File details
File name: services.exe
Name: Microsoft(R) Windows(R) Operating System
Description: Services and Controller app
Version: 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239)
Product version: 5.1.2600.3520
Size: 108 KB
Original file name: services.exe
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.2331073779%
Privileged CPU:
0.0809509775%

User CPU:
0.15215640043226%

Privileged CPU time: 2562.5 ms
Privileged CPU time /min: 3 ms
Context switches /sec:
22
 | Memory utilization averages |
Committed memory:
37.23 MB
Peak committed memory: 40.83 MB
Paged memory:
2.16 MB
Peak paged memory: 2.45 MB
Paged system memory:
66.28 KB
Non-paged system memory: 7.33 KB
Working set memory:
4.43 MB
Peak working set memory: 4.51 MB
Min working set memory: 4.36 MB
Private memory:
2.16 MB
Page faults:
1,669
Page faults /min: 2
 | Process I/O averages |
Total read operations:
57
Read operations /min: 1
Total read transfer: 4.15 KB
Read transfer /min: 5 Bytes
Total write operations:
246
Write operations /min: 1
Total write transfer: 31.25 KB
Write transfer /min: 38 Bytes
Total other operations:
1,705
Other operations /min: 2
Total other transfer: 24.73 KB
Other Transfer /min: 30 Bytes
 | GUI Object Averages |
GDI objects:
4
USER objects:
1
Resources
Handle count average: 290
Thread count average: 16
Thread resource averages
umpnpmgr.dll

Total CPU: 0.004874600845%
Privileged CPU: 0.002437300422%
User CPU: 0.002437300422%
Module memory size: 120 KB
Total CPU: 0.002419257272%
Privileged CPU: 0.000000000000%
User CPU: 0.002419257272%
Module memory size: 116 KB
ntdll.dll

Total CPU: 0.002415984153%
Privileged CPU: 0.000000000000%
User CPU: 0.002415984153%
Module memory size: 636 KB
Process details
Runs as (owner): System
Integrety level: Undefined
Windows platform: 32-bit
Runs as a service: Yes
Parent Process
Child Processes
Process Command
C:\WINDOWS\system32\services.exe
Service details
Name: Event Log
Service name: Eventlog
Service type:
Win32ShareProcess
Description: “啟用 Windows 為主的程式和元件所發出的事件訊息可以在事件檢視器中檢視。這個服務不能被停止。”
Image hashes
MD5: c959fab888648a774d3941a6656711b4
SHA-1: ab250de1da00bf806eeaffedec57fe535ca5972f
PE image details
Subsystem: Windows GUI
Langauge*: Microsoft Visual C++
File packed: No
Import Table
advapi32.dll

RegOpenKeyW
ConvertSidToStringSidW
LogonUserExW
LsaStorePrivateData
LsaLookupNames
LsaQueryInformationPolicy
OpenThreadToken
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
SystemFunction029
SystemFunction005
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetLengthSid
CopySid
InitializeAcl
AddAce
SetSecurityDescriptorDacl
LsaOpenPolicy
LsaLookupSids
LsaFreeMemory
LsaClose
ImpersonateLoggedOnUser
CreateProcessAsUserW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitiateSystemShutdownW
RevertToSelf
AllocateLocallyUniqueId
AddAccessAllowedAce
SetTokenInformation
kernel32.dll

TerminateProcess
SetProcessShutdownParameters
lstrcmpiW
FormatMessageW
ExitThread
ReleaseMutex
DelayLoadFailureHook
RaiseException
GetExitCodeThread
SetErrorMode
SetUnhandledExceptionFilter
LoadLibraryA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
CreateMutexW
LocalAlloc
LocalFree
Sleep
LeaveCriticalSection
EnterCriticalSection
SetLastError
CloseHandle
CreateThread
GetLastError
CreateProcessW
ExpandEnvironmentStringsW
InitializeCriticalSection
HeapAlloc
HeapFree
SetConsoleCtrlHandler
WaitForSingleObject
HeapCreate
FreeLibrary
GetProcAddress
GetModuleHandleExW
InterlockedCompareExchange
CreateNamedPipeW
ReadFile
CancelIo
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe
TransactNamedPipe
WriteFile
GetTickCount
GetSystemTimeAsFileTime
GetModuleHandleW
GetComputerNameW
CreateEventW
SetEvent
ResetEvent
DeviceIoControl
CreateFileW
ResumeThread
GetCurrentProcessId
LoadLibraryW
GetDriveTypeW
OpenEventW
GetCurrentThread
msvcrt.dll
ncobjapi.dll

WmiSetAndCommitObject
WmiEventSourceConnect
WmiCreateObjectWithFormat
ntdll.dll

RtlCreateAcl
NtCreateKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
NtQuerySecurityObject
RtlFreeHeap
NtOpenKey
NtDeleteKey
RtlSetControlSecurityDescriptor
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
NtAccessCheckAndAuditAlarm
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtOpenProcessToken
NtQueryInformationToken
RtlQuerySecurityObject
RtlAddAccessAllowedAce
RtlValidRelativeSecurityDescriptor
RtlMapGenericMask
RtlCopyUnicodeString
NtSetInformationFile
NtQueryInformationFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtWaitForSingleObject
NtQueryDirectoryFile
NtDeleteFile
NtSetInformationProcess
RtlUnhandledExceptionFilter
NtSetEvent
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlAllocateHeap
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
RtlRegisterWait
RtlGetNtProductType
RtlEqualUnicodeString
RtlLengthSid
RtlCopySid
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlNewSecurityObject
RtlAddAce
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlSubAuthorityCountSid
NtOpenDirectoryObject
NtQueryDirectoryObject
RtlCompareUnicodeString
NtLoadDriver
NtUnloadDriver
RtlExpandEnvironmentStrings_U
RtlAdjustPrivilege
NtFlushKey
NtOpenFile
RtlDosPathNameToNtPathName_U
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlFreeUnicodeString
RtlAreAllAccessesGranted
NtDeleteObjectAuditAlarm
NtCloseObjectAuditAlarm
RtlQueueWorkItem
RtlCopyLuid
RtlDeregisterWait
RtlReleaseResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlInitializeResource
RtlDeleteSecurityObject
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlUnlockBootStatusData
NtInitializeRegistry
NtQueryKey
NtClose
RtlInitUnicodeString
NtSetSystemEnvironmentValue
RtlNtStatusToDosError
NtShutdownSystem
RtlSetSecurityObject
RtlMakeSelfRelativeSD
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
NtSetSecurityObject
rpcrt4.dll

RpcServerRegisterAuthInfoW
RpcBindingFree
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncServerCall
NdrAsyncClientCall
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
NdrServerCall2
I_RpcBindingIsClientLocal
RpcRevertToSelf
I_RpcMapWin32Status
RpcImpersonateClient
RpcStringBindingParseW
RpcStringFreeW
RpcBindingToStringBindingW
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
RpcServerUnregisterIf
scesrv.dll

ScesrvInitializeServer
ScesrvTerminateServer
umpnpmgr.dll

RegisterScmCallback
PNP_SetActiveService
PNP_GetDeviceRegProp
PNP_GetDeviceListSize
PNP_GetDeviceList
PNP_HwProfFlags
RegisterServiceNotification
DeleteServicePlugPlayRegKeys
user32.dll

wsprintfW
BroadcastSystemMessageW
MessageBoxW
LoadStringW
RegisterServicesProcess
userenv.dll

UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock