winlogon.exe
Windows Logon Application by Microsoft
| Version: | 5.1.2600.5512 (xpsp.080413-2113) |
| MD5: | ed0ef0a136dec83df69f04118870003e |
| SHA1: | f77a7cd78877527023ebfb35e83b75ef59d3df07 |
| SHA256: | 45377cb8e9f0120f836fc8261c711f7dbf7199117afb3652ebf100d5f0429b1e |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is winlogon.exe?
Winlogon is the component of Windows that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running (requiring another authentication step).
About winlogon.exe (from Microsoft)
“Winlogon handles interface functions that are independent of authentication policy. It creates the desktops for the window station, implements time-out operations, and provides a set of support functi”
Details
| File name: | winlogon.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Windows Logon Application |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\winlogon.exe |
| Original name: | WINLOGON.EXE.MUI |
| File version: | 5.1.2600.5512 (xpsp.080413-2113) |
| Product version: | 5.1.2600.5512 |
| Size: | 496 KB (507,904 bytes) |
| Digital DNA |
| Entropy: | 6.338183 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\winlogon.exe'
Network connections
Access through an approved Windows firewall exception
[UDP] listens on port 1044
[UDP] listens on port 1053
[UDP] listens on port 1052
[UDP] listens on port 1082
[UDP] listens on port 1056
[UDP] listens on port 1058
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.01137645% | |
| Kernel CPU: | 0.00598869% | |
| User CPU: | 0.00538777% | |
| Kernel CPU time: | 35,632 ms/min | |
| Context switches: | 7/sec | |
| Memory |
| Private memory: | 8.06 MB | |
| Private (maximum): | 7.12 MB | |
| Private (minimum): | 2.28 MB | |
| Non-paged memory: | 8.06 MB | |
| Virtual memory: | 57.89 MB | |
| Virtual memory (peak): | 64.37 MB | |
| Working set: | 5.56 MB | |
| Working set (peak): | 18.14 MB | |
| Page faults: | 62,557/min | |
| I/O |
| I/O read transfer: | 17.87 KB/sec | |
| I/O read operations: | 7/sec | |
| I/O write transfer: | 53.33 KB/sec | |
| I/O write operations: | 7/sec | |
| I/O other transfer: | 1.41 KB/sec | |
| I/O other operations: | 40/sec | |
| Resource allocations |
| Threads: | 20 | |
| Handles: | 534 | |
| GUI GDI count: | 45 | |
| GUI USER count: | 15 | |
Process properties
Threads
Averages
| MSVCR70.dll |
| Total CPU: | 0.27156252% | |
| Kernel CPU: | 0.12931549% | |
| User CPU: | 0.14224703% | |
| Context switches: | 13/sec | |
| Memory: | 336 KB | |
| sfc_os.dll |
| Total CPU: | 0.05920303% | |
| Kernel CPU: | 0.02952382% | |
| User CPU: | 0.02967921% | |
| Memory: | 168 KB | |
| npggNT.des |
| Total CPU: | 0.02082032% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.02082032% | |
| Memory: | 284 KB | |
| ntdll.dll |
| Total CPU: | 0.00554447% | |
| Kernel CPU: | 0.00123545% | |
| User CPU: | 0.00430901% | |
| Memory: | 712 KB | |
| RPCRT4.dll |
| Total CPU: | 0.00394058% | |
| Kernel CPU: | 0.00197029% | |
| User CPU: | 0.00197029% | |
| Memory: | 588 KB | |
| wlnotify.dll (Common DLL to receive Winlogon notifications by Microsoft) |
| Total CPU: | 0.00234799% | |
| Kernel CPU: | 0.00027153% | |
| User CPU: | 0.00207646% | |
| Memory: | 104 KB | |
| WINMM.dll |
| Total CPU: | 0.00184952% | |
| Kernel CPU: | 0.00173250% | |
| User CPU: | 0.00011702% | |
| Memory: | 180 KB | |
| odbcint.dll |
| Total CPU: | 0.00040432% | |
| Kernel CPU: | 0.00028389% | |
| User CPU: | 0.00012043% | |
| Memory: | 92 KB | |
| USERENV.dll |
| Total CPU: | 0.00020846% | |
| Kernel CPU: | 0.00016344% | |
| User CPU: | 0.00004503% | |
| Memory: | 720 KB | |
| wdmaud.drv |
| Total CPU: | 0.00011538% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.00011538% | |
| Memory: | 36 KB | |
| MSVCR80.dll |
| Total CPU: | 0.00009861% | |
| Kernel CPU: | 0.00009102% | |
| User CPU: | 0.00000759% | |
| Memory: | 620 KB | |
| wgalogon.dll (Microsoft Genuine Advantage by Microsoft) |
| Total CPU: | 0.00006213% | |
| Kernel CPU: | 0.00003728% | |
| User CPU: | 0.00002485% | |
| Memory: | 240 KB | |
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 |
23.00% |
|
| Windows 7 Home Premium |
23.00% |
|
| Windows 8.1 Pro |
10.50% |
|
| Windows 7 Ultimate |
10.50% |
|
| Windows 8 |
5.50% |
|
| Windows 8.1 Single Language |
5.00% |
|
| Windows 8 Single Language |
3.50% |
|
| Windows 8 Pro |
3.50% |
|
| Windows 8.1 Pro with Media Center |
2.50% |
|
| Windows Vista Home Premium |
2.50% |
|
| Windows 7 Professional |
2.50% |
|
| Windows 7 Home Basic |
1.50% |
|
| Windows 8 Enterprise N |
1.00% |
|
| Windows 8 Enterprise |
1.00% |
|
| Windows 8.1 N |
0.50% |
|
| Windows Seven Black Edition |
0.50% |
|
| Windows 8.1 Enterprise Evaluation |
0.50% |
|
| Windows 7 Starter |
0.50% |
|
| Windows 8.1 Enterprise |
0.50% |
|
| Windows 8.1 Pro Preview |
0.50% |
|
| Windows Vista Home Basic |
0.50% |
|
| 23 other Windows OS version |
Distribution by country
United States installs about 39.50% of Windows Logon Application.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| ASUS |
19.62% |
|
| Dell |
18.11% |
|
| Hewlett-Packard |
14.72% |
|
| Lenovo |
12.08% |
|
| Acer |
11.70% |
|
| Toshiba |
9.06% |
|
| Intel |
3.02% |
|
| Sony |
3.02% |
|
| GIGABYTE |
2.64% |
|
| Alienware |
2.26% |
|
| Samsung |
1.89% |
|
| Medion |
1.51% |
|
| Sahara |
0.38% |
|
