Should I block it?
No, this file is 100% safe to run.
Relationships
Parent processes
Child processes
 PE file structure
|
Show functions |
Import table
advapi32.dll
GetUserNameA
kernel32.dll
DuplicateHandle, GetCurrentProcess, CloseHandle, ExitProcess, CreateProcessA, WaitForSingleObject, OpenMutexA, GetModuleHandleA, GetStartupInfoA, GetModuleFileNameA, CreateMutexA, GetLastError
msvcrt.dll
DllMain
shlwapi.dll
PathAppendA, PathRemoveFileSpecA
user32.dll
KillTimer, WaitForInputIdle, EnableWindow, IsIconic, SendMessageA, GetSystemMetrics, GetClientRect, DrawIcon, SetTimer, LoadIconA
wrtmon.exe
NsWrtMon Application by Newsoft Technology Company (Signed)
| Version: | 1, 0, 0, 1 |
| MD5: | b8b1a3f5efa0dbe88eab41a7110b9a31 |
| SHA1: | bc2a826051144ea0f5a23836d72d2accc60bd40c |
| SHA256: | 2a786d77485ce494222131da3dd2aca6e1a8ae812b3312db90eb80bc324bd79a |
Overview
wrtmon.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by Newsoft Technology Company which was issued by the VeriSign certificate authority (CA).
Details
| File name: | wrtmon.exe |
| Publisher: | NewSoft Technology Corporation |
| Product name: | NsWrtMon Application |
| Description: | NsWrtMon Microsoft Base Class Application |
| Typical file path: | C:\Windows\System32\spool\drivers\w32x86\3\wrtmon.exe |
| Original name: | NsWrtMon.EXE |
| File version: | 1, 0, 0, 1 |
| Size: | 25.83 KB (26,448 bytes) |
| Certificate |
| Issued to: | Newsoft Technology Company |
| Authority (CA): | VeriSign |
| Expiration date: | Wednesday, May 5, 2010 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'WrtMon.exe' → C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00012693% | |
| Kernel CPU: | 0.00007333% | |
| User CPU: | 0.00005360% | |
| Kernel CPU time: | 130 ms/min | |
| CPU cycles: | 587,078/sec | |
| Context switches: | 18/sec | |
| Memory |
| Private memory: | 1.65 MB | |
| Private (maximum): | 5.7 MB | |
| Private (minimum): | 5.4 MB | |
| Non-paged memory: | 1.65 MB | |
| Virtual memory: | 61.38 MB | |
| Virtual memory (peak): | 65.21 MB | |
| Working set: | 5.44 MB | |
| Working set (peak): | 5.71 MB | |
| Page faults: | 1,534/min | |
| I/O |
| I/O read transfer: | 73 Bytes/sec | |
| I/O read operations: | 1/sec | |
| I/O other transfer: | 10 Bytes/sec | |
| I/O other operations: | 1/sec | |
| Resource allocations |
| Threads: | 1 | |
| Handles: | 65 | |
| GUI GDI count: | 17 | |
| GUI GDI peak: | 22 | |
| GUI USER count: | 14 | |
| GUI USER peak: | 16 | |
Process properties
| Integrety level: | Medium |
| Platform: | 64-bit |
| Command lines: |
- "C:\Windows\System32\spool\drivers\x64\3\wrtmon.exe"
- C:\Windows\System32\spool\drivers\x64\3\wrtmon.exe
- "C:\Windows\System32\spool\drivers\w32x86\3\wrtmon.exe"
|
| Owner: | User |
| Parent processes: |
|
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
75.00% |
|
| Windows 7 Starter |
25.00% |
|
Distribution by country
United States installs about 75.00% of NsWrtMon Application.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
66.67% |
|
| Hewlett-Packard |
33.33% |
|
