chglogon.exe

  • File Path: C:\Windows\system32\chglogon.exe
  • Description: Change Logon Utility

Hashes

Type Hash
MD5 043CC77ED997F7E4BD153030A18304DC
SHA1 A2F0F37CA9072E048C8CE9FE8E9F09F37C5E1EC4
SHA256 C91F6B286B59AE125BC039512FF9801354C10E74DCA9CD803067D2CD1441592F
SHA384 A738E63FFEC8E070BFA1868266B1B7A48C692080128B17845EBF8BA633365B5DA5F1028210BA4B53B6C0ABCD1E7122DF
SHA512 62188CA77C4220B4C5CBFC3E6524463A592C20182EAC3898976255E407C3D2FA3EAB60A658DC3F22C2A1C87FCA9A96011AC118FE9CADED7EF04B9EB8BCD3660A
SSDEEP 384:BHKiqXNzrO3TVneuEvz5+Yc1K8OSGHnhNAmd2P45HCMHtC4qCW9EW:Bq7FrOj9edg91K8E0rAEjp
IMP 39CDC867B4449192C880F526495B2B10
PESHA1 0B20715E2F46DE6D9F89FD6846C878C113209A9B
PE256 698D6317016FDE34AB9E6244E903B523E04A78E29F0B6F1B45AB8EA0F1F52C09

Runtime Data

Usage (stderr):

Invalid parameter(s)
Enable, disable, or drain session logins.

CHANGE LOGON {/QUERY | /ENABLE | /DISABLE | /DRAIN | /DRAINUNTILRESTART}

  /QUERY    Query current session login mode.
  /ENABLE   Enable user login from sessions.
  /DISABLE  Disable user login from sessions.
  /DRAIN    Disable new user logons, but allow reconnections to existing sessions.
  /DRAINUNTILRESTART    Disable new user logons until the server is restarted, but allow reconnections to existing sessions.

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: chglogon.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/c91f6b286b59ae125bc039512ff9801354c10e74dca9cd803067d2cd1441592f/detection/

File Similarity (ssdeep match)

File Score
C:\WINDOWS\system32\chglogon.exe 83

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


chglogon

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Enables or disables logons from client sessions on an Remote Desktop Session Host server, or displays current logon status.

[!NOTE] This command has been replaced by the change log command. For more information, including the syntax and parameter details, see change logon command.

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.