File details
File name: winlogon.exe
Name: Betriebssystem Microsoft® Windows®
Description: Windows NT-Anmeldung
Version: 5.1.2600.5512 (xpsp.080413-2113)
Product version: 5.1.2600.5512
Size: 501 KB
Original file name: WINLOGON.EXE
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0075353633%
Privileged CPU:
0.0047401787%

User CPU:
0.00279518452415%

Privileged CPU time: 613607.14 ms
Privileged CPU time /min: 0 ms
Context switches /sec:
1
 | Memory utilization averages |
Committed memory:
57.75 MB
Peak committed memory: 60.35 MB
Paged memory:
7.21 MB
Peak paged memory: 8.62 MB
Paged system memory:
81.24 KB
Non-paged system memory: 49.39 KB
Working set memory:
4.38 MB
Peak working set memory: 13.08 MB
Min working set memory: 2.06 MB
Private memory:
7.21 MB
Page faults:
9,480
Page faults /min: 0
 | Process I/O averages |
Total read operations:
1,497
Total read transfer: 3.59 MB
Total write operations:
1,255
Total write transfer: 1.52 MB
Total other operations:
7,813
Total other transfer: 225.91 KB
 | GUI Object Averages |
GDI objects:
44
USER objects:
15
Resources
Handle count average: 491
Thread count average: 20
Process details
Runs as (owner): User
Integrety level: Undefined
Windows platform: 32-bit
Parent Process
Child Processes
Process Command
winlogon.exe
Image hashes
MD5: f09a527b422e25c478e38caa0e44417a
SHA-1: b180bed1bca42ae4cef259697c3d21320026752b
PE image details
Subsystem: Windows GUI
Langauge*: Microsoft Visual C++
File packed: No
Import Table
advapi32.dll

ConvertStringSecurityDescriptorToSecurityDescriptorA
A_SHAInit
A_SHAUpdate
A_SHAFinal
LsaStorePrivateData
LsaRetrievePrivateData
LsaNtStatusToWinError
CryptGetUserKey
CryptGetKeyParam
CryptEncrypt
CryptSetProvParam
CryptSignHashW
CryptDeriveKey
CryptGetProvParam
RegOpenCurrentUser
RegDeleteKeyW
AddAccessAllowedAceEx
RegSetKeySecurity
I_ScSendTSMessage
MD5Init
MD5Update
MD5Final
SetFileSecurityA
AllocateLocallyUniqueId
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
RegNotifyChangeKeyValue
QueryServiceConfigW
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyExW
GetCurrentHwProfileW
RegCloseKey
RegQueryValueExW
RegOpenKeyW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegOpenKeyExW
CreateProcessAsUserW
DuplicateTokenEx
CloseServiceHandle
ControlService
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
EqualSid
GetTokenInformation
RegSetValueExW
RegCreateKeyExW
CryptGenRandom
CryptDestroyHash
CryptVerifySignatureW
CryptSetHashParam
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptDecrypt
ReportEventW
RegisterEventSourceW
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
CredFree
CredDeleteW
CredEnumerateW
CopySid
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetUserNameW
OpenThreadToken
EnumServicesStatusW
ImpersonateLoggedOnUser
RegQueryValueExA
CheckTokenMembership
DeregisterEventSource
LsaGetUserName
RevertToSelf
LookupAccountSidW
IsValidSid
SetTokenInformation
LogonUserW
LookupAccountNameW
OpenProcessToken
SynchronizeWindows31FilesAndWindowsNTRegistry
QueryWindows31FilesMigration
AdjustTokenPrivileges
RegQueryInfoKeyA
authz.dll

AuthzInitializeResourceManager
AuthzAccessCheck
AuthziFreeAuditEventType
AuthziInitializeAuditEvent
AuthziInitializeAuditParams
AuthziInitializeAuditEventType
AuthziLogAuditEvent
AuthzFreeAuditEvent
AuthzFreeResourceManager
AuthzFreeHandle
crypt32.dll

CryptImportPublicKeyInfo
CryptVerifyMessageSignature
CertCreateCertificateContext
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptSignMessage
CertCloseStore
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CertFindExtension
CryptDecryptMessage
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertOpenStore
CertVerifySubjectCertificateContext
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CryptImportPublicKeyInfoEx
gdi32.dll

RemoveFontResourceW
AddFontResourceW
kernel32.dll
msvcrt.dll
ntdll.dll

RtlSubAuthoritySid
RtlAllocateHeap
NtPowerInformation
NtSetSystemPowerState
NtRaiseHardError
RtlDeleteCriticalSection
NtOpenSymbolicLinkObject
NtReplyPort
NtCompleteConnectPort
NtReplyWaitReceivePort
NtAcceptConnectPort
NtCreatePort
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
NtLockProductActivationKeys
RtlTimeToTimeFields
NtUnmapViewOfSection
NtMapViewOfSection
NtOpenSection
NtQuerySymbolicLinkObject
NtQueryVolumeInformationFile
NtSetSecurityObject
RtlAdjustPrivilege
NtOpenFile
NtFsControlFile
RtlAllocateAndInitializeSid
RtlDestroyEnvironment
RtlFreeHeap
NtQueryInformationToken
NtShutdownSystem
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlCreateEnvironment
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
RtlInitUnicodeString
NtOpenKey
NtQueryValueKey
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
RtlGetDaclSecurityDescriptor
RtlCopySid
RtlLengthSid
NtSetInformationThread
NtDuplicateToken
NtDuplicateObject
RtlEqualSid
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
NtClose
RtlOpenCurrentUser
RtlAddAce
RtlCreateAcl
RtlNtStatusToDosError
NtSetInformationProcess
NtQuerySystemInformation
NtCreateEvent
NtCreatePagingFile
RtlDosPathNameToNtPathName_U
RtlRegisterWait
NtSetValueKey
NtCreateKey
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
NtOpenProcessToken
RtlInitString
RtlUnhandledExceptionFilter
NtQueryInformationProcess
DbgBreakPoint
RtlCheckProcessParameters
RtlSetThreadIsCritical
RtlSetProcessIsCritical
RtlGetNtProductType
NtInitiatePowerAction
DbgPrint
NtFilterToken
NtQueryInformationJobObject
NtOpenEvent
RtlGetAce
RtlQueryInformationAcl
NtQuerySecurityObject
RtlCompareUnicodeString
NtOpenDirectoryObject
profmap.dll

InitializeProfileMappingApi
RemapAndMoveUserW
psapi.dll

EnumProcesses
EnumProcessModules
GetModuleBaseNameW
regapi.dll

RegDefaultUserConfigQueryW
RegUserConfigQuery
rpcrt4.dll

RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcImpersonateClient
I_RpcMapWin32Status
RpcServerRegisterIf
RpcGetAuthorizationContextForClient
RpcFreeAuthorizationContext
RpcServerListen
RpcRevertToSelf
NdrServerCall2
UuidCreate
secur32.dll

LsaCallAuthenticationPackage
GetUserNameExW
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
setupapi.dll

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
user32.dll

SetFocus
EnumWindows
CreateWindowStationW
RegisterLogonProcess
RecordShutdownReason
LoadLocalFonts
UnhookWindowsHook
SetWindowsHookW
GetWindowTextW
CallNextHookEx
DialogBoxParamW
GetWindowPlacement
GetSystemMenu
DeleteMenu
SetWindowPlacement
SetUserObjectInformationW
GetAsyncKeyState
PostThreadMessageW
SetUserObjectSecurity
CreateDesktopW
GetMessageTime
SetTimer
SetLogonNotifyWindow
UnlockWindowStation
ReplyMessage
UnregisterHotKey
RegisterHotKey
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
RegisterDeviceNotificationW
SetThreadDesktop
CreateWindowExW
GetMessageW
TranslateMessage
RegisterWindowMessageW
RegisterClassW
SetCursor
FindWindowW
MessageBoxW
SendNotifyMessageW
PostQuitMessage
MsgWaitForMultipleObjects
GetWindowRect
GetSystemMetrics
PeekMessageW
DispatchMessageW
KillTimer
SetProcessWindowStation
UpdateWindow
ShowWindow
SetWindowPos
PostMessageW
ExitWindowsEx
EnumDisplayMonitors
SystemParametersInfoW
GetDlgItem
SendMessageW
CreateDialogParamW
DestroyWindow
GetWindowLongW
GetDlgItemTextW
EndDialog
SetWindowLongW
LoadStringW
SetWindowTextW
SetDlgItemTextW
wsprintfW
wsprintfA
LockWindowStation
MBToWCSEx
SetWindowStationUser
UpdatePerUserSystemParameters
DialogBoxIndirectParamW
wvsprintfW
SetLastErrorEx
LoadCursorW
CheckDlgButton
IsDlgButtonChecked
DefWindowProcW
CloseWindowStation
LoadImageW
GetParent
GetKeyState
GetDesktopWindow
SetForegroundWindow
SwitchDesktop
OpenDesktopW
userenv.dll

WaitForUserPolicyForegroundProcessing
GetAllUsersProfileDirectoryW
WaitForMachinePolicyForegroundProcessing
UnloadUserProfile
LoadUserProfileW
RegisterGPNotification
CreateEnvironmentBlock
DestroyEnvironmentBlock
UnregisterGPNotification
GetUserProfileDirectoryW
version.dll

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
winsta.dll

WinStationRequestSessionsList
WinStationQueryLogonCredentialsW
WinStationIsHelpAssistantSession
WinStationAutoReconnect
_WinStationWaitForConnect
_WinStationNotifyLogoff
WinStationDisconnect
_WinStationCallback
WinStationNameFromLogonIdW
_WinStationFUSCanRemoteUserDisconnect
WinStationEnumerate_IndexedW
WinStationGetMachinePolicy
WinStationQueryInformationW
WinStationFreeMemory
WinStationReset
_WinStationNotifyDisconnectPipe
WinStationConnectW
WinStationSetInformationW
WinStationShutdownSystem
WinStationCheckLoopBack
_WinStationNotifyLogon
wintrust.dll

CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
CryptCATAdminReleaseContext
ws2_32.dll
