wstraceutil.exe

  • File Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\wstraceutil.exe
  • Description: Windows Web Services API Trace Utility Tool

Hashes

Type Hash
MD5 DDB1305AA759C380480B8FB84C4D97F2
SHA1 E9656D1E0228ED7C48D77324296788BD952827E5
SHA256 AAE274556FD2C0454F1A2E0C8796AD4F2F4DCECA82423BB71E257A87A502A743
SHA384 4FF89B623F85B0771A17C3D9D2938A98CAA572CD5F6D84DEEC0C3C97AA69AD5475C4E803BED7AF0D0AF8B6A6BA97BE00
SHA512 5AAB8CE2898CB5C6A63D2A8F3395FC2B32ED236ACF29656A854B27C2AEEC067E0CA90B7CE00865E168855AC88502CD096756F24DD97BE862918B33593512E190
SSDEEP 3072:fwG0AN0jB1ZM9oHL/y7/V6BOMwaoRNCd:oiSBjMiHG7/V0O
IMP D58E380036B627D7FACF45BE65458415
PESHA1 C0FF791957C13E90952FE2E64923688E26C20490
PE256 1A8E595F713529C72BDE80FEB9004740AA24C2432EDABB89816879F6BA11813F

Runtime Data

Usage (stdout):

Connection-specific - Microsoft (R) Windows Web Services API Trace Viewer Tool version 1.0
Copyright (c) Microsoft Corporation 2009.
All rights reserved.

Usage : WsTraceUtil.exe 
-create [all|verbose|message|info|warning|error] - start trace session with specified verbosity level. The default is info. 
-update [all|verbose|message|info|warning|error] - updates trace verbosity level to specified value. The defaul is info. 
-on                                              - turns the trace session on. 
-off                                             - turns the session off. 
-delete                                          - deletes the session. 
-session name                                    - specifies session name. If the parameter is not used, session name is WsTrace. 
-output [filename]                               - dumps trace. If filename is provided, the trace are written to the file. Otherwise to the console screen. To stop the tool use Crtl-C. 
-convert filename                                - reads trace (*.etl) file.

Loaded Modules:

Path
C:\Program Files (x86)\Windows Kits\10\bin\10.0.19041.0\x64\wstraceutil.exe
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\SYSTEM32\ntdll.dll

Signature

  • Status: Signature verified.
  • Serial: 33000002CF6D2CC57CAA65A6D80000000002CF
  • Thumbprint: 1A221B3B4FEF088B17BA6704FD088DF192D9E0EF
  • Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: WsTraceUtil.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.19041.1 (WinBuild.160101.0800)
  • Product Version: 10.0.19041.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: Unknown

MIT License. Copyright (c) 2020-2021 Strontic.