File details
File name: lsm.exe
Name: Local Session Manager Service
Description: Microsoft® Windows® Operating System
Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product version: 6.1.7600.16385
Size: 335 KB
Original file name: lsm.exe.mui
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0006272988%
Privileged CPU:
0.0003490574%

User CPU:
0.00027824137457%

Privileged CPU time: 7022637.65 ms
Privileged CPU time /min: 3,122 ms
CPU cycle count:
214,080,885
CPU cycle count /min: 10,237,954
Context switches /sec:
18
 | Memory utilization averages |
Committed memory:
21.59 MB
Peak committed memory: 23.06 MB
Paged memory:
2.97 MB
Peak paged memory: 3.74 MB
Paged system memory:
36.52 KB
Non-paged system memory: 8.68 KB
Working set memory:
3.72 MB
Peak working set memory: 4.9 MB
Min working set memory: 3.15 MB
Private memory:
2.97 MB
Page faults:
13,868
Page faults /min: 11
 | Process I/O averages |
Total read operations:
1
Total read transfer: 5.79 KB
Total write operations:
1
Write operations /min: 1
Total write transfer: 3.98 KB
Write transfer /min: 2 Bytes
Total other operations:
42,197
Other operations /min: 11
Total other transfer: 377.55 KB
Other Transfer /min: 109 Bytes
Resources
Handle count average: 182
Thread count average: 10
Thread resource averages
ntdll.dll

Total CPU: 0.117393812895%
Privileged CPU: 0.038546104076%
User CPU: 0.078847708819%
CPU Cycle count /sec: 1,696,036
Context switches /sec: 2
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.034993245676%
Privileged CPU: 0.013533271453%
User CPU: 0.021459974224%
CPU Cycle count /sec: 460,957
Context switches /sec: 2
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.018391201504%
Privileged CPU: 0.010248316433%
User CPU: 0.008142885071%
CPU Cycle count /sec: 333,595
Context switches /sec: 1
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.015641616514%
Privileged CPU: 0.010883451641%
User CPU: 0.004758164873%
CPU Cycle count /sec: 378,271
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.003850981670%
Privileged CPU: 0.001572932631%
User CPU: 0.002278049039%
CPU Cycle count /sec: 108,011
Context switches /sec: 1
Module memory size: 1.66 MB
Total CPU: 0.000271511856%
Privileged CPU: 0.000203622820%
User CPU: 0.000067889037%
CPU Cycle count /sec: 3,894
Module memory size: 348 KB
ole32.dll

Total CPU: 0.000080792470%
Privileged CPU: 0.000000000000%
User CPU: 0.000080792470%
CPU Cycle count /sec: 583
Module memory size: 2.01 MB
Total CPU: 0.000004169681%
Privileged CPU: 0.000000000000%
User CPU: 0.000004169681%
CPU Cycle count /sec: 128
Module memory size: 852 KB
Process details
Runs as (owner): System
Integrety level: System
Windows platform: 64-bit
Parent Process
Child Processes
Process Commands
C:\Windows\system32\lsm.exe
C:\Windows\System32\lsm.exe
Image hashes
MD5: 9662ee182644511439f1c53745dc1c88
SHA-1: 6766228926eb48344451737c61d0e05dbe390591
SHA-256: d205b2c163e78ab42a5d67d7664ef6b75ea0374ff0924467d624f9db0611f0ad
PE image details
Langauge*: Microsoft Visual C++
File entropy: 6.50647
File packed: No
Import Table
advapi32.dll

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegNotifyChangeKeyValue
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
RevertToSelf
ImpersonateLoggedOnUser
LogonUserW
OpenServiceW
RegSetValueExW
NotifyServiceStatusChangeW
AccessCheckAndAuditAlarmW
SetThreadToken
DuplicateTokenEx
AuditFree
AuditQuerySystemPolicy
QueryServiceStatus
CreateWellKnownSid
MakeSelfRelativeSD
MakeAbsoluteSD
CheckTokenMembership
QueryServiceConfigW
StartServiceW
DuplicateToken
LookupAccountSidW
AddAce
GetAce
InitializeAcl
CopySid
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
LsaFreeMemory
LsaGetUserName
ControlTraceW
StartTraceW
EnableTrace
QueryTraceW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
IsValidSecurityDescriptor
RegCreateKeyExW
RegConnectRegistryW
RegOpenCurrentUser
I_ScSendTSMessage
RegEnumKeyExW
RegDeleteKeyW
GetSecurityDescriptorLength
PerfSetCounterRefValue
PerfCreateInstance
PerfStopProvider
PerfSetCounterSetInfo
PerfStartProvider
api-ms-win-core-errorhandling-l1-1-0.dll

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-core-handle-l1-1-0.dll

CloseHandle
DuplicateHandle
api-ms-win-core-heap-l1-1-0.dll

api-ms-win-core-interlocked-l1-1-0.dll

InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
api-ms-win-core-libraryloader-l1-1-0.dll

LoadStringW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleHandleA
LoadLibraryExA
api-ms-win-core-localregistry-l1-1-0.dll

RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
api-ms-win-core-misc-l1-1-0.dll

api-ms-win-core-processthreads-l1-1-0.dll

OpenProcessToken
OpenThreadToken
GetCurrentThread
ProcessIdToSessionId
SetThreadToken
GetCurrentProcess
GetProcessId
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
api-ms-win-core-profile-l1-1-0.dll

api-ms-win-core-synch-l1-1-0.dll

WaitForSingleObject
OpenEventW
SetEvent
InitializeCriticalSection
OpenProcess
CreateEventW
WaitForMultipleObjectsEx
ResetEvent
DeleteCriticalSection
api-ms-win-core-sysinfo-l1-1-0.dll

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
api-ms-win-core-threadpool-l1-1-0.dll

api-ms-win-security-base-l1-1-0.dll

SetSecurityDescriptorGroup
CopySid
InitializeSecurityDescriptor
GetTokenInformation
AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetLengthSid
IsValidSid
DuplicateTokenEx
GetSecurityDescriptorLength
CreateWellKnownSid
MakeSelfRelativeSD
MakeAbsoluteSD
CheckTokenMembership
DuplicateToken
AddAce
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
RevertToSelf
ImpersonateLoggedOnUser
AccessCheckAndAuditAlarmW
IsValidSecurityDescriptor
EqualSid
SetSecurityDescriptorOwner
api-ms-win-service-management-l1-1-0.dll

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
api-ms-win-service-management-l2-1-0.dll

QueryServiceConfigW
NotifyServiceStatusChangeW
api-ms-win-service-winsvc-l1-1-0.dll

QueryServiceStatus
I_ScSendTSMessage
kernel32.dll

QueueUserWorkItem
GetComputerNameW
WaitForMultipleObjects
RegisterWaitForSingleObject
LoadLibraryW
DelayLoadFailureHook
HeapAlloc
GetProcessHeap
HeapFree
ExpandEnvironmentStringsW
SetLastError
OutputDebugStringA
RtlCaptureStackBackTrace
LocalSize
SleepEx
GetVersionExW
CreateProcessW
DebugBreak
IsDebuggerPresent
GetSystemDirectoryW
RegCreateKeyExW
RegOpenCurrentUser
RegEnumKeyExW
VerifyVersionInfoW
VerSetConditionMask
LocalAlloc
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
FormatMessageW
DeleteCriticalSection
GetProcAddress
InitializeCriticalSection
InterlockedCompareExchange
GetProcessId
UnregisterWaitEx
OpenProcess
DuplicateHandle
InterlockedExchange
ProcessIdToSessionId
HeapSetInformation
SetUnhandledExceptionFilter
CreateEventW
WaitForSingleObject
Sleep
InterlockedDecrement
InterlockedIncrement
WaitForMultipleObjectsEx
GetCurrentThread
GetCurrentProcess
CloseHandle
LocalFree
ResetEvent
OpenEventW
GetLastError
SetEvent
FreeLibrary
msvcrt.dll
ntdll.dll

NtDelayExecution
RtlUnhandledExceptionFilter
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage
EtwEventWrite
RtlInitializeResource
EtwEventUnregister
RtlDeleteResource
NtNotifyChangeSession
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
NtOpenEvent
RtlInitUnicodeString
RtlInitializeGenericTable
RtlEnumerateGenericTable
NtOpenSession
NtSetSystemInformation
NtQuerySystemTime
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlConnectToSm
RtlSendMsgToSm
NtDuplicateToken
RtlRaiseException
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
NtQuerySystemInformation
RtlEqualSid
NtSetSecurityObject
NtQuerySecurityObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtCreateDirectoryObject
NtQueryValueKey
NtOpenKey
NtDuplicateObject
NtQueryInformationProcess
RtlMapGenericMask
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlCreateUserSecurityObject
RtlGetOwnerSecurityDescriptor
RtlDeleteAce
RtlSetGroupSecurityDescriptor
RtlCopySecurityDescriptor
RtlGetGroupSecurityDescriptor
NtTerminateProcess
NtWaitForSingleObject
RtlPrefixUnicodeString
NtClose
NtCreateEvent
RtlNumberGenericTableElements
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlLengthSid
RtlAllocateAndInitializeSid
NtCreatePort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyPort
DbgPrint
NtOpenProcess
NtCreateSection
NtReplyWaitReceivePort
RtlNtStatusToDosError
NtQueryLicenseValue
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlAdjustPrivilege
NtQueryInformationToken
EtwEventRegister
DbgBreakPoint
rpcrt4.dll

RpcServerTestCancel
NdrAsyncServerCall
NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf
I_RpcMapWin32Status
UuidCreate
UuidToStringW
RpcAsyncCompleteCall
RpcServerSubscribeForNotification
RpcServerInqCallAttributesW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerUnsubscribeForNotification
I_RpcBindingIsClientLocal
I_RpcBindingInqLocalClientPID
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcMgmtWaitServerListen
RpcStringFreeW
UuidFromStringW
sysntfy.dll

wmsgapi.dll
