PsLoggedon.exe
- File Path:
C:\SysinternalsSuite\PsLoggedon.exe
- Description: See who’s logged on
Hashes
| Type |
Hash |
| MD5 |
E3EA271E748CCDAD6A6D3E692D6F337E |
| SHA1 |
F02E06BC439A28AAD6DD957DF8D0022F22798A09 |
| SHA256 |
D689CB1DBD2E4C06CD15E51A6871C406C595790DDCDCD7DC8D0401C7183720EF |
| SHA384 |
0DD8111C74B4FD4C57D76CF2EA80D8B50F80469E80CB9B98D3F9DEDAB83320BCD9F3EBC5DF365361BE9ACC71CA8A94CE |
| SHA512 |
07A47CB6C2663219F0673647ACB01D8D5A702B5E14F40C11B1DCEBB3655C9D1825D9F6F2C23DCE1FC73CD2AB10565FADD19E0B18E63D51C44498B5F159215503 |
| SSDEEP |
3072:GJsH2jYVvmuOPybZUFS37ED65lx50kKXRlED:Ej3wIYZNR |
| IMP |
2D2CEE6D005EEC5676742BA250D53D92 |
| PESHA1 |
4F653993657A1BFD3E63590C7462BDB362CCD31C |
| PE256 |
BC74E7FCFDEE152368D70180CD168002F2EEE15E5EB787762561A576CCB39BCF |
Runtime Data
Usage (stdout):
PsLoggedon v1.35 - See who's logged on
Copyright (C) 2000-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
Usage: C:\SysinternalsSuite\PsLoggedon.exe [-l] [-x] [\\computername]
or C:\SysinternalsSuite\PsLoggedon.exe [username]
-l Show only local logons
-x Don't show logon times
-nobanner Do not display the startup banner and copyright message.
Child Processes:
conhost.exe
Open Handles:
| Path |
Type |
| (RW-) C:\Windows |
File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e |
File |
| (RW-) C:\xCyclopedia |
File |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
Loaded Modules:
| Path |
| C:\SysinternalsSuite\PsLoggedon.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
330000010A2C79AED7797BA6AC00010000010A
- Thumbprint:
3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
- Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: psloggedon.exe
- Product Name: Sysinternals PsLoggedon
- Company Name: Sysinternals - www.sysinternals.com
- File Version: 1.35
- Product Version: 1.35
- Language: English (United States)
- Legal Copyright: Copyright (C) 2000-2016 Mark Russinovich
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/68
- VirusTotal Link: https://www.virustotal.com/gui/file/d689cb1dbd2e4c06cd15e51a6871c406c595790ddcdcd7dc8d0401c7183720ef/detection/
Possible Misuse
The following table contains possible examples of PsLoggedon.exe being misused. While PsLoggedon.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.