File details
File name: services.exe
Name: Services and Controller app
Description: Microsoft® Windows® Operating System
Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product version: 6.1.7600.16385
Size: 253 KB
Original file name: services.exe.mui
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0117142859%
Privileged CPU:
0.0047594232%

User CPU:
0.00695486268638%

Privileged CPU time: 56490149.96 ms
Privileged CPU time /min: 17,607 ms
CPU cycle count:
57,779,319
CPU cycle count /min: 68,153,528
Context switches /sec:
22
 | Memory utilization averages |
Committed memory:
41.9 MB
Peak committed memory: 54.76 MB
Paged memory:
5.07 MB
Peak paged memory: 8.73 MB
Paged system memory:
55.16 KB
Non-paged system memory: 11.18 KB
Working set memory:
5.9 MB
Peak working set memory: 11.79 MB
Min working set memory: 5.15 MB
Private memory:
5.07 MB
Page faults:
18,369
Page faults /min: 26
 | Process I/O averages |
Total read operations:
18,274
Read operations /min: 22
Total read transfer: 5.1 MB
Read transfer /min: 8.06 KB
Total write operations:
1,252
Write operations /min: 2
Total write transfer: 5.24 MB
Write transfer /min: 9.41 KB
Total other operations:
120,808
Other operations /min: 130
Total other transfer: 1.99 MB
Other Transfer /min: 2.53 KB
Resources
Handle count average: 271
Thread count average: 13
Thread resource averages
ntdll.dll

Total CPU: 0.110607583427%
Privileged CPU: 0.063342358270%
User CPU: 0.047265225157%
CPU Cycle count /sec: 1,429,290
Context switches /sec: 10
Module memory size: 1.24 MB
ntdll.dll

Total CPU: 0.081424658604%
Privileged CPU: 0.043936769935%
User CPU: 0.037487888669%
CPU Cycle count /sec: 1,456,484
Context switches /sec: 11
Module memory size: 1.23 MB
ntdll.dll

Total CPU: 0.070464815145%
Privileged CPU: 0.042030350352%
User CPU: 0.028434464792%
CPU Cycle count /sec: 1,291,894
Context switches /sec: 5
Module memory size: 1.23 MB
ntdll.dll

Total CPU: 0.059357851889%
Privileged CPU: 0.035316241384%
User CPU: 0.024041610505%
CPU Cycle count /sec: 1,211,145
Context switches /sec: 6
Module memory size: 1.23 MB
ntdll.dll

Total CPU: 0.044114157177%
Privileged CPU: 0.023597396379%
User CPU: 0.020516760798%
CPU Cycle count /sec: 950,968
Context switches /sec: 6
Module memory size: 1.23 MB
ntdll.dll

Total CPU: 0.041374997301%
Privileged CPU: 0.029348146250%
User CPU: 0.012026851051%
CPU Cycle count /sec: 1,028,675
Context switches /sec: 12
Module memory size: 1.23 MB
Total CPU: 0.013708928352%
Privileged CPU: 0.008225357011%
User CPU: 0.005483571341%
CPU Cycle count /sec: 722,571
Module memory size: 384 KB
ntdll.dll

Total CPU: 0.012001711959%
Privileged CPU: 0.007684672341%
User CPU: 0.004317039618%
CPU Cycle count /sec: 445,523
Context switches /sec: 3
Module memory size: 1.24 MB
ntdll.dll

Total CPU: 0.008719461555%
Privileged CPU: 0.002895946327%
User CPU: 0.005823515229%
CPU Cycle count /sec: 104,779
Module memory size: 1.23 MB
ubpm.dll

Total CPU: 0.007312953975%
Privileged CPU: 0.001053746885%
User CPU: 0.006259207090%
CPU Cycle count /sec: 140,562
Context switches /sec: 1
Module memory size: 176 KB
esent.dll

Total CPU: 0.003137322560%
Privileged CPU: 0.003137322560%
User CPU: 0.000000000000%
CPU Cycle count /sec: 19,254
Module memory size: 1.64 MB
Process details
Runs as (owner): User
Integrety level: System
Windows platform: 32-bit
Parent Process
Child Processes
Process Commands
C:\Windows\System32\services.exe
C:\Windows\system32\services.exe
C:\Windows\system32\services.exe
Network connectivity
TCP: localhost on port 49166
TCP: localhost on port 49157
TCP: localhost on port 49155
TCP: localhost on port 49288
TCP: localhost on port 49158
TCP: localhost on port 49156
TCP: localhost on port 49175
TCP: localhost on port 49220
TCP: localhost on port 49159
TCP: localhost on port 49164
TCP: localhost on port 49179
TCP: localhost on port 49163
Image hashes
MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6
SHA-1: 54a90c371155985420f455361a5b3ac897e6c96e
SHA-256: d7bc4ed605b32274b45328fd9914fb0e7b90d869a38f0e6f94fb1bf4e9e2b407
PE image details
Langauge*: Microsoft Visual C++
File entropy: 6.44934
File packed: No
Import Table
advapi32.dll

TraceMessage
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser
InitiateSystemShutdownExW
OpenThreadToken
LsaClose
LsaFreeMemory
LsaLookupSids
LsaOpenPolicy
OpenProcessToken
EqualSid
AdjustTokenPrivileges
SetSecurityDescriptorDacl
AddAce
InitializeAcl
CopySid
GetLengthSid
GetSecurityDescriptorDacl
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegLoadMUIStringW
LsaManageSidNameMapping
LookupPrivilegeValueW
RegNotifyChangeKeyValue
LsaQueryInformationPolicy
SetTokenInformation
AddAccessAllowedAce
LsaEnumeratePrivileges
LsaLookupNames
FreeSid
AllocateAndInitializeSid
AllocateLocallyUniqueId
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetKernelObjectSecurity
LsaStorePrivateData
EventWrite
EventRegister
RegOpenKeyW
SystemFunction005
SystemFunction029
StartServiceCtrlDispatcherW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
ControlTraceW
EnableTrace
StartTraceW
CheckTokenMembership
LogonUserExExW
api-ms-win-core-crt-l1-1-0.dll

memcpy
wcschr
_wcslwr_s
wcsrchr
wcscat_s
memset
memcmp
_vsnwprintf_s
_wcsnicmp
wcstoul
_ltow_s
wcscspn
wcsstr
_wcsicmp
_wtol
wcsncmp
_ultow_s
_except_handler4_common
api-ms-win-core-crt-l2-1-0.dll

api-ms-win-core-errorhandling-l1-1-0.dll

SetLastError
GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
api-ms-win-core-file-l1-1-0.dll

CreateFileW
SetFileInformationByHandle
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
api-ms-win-core-file-l1-2-0.dll

CreateDirectoryW
FindFirstFileW
SetFileInformationByHandle
FindClose
FindNextFileW
CreateFileW
api-ms-win-core-handle-l1-1-0.dll

DuplicateHandle
CloseHandle
api-ms-win-core-heap-l1-1-0.dll

HeapFree
HeapCreate
HeapAlloc
HeapSetInformation
api-ms-win-core-heap-l1-2-0.dll

HeapAlloc
HeapSetInformation
HeapFree
api-ms-win-core-heap-obsolete-l1-1-0.dll

api-ms-win-core-interlocked-l1-1-0.dll

InterlockedCompareExchange
InterlockedExchange
InterlockedCompareExchange64
api-ms-win-core-interlocked-l1-2-0.dll

InterlockedCompareExchange64
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
api-ms-win-core-io-l1-1-0.dll

api-ms-win-core-io-l1-1-1.dll

api-ms-win-core-libraryloader-l1-1-0.dll

GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleA
LoadStringW
api-ms-win-core-libraryloader-l1-1-1.dll

LoadStringW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
api-ms-win-core-localregistry-l1-1-0.dll

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegSetValueExW
RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll

LocalFree
Sleep
lstrlenW
LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll

GetEnvironmentVariableW
ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll

GetEnvironmentVariableW
ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll

CreateProcessW
CreateThread
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetProcessId
GetCurrentProcess
CreateProcessAsUserW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcessToken
ResumeThread
SetThreadPriority
ExitThread
SetProcessShutdownParameters
GetCurrentProcessId
GetProcessTimes
api-ms-win-core-processthreads-l1-1-1.dll

CreateThread
CreateProcessW
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
TerminateProcess
GetProcessId
OpenThreadToken
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessAsUserW
ResumeThread
OpenProcessToken
OpenProcess
GetProcessTimes
ExitThread
SetProcessShutdownParameters
GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll

api-ms-win-core-registry-l1-1-0.dll

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteTreeW
RegNotifyChangeKeyValue
RegSetKeySecurity
RegGetKeySecurity
RegLoadMUIStringW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
api-ms-win-core-string-l1-1-0.dll

api-ms-win-core-synch-l1-1-0.dll

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
ResetEvent
WaitForMultipleObjectsEx
OpenEventW
OpenProcess
api-ms-win-core-synch-l1-2-0.dll

AcquireSRWLockExclusive
OpenEventW
ResetEvent
WaitForMultipleObjectsEx
CreateEventW
SetEvent
WaitForSingleObject
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
api-ms-win-core-sysinfo-l1-1-0.dll

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemTime
GetVersionExW
api-ms-win-core-sysinfo-l1-2-0.dll

GetTickCount64
GetSystemTimeAsFileTime
GetComputerNameExW
GetVersionExW
GetSystemTime
GetTickCount
api-ms-win-core-threadpool-l1-2-0.dll

CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CallbackMayRunLong
CloseThreadpoolWork
api-ms-win-security-base-l1-1-0.dll

SetSecurityDescriptorDacl
AdjustTokenPrivileges
EqualSid
ImpersonateLoggedOnUser
RevertToSelf
GetLengthSid
CopySid
CheckTokenMembership
GetTokenInformation
AddAce
InitializeAcl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetTokenInformation
AddAccessAllowedAce
AllocateAndInitializeSid
AllocateLocallyUniqueId
FreeSid
SetKernelObjectSecurity
GetKernelObjectSecurity
api-ms-win-security-base-l1-2-0.dll

AddAccessAllowedAce
SetKernelObjectSecurity
GetKernelObjectSecurity
FreeSid
AllocateAndInitializeSid
AllocateLocallyUniqueId
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
EqualSid
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
CopySid
GetLengthSid
CheckTokenMembership
GetTokenInformation
SetTokenInformation
api-ms-win-security-lsalookup-l1-1-0.dll

LsaLookupFreeMemory
LsaLookupTranslateSids
LsaLookupOpenLocalPolicy
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupClose
api-ms-win-security-lsalookup-l1-1-1.dll

LsaLookupOpenLocalPolicy
LsaLookupFreeMemory
LsaLookupClose
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupTranslateSids
api-ms-win-security-sddl-l1-1-0.dll

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll

SystemFunction005
SystemFunction029
kernel32.dll

InterlockedCompareExchange64
CreateNamedPipeW
ReadFile
CancelIo
GetOverlappedResult
WaitForMultipleObjects
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
TransactNamedPipe
WriteFile
GetTickCount
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
CreateEventW
SetEvent
GetCurrentThread
ResetEvent
DeviceIoControl
CreateFileW
GetProcessId
ResumeThread
GetCurrentProcessId
GetDriveTypeW
OpenEventW
GetComputerNameW
CompareStringW
SetThreadPriority
ExitThread
SetProcessShutdownParameters
SetConsoleCtrlHandler
HeapSetInformation
SetErrorMode
SetUnhandledExceptionFilter
GetProcessTimes
OpenProcess
InterlockedCompareExchange
LoadLibraryA
HeapCreate
WaitForSingleObject
TerminateProcess
HeapFree
InitializeCriticalSection
CreateThread
ExpandEnvironmentStringsW
CreateProcessW
GetLastError
CloseHandle
SetLastError
EnterCriticalSection
LeaveCriticalSection
Sleep
LocalFree
LocalAlloc
GetEnvironmentVariableW
CreateDirectoryW
FindFirstFileW
FindClose
lstrlenW
FindNextFileW
MoveFileExW
GetVersionExW
GetSystemTime
GetExitCodeThread
UnhandledExceptionFilter
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
InterlockedExchange
DelayLoadFailureHook
ConnectNamedPipe
msvcrt.dll
ncobjapi.dll

WmiCreateObjectWithFormat
WmiEventSourceConnect
WmiSetAndCommitObject
ntdll.dll
rpcrt4.dll

UuidCreate
RpcAsyncAbortCall
RpcServerUnsubscribeForNotification
UuidEqual
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerInqBindings
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcEpRegisterW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
UuidCreateNil
I_RpcMapWin32Status
RpcServerInqCallAttributesW
RpcAsyncCompleteCall
RpcServerInqBindingHandle
RpcImpersonateClient
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
NdrServerCall2
NdrAsyncServerCall
RpcSsGetContextBinding
RpcServerInqCallAttributesA
RpcBindingServerFromClient
RpcBindingFree
RpcBindingVectorFree
RpcServerSubscribeForNotification
UuidFromStringW
RpcServerUnregisterIf
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerUnregisterIfEx
RpcServerRegisterIf
RpcServerListen
I_RpcExceptionFilter
NdrAsyncClientCall
RpcAsyncInitializeHandle
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcServerRegisterIf3
RpcEpUnregister
scesrv.dll

ScesrvTerminateServer
ScesrvInitializeServer
sspicli.dll

user32.dll

BroadcastSystemMessageW
LoadStringW
RegisterServicesProcess
userenv.dll

UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock