Should I block it?

No, this file is 100% safe to run.

Relationships

Child processes
Related files

PE structurePE file structure
Show functions
Import table
api-ms-win-base-bootconfig-l1-1-0.dll
NotifyBootConfigStatus
api-ms-win-core-apiquery-l1-1-0.dll
ApiSetQueryApiSetPresence
api-ms-win-core-appcompat-l1-1-1.dll
BaseInitAppcompatCacheSupport
api-ms-win-core-datetime-l1-1-1.dll
GetDateFormatW, GetTimeFormatW
api-ms-win-core-debug-l1-1-1.dll
IsDebuggerPresent, DebugBreak
api-ms-win-core-delayload-l1-1-1.dll
ResolveDelayLoadedAPI, DelayLoadFailureHook
api-ms-win-core-errorhandling-l1-1-1.dll
GetLastError, SetUnhandledExceptionFilter, UnhandledExceptionFilter, SetLastError, SetErrorMode
api-ms-win-core-file-l1-2-1.dll
GetFileAttributesW, ReadFile, GetShortPathNameW, CreateFileW, CompareFileTime
api-ms-win-core-file-l2-1-1.dll
MoveFileExW
api-ms-win-core-handle-l1-1-0.dll
CloseHandle, DuplicateHandle
api-ms-win-core-heap-l1-2-0.dll
HeapFree, HeapAlloc, GetProcessHeap, HeapSetInformation, HeapSize
api-ms-win-core-heap-obsolete-l1-1-0.dll
LocalSize, LocalReAlloc, LocalFree, LocalAlloc
api-ms-win-core-job-l2-1-0.dll
AssignProcessToJobObject, CreateJobObjectW, QueryInformationJobObject, TerminateJobObject, SetInformationJobObject
api-ms-win-core-kernel32-legacy-l1-1-1.dll
UnregisterWait, RegisterWaitForSingleObject, GetStartupInfoA, GetComputerNameW
api-ms-win-core-libraryloader-l1-2-0.dll
LoadStringW, FindResourceExW, LoadResource, FreeLibrary, LockResource, GetModuleHandleW, GetProcAddress, LoadLibraryExW, GetModuleFileNameW, GetModuleHandleA
api-ms-win-core-localization-l1-2-1.dll
GetThreadUILanguage, FormatMessageW
api-ms-win-core-memory-l1-1-2.dll
VirtualAlloc, VirtualLock, SetProcessWorkingSetSizeEx, VirtualUnlock, VirtualFree, GetProcessWorkingSetSizeEx
api-ms-win-core-processenvironment-l1-2-0.dll
GetCommandLineW, SearchPathW, ExpandEnvironmentStringsW, SetEnvironmentVariableW
api-ms-win-core-processthreads-l1-1-2.dll
GetProcessTimes, GetExitCodeProcess, GetCurrentProcess, SetThreadPriority, GetCurrentThread, CreateProcessW, ExitProcess, TerminateThread, OpenThreadToken, SetThreadToken, CreateProcessAsUserW, GetCurrentThreadId, ResumeThread, CreateRemoteThread, TerminateProcess, CreateThread, SetPriorityClass, GetProcessId, OpenProcess, OpenProcessToken, GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll
QueryPerformanceCounter
api-ms-win-core-psapi-l1-1-0.dll
QueryFullProcessImageNameW
api-ms-win-core-registry-l1-1-0.dll
RegDeleteKeyExW, RegOpenKeyExW, RegSetKeySecurity, RegSetValueExW, RegDeleteTreeW, RegQueryValueExW, RegGetValueA, RegEnumValueW, RegCloseKey, RegGetValueW, RegQueryInfoKeyW, RegCreateKeyExW, RegOpenCurrentUser, RegFlushKey, RegDeleteValueW, RegEnumKeyExW
api-ms-win-core-shutdown-l1-1-1.dll
InitiateShutdownW
api-ms-win-core-string-l1-1-0.dll
WideCharToMultiByte, CompareStringW
api-ms-win-core-string-obsolete-l1-1-0.dll
lstrlenW
api-ms-win-core-synch-l1-2-0.dll
AcquireSRWLockExclusive, ReleaseSRWLockShared, WaitForSingleObjectEx, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockShared, OpenEventW, SleepEx, SetEvent, CreateEventW, WaitForSingleObject, Sleep, CreateMutexW, TryEnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, ResetEvent, LeaveCriticalSection, EnterCriticalSection
api-ms-win-core-sysinfo-l1-2-1.dll
GetTickCount, GetSystemTimeAsFileTime, GetTickCount64, GetVersionExW, GetSystemDirectoryW, GetSystemWindowsDirectoryW
api-ms-win-core-threadpool-l1-2-0.dll
CloseThreadpool, SetThreadpoolThreadMaximum, CloseThreadpoolCleanupGroupMembers, SubmitThreadpoolWork, CreateThreadpool, CreateThreadpoolCleanupGroup, SetThreadpoolThreadMinimum, TrySubmitThreadpoolCallback, CreateThreadpoolWork, CloseThreadpoolCleanupGroup, CloseThreadpoolWork
api-ms-win-core-threadpool-legacy-l1-1-0.dll
DeleteTimerQueueTimer, CreateTimerQueueTimer, QueueUserWorkItem, UnregisterWaitEx
api-ms-win-core-timezone-l1-1-0.dll
SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime
api-ms-win-core-version-l1-1-0.dll
GetFileVersionInfoSizeExW, GetFileVersionInfoExW, VerQueryValueW
api-ms-win-core-wow64-l1-1-0.dll
IsWow64Process
api-ms-win-eventing-classicprovider-l1-1-0.dll
TraceMessage
api-ms-win-eventing-controller-l1-1-0.dll
ControlTraceW, StartTraceW, EnableTraceEx2
api-ms-win-eventlog-legacy-l1-1-0.dll
GetEventLogInformation, RegisterEventSourceW, DeregisterEventSource, ReportEventW
api-ms-win-power-base-l1-1-0.dll
PowerDeterminePlatformRoleEx
api-ms-win-power-setting-l1-1-0.dll
PowerSettingUnregisterNotification, PowerSettingRegisterNotification
api-ms-win-security-base-l1-2-0.dll
SetTokenInformation, GetSidIdentifierAuthority, IsValidSid, AllocateLocallyUniqueId, CheckTokenMembership, EqualSid, DuplicateTokenEx, GetTokenInformation, GetLengthSid, DuplicateToken, ImpersonateLoggedOnUser, RevertToSelf, CreateWellKnownSid
api-ms-win-security-credentials-l1-1-0.dll
CredFree, CredUnmarshalCredentialW
api-ms-win-security-credentials-l2-1-0.dll
CredReadByTokenHandle
api-ms-win-security-lsalookup-l1-1-1.dll
LsaLookupManageSidNameMapping, LsaLookupFreeMemory, LookupAccountSidLocalW
api-ms-win-security-lsalookup-l2-1-1.dll
LookupAccountNameW, LookupAccountSidW
api-ms-win-security-lsapolicy-l1-1-0.dll
LsaOpenPolicy, LsaStorePrivateData, LsaClose
api-ms-win-service-management-l1-1-0.dll
StartServiceW, OpenServiceW, OpenSCManagerW, CloseServiceHandle
api-ms-win-service-management-l2-1-0.dll
NotifyServiceStatusChangeW, QueryServiceConfigW
api-ms-win-service-winsvc-l1-2-0.dll
QueryServiceStatus
msvcrt.dll
DllMain
ntdll.dll
NtCreateEvent, RtlConnectToSm, RtlSendMsgToSm, RtlCompareMemory, RtlInitializeResource, RtlAcquireResourceExclusive, RtlReleaseResource, RtlDeleteResource, NtGetCachedSigningLevel, WinSqmSetString, NtAcceptConnectPort, NtReplyWaitReceivePort, NtCreatePort, NtCompleteConnectPort, TpReleaseTimer, NtQueryInformationProcess, RtlUnhandledExceptionFilter, NtDuplicateToken, NtAdjustPrivilegesToken, RtlGetDaclSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlAddAce, WinSqmIsOptedIn, TpWaitForTimer, RtlEqualSid, NtFilterToken, RtlFreeUnicodeString, RtlDuplicateUnicodeString, NtInitiatePowerAction, RtlAdjustPrivilege, TpAllocTimer, TpSetTimer, RtlTimeToSecondsSince1980, NtOpenFile, RtlAppendUnicodeToString, NtOpenDirectoryObject, RtlFreeSid, NtSetSecurityObject, RtlSetSaclSecurityDescriptor, RtlAddMandatoryAce, RtlCreateAcl, RtlCreateSecurityDescriptor, RtlAllocateAndInitializeSid, RtlOpenCurrentUser, RtlCopySid, RtlNtStatusToDosErrorNoTeb, RtlExpandEnvironmentStrings_U, RtlGetAce, TpAllocWait, TpPostWork, TpAllocWork, TpReleaseWork, TpWaitForWork, TpReleaseWait, TpWaitForWait, TpSetWait, RtlDeregisterWait, RtlRegisterWait, TpSimpleTryPost, RtlLengthSid, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlInitializeCriticalSection, WinSqmAddToStream, RtlInitString, NtAllocateLocallyUniqueId, RtlCompareUnicodeString, RtlCreateEnvironment, RtlInitUnicodeString, RtlSetEnvironmentVariable, RtlQueryEnvironmentVariable_U, RtlInitUnicodeStringEx, EtwEventActivityIdControl, EtwEventWriteStartScenario, EtwEventWriteEndScenario, NtOpenThreadToken, RtlUnlockBootStatusData, RtlGetSetBootStatusData, RtlLockBootStatusData, RtlRemovePrivileges, RtlDestroyEnvironment, EtwEventUnregister, RtlDeleteCriticalSection, WinSqmSetDWORD, RtlpVerifyAndCommitUILanguageSettings, EtwEventRegister, NtSetInformationProcess, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, NtQuerySystemInformation, NtSystemDebugControl, NtPowerInformation, WinSqmEndSession, WinSqmStartSession, RtlCopyLuid, RtlGetNtProductType, RtlCaptureStackBackTrace, NtSetEvent, NtOpenEvent, NtUnmapViewOfSection, DbgPrintEx, DbgPrompt, NtRequestPort, NtConnectPort, NtRequestWaitReplyPort, NtClose, NtQueryInformationToken, NtOpenProcessToken, NtShutdownSystem, RtlNtStatusToDosError, EtwEventEnabled, EtwEventWrite, EtwTraceMessage, NtReplyPort
rpcrt4.dll
RpcServerTestCancel, RpcAsyncCompleteCall, RpcServerInqCallAttributesW, I_RpcMapWin32Status, RpcRevertToSelf, RpcImpersonateClient, I_RpcBindingInqLocalClientPID, NdrAsyncClientCall, RpcAsyncInitializeHandle, RpcAsyncCancelCall, RpcMgmtIsServerListening, RpcStringFreeW, RpcBindingSetAuthInfoExW, RpcStringBindingComposeW, RpcBindingFromStringBindingW, UuidFromStringW, NdrClientCall2, RpcBindingUnbind, RpcBindingBind, I_RpcExceptionFilter, RpcBindingFree, RpcBindingCreateW, RpcServerUseProtseqEpW, NdrAsyncServerCall, RpcAsyncAbortCall, RpcEpUnregister, RpcServerUnregisterIf, NdrServerCall2, RpcBindingVectorFree, RpcServerUseProtseqW, RpcServerSubscribeForNotification, RpcServerUnsubscribeForNotification, RpcServerRegisterIfEx, RpcServerInqBindings, RpcServerListen, I_RpcBindingIsClientLocal, RpcEpRegisterW, RpcRaiseException

winlogon.exe

Windows Log-on Application by Microsoft

Remove winlogon.exe
Version:   6.3.9600.16384 (winblue_rtm.130821-1623)
MD5:   94385f95ef948fb274a70de3ede5696d
SHA1:   6ceb909504133348e7b4d59b164967a6bf03f1d4
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

winlogon.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges). and is compiled as a 32 bit program.

DetailsDetails

File name:winlogon.exe
Publisher:Microsoft Corporation
Product name:Windows Log-on Application
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\winlogon.exe
Original name:WINLOGON.EXE.MUI
File version:6.3.9600.16384 (winblue_rtm.130821-1623)
Product version:6.3.9600.16384
Size:448 KB (458,752 bytes)
Build date:8/22/2013 7:48 AM
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00071103%
0.028634%
Kernel CPU:0.00053935%
0.013761%
User CPU:0.00017167%
0.014873%
Kernel CPU time:688 ms/min
100,923,805ms/min
CPU cycles:75,813/sec
17,470,203/sec
Memory
Private memory:994 KB
21.59 MB
Private (maximum):7.52 MB
Private (minimum):7.37 MB
Non-paged memory:994 KB
21.59 MB
Virtual memory:46.22 MB
140.96 MB
Virtual memory (peak):55.51 MB
169.69 MB
Working set:7.5 MB
18.61 MB
Working set (peak):12.68 MB
37.95 MB
Page faults:8,332/min
2,039/min
I/O
I/O read transfer:455 Bytes/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O other transfer:514 Bytes/sec
448.09 KB/min
I/O other operations:5/sec
1,671/min
Resource allocations
Threads:2
12
Handles:164
600
GUI GDI count:6
103
GUI GDI peak:60
142
GUI USER peak:19
71

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command line:winlogon.exe
Owner:SYSTEM

ResourcesThreads

Averages
 
winlogon.exe (main module)
Total CPU:0.00572933%
0.272967%
Kernel CPU:0.00557043%
0.107585%
User CPU:0.00015890%
0.165382%
CPU cycles:130,639/sec
5,741,424/sec
Memory:464 KB
1.16 MB
ntdll.dll
Total CPU:0.00079575%
Kernel CPU:0.00047745%
User CPU:0.00031830%
CPU cycles:16,255/sec
Memory:1.39 MB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 50.00%
Windows 8.1 Pro 50.00%

Distribution by countryDistribution by country

Egypt installs about 50.00% of Windows Log-on Application.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 66.67%
Hewlett-Packard 33.33%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE