TpmTool.exe
- File Path:
C:\WINDOWS\SysWOW64\TpmTool.exe
Hashes
| Type | Hash |
|---|---|
| MD5 | 3696EF95786E631252FCA17E1F2E7710 |
| SHA1 | 763A76E5C5706D5A2E26BCF96682A2C3D8A705A2 |
| SHA256 | D638503D61513EE4FA85BB15D8F1CA2F4B6A17A7EE765522128DE13C43ECC520 |
| SHA384 | 17C833B5FA2CB19F63CFDB021CB8D7A85D6260DE92AB17608E7F7E1CEA27006710E281070F41CBF4828691E05C5668E7 |
| SHA512 | 39C12DB1E5973C0489FA051459EB65A102A821F4CC336484F9C01D5A609B95F8D3FB77F3B6EB0D3DBFCF0021BDA3ECDB29BC21D9FA6309F193B51313C2388B91 |
| SSDEEP | 3072:OM+U2RNKfp8+mS3tC2dNPAGiEQpncsTJDk68j:da7olDPtiEexkt |
| IMP | 247ED4A0824EB459569B62B8B2087E15 |
| PESHA1 | 7FD4D86137C4C64A881AC1B2A4289E0CAFA2A101 |
| PE256 | 28E8764174F23E2E591709D60253955D9481D837318303A6FCA36525820DD0C2 |
Runtime Data
Child Processes:
perfmon.exe
Loaded Modules:
| Path |
|---|
| C:\WINDOWS\SYSTEM32\ntdll.dll |
| C:\WINDOWS\System32\wow64.dll |
| C:\WINDOWS\System32\wow64base.dll |
| C:\WINDOWS\System32\wow64con.dll |
| C:\WINDOWS\System32\wow64win.dll |
| C:\WINDOWS\SysWOW64\TpmTool.exe |
Signature
- Status: Signature verified.
- Serial:
33000002ED2C45E4C145CF48440000000002ED - Thumbprint:
312860D2047EB81F8F58C29FF19ECDB4C634CF6A - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename:
- Product Name:
- Company Name:
- File Version:
- Product Version:
- Language:
- Legal Copyright:
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: Unknown
Additional Info*
*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.
tpmtool
This utility can be used to get information about the Trusted Platform Module (TPM).
[!IMPORTANT] Some information may relate to the pre-released product, which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Syntax
tpmtool /parameter [<arguments>]
Parameters
| Parameter | Description |
|---|---|
| getdeviceinformation | Displays the basic information of the TPM. See the Win32_Tpm::IsReadyInformation method parameters article for details about the information flag values. |
| gatherlogs [output directory path] | Collects TPM logs and places them in the specified directory. If that directory doesn’t exist, it’s created. By default, the log files are placed in the current directory. The possible files generated are:<ul><li>TpmEvents.evtx</li><li>TpmInformation.txt</li><li>SRTMBoot.dat</li><li>SRTMResume.dat</li><li>DRTMBoot.dat</li><li>DRTMResume.dat</li></ul> |
drivertracing [start | stop] |
Starts or stops collecting TPM driver traces. The trace log, TPMTRACE.etl, is created and placed in the current directory. |
| /? | Displays help at the command prompt. |
Examples
To display the basic information of the TPM, type:
tpmtool getdeviceinformation
To collect TPM logs and place them in the current directory, type:
tpmtool gatherlogs
To collect TPM logs and place them in C:\Users\Public, type:
tpmtool gatherlogs C:\Users\Public
To collect TPM driver traces, type:
tpmtool drivertracing start
## Run scenario
tpmtool drivertracing stop
Additional References
MIT License. Copyright (c) 2020-2021 Strontic.