File details
File name: lsm.exe
Name: Local Session Manager Service
Description: Microsoft® Windows® Operating System
Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product version: 6.1.7600.16385
Size: 255 KB
Original file name: lsm.exe.mui
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0012396952%
Privileged CPU:
0.0007401227%

User CPU:
0.00049957250513%

Privileged CPU time: 1028681.24 ms
Privileged CPU time /min: 36 ms
CPU cycle count:
448,435,007
CPU cycle count /min: 7,978,708
Context switches /sec:
10
 | Memory utilization averages |
Committed memory:
16.88 MB
Peak committed memory: 17.44 MB
Paged memory:
1.48 MB
Peak paged memory: 1.73 MB
Paged system memory:
28.46 KB
Non-paged system memory: 4.03 KB
Working set memory:
2.25 MB
Peak working set memory: 3.21 MB
Min working set memory: 2.01 MB
Private memory:
1.48 MB
Page faults:
3,829
Page faults /min: 3
 | Process I/O averages |
Total read operations:
273
Read operations /min: 1
Total read transfer: 132.47 KB
Read transfer /min: 85 Bytes
Total write operations:
446
Write operations /min: 1
Total write transfer: 70.99 KB
Write transfer /min: 4 Bytes
Total other operations:
131
Other operations /min: 1
Total other transfer: 854 Bytes
Other Transfer /min: 2 Bytes
Resources
Handle count average: 163
Thread count average: 11
Thread resource averages
ntdll.dll

Total CPU: 0.010502873353%
Privileged CPU: 0.006656735908%
User CPU: 0.003846137445%
CPU Cycle count /sec: 149,516
Module memory size: 1.23 MB
ntdll.dll

Total CPU: 0.010362507939%
Privileged CPU: 0.007009213312%
User CPU: 0.003353294627%
CPU Cycle count /sec: 154,100
Module memory size: 1.23 MB
Total CPU: 0.000604567970%
Privileged CPU: 0.000535357402%
User CPU: 0.000069210568%
CPU Cycle count /sec: 7,519
Module memory size: 264 KB
ntdll.dll

Total CPU: 0.000364716048%
Privileged CPU: 0.000021496430%
User CPU: 0.000343219618%
CPU Cycle count /sec: 988
Module memory size: 1.24 MB
ntdll.dll

Total CPU: 0.000006534750%
Privileged CPU: 0.000003267377%
User CPU: 0.000003267373%
CPU Cycle count /sec: 454
Module memory size: 1.23 MB
Process details
Runs as (owner): System
Integrety level: System
Windows platform: 32-bit
Parent Process
Process Command
C:\Windows\system32\lsm.exe
Image hashes
MD5: 398dc10274c0cb861338cfc56e727c9f
SHA-1: 94cac404a11a819ad94d4a00d3e0d9d8c2a8b6db
SHA-256: 241190f7005956f6ce2b4ebb6125ea46c43383bafa7ca0459f88ee87447b3266
PE image details
Langauge*: Microsoft Visual C++
File entropy: 6.50647
File packed: No
Import Table
advapi32.dll

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegNotifyChangeKeyValue
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
RevertToSelf
ImpersonateLoggedOnUser
LogonUserW
OpenServiceW
RegSetValueExW
NotifyServiceStatusChangeW
AccessCheckAndAuditAlarmW
SetThreadToken
DuplicateTokenEx
AuditFree
AuditQuerySystemPolicy
QueryServiceStatus
CreateWellKnownSid
MakeSelfRelativeSD
MakeAbsoluteSD
CheckTokenMembership
QueryServiceConfigW
StartServiceW
DuplicateToken
LookupAccountSidW
AddAce
GetAce
InitializeAcl
CopySid
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
LsaFreeMemory
LsaGetUserName
ControlTraceW
StartTraceW
EnableTrace
QueryTraceW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
IsValidSecurityDescriptor
RegCreateKeyExW
RegConnectRegistryW
RegOpenCurrentUser
I_ScSendTSMessage
RegEnumKeyExW
RegDeleteKeyW
GetSecurityDescriptorLength
PerfSetCounterRefValue
PerfCreateInstance
PerfStopProvider
PerfSetCounterSetInfo
PerfStartProvider
api-ms-win-core-errorhandling-l1-1-0.dll

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
api-ms-win-core-handle-l1-1-0.dll

CloseHandle
DuplicateHandle
api-ms-win-core-heap-l1-1-0.dll

api-ms-win-core-interlocked-l1-1-0.dll

InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
api-ms-win-core-libraryloader-l1-1-0.dll

LoadStringW
GetModuleHandleW
GetProcAddress
FreeLibrary
GetModuleHandleA
LoadLibraryExA
api-ms-win-core-localregistry-l1-1-0.dll

RegNotifyChangeKeyValue
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
api-ms-win-core-misc-l1-1-0.dll

api-ms-win-core-processthreads-l1-1-0.dll

OpenProcessToken
OpenThreadToken
GetCurrentThread
ProcessIdToSessionId
SetThreadToken
GetCurrentProcess
GetProcessId
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
api-ms-win-core-profile-l1-1-0.dll

api-ms-win-core-synch-l1-1-0.dll

WaitForSingleObject
OpenEventW
SetEvent
InitializeCriticalSection
OpenProcess
CreateEventW
WaitForMultipleObjectsEx
ResetEvent
DeleteCriticalSection
api-ms-win-core-sysinfo-l1-1-0.dll

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
api-ms-win-core-threadpool-l1-1-0.dll

api-ms-win-security-base-l1-1-0.dll

SetSecurityDescriptorGroup
CopySid
InitializeSecurityDescriptor
GetTokenInformation
AdjustTokenPrivileges
SetSecurityDescriptorDacl
GetLengthSid
IsValidSid
DuplicateTokenEx
GetSecurityDescriptorLength
CreateWellKnownSid
MakeSelfRelativeSD
MakeAbsoluteSD
CheckTokenMembership
DuplicateToken
AddAce
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
RevertToSelf
ImpersonateLoggedOnUser
AccessCheckAndAuditAlarmW
IsValidSecurityDescriptor
EqualSid
SetSecurityDescriptorOwner
api-ms-win-service-management-l1-1-0.dll

OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
api-ms-win-service-management-l2-1-0.dll

QueryServiceConfigW
NotifyServiceStatusChangeW
api-ms-win-service-winsvc-l1-1-0.dll

QueryServiceStatus
I_ScSendTSMessage
kernel32.dll

QueueUserWorkItem
GetComputerNameW
WaitForMultipleObjects
RegisterWaitForSingleObject
LoadLibraryW
DelayLoadFailureHook
HeapAlloc
GetProcessHeap
HeapFree
ExpandEnvironmentStringsW
SetLastError
OutputDebugStringA
RtlCaptureStackBackTrace
LocalSize
SleepEx
GetVersionExW
CreateProcessW
DebugBreak
IsDebuggerPresent
GetSystemDirectoryW
RegCreateKeyExW
RegOpenCurrentUser
RegEnumKeyExW
VerifyVersionInfoW
VerSetConditionMask
LocalAlloc
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
FormatMessageW
DeleteCriticalSection
GetProcAddress
InitializeCriticalSection
InterlockedCompareExchange
GetProcessId
UnregisterWaitEx
OpenProcess
DuplicateHandle
InterlockedExchange
ProcessIdToSessionId
HeapSetInformation
SetUnhandledExceptionFilter
CreateEventW
WaitForSingleObject
Sleep
InterlockedDecrement
InterlockedIncrement
WaitForMultipleObjectsEx
GetCurrentThread
GetCurrentProcess
CloseHandle
LocalFree
ResetEvent
OpenEventW
GetLastError
SetEvent
FreeLibrary
msvcrt.dll
ntdll.dll

NtDelayExecution
RtlUnhandledExceptionFilter
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwTraceMessage
EtwEventWrite
RtlInitializeResource
EtwEventUnregister
RtlDeleteResource
NtNotifyChangeSession
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
NtOpenEvent
RtlInitUnicodeString
RtlInitializeGenericTable
RtlEnumerateGenericTable
NtOpenSession
NtSetSystemInformation
NtQuerySystemTime
NtFreeVirtualMemory
NtAllocateVirtualMemory
RtlConnectToSm
RtlSendMsgToSm
NtDuplicateToken
RtlRaiseException
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
NtQuerySystemInformation
RtlEqualSid
NtSetSecurityObject
NtQuerySecurityObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtCreateDirectoryObject
NtQueryValueKey
NtOpenKey
NtDuplicateObject
NtQueryInformationProcess
RtlMapGenericMask
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlCreateUserSecurityObject
RtlGetOwnerSecurityDescriptor
RtlDeleteAce
RtlSetGroupSecurityDescriptor
RtlCopySecurityDescriptor
RtlGetGroupSecurityDescriptor
NtTerminateProcess
NtWaitForSingleObject
RtlPrefixUnicodeString
NtClose
NtCreateEvent
RtlNumberGenericTableElements
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlLengthSid
RtlAllocateAndInitializeSid
NtCreatePort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyPort
DbgPrint
NtOpenProcess
NtCreateSection
NtReplyWaitReceivePort
RtlNtStatusToDosError
NtQueryLicenseValue
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlAdjustPrivilege
NtQueryInformationToken
EtwEventRegister
DbgBreakPoint
rpcrt4.dll

RpcServerTestCancel
NdrAsyncServerCall
NdrServerCall2
RpcImpersonateClient
RpcRevertToSelf
I_RpcMapWin32Status
UuidCreate
UuidToStringW
RpcAsyncCompleteCall
RpcServerSubscribeForNotification
RpcServerInqCallAttributesW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerUnsubscribeForNotification
I_RpcBindingIsClientLocal
I_RpcBindingInqLocalClientPID
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcMgmtWaitServerListen
RpcStringFreeW
UuidFromStringW
sysntfy.dll

wmsgapi.dll
