IMTCLNWZ.EXE
- File Path:
C:\WINDOWS\SysWOW64\IME\IMETC\IMTCLNWZ.EXE - Description: IMTCLNWZ.exe
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 5BD726946842EEE3DBCBBA2934004FCD |
| SHA1 | E15A73EA0E690B13D6666AD6A0F56FE89D32251A |
| SHA256 | AE67EBD3D23D8E6E8C02E1248B8B3BC8F068559ACCF6A9CE5951134FB363210A |
| SHA384 | 6E46D33998BE9AA0201E0D957B2B7E9ACE6940E355DC16645ECF4E6F42BD9F1B6DC0BEC5BF1BB903C3BDB70C9D89F593 |
| SHA512 | C4D041A562DBE2503C323AB404DAF012DD26B1CE740BFB93F3549D1F74FD6F940C4AEC734FBBC38E1B2F8E06CDB975B9E694A29269E25C724DA9C86468375728 |
| SSDEEP | 3072:1+qkdJXlFEwnR/Zoh1SXpYHzZHmt9PQ7/aNTNqcvB:1/mNnRBiQCxmt27/alwcvB |
| IMP | DAEF8FE2739BF03F27AE8421A3543D38 |
| PESHA1 | 65DB30605945105519FF6E3BCE82CABD0F9C75A3 |
| PE256 | B8B89287B213AB87147529AD434539B6E449E80D103811D661E7420AA2D56557 |
Runtime Data
Child Processes:
perfmon.exe
Window Title:
ANSI
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (RW-) C:\Windows | File |
| (RW-) C:\Windows\SysWOW64 | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.22000.1_none_6ec7c6847ea94424 | File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_e541a94fcce8ed6d | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \Sessions\2\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\Windows\Theme1077709572 | Section |
| \Windows\Theme3461253685 | Section |
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\System32\wow64.dll |
| C:\WINDOWS\System32\wow64base.dll |
| C:\WINDOWS\System32\wow64con.dll |
| C:\WINDOWS\System32\wow64cpu.dll |
| C:\WINDOWS\System32\wow64win.dll |
| C:\WINDOWS\SysWOW64\IME\IMETC\IMTCLNWZ.EXE |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: IMTCLNWZ.exe
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.22000.1 (WinBuild.160101.0800)
- Product Version: 10.0.22000.1
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/ae67ebd3d23d8e6e8c02e1248b8b3bc8f068559accf6a9ce5951134fb363210a/detection
MIT License. Copyright (c) 2020-2021 Strontic.