMgr_CloseProperties
PifMgr_GetProperties
PifMgr_OpenProperties
PifMgr_SetProperties
PrepareDiscForBurnRunDllW
PrintersGetCommand_RunDLL
PrintersGetCommand_RunDLLA
PrintersGetCommand_RunDLLW
ReadCabinetState
RealDriveType
RealShellExecuteA
RealShellExecuteExA
RealShellExecuteExW
RealShellExecuteW
RegenerateUserEnvironment
RestartDialog
RestartDialogEx
RunAsNewUser_RunDLLW
SetCurrentProcessExplicitAppUserModelID
SHAddDefaultPropertiesByExt
SHAddFromPropSheetExtArray
SHAddToRecentDocs
SHAlloc
SHAppBarMessage
SHAssocEnumHandlers
SHAssocEnumHandlersForProtocolByApplication
SHBindToFolderIDListParent
SHBindToFolderIDListParentEx
SHBindToObject
SHBindToParent
SHBrowseForFolder
SHBrowseForFolderA
SHBrowseForFolderW
SHChangeNotification_Lock
SHChangeNotification_Unlock
SHChangeNotify
SHChangeNotifyDeregister
SHChangeNotifyRegister
SHChangeNotifyRegisterThread
SHChangeNotifySuspendResume
SHCloneSpecialIDList
SHCLSIDFromString
SHCoCreateInstance
SHCreateAssociationRegistration
SHCreateDataObject
SHCreateDefaultContextMenu
SHCreateDefaultExtractIcon
SHCreateDefaultPropertiesOp
SHCreateDirectory
SHCreateDirectoryExA
SHCreateDirectoryExW
SHCreateFileExtractIconW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHCreateItemFromRelativeName
SHCreateItemInKnownFolder
SHCreateItemWithParent
SHCreateLocalServerRunDll
SHCreateProcessAsUserW
SHCreatePropSheetExtArray
SHCreateQueryCancelAutoPlayMoniker
SHCreateShellFolderView
SHCreateShellFolderViewEx
SHCreateShellItem
SHCreateShellItemArray
SHCreateShellItemArrayFromDataObject
SHCreateShellItemArrayFromIDLists
SHCreateShellItemArrayFromShellItem
SHCreateStdEnumFmtEtc
SHDefExtractIconA
SHDefExtractIconW
SHDestroyPropSheetExtArray
SHDoDragDrop
SheChangeDirA
SheChangeDirExW
SheGetDirA
Shell_GetCachedImageIndex
Shell_GetCachedImageIndexA
Shell_GetCachedImageIndexW
Shell_GetImageLists
Shell_MergeMenus
Shell_NotifyIcon
Shell_NotifyIconA
Shell_NotifyIconGetRect
Shell_NotifyIconW
ShellAboutA
ShellAboutW
ShellExec_RunDLL
ShellExec_RunDLLA
ShellExec_RunDLLW
ShellExecuteA
ShellExecuteEx
ShellExecuteExA
ShellExecuteExW
ShellExecuteW
ShellHookProc
ShellMessageBoxA
ShellMessageBoxW
SHEmptyRecycleBinA
SHEmptyRecycleBinW
SHEnableServiceObject
SHEnumerateUnreadMailAccountsW
SheSetCurDrive
SHEvaluateSystemCommandTemplate
SHExtractIconsW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFind_InitMenuPopup
SHFindFiles
SHFlushSFCache
SHFormatDrive
SHFree
SHFreeNameMappings
SHGetAttributesFromDataObject
SHGetDataFromIDListA
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHGetDiskFreeSpaceExA
SHGetDiskFreeSpaceExW
SHGetDriveMedia
SHGetFileInfo
SHGetFileInfoA
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetFolderPathAndSubDirA
SHGetFolderPathAndSubDirW
SHGetFolderPathEx
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetIDListFromObject
SHGetImageList
SHGetInstanceExplorer
SHGetItemFromDataObject
SHGetItemFromObject
SHGetKnownFolderIDList
SHGetKnownFolderItem
SHGetKnownFolderPath
SHGetLocalizedName
SHGetMalloc
SHGetNameFromIDList
SHGetNewLinkInfo
SHGetNewLinkInfoA
SHGetNewLinkInfoW
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetPathFromIDListEx
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetPropertyStoreFromIDList
SHGetPropertyStoreFromParsingName
SHGetRealIDL
SHGetSetFolderCustomSettings
SHGetSetSettings
SHGetSettings
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHGetTemporaryPropertyForItem
SHGetUnreadMailCountW
SHHandleUpdateImage
SHHelpShortcuts_RunDLL
SHHelpShortcuts_RunDLLA
SHHelpShortcuts_RunDLLW
SHILCreateFromPath
SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHIsFileAvailableOffline
SHLimitInputEdit
SHLoadInProc
SHLoadNonloadedIconOverlayIdentifiers
SHMapPIDLToSystemImageListIndex
SHMultiFileProperties
SHObjectProperties
SHOpenFolderAndSelectItems
SHOpenPropSheetW
SHOpenWithDialog
SHParseDisplayName
SHPathPrepareForWriteA
SHPathPrepareForWriteW
SHPropStgCreate
SHPropStgReadMultiple
SHPropStgWriteMultiple
SHQueryRecycleBinA
SHQueryRecycleBinW
SHQueryUserNotificationState
SHRemoveLocalizedName
SHReplaceFromPropSheetExtArray
SHResolveLibrary
SHRestricted
SHSetDefaultProperties
SHSetFolderPathA
SHSetFolderPathW
SHSetInstanceExplorer
SHSetKnownFolderPath
SHSetLocalizedName
SHSetTemporaryPropertyForItem
SHSetUnreadMailCountW
SHShellFolderView_Message
SHShowManageLibraryUI
SHSimpleIDListFromPath
SHStartNetConnectionDialogW
SHTestTokenMembership
SHUpdateImageA
SHUpdateImageW
SHUpdateRecycleBinIcon
SHValidateUNC
SignalFileOpen
StgMakeUniqueName
StrChrA
StrChrIA
StrChrIW
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrCmpNW
StrNCmpA
StrNCmpIA
StrNCmpIW
StrNCmpW
StrRChrA
StrRChrIA
StrRChrIW
StrRChrW
StrRStrA
StrRStrIA
StrRStrIW
StrRStrW
StrStrA
StrStrIA
StrStrIW
StrStrW
WaitForExplorerRestartW
Win32DeleteFile
WOWShellExecute
WriteCabinetState

shell32.dll

Windows Shell Common Dll by Microsoft Corporation (Signed)

Remove shell32.dll
Version:   6.1.7601.17514 (win7sp1_rtm.101119-1850)
MD5:   c6689007b3a749c49a5438dcf36e0ce4
SHA1:   bfb396ee24bb44f34a91fe0c854f6e1bad3db20e
SHA256:   492504464293c176ad2a87f4be9b362a5716c26f49deea5f6dd3bafdf9aaaf8f
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is shell32.dll?

The Windows common shell DLL files (such as Shell32) are operating system (OS) files that contain vital information about the OS and your PC's hardware configuration. The Windows shell is the main graphical user interface in Microsoft Windows, today hosted by Windows Explorer. The Windows shell includes well-known Windows components such as the Taskbar and the Start menu.

About shell32.dll (from Microsoft Corporation)

The Windows shell desktop is an array of icons, rendered behind all open windows and taking up the space left by the taskbar.

Overview

shell32.dll executes as a process with the local user's privileges typically within the hosted context of rundll32.exe (Windows host process (Rundll32) by Microsoft). It configures an autoplay handler withing explorer.exe named MSCDBurningOnArrival that will launch the program automatically. The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows 7 and is compiled as a 64 bit program.

DetailsDetails

File name:shell32.dll
Publisher:Microsoft Corporation
Product name:Windows Shell Common Dll
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\shell32.dll
Original name:SHELL32.DLL.MUI
File version:6.1.7601.17514 (win7sp1_rtm.101119-1850)
Product version:6.1.7601.17514
Size:13.52 MB (14,172,672 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Expiration date:Tuesday, July 9, 2013
Digital DNA
PE subsystem:Windows GUI
Entropy:6.247305
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Shell open commands
  • themefile
  • msstylesfile
Context menu handlers
Located in '*\shellex\ContextMenuHandlers'
  • CLSID: {645FF040-5081-101B-9F08-00AA002F954E}
  • Name: 'New'
  • CLSID: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
  • CLSID: {90AA3A4E-1CBA-4233-B8BB-535773D48449}
  • Name: 'Open With EncryptionMenu'
  • Name: 'Open With'
Search handlers
  • ShellSearch
Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
  • Handler name 'MSCDBurningOnArrival'
Copy hook handlers
  • FileSystem
Approved shell extensions
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
  • 'Window TXT Preview Handler' with CLSID {1531d583-8375-4d3f-b5fb-d23bbd169f22}
  • 'Microsoft Windows RTF Preview Handler' with CLSID {a42c2ccb-67d3-46fa-abe6-7d2f3488c7a3}
  • 'Client application shell extension' with CLSID {25585dc7-4da0-438d-ad04-e42c8d2d64b9}
  • 'Control Panel' with CLSID {21ec2020-3aea-1069-a2dd-08002b30309d}
  • 'Programs Folder and Fast Items' with CLSID {865e5e76-ad83-4dca-a109-50dc2113ce9a}
  • '.cpl, .dll, .exe, .ocx, .rll or .sys files' with CLSID {66742402-F9B9-11D1-A202-0000F81FEDEE}
  • '.fon, .otf, .ttc or .ttf files' with CLSID {0AFCCBA6-BF90-4A4E-8482-0AC960981F5B}
  • 'Shortcut' with CLSID {00021401-0000-0000-C000-000000000046}
  • 'Layout Folder' with CLSID {328B0346-7EAF-4BBE-A479-7CB88A095F5B}
  • 'Command Folder' with CLSID {437ff9c0-a07f-4fa0-af80-84b6c6440a16}
  • 'Search Folders' with CLSID {b2952b16-0e07-4e5a-b993-58c52cb94cae}
  • 'Explorer Browser' with CLSID {71f96385-ddd6-48d3-a0c1-ae06e8b055fb}
  • 'Tree property value folder' with CLSID {708e1662-b832-42a8-bbe1-0a77121e3908}
  • 'Summary Info Thumbnail handler (DOCFILES)' with CLSID {9DBD2C50-62AD-11d0-B806-00C04FD706EC}
  • 'Alphabetical Categorizer' with CLSID {3c2654c6-7372-4f6b-b310-55d6128f49d2}
Internet Explorer web browsers
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser'
  • CLSID: {0E5CBF21-D15F-11D0-8301-00AA005B4383}

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00547147%
0.028634%
Kernel CPU:0.00385027%
0.013761%
User CPU:0.00162120%
0.014873%
Kernel CPU time:78,038 ms/min
100,923,805ms/min
CPU cycles:3,429/sec
17,470,203/sec
Memory
Private memory:2.59 MB
21.59 MB
Private (maximum):8.74 MB
Private (minimum):7.19 MB
Non-paged memory:2.59 MB
21.59 MB
Virtual memory:67.27 MB
140.96 MB
Virtual memory (peak):69.84 MB
169.69 MB
Working set:7.23 MB
18.61 MB
Working set (peak):8.55 MB
37.95 MB
Page faults:3,233/min
2,039/min
I/O
I/O read transfer:4 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O other transfer:12 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:3
12
Handles:79
600
GUI GDI count:17
103
GUI GDI peak:18
142
GUI USER count:7
49
GUI USER peak:12
71

BehaviorsProcess properties

Integrety level:Medium
Platform:64-bit
Command lines:
  • C:\Windows\System32\rundll32.exe shell32.dll,shcreatelocalserverrundll {995c996e-d918-4a8c-a302-45719a6f4ea7} -embedding
  • "C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,control_rundll C:\Windows\System32\inetcpl.cpl
  • "C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,openas_rundll C:\users\user\appdata\local\elevateddiagnostics\460911090\2013013121.001\c0e2fc0b-1952-47ee-b3ab-eaca3e6dabbf.repair.admin.0.etl
  • C:\Windows\System32\rundll32.exe shell32.dll,shcreatelocalserverrundll {3eef301f-b596-4c0b-bd92-013beafce793} -embedding
Owner:User
Parent processes:

ResourcesThreads

Averages
 
rundll32.exe (Windows host process (Rundll32) by Microsoft)
Total CPU:0.00044063%
0.272967%
Kernel CPU:0.00015505%
0.107585%
User CPU:0.00028557%
0.165382%
CPU cycles:10,955/sec
5,741,424/sec
Memory:60 KB
1.16 MB
SHLWAPI.dll
Total CPU:0.00008840%
Kernel CPU:0.00000000%
User CPU:0.00008840%
CPU cycles:2,093/sec
Memory:452 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 Pro 35.00%
Windows 8.1 28.00%
Windows 8.1 Single Language 15.00%
Windows 7 Ultimate 12.00%
Windows 8.1 Pro with Media Center 5.00%
Windows 8.1 N 5.00%

Distribution by countryDistribution by country

United States installs about 33.00% of Windows Shell Common Dll.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 37.04%
Acer 20.37%
Dell 14.81%
Hewlett-Packard 13.89%
Lenovo 9.26%
Alienware 4.63%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE