File details
File name: services.exe
Name: Services and Controller app
Description: Microsoft® Windows® Operating System
Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product version: 6.1.7600.16385
Size: 321 KB
Original file name: services.exe.mui
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0048877992%
Privileged CPU:
0.0023089574%

User CPU:
0.00257884184643%

Privileged CPU time: 22642891.16 ms
Privileged CPU time /min: 6,400 ms
CPU cycle count:
15,663,118
CPU cycle count /min: 105,152,445
Context switches /sec:
92
 | Memory utilization averages |
Committed memory:
45.88 MB
Peak committed memory: 75.01 MB
Paged memory:
8.44 MB
Peak paged memory: 12.16 MB
Paged system memory:
71.26 KB
Non-paged system memory: 18.45 KB
Working set memory:
10.58 MB
Peak working set memory: 15.99 MB
Min working set memory: 7.43 MB
Private memory:
8.44 MB
Page faults:
281,248
Page faults /min: 115
 | Process I/O averages |
Total read operations:
25,557
Read operations /min: 14
Total read transfer: 11.34 MB
Read transfer /min: 16.72 KB
Total write operations:
1,496
Write operations /min: 9
Total write transfer: 6.34 MB
Write transfer /min: 36.45 KB
Total other operations:
670,011
Other operations /min: 105
Total other transfer: 3.52 MB
Other Transfer /min: 3.17 KB
Resources
Handle count average: 284
Thread count average: 10
Thread resource averages
ntdll.dll

Total CPU: 0.278205382356%
Privileged CPU: 0.162181067627%
User CPU: 0.116024314728%
CPU Cycle count /sec: 7,824,834
Context switches /sec: 68
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.133468813787%
Privileged CPU: 0.048858216857%
User CPU: 0.084610596930%
CPU Cycle count /sec: 5,039,829
Context switches /sec: 4
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.092589969333%
Privileged CPU: 0.063520972778%
User CPU: 0.029068996555%
CPU Cycle count /sec: 1,804,905
Context switches /sec: 11
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.058613074972%
Privileged CPU: 0.036650111044%
User CPU: 0.021962963928%
CPU Cycle count /sec: 1,096,801
Context switches /sec: 7
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.052613503254%
Privileged CPU: 0.030567285736%
User CPU: 0.022046217518%
CPU Cycle count /sec: 1,038,178
Context switches /sec: 21
Module memory size: 1.67 MB
ntdll.dll

Total CPU: 0.045990824945%
Privileged CPU: 0.026391939503%
User CPU: 0.019598885442%
CPU Cycle count /sec: 911,350
Context switches /sec: 6
Module memory size: 1.67 MB
ntdll.dll

Total CPU: 0.034182677606%
Privileged CPU: 0.010251613480%
User CPU: 0.023931064126%
CPU Cycle count /sec: 795,114
Context switches /sec: 8
Module memory size: 1.66 MB
ntdll.dll

Total CPU: 0.022974792283%
Privileged CPU: 0.013511097867%
User CPU: 0.009463694416%
CPU Cycle count /sec: 833,020
Context switches /sec: 15
Module memory size: 1.67 MB
ntdll.dll

Total CPU: 0.013635592941%
Privileged CPU: 0.012096161994%
User CPU: 0.001539430946%
CPU Cycle count /sec: 472,039
Context switches /sec: 6
Module memory size: 1.67 MB
ntdll.dll

Total CPU: 0.005602088438%
Privileged CPU: 0.000000000000%
User CPU: 0.005602088438%
CPU Cycle count /sec: 377,732
Context switches /sec: 9
Module memory size: 1.68 MB
ubpm.dll

Total CPU: 0.003203593978%
Privileged CPU: 0.000450334216%
User CPU: 0.002753259762%
CPU Cycle count /sec: 71,315
Context switches /sec: 1
Module memory size: 228 KB
msvcr80.dll

Total CPU: 0.000022356504%
Privileged CPU: 0.000022356504%
User CPU: 0.000000000000%
CPU Cycle count /sec: 1,361
Module memory size: 804 KB
Process details
Runs as (owner): System
Integrety level: System
Windows platform: 64-bit
Parent Process
Child Processes
Process Commands
C:\Windows\system32\services.exe
C:\Windows\System32\services.exe
Network connectivity
TCP: localhost on port 49156
TCP: localhost on port 49238
TCP: localhost on port 49169
TCP: localhost on port 49155
TCP: localhost on port 49158
TCP: localhost on port 1039
TCP: localhost on port 1029
TCP: localhost on port 49162
TCP: localhost on port 49159
TCP: localhost on port 49165
TCP: localhost on port 49265
TCP: localhost on port 49157
Image hashes
MD5: 24acb7e5be595468e3b9aa488b9b4fcb
SHA-1: a5b16a7d28d2ba79a9ccfc16ed480ad75a757166
SHA-256: 63541e3432fce953f266ae553e7a394978d6ee3db52388d885f668cf42c5e7e2
PE image details
Langauge*: Microsoft Visual C++
File entropy: 6.44934
File packed: No
Import Table
advapi32.dll

TraceMessage
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser
InitiateSystemShutdownExW
OpenThreadToken
LsaClose
LsaFreeMemory
LsaLookupSids
LsaOpenPolicy
OpenProcessToken
EqualSid
AdjustTokenPrivileges
SetSecurityDescriptorDacl
AddAce
InitializeAcl
CopySid
GetLengthSid
GetSecurityDescriptorDacl
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegLoadMUIStringW
LsaManageSidNameMapping
LookupPrivilegeValueW
RegNotifyChangeKeyValue
LsaQueryInformationPolicy
SetTokenInformation
AddAccessAllowedAce
LsaEnumeratePrivileges
LsaLookupNames
FreeSid
AllocateAndInitializeSid
AllocateLocallyUniqueId
SetKernelObjectSecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetKernelObjectSecurity
LsaStorePrivateData
EventWrite
EventRegister
RegOpenKeyW
SystemFunction005
SystemFunction029
StartServiceCtrlDispatcherW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
ControlTraceW
EnableTrace
StartTraceW
CheckTokenMembership
LogonUserExExW
api-ms-win-core-crt-l1-1-0.dll

memcpy
wcschr
_wcslwr_s
wcsrchr
wcscat_s
memset
memcmp
_vsnwprintf_s
_wcsnicmp
wcstoul
_ltow_s
wcscspn
wcsstr
_wcsicmp
_wtol
wcsncmp
_ultow_s
_except_handler4_common
api-ms-win-core-crt-l2-1-0.dll

api-ms-win-core-errorhandling-l1-1-0.dll

SetLastError
GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-1.dll

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
api-ms-win-core-file-l1-1-0.dll

CreateFileW
SetFileInformationByHandle
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
api-ms-win-core-file-l1-2-0.dll

CreateDirectoryW
FindFirstFileW
SetFileInformationByHandle
FindClose
FindNextFileW
CreateFileW
api-ms-win-core-handle-l1-1-0.dll

DuplicateHandle
CloseHandle
api-ms-win-core-heap-l1-1-0.dll

HeapFree
HeapCreate
HeapAlloc
HeapSetInformation
api-ms-win-core-heap-l1-2-0.dll

HeapAlloc
HeapSetInformation
HeapFree
api-ms-win-core-heap-obsolete-l1-1-0.dll

api-ms-win-core-interlocked-l1-1-0.dll

InterlockedCompareExchange
InterlockedExchange
InterlockedCompareExchange64
api-ms-win-core-interlocked-l1-2-0.dll

InterlockedCompareExchange64
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
api-ms-win-core-io-l1-1-0.dll

api-ms-win-core-io-l1-1-1.dll

api-ms-win-core-libraryloader-l1-1-0.dll

GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleA
LoadStringW
api-ms-win-core-libraryloader-l1-1-1.dll

LoadStringW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
api-ms-win-core-localregistry-l1-1-0.dll

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegSetValueExW
RegCreateKeyExW
api-ms-win-core-misc-l1-1-0.dll

LocalFree
Sleep
lstrlenW
LocalAlloc
api-ms-win-core-processenvironment-l1-1-0.dll

GetEnvironmentVariableW
ExpandEnvironmentStringsW
api-ms-win-core-processenvironment-l1-2-0.dll

GetEnvironmentVariableW
ExpandEnvironmentStringsW
api-ms-win-core-processthreads-l1-1-0.dll

CreateProcessW
CreateThread
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetProcessId
GetCurrentProcess
CreateProcessAsUserW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcessToken
ResumeThread
SetThreadPriority
ExitThread
SetProcessShutdownParameters
GetCurrentProcessId
GetProcessTimes
api-ms-win-core-processthreads-l1-1-1.dll

CreateThread
CreateProcessW
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
TerminateProcess
GetProcessId
OpenThreadToken
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessAsUserW
ResumeThread
OpenProcessToken
OpenProcess
GetProcessTimes
ExitThread
SetProcessShutdownParameters
GetCurrentProcessId
api-ms-win-core-profile-l1-1-0.dll

api-ms-win-core-registry-l1-1-0.dll

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteTreeW
RegNotifyChangeKeyValue
RegSetKeySecurity
RegGetKeySecurity
RegLoadMUIStringW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
api-ms-win-core-string-l1-1-0.dll

api-ms-win-core-synch-l1-1-0.dll

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
ResetEvent
WaitForMultipleObjectsEx
OpenEventW
OpenProcess
api-ms-win-core-synch-l1-2-0.dll

AcquireSRWLockExclusive
OpenEventW
ResetEvent
WaitForMultipleObjectsEx
CreateEventW
SetEvent
WaitForSingleObject
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ReleaseSRWLockExclusive
api-ms-win-core-sysinfo-l1-1-0.dll

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemTime
GetVersionExW
api-ms-win-core-sysinfo-l1-2-0.dll

GetTickCount64
GetSystemTimeAsFileTime
GetComputerNameExW
GetVersionExW
GetSystemTime
GetTickCount
api-ms-win-core-threadpool-l1-2-0.dll

CreateThreadpoolCleanupGroup
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CallbackMayRunLong
CloseThreadpoolWork
api-ms-win-security-base-l1-1-0.dll

SetSecurityDescriptorDacl
AdjustTokenPrivileges
EqualSid
ImpersonateLoggedOnUser
RevertToSelf
GetLengthSid
CopySid
CheckTokenMembership
GetTokenInformation
AddAce
InitializeAcl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetTokenInformation
AddAccessAllowedAce
AllocateAndInitializeSid
AllocateLocallyUniqueId
FreeSid
SetKernelObjectSecurity
GetKernelObjectSecurity
api-ms-win-security-base-l1-2-0.dll

AddAccessAllowedAce
SetKernelObjectSecurity
GetKernelObjectSecurity
FreeSid
AllocateAndInitializeSid
AllocateLocallyUniqueId
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
EqualSid
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
CopySid
GetLengthSid
CheckTokenMembership
GetTokenInformation
SetTokenInformation
api-ms-win-security-lsalookup-l1-1-0.dll

LsaLookupFreeMemory
LsaLookupTranslateSids
LsaLookupOpenLocalPolicy
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupClose
api-ms-win-security-lsalookup-l1-1-1.dll

LsaLookupOpenLocalPolicy
LsaLookupFreeMemory
LsaLookupClose
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupTranslateSids
api-ms-win-security-sddl-l1-1-0.dll

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
cryptbase.dll

SystemFunction005
SystemFunction029
kernel32.dll

InterlockedCompareExchange64
CreateNamedPipeW
ReadFile
CancelIo
GetOverlappedResult
WaitForMultipleObjects
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
TransactNamedPipe
WriteFile
GetTickCount
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
CreateEventW
SetEvent
GetCurrentThread
ResetEvent
DeviceIoControl
CreateFileW
GetProcessId
ResumeThread
GetCurrentProcessId
GetDriveTypeW
OpenEventW
GetComputerNameW
CompareStringW
SetThreadPriority
ExitThread
SetProcessShutdownParameters
SetConsoleCtrlHandler
HeapSetInformation
SetErrorMode
SetUnhandledExceptionFilter
GetProcessTimes
OpenProcess
InterlockedCompareExchange
LoadLibraryA
HeapCreate
WaitForSingleObject
TerminateProcess
HeapFree
InitializeCriticalSection
CreateThread
ExpandEnvironmentStringsW
CreateProcessW
GetLastError
CloseHandle
SetLastError
EnterCriticalSection
LeaveCriticalSection
Sleep
LocalFree
LocalAlloc
GetEnvironmentVariableW
CreateDirectoryW
FindFirstFileW
FindClose
lstrlenW
FindNextFileW
MoveFileExW
GetVersionExW
GetSystemTime
GetExitCodeThread
UnhandledExceptionFilter
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
InterlockedExchange
DelayLoadFailureHook
ConnectNamedPipe
msvcrt.dll
ncobjapi.dll

WmiCreateObjectWithFormat
WmiEventSourceConnect
WmiSetAndCommitObject
ntdll.dll
rpcrt4.dll

UuidCreate
RpcAsyncAbortCall
RpcServerUnsubscribeForNotification
UuidEqual
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerInqBindings
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcEpRegisterW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
UuidCreateNil
I_RpcMapWin32Status
RpcServerInqCallAttributesW
RpcAsyncCompleteCall
RpcServerInqBindingHandle
RpcImpersonateClient
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
NdrServerCall2
NdrAsyncServerCall
RpcSsGetContextBinding
RpcServerInqCallAttributesA
RpcBindingServerFromClient
RpcBindingFree
RpcBindingVectorFree
RpcServerSubscribeForNotification
UuidFromStringW
RpcServerUnregisterIf
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerUnregisterIfEx
RpcServerRegisterIf
RpcServerListen
I_RpcExceptionFilter
NdrAsyncClientCall
RpcAsyncInitializeHandle
NdrClientCall2
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcServerRegisterIf3
RpcEpUnregister
scesrv.dll

ScesrvTerminateServer
ScesrvInitializeServer
sspicli.dll

user32.dll

BroadcastSystemMessageW
LoadStringW
RegisterServicesProcess
userenv.dll

UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock