Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 1.66%
6.3.9600.16384 (winblue_rtm.130821-1623) 2.70%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.22%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.04%
6.2.9200.16384 (win8_rtm.120725-1247) 0.74%
6.2.9200.16384 (win8_rtm.120725-1247) 0.57%
6.2.9200.16384 (win8_rtm.120725-1247) 0.13%
6.2.9200.16384 (win8_rtm.120725-1247) 11.54%
6.2.9200.16384 (win8_rtm.120725-1247) 1.44%
6.2.9200.16384 (win8_rtm.120725-1247) 0.74%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.09%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.09%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.04%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.09%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 32.67%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 16.94%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.09%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.04%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.04%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.04%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 2.87%
6.1.7600.16385 (win7_rtm.090713-1255) 2.35%
6.1.7600.16385 (win7_rtm.090713-1255) 2.44%
6.1.7600.16385 (win7_rtm.090713-1255) 1.00%
View more

Relationships

Child processes
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
TraceMessage, EventWrite, EventEnabled, InitiateShutdownW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, QueryTraceW, EnableTrace, ControlTraceW, StartTraceW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegDeleteValueW, EventRegister, EventUnregister, EventWriteEndScenario, EventWriteStartScenario, EventActivityIdControl, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyW, GetTokenInformation, OpenProcessToken, ConvertStringSidToSidW, LsaFreeMemory, LsaGetUserName, RevertToSelf, ImpersonateLoggedOnUser, CloseEventLog, GetEventLogInformation, OpenEventLogW, RegisterEventSourceW, DeregisterEventSource, LsaNtStatusToWinError, RegCreateKeyExW, CheckTokenMembership, DuplicateTokenEx, ConvertSidToStringSidW, CreateProcessAsUserW, AllocateLocallyUniqueId, ReportEventW, LogonUserW, RegSetKeySecurity, RegDeleteKeyW, RegGetValueA, EqualSid, CredFree, NotifyServiceStatusChangeW, NotifyBootConfigStatus, CreateWellKnownSid, LookupAccountSidW, RegDeleteTreeW, OpenSCManagerW, RegEnumKeyExW, CloseServiceHandle, OpenServiceW, QueryServiceConfigW, QueryServiceStatus, MD5Init, MD5Update, MD5Final, CredReadByTokenHandle, CheckForHiberboot, LsaOpenPolicy, LsaAddPrivilegesToAccount, LsaCreateAccount, LsaOpenAccount, LsaClose, LookupAccountNameW, LsaSetSystemAccessAccount
api-ms-win-base-bootconfig-l1-1-0.dll
NotifyBootConfigStatus
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-appcompat-l1-1-1.dll
BaseInitAppcompatCacheSupport
api-ms-win-core-datetime-l1-1-1.dll
GetTimeFormatW, GetDateFormatW
api-ms-win-core-debug-l1-1-1.dll
DebugBreak, IsDebuggerPresent
api-ms-win-core-delayload-l1-1-1.dll
DelayLoadFailureHook, ResolveDelayLoadedAPI
api-ms-win-core-errorhandling-l1-1-0.dll
UnhandledExceptionFilter, SetLastError, SetErrorMode, SetUnhandledExceptionFilter, GetLastError
api-ms-win-core-errorhandling-l1-1-1.dll
SetUnhandledExceptionFilter, SetErrorMode, GetLastError, UnhandledExceptionFilter, SetLastError
api-ms-win-core-file-l1-1-1.dll
FileTimeToSystemTime, CompareFileTime, ReadFile, CreateFileW, GetShortPathNameW, GetFileAttributesW
api-ms-win-core-file-l1-2-0.dll
ReadFile, GetShortPathNameW, CompareFileTime, GetFileAttributesW, CreateFileW
api-ms-win-core-file-l1-2-1.dll
GetFileAttributesW, CreateFileW, CompareFileTime, GetShortPathNameW, ReadFile
api-ms-win-core-file-l2-1-0.dll
MoveFileExW
api-ms-win-core-file-l2-1-1.dll
MoveFileExW
api-ms-win-core-handle-l1-1-0.dll
CloseHandle, DuplicateHandle
api-ms-win-core-heap-l1-1-0.dll
HeapSize, HeapFree, GetProcessHeap, HeapAlloc, HeapSetInformation
api-ms-win-core-heap-l1-2-0.dll
GetProcessHeap, HeapSize, HeapFree, HeapSetInformation, HeapAlloc
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalReAlloc, LocalSize, LocalFree, LocalAlloc
api-ms-win-core-interlocked-l1-1-0.dll
InterlockedCompareExchange, InterlockedDecrement, InterlockedIncrement, InterlockedExchange
api-ms-win-core-interlocked-l1-1-1.dll
InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, InterlockedIncrement
api-ms-win-core-interlocked-l1-2-0.dll
InterlockedExchange, InterlockedIncrement, InterlockedDecrement, InterlockedCompareExchange
api-ms-win-core-job-l2-1-0.dll
QueryInformationJobObject, TerminateJobObject, AssignProcessToJobObject, CreateJobObjectW, SetInformationJobObject
api-ms-win-core-kernel32-legacy-l1-1-1.dll
GetComputerNameW, RegisterWaitForSingleObject, UnregisterWait, GetStartupInfoA
api-ms-win-core-libraryloader-l1-1-1.dll
LoadLibraryExW, GetModuleHandleA, FindResourceExW, GetProcAddress, FreeLibrary, LoadResource, LockResource, GetModuleHandleW, GetModuleFileNameW, LoadStringW
api-ms-win-core-localization-l1-1-1.dll
FormatMessageW, GetThreadUILanguage
api-ms-win-core-localization-l1-2-0.dll
FormatMessageW, GetThreadUILanguage
api-ms-win-core-localization-l1-2-1.dll
FormatMessageW, GetThreadUILanguage
api-ms-win-core-localregistry-l1-1-0.dll
RegCloseKey, RegOpenKeyExW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, RegSetValueExW, RegCreateKeyExW, RegSetKeySecurity, RegDeleteKeyExW, RegQueryValueExW
api-ms-win-core-memory-l1-1-1.dll
VirtualAlloc, VirtualUnlock, VirtualLock, VirtualFree
api-ms-win-core-memory-l1-1-2.dll
VirtualAlloc, VirtualFree, VirtualLock, VirtualUnlock, GetProcessWorkingSetSizeEx, SetProcessWorkingSetSizeEx
api-ms-win-core-processenvironment-l1-1-0.dll
SearchPathW, ExpandEnvironmentStringsW, GetCommandLineW, SetEnvironmentVariableW
api-ms-win-core-processenvironment-l1-1-1.dll
SetEnvironmentVariableW, ExpandEnvironmentStringsW, SearchPathW, GetCommandLineW
api-ms-win-core-processenvironment-l1-2-0.dll
SearchPathW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-1.dll
OpenProcessToken, GetProcessTimes, ExitProcess, CreateThread, GetCurrentProcessId, SetThreadToken, GetCurrentThreadId, CreateRemoteThread, GetExitCodeProcess, CreateProcessW, CreateProcessAsUserW, ResumeThread, OpenThreadToken, SetPriorityClass, GetCurrentProcess, GetProcessId, TerminateThread, SetThreadPriority, GetCurrentThread, OpenProcess, TerminateProcess, IsProcessorFeaturePresent
api-ms-win-core-processthreads-l1-1-2.dll
TerminateThread, SetPriorityClass, GetCurrentProcess, SetThreadPriority, CreateProcessAsUserW, ResumeThread, OpenThreadToken, ExitProcess, TerminateProcess, GetProcessId, OpenProcess, CreateRemoteThread, GetCurrentThread, GetCurrentThreadId, GetProcessTimes, OpenProcessToken, GetCurrentProcessId, GetExitCodeProcess, CreateProcessW, CreateThread, SetThreadToken
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-psapi-l1-1-0.dll
QueryFullProcessImageNameW
api-ms-win-core-registry-l1-1-0.dll
RegSetKeySecurity, RegFlushKey, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegDeleteTreeW, RegQueryInfoKeyW, RegEnumValueW, RegGetValueA, RegEnumKeyExW, RegOpenCurrentUser, RegSetValueExW, RegCreateKeyExW, RegDeleteKeyExW, RegDeleteValueW, RegGetValueW
api-ms-win-core-shutdown-l1-1-1.dll
InitiateShutdownW
api-ms-win-core-string-l1-1-0.dll
CompareStringW, WideCharToMultiByte
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrlenW
api-ms-win-core-synch-l1-1-1.dll
InitializeCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, ResetEvent, EnterCriticalSection, ReleaseSRWLockShared, InitializeSRWLock, AcquireSRWLockShared, SleepEx, WaitForSingleObject, CreateEventW, SetEvent, OpenEventW, Sleep, WaitForSingleObjectEx
api-ms-win-core-synch-l1-2-0.dll
EnterCriticalSection, DeleteCriticalSection, ResetEvent, LeaveCriticalSection, SleepEx, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryEnterCriticalSection, ReleaseSRWLockShared, OpenEventW, WaitForSingleObject, CreateEventW, InitializeSRWLock, SetEvent, WaitForSingleObjectEx, InitializeCriticalSection, AcquireSRWLockShared, Sleep
api-ms-win-core-sysinfo-l1-1-1.dll
GetSystemTimeAsFileTime, GetSystemWindowsDirectoryW, GetSystemDirectoryW, SystemTimeToTzSpecificLocalTime, GetVersionExW, GetTickCount64, GetTickCount
api-ms-win-core-sysinfo-l1-2-0.dll
GetTickCount64, GetVersionExW, GetSystemTimeAsFileTime, GetTickCount, GetSystemWindowsDirectoryW, GetSystemDirectoryW
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount, GetSystemDirectoryW, GetTickCount64, GetSystemWindowsDirectoryW, GetVersionExW, GetSystemTimeAsFileTime
api-ms-win-core-threadpool-l1-1-1.dll
CreateTimerQueueTimer, QueueUserWorkItem, UnregisterWaitEx, DeleteTimerQueueTimer
api-ms-win-core-threadpool-l1-2-0.dll
CreateThreadpool, CreateThreadpoolWork, SetThreadpoolThreadMinimum, SetThreadpoolThreadMaximum, SubmitThreadpoolWork, TrySubmitThreadpoolCallback, CreateThreadpoolCleanupGroup, CloseThreadpool, CloseThreadpoolCleanupGroupMembers, CloseThreadpoolCleanupGroup, CloseThreadpoolWork
api-ms-win-core-threadpool-legacy-l1-1-0.dll
DeleteTimerQueueTimer, CreateTimerQueueTimer, QueueUserWorkItem, UnregisterWaitEx
api-ms-win-core-timezone-l1-1-0.dll
FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime
api-ms-win-core-wow64-l1-1-0.dll
IsWow64Process
api-ms-win-eventing-classicprovider-l1-1-0.dll
TraceMessage
api-ms-win-eventing-controller-l1-1-0.dll
StartTraceW, ControlTraceW, EnableTraceEx2
api-ms-win-eventlog-legacy-l1-1-0.dll
ReportEventW, RegisterEventSourceW, DeregisterEventSource, GetEventLogInformation
api-ms-win-obsolete-kernelbase-l1-1-0.dll
LocalAlloc, lstrlenW, LocalFree
api-ms-win-power-base-l1-1-0.dll
PowerDeterminePlatformRoleEx
api-ms-win-power-setting-l1-1-0.dll
PowerSettingUnregisterNotification, PowerSettingRegisterNotification
api-ms-win-security-base-l1-1-0.dll
GetLengthSid, RevertToSelf, ImpersonateLoggedOnUser, CheckTokenMembership, DuplicateTokenEx, AllocateLocallyUniqueId, EqualSid, CreateWellKnownSid, GetTokenInformation, DuplicateToken, SetTokenInformation, GetSidIdentifierAuthority
api-ms-win-security-base-l1-2-0.dll
RevertToSelf, DuplicateToken, DuplicateTokenEx, CreateWellKnownSid, ImpersonateLoggedOnUser, SetTokenInformation, CheckTokenMembership, GetLengthSid, GetTokenInformation, IsValidSid, GetSidIdentifierAuthority, AllocateLocallyUniqueId, EqualSid
api-ms-win-security-credentials-l1-1-0.dll
CredUnmarshalCredentialW, CredFree
api-ms-win-security-credentials-l2-1-0.dll
CredReadByTokenHandle
api-ms-win-security-lsalookup-l1-1-1.dll
LsaLookupFreeMemory, LookupAccountSidLocalW, LsaLookupManageSidNameMapping
api-ms-win-security-lsalookup-l2-1-0.dll
LookupAccountNameW, LookupAccountSidW
api-ms-win-security-lsalookup-l2-1-1.dll
LookupAccountNameW, LookupAccountSidW
api-ms-win-security-lsapolicy-l1-1-0.dll
LsaClose, LsaStorePrivateData, LsaOpenPolicy
api-ms-win-service-management-l1-1-0.dll
StartServiceW, OpenServiceW, OpenSCManagerW, CloseServiceHandle
api-ms-win-service-management-l2-1-0.dll
QueryServiceConfigW, NotifyServiceStatusChangeW
api-ms-win-service-winsvc-l1-2-0.dll
QueryServiceStatus
kernel32.dll
DllMain, RegDeleteTreeW, RegEnumKeyExW, CreateProcessInternalW, BaseInitAppcompatCacheSupport, SleepEx, GetFileAttributesW, SetTimerQueueTimer, CreateRemoteThread, GetThreadUILanguage, GetVersionExW, GetTickCount64, WideCharToMultiByte, DebugBreak, UnhandledExceptionFilter, GetCurrentThreadId, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, LoadLibraryExA, DelayLoadFailureHook, GetSystemDirectoryW, SetInformationJobObject, WaitForMultipleObjects, CreateThread, SetErrorMode, CreateFileW, ReadFile, GetModuleHandleW, GetProcessId, OpenEventW, CreateTimerQueueTimer, DeleteTimerQueueTimer, CreateProcessW, SearchPathW, AssignProcessToJobObject, TerminateProcess, GetTickCount, CompareFileTime, ResumeThread, FileTimeToSystemTime, SystemTimeToTzSpecificLocalTime, GetTimeFormatW, VirtualLock, GetProcessWorkingSetSize, SetProcessWorkingSetSize, VirtualUnlock, VirtualFree, CreateJobObjectW, GetCommandLineW, TerminateJobObject, ResetEvent, InterlockedCompareExchange, GetComputerNameW, InterlockedIncrement, InterlockedDecrement, DuplicateHandle, QueryInformationJobObject, RegisterWaitForSingleObject, OpenProcess, UnregisterWait, QueryFullProcessImageNameW, GetExitCodeProcess, GetProcessHeap, SetEnvironmentVariableW, CompareStringW, GetShortPathNameW, lstrlenW, ExpandEnvironmentStringsW, VirtualAlloc, GetCurrentProcessId, HeapSetInformation, LoadLibraryW, GetProcAddress, FreeLibrary, WaitForSingleObjectEx, InterlockedExchange, UnregisterWaitEx, Sleep, GetSystemTimeAsFileTime, MoveFileExW, LocalSize, LocalReAlloc, CreateEventW, SetEvent, CloseHandle, WaitForSingleObject, GetModuleFileNameW, LocalAlloc, LocalFree, SetLastError, FormatMessageW, FindResourceExW, LoadResource, LockResource, GetCurrentProcess, SetPriorityClass, GetCurrentThread, SetThreadPriority, HeapSize, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, GetLastError, RegGetValueA, GetDateFormatW, LoadLibraryA, MultiByteToWideChar, GetSystemInfo, lstrcmpW, IsWow64Process, ResolveDelayLoadedAPI, QueueUserWorkItem, GetComputerNameExW
msvcrt.dll
DllMain
ntdll.dll
RtlEnterCriticalSection, EtwTraceMessage, NtShutdownSystem, RtlNtStatusToDosError, NtClose, NtQueryInformationToken, NtOpenProcessToken, WinSqmStartSession, WinSqmEndSession, EtwEventWrite, EtwEventEnabled, RtlGetNtProductType, NtQuerySystemInformation, NtSystemDebugControl, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, RtlRemovePrivileges, EtwEventRegister, EtwEventUnregister, RtlDeleteCriticalSection, WinSqmSetDWORD, RtlpVerifyAndCommitUILanguageSettings, EtwEventWriteEndScenario, EtwEventWriteStartScenario, EtwEventActivityIdControl, NtOpenThreadToken, RtlCompareUnicodeString, RtlInitUnicodeStringEx, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlInitUnicodeString, RtlInitializeCriticalSection, RtlLengthSid, RtlInitString, NtAllocateLocallyUniqueId, WinSqmAddToStream, RtlDestroyEnvironment, TpSimpleTryPost, TpReleaseWork, TpWaitForWork, TpReleaseWait, TpWaitForWait, TpSetWait, TpPostWork, TpAllocWork, TpAllocWait, RtlExpandEnvironmentStrings_U, RtlCreateEnvironment, NtSetInformationToken, NtCreateToken, RtlAdjustPrivilege, TpWaitForTimer, RtlGetDaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, NtAdjustPrivilegesToken, NtDuplicateToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, TpReleaseTimer, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, NtCreateEvent, RtlNtStatusToDosErrorNoTeb, RtlCopySid, RtlOpenCurrentUser, RtlFreeSid, NtSetSecurityObject, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, RtlTimeToSecondsSince1980, TpSetTimer, TpAllocTimer, NtOpenDirectoryObject, NtInitiatePowerAction, RtlFreeUnicodeString, RtlDuplicateUnicodeString, NtFilterToken, RtlEqualSid, RtlLeaveCriticalSection, DbgBreakPoint, NtSetInformationProcess, DbgPrint, RtlFreeHeap, RtlAllocateHeap, NtOpenFile, RtlGUIDFromString, RtlStringFromGUID, NtOpenKey, NtEnumerateKey, NtQueryKey, NtQueryAttributesFile, NtUnloadKey, NtLoadKey, RtlSetOwnerSecurityDescriptor, RtlLengthSecurityDescriptor, RtlAddAccessAllowedAceEx, NtCreateKey, NtDeleteValueKey, NtQueryValueKey, NtSetValueKey, NtDeleteKey, LdrGetProcedureAddress, RtlInitAnsiString, LdrGetDllHandle, NtResetEvent, NtWaitForSingleObject, NtDeviceIoControlFile, RtlGetVersion, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, NtAllocateUuids, RtlConnectToSm, RtlSendMsgToSm, WinSqmIsOptedIn, RtlCompareMemory, RtlInitializeResource, RtlAcquireResourceExclusive, RtlReleaseResource, RtlDeleteResource, RtlLockBootStatusData, NtPowerInformation, RtlGetSetBootStatusData, RtlUnlockBootStatusData, RtlRegisterWait, RtlDeregisterWait, RtlGetAce, RtlAppendUnicodeToString, RtlCaptureStackBackTrace, NtSetEvent, NtOpenEvent, NtUnmapViewOfSection, DbgPrintEx, DbgPrompt, NtRequestPort, NtConnectPort, NtRequestWaitReplyPort, NtGetCachedSigningLevel, WinSqmSetString, RtlCopyLuid
powrprof.dll
PowerDeterminePlatformRoleEx, PowerSettingUnregisterNotification, PowerSettingRegisterNotification
psapi.dll
EnumProcessModules, GetModuleBaseNameW
rpcrt4.dll
RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcMgmtIsServerListening, RpcStringFreeW, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetAuthInfoExW, UuidFromStringW, NdrAsyncClientCall, RpcServerUnsubscribeForNotification, RpcServerSubscribeForNotification, I_RpcBindingIsClientLocal, RpcServerUnregisterIf, RpcBindingVectorFree, RpcEpUnregister, RpcServerListen, RpcEpRegisterW, RpcServerInqBindings, RpcServerRegisterIfEx, RpcServerUseProtseqW, NdrServerCall2, NdrAsyncServerCall, RpcRaiseException, RpcServerInqCallAttributesW, RpcServerTestCancel, I_RpcMapWin32Status, NdrClientCall2, RpcBindingCreateW, RpcBindingBind, RpcBindingUnbind, RpcBindingFree, I_RpcExceptionFilter, RpcAsyncAbortCall, RpcAsyncCompleteCall, RpcServerUseProtseqEpW, I_RpcBindingInqLocalClientPID, RpcImpersonateClient, RpcRevertToSelf
samcli.dll
NetUserGetInfo, NetUserGetInternetIdentityInfo
secur32.dll
LsaCallAuthenticationPackage, LsaFreeReturnBuffer, SeciAllocateAndSetIPAddress, SeciAllocateAndSetCallFlags, LsaLogonUser, SeciFreeCallContext, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaGetLogonSessionData, ChangeAccountPasswordW, GetUserNameExW
user32.dll
CloseDesktop, FindWindowW, EnumWindows, RealGetWindowClassW, ShowWindow, DialogBoxParamW, GetDlgItemTextW, EndDialog, LoadImageW, GetDlgItem, SetThreadDesktop, LockWindowStation, UnlockWindowStation, SetWindowStationUser, UpdatePerUserSystemParameters, GetUserObjectInformationW, OpenInputDesktop, MessageBoxW, GetSystemMetrics, ExitWindowsEx, GetAsyncKeyState, CancelShutdown, CreateDesktopW, SystemParametersInfoW, GetKeyState, GetLastInputInfo, SetForegroundWindow, SetWindowPos, GetDesktopWindow, GetParent, GetWindowLongW, SwitchDesktopWithFade, LoadLocalFonts, RegisterLogonProcess, GetWindowRect, LoadStringW, SendMessageW, CreateWindowStationW, SetProcessWindowStation, CloseWindowStation, SetUserObjectSecurity, SwitchDesktop, EnumDisplayDevicesW, WaitForInputIdle, DwmLockScreenUpdates, LoadCursorW, CopyIcon, SetSystemCursor, DestroyCursor, RegisterSessionProcess
userenv.dll
GetUserProfileDirectoryW, GetAllUsersProfileDirectoryW
winsta.dll
WinStationGetUserCredentials, WinStationDisconnect, WinStationIsSessionRemoteable, _WinStationWaitForConnect, WinStationIsSessionPermitted, WinStationQueryInformationW, WinStationFreeMemory, WinStationNegotiateSession, WinStationFreeUserCredentials, WinStationReportUIResult, WinStationRedirectErrorMessage, WinStationPreCreateGlassReplacementSession, WinStationTerminateGlassReplacementSession
wtsapi32.dll
WTSQuerySessionInformationW, WTSFreeMemory

winlogon.exe

Windows Logon Application by Microsoft

Remove winlogon.exe
Version:   5.1.2600.5512 (xpsp.080413-2113)
MD5:   ed0ef0a136dec83df69f04118870003e
SHA1:   f77a7cd78877527023ebfb35e83b75ef59d3df07
SHA256:   45377cb8e9f0120f836fc8261c711f7dbf7199117afb3652ebf100d5f0429b1e
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is winlogon.exe?

Winlogon is the component of Windows that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running (requiring another authentication step).

About winlogon.exe (from Microsoft)

Winlogon handles interface functions that are independent of authentication policy. It creates the desktops for the window station, implements time-out operations, and provides a set of support functi

DetailsDetails

File name:winlogon.exe
Publisher:Microsoft Corporation
Product name:Windows Logon Application
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\winlogon.exe
Original name:WINLOGON.EXE.MUI
File version:5.1.2600.5512 (xpsp.080413-2113)
Product version:5.1.2600.5512
Size:496 KB (507,904 bytes)
Digital DNA
Entropy:6.338183
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Windows\system32\winlogon.exe'
Network connections
Access through an approved Windows firewall exception
  • [UDP] listens on port 1044
  • [UDP] listens on port 1053
  • [UDP] listens on port 1052
  • [UDP] listens on port 1082
  • [UDP] listens on port 1056
  • [UDP] listens on port 1058

  • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.01137645%
    0.028634%
    Kernel CPU:0.00598869%
    0.013761%
    User CPU:0.00538777%
    0.014873%
    Kernel CPU time:35,632 ms/min
    100,923,805ms/min
    Context switches:7/sec
    284/sec
    Memory
    Private memory:8.06 MB
    21.59 MB
    Private (maximum):7.12 MB
    Private (minimum):2.28 MB
    Non-paged memory:8.06 MB
    21.59 MB
    Virtual memory:57.89 MB
    140.96 MB
    Virtual memory (peak):64.37 MB
    169.69 MB
    Working set:5.56 MB
    18.61 MB
    Working set (peak):18.14 MB
    37.95 MB
    Page faults:62,557/min
    2,039/min
    I/O
    I/O read transfer:17.87 KB/sec
    1.02 MB/min
    I/O read operations:7/sec
    343/min
    I/O write transfer:53.33 KB/sec
    274.99 KB/min
    I/O write operations:7/sec
    227/min
    I/O other transfer:1.41 KB/sec
    448.09 KB/min
    I/O other operations:40/sec
    1,671/min
    Resource allocations
    Threads:20
    12
    Handles:534
    600
    GUI GDI count:45
    103
    GUI USER count:15
    49

    BehaviorsProcess properties

    Integrety level:Undefined
    Platform:32-bit
    Command lines:
    • winlogon.exe
    Owner:SYSTEM
    Parent process:smss.exe (Windows NT Session Manager by Microsoft)

    ResourcesThreads

    Averages
     
    MSVCR70.dll
    Total CPU:0.27156252%
    0.272967%
    Kernel CPU:0.12931549%
    0.107585%
    User CPU:0.14224703%
    0.165382%
    Context switches:13/sec
    79/sec
    Memory:336 KB
    1.16 MB
    sfc_os.dll
    Total CPU:0.05920303%
    Kernel CPU:0.02952382%
    User CPU:0.02967921%
    Memory:168 KB
    npggNT.des
    Total CPU:0.02082032%
    Kernel CPU:0.00000000%
    User CPU:0.02082032%
    Memory:284 KB
    ntdll.dll
    Total CPU:0.00554447%
    Kernel CPU:0.00123545%
    User CPU:0.00430901%
    Memory:712 KB
    RPCRT4.dll
    Total CPU:0.00394058%
    Kernel CPU:0.00197029%
    User CPU:0.00197029%
    Memory:588 KB
    wlnotify.dll (Common DLL to receive Winlogon notifications by Microsoft)
    Total CPU:0.00234799%
    Kernel CPU:0.00027153%
    User CPU:0.00207646%
    Memory:104 KB
    WINMM.dll
    Total CPU:0.00184952%
    Kernel CPU:0.00173250%
    User CPU:0.00011702%
    Memory:180 KB
    odbcint.dll
    Total CPU:0.00040432%
    Kernel CPU:0.00028389%
    User CPU:0.00012043%
    Memory:92 KB
    USERENV.dll
    Total CPU:0.00020846%
    Kernel CPU:0.00016344%
    User CPU:0.00004503%
    Memory:720 KB
    wdmaud.drv
    Total CPU:0.00011538%
    Kernel CPU:0.00000000%
    User CPU:0.00011538%
    Memory:36 KB
    MSVCR80.dll
    Total CPU:0.00009861%
    Kernel CPU:0.00009102%
    User CPU:0.00000759%
    Memory:620 KB
    wgalogon.dll (Microsoft Genuine Advantage by Microsoft)
    Total CPU:0.00006213%
    Kernel CPU:0.00003728%
    User CPU:0.00002485%
    Memory:240 KB

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 8.1 23.00%
    Windows 7 Home Premium 23.00%
    Windows 8.1 Pro 10.50%
    Windows 7 Ultimate 10.50%
    Windows 8 5.50%
    Windows 8.1 Single Language 5.00%
    Windows 8 Single Language 3.50%
    Windows 8 Pro 3.50%
    Windows 8.1 Pro with Media Center 2.50%
    Windows Vista Home Premium 2.50%
    Windows 7 Professional 2.50%
    Windows 7 Home Basic 1.50%
    Windows 8 Enterprise N 1.00%
    Windows 8 Enterprise 1.00%
    Windows 8.1 N 0.50%
    Windows Seven Black Edition 0.50%
    Windows 8.1 Enterprise Evaluation 0.50%
    Windows 7 Starter 0.50%
    Windows 8.1 Enterprise 0.50%
    Windows 8.1 Pro Preview 0.50%
    Windows Vista Home Basic 0.50%
    23 other Windows OS version

    Distribution by countryDistribution by country

    United States installs about 39.50% of Windows Logon Application.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    ASUS 19.62%
    Dell 18.11%
    Hewlett-Packard 14.72%
    Lenovo 12.08%
    Acer 11.70%
    Toshiba 9.06%
    Intel 3.02%
    Sony 3.02%
    GIGABYTE 2.64%
    Alienware 2.26%
    Samsung 1.89%
    Medion 1.51%
    Sahara 0.38%
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE