wrtmon.exe
NsWrtMon Application by Newsoft Technology Company (Signed)
Overview
There are 3 versions of wrtmon.exe in the wild, the latest version being 1, 0, 0, 1. wrtmon.exe is run as a standard windows process with the logged in user's account privileges. During installation, a run registry key for all users is added that will cause the program to run each time any user logs on to Windows. The average file size is about 22.03 KB. The file is a digitally signed and issued to Newsoft Technology Company by VeriSign. During the process's lifecycle, the typical CPU resource utilization is about 0.0001% including both foreground and background operations, the average private memory consumption is about 1.33 MB with the maximum memory reaching around 5.07 MB and typical read I/O operations are around 7 Bytes per minute.
 Details
|
| File name: | wrtmon.exe |
| Product name: | NsWrtMon Application |
| Description: | NsWrtMon Microsoft Base Class Application |
| Typical file path: | C:\Windows\System32\spool\drivers\w32x86\3\wrtmon.exe |
| Original name: | NsWrtMon.EXE |
| Certificate |
| Issued to: | Newsoft Technology Company |
| Authority (CA): | VeriSign |
| Expiration date: | Tuesday, May 4, 2010 |
Behaviors
(Note, the behaviors below are for all versions of wrtmon.exe, select a unique version for details.)
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'WrtMon.exe' → C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
All file variations of wrtmon.exe
