This is a Windows system installed file with Windows File Protection (WFP) enabled.
There are 56 versions of winlogon.exe in the wild, the latest version being 6.3.9600.16384 (winblue_rtm.130821-1623). winlogon.exe is run as a standard windows process with the logged in user's account privileges. The average file size is about 447.21 KB. During the process's lifecycle, the typical CPU resource utilization is about 0.0032% including both foreground and background operations, the average private memory consumption is about 2.37 MB with the maximum memory reaching around 7.85 MB. Addionally, typically read and write I/O disk operations is about 3.82 KB per minute for reads and 44 Bytes per minute for writes.
Winlogon is the component of Windows that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running (requiring another authentication step).
(Note, the behaviors below are for all versions of winlogon.exe, select a unique version for details.)
Exceptions allow programs to access to the Internet through an outbound connections
Based on 40+ industry antivirus scanners, 12 of them detected the following malware.
United States installs about 38.38% of Windows Logon Application.