lsm.dll
Description: Local Session Manager Service
Authors: © Microsoft Corporation. All rights reserved.
Version: 10.0.19041.6456
Architecture: 64-bit
Operating System: Windows NT
SHA256: f374fcc1fe86c59abb4ecb0feb582d21
File Size: 829.5 KB
Uploaded At: Dec. 1, 2025, 7:32 a.m.
Views: 6
Security Warning
This file has been flagged as potentially dangerous.
Reason: Detected potentially dangerous functions used for process injection: OpenProcess
Exported Functions
- ServiceMain (Ordinal: 1, Address: 0x26460)
Imported DLLs & Functions
api-ms-win-core-apiquery-l1-1-0.dll
- ApiSetQueryApiSetPresence (Address: 0x18008d508)
api-ms-win-core-com-l1-1-0.dll
- CoCreateGuid (Address: 0x18008d538)
- CoCreateInstance (Address: 0x18008d550)
- CoInitializeEx (Address: 0x18008d528)
- CoInitializeSecurity (Address: 0x18008d530)
- CoTaskMemAlloc (Address: 0x18008d540)
- CoTaskMemFree (Address: 0x18008d520)
- CoUninitialize (Address: 0x18008d548)
- StringFromCLSID (Address: 0x18008d518)
api-ms-win-core-debug-l1-1-0.dll
- DebugBreak (Address: 0x18008d570)
- IsDebuggerPresent (Address: 0x18008d568)
- OutputDebugStringA (Address: 0x18008d578)
- OutputDebugStringW (Address: 0x18008d560)
api-ms-win-core-delayload-l1-1-0.dll
- DelayLoadFailureHook (Address: 0x18008d588)
api-ms-win-core-delayload-l1-1-1.dll
- ResolveDelayLoadedAPI (Address: 0x18008d598)
api-ms-win-core-errorhandling-l1-1-0.dll
- GetLastError (Address: 0x18008d5b0)
- SetLastError (Address: 0x18008d5a8)
- SetUnhandledExceptionFilter (Address: 0x18008d5b8)
- UnhandledExceptionFilter (Address: 0x18008d5c0)
api-ms-win-core-file-l1-1-0.dll
- CreateDirectoryW (Address: 0x18008d5d8)
- CreateFileW (Address: 0x18008d5d0)
api-ms-win-core-handle-l1-1-0.dll
- CloseHandle (Address: 0x18008d5f0)
- DuplicateHandle (Address: 0x18008d5e8)
api-ms-win-core-heap-l1-1-0.dll
- GetProcessHeap (Address: 0x18008d618)
- HeapAlloc (Address: 0x18008d608)
- HeapFree (Address: 0x18008d600)
- HeapSetInformation (Address: 0x18008d610)
api-ms-win-core-heap-l2-1-0.dll
- LocalAlloc (Address: 0x18008d628)
- LocalFree (Address: 0x18008d630)
api-ms-win-core-heap-obsolete-l1-1-0.dll
- LocalSize (Address: 0x18008d640)
api-ms-win-core-kernel32-legacy-l1-1-0.dll
- GetComputerNameW (Address: 0x18008d650)
api-ms-win-core-libraryloader-l1-2-0.dll
- FreeLibrary (Address: 0x18008d660)
- GetModuleFileNameA (Address: 0x18008d688)
- GetModuleHandleExW (Address: 0x18008d670)
- GetModuleHandleW (Address: 0x18008d680)
- GetProcAddress (Address: 0x18008d678)
- LoadLibraryExW (Address: 0x18008d668)
api-ms-win-core-libraryloader-l1-2-1.dll
- LoadLibraryW (Address: 0x18008d698)
api-ms-win-core-localization-l1-2-0.dll
- FormatMessageW (Address: 0x18008d6a8)
api-ms-win-core-path-l1-1-0.dll
- PathCchAppend (Address: 0x18008d6b8)
api-ms-win-core-perfcounters-l1-1-0.dll
- PerfCreateInstance (Address: 0x18008d6e8)
- PerfSetCounterRefValue (Address: 0x18008d6e0)
- PerfSetCounterSetInfo (Address: 0x18008d6d0)
- PerfStartProvider (Address: 0x18008d6d8)
- PerfStopProvider (Address: 0x18008d6c8)
api-ms-win-core-processenvironment-l1-1-0.dll
- ExpandEnvironmentStringsW (Address: 0x18008d6f8)
api-ms-win-core-processthreads-l1-1-0.dll
- CreateProcessW (Address: 0x18008d758)
- CreateThread (Address: 0x18008d750)
- GetCurrentProcess (Address: 0x18008d730)
- GetCurrentProcessId (Address: 0x18008d780)
- GetCurrentThread (Address: 0x18008d708)
- GetCurrentThreadId (Address: 0x18008d778)
- GetProcessId (Address: 0x18008d718)
- OpenProcessToken (Address: 0x18008d728)
- OpenThreadToken (Address: 0x18008d710)
- ProcessIdToSessionId (Address: 0x18008d770)
- SetThreadToken (Address: 0x18008d720)
- SwitchToThread (Address: 0x18008d738)
- TerminateProcess (Address: 0x18008d740)
- TlsAlloc (Address: 0x18008d768)
- TlsFree (Address: 0x18008d760)
- TlsGetValue (Address: 0x18008d788)
- TlsSetValue (Address: 0x18008d748)
api-ms-win-core-processthreads-l1-1-1.dll
- OpenProcess (Address: 0x18008d798)
api-ms-win-core-profile-l1-1-0.dll
- QueryPerformanceCounter (Address: 0x18008d7a8)
api-ms-win-core-registry-l1-1-0.dll
- RegCloseKey (Address: 0x18008d7e0)
- RegCreateKeyExW (Address: 0x18008d7f8)
- RegEnumKeyExW (Address: 0x18008d7b8)
- RegGetValueW (Address: 0x18008d7d8)
- RegNotifyChangeKeyValue (Address: 0x18008d7c0)
- RegOpenCurrentUser (Address: 0x18008d7c8)
- RegOpenKeyExW (Address: 0x18008d7f0)
- RegQueryValueExA (Address: 0x18008d7d0)
- RegQueryValueExW (Address: 0x18008d7e8)
- RegSetValueExW (Address: 0x18008d800)
api-ms-win-core-registry-l1-1-1.dll
- RegDeleteKeyValueW (Address: 0x18008d810)
- RegSetKeyValueW (Address: 0x18008d818)
api-ms-win-core-registry-l2-1-0.dll
- RegDeleteKeyW (Address: 0x18008d828)
api-ms-win-core-synch-l1-1-0.dll
- AcquireSRWLockExclusive (Address: 0x18008d8d8)
- AcquireSRWLockShared (Address: 0x18008d8f0)
- CreateEventW (Address: 0x18008d890)
- CreateMutexExW (Address: 0x18008d8c8)
- CreateMutexW (Address: 0x18008d840)
- CreateSemaphoreExW (Address: 0x18008d850)
- DeleteCriticalSection (Address: 0x18008d868)
- EnterCriticalSection (Address: 0x18008d878)
- InitializeCriticalSection (Address: 0x18008d860)
- InitializeCriticalSectionAndSpinCount (Address: 0x18008d880)
- InitializeCriticalSectionEx (Address: 0x18008d870)
- LeaveCriticalSection (Address: 0x18008d838)
- OpenEventW (Address: 0x18008d848)
- OpenSemaphoreW (Address: 0x18008d858)
- ReleaseMutex (Address: 0x18008d8a8)
- ReleaseSemaphore (Address: 0x18008d8b8)
- ReleaseSRWLockExclusive (Address: 0x18008d8d0)
- ReleaseSRWLockShared (Address: 0x18008d8c0)
- ResetEvent (Address: 0x18008d8a0)
- SetEvent (Address: 0x18008d8e0)
- SleepEx (Address: 0x18008d8b0)
- WaitForMultipleObjectsEx (Address: 0x18008d8e8)
- WaitForSingleObject (Address: 0x18008d898)
- WaitForSingleObjectEx (Address: 0x18008d888)
api-ms-win-core-synch-l1-2-0.dll
- InitOnceBeginInitialize (Address: 0x18008d908)
- InitOnceComplete (Address: 0x18008d900)
- Sleep (Address: 0x18008d910)
api-ms-win-core-sysinfo-l1-1-0.dll
- GetSystemDirectoryW (Address: 0x18008d928)
- GetSystemTime (Address: 0x18008d938)
- GetSystemTimeAsFileTime (Address: 0x18008d930)
- GetTickCount (Address: 0x18008d940)
- GetTickCount64 (Address: 0x18008d950)
- GetVersionExW (Address: 0x18008d920)
- GetWindowsDirectoryW (Address: 0x18008d948)
api-ms-win-core-sysinfo-l1-2-0.dll
- GetOsSafeBootMode (Address: 0x18008d960)
api-ms-win-core-threadpool-l1-2-0.dll
- CloseThreadpoolTimer (Address: 0x18008d980)
- CloseThreadpoolWait (Address: 0x18008d988)
- CloseThreadpoolWork (Address: 0x18008d9c0)
- CreateThreadpoolTimer (Address: 0x18008d970)
- CreateThreadpoolWait (Address: 0x18008d990)
- CreateThreadpoolWork (Address: 0x18008d9a0)
- SetThreadpoolTimer (Address: 0x18008d9c8)
- SetThreadpoolWait (Address: 0x18008d978)
- SubmitThreadpoolWork (Address: 0x18008d9a8)
- WaitForThreadpoolTimerCallbacks (Address: 0x18008d998)
- WaitForThreadpoolWaitCallbacks (Address: 0x18008d9b0)
- WaitForThreadpoolWorkCallbacks (Address: 0x18008d9b8)
api-ms-win-core-threadpool-legacy-l1-1-0.dll
- CreateTimerQueue (Address: 0x18008d9d8)
- CreateTimerQueueTimer (Address: 0x18008d9f8)
- DeleteTimerQueueEx (Address: 0x18008d9e0)
- DeleteTimerQueueTimer (Address: 0x18008d9e8)
- QueueUserWorkItem (Address: 0x18008d9f0)
- UnregisterWaitEx (Address: 0x18008da00)
api-ms-win-core-threadpool-private-l1-1-0.dll
- RegisterWaitForSingleObjectEx (Address: 0x18008da10)
api-ms-win-core-toolhelp-l1-1-0.dll
- CreateToolhelp32Snapshot (Address: 0x18008da30)
- Process32FirstW (Address: 0x18008da20)
- Process32NextW (Address: 0x18008da28)
api-ms-win-eventing-classicprovider-l1-1-0.dll
- GetTraceEnableFlags (Address: 0x18008da48)
- GetTraceEnableLevel (Address: 0x18008da50)
- GetTraceLoggerHandle (Address: 0x18008da58)
- RegisterTraceGuidsW (Address: 0x18008da68)
- TraceMessage (Address: 0x18008da40)
- UnregisterTraceGuids (Address: 0x18008da60)
api-ms-win-eventing-controller-l1-1-0.dll
- ControlTraceW (Address: 0x18008da80)
- EnableTraceEx2 (Address: 0x18008da78)
- StartTraceW (Address: 0x18008da88)
api-ms-win-eventing-provider-l1-1-0.dll
- EventProviderEnabled (Address: 0x18008daa0)
- EventRegister (Address: 0x18008da98)
- EventSetInformation (Address: 0x18008dab0)
- EventUnregister (Address: 0x18008daa8)
- EventWriteTransfer (Address: 0x18008dab8)
api-ms-win-oobe-notification-l1-1-0.dll
- OOBEComplete (Address: 0x18008dac8)
- RegisterWaitUntilOOBECompleted (Address: 0x18008dad0)
- UnregisterWaitUntilOOBECompleted (Address: 0x18008dad8)
dwmapi.dll
- (Address: 0x18008dae8)
KERNELBASE.dll
- WTSGetServiceSessionId (Address: 0x18008d3c8)
- WTSIsServerContainer (Address: 0x18008d3d0)
msvcrt.dll
- __C_specific_handler (Address: 0x18008dc30)
- __CxxFrameHandler3 (Address: 0x18008dc18)
- __dllonexit (Address: 0x18008daf8)
- _amsg_exit (Address: 0x18008dbb0)
- _callnewh (Address: 0x18008db20)
- _CxxThrowException (Address: 0x18008dc20)
- _initterm (Address: 0x18008dba0)
- _lock (Address: 0x18008db08)
- _onexit (Address: 0x18008dc10)
- _purecall (Address: 0x18008dbc8)
- _resetstkoflw (Address: 0x18008dc08)
- _unlock (Address: 0x18008dc38)
- _vsnprintf (Address: 0x18008dbd8)
- _vsnprintf_s (Address: 0x18008dbc0)
- _vsnwprintf (Address: 0x18008db90)
- _wcsicmp (Address: 0x18008db30)
- _wcsnicmp (Address: 0x18008db98)
- _XcptFilter (Address: 0x18008dbb8)
- ??_V@YAXPEAX@Z (Address: 0x18008dc28)
- ??0exception@@QEAA@AEBQEBD@Z (Address: 0x18008db58)
- ??0exception@@QEAA@AEBQEBDH@Z (Address: 0x18008db60)
- ??0exception@@QEAA@AEBV0@@Z (Address: 0x18008db78)
- ??0exception@@QEAA@XZ (Address: 0x18008dbd0)
- ??1exception@@UEAA@XZ (Address: 0x18008db38)
- ??1type_info@@UEAA@XZ (Address: 0x18008db50)
- ??3@YAXPEAX@Z (Address: 0x18008dbe8)
- ?terminate@@YAXXZ (Address: 0x18008db10)
- ?what@exception@@UEBAPEBDXZ (Address: 0x18008db68)
- free (Address: 0x18008dba8)
- malloc (Address: 0x18008db28)
- memcmp (Address: 0x18008db40)
- memcpy (Address: 0x18008db80)
- memcpy_s (Address: 0x18008db88)
- memmove (Address: 0x18008db70)
- memmove_s (Address: 0x18008db18)
- memset (Address: 0x18008db48)
- qsort (Address: 0x18008dbf8)
- toupper (Address: 0x18008dbe0)
- wcscmp (Address: 0x18008dc40)
- wcscpy_s (Address: 0x18008db00)
- wcsrchr (Address: 0x18008dc00)
- wcsstr (Address: 0x18008dbf0)
ntdll.dll
- AlpcGetMessageAttribute (Address: 0x18008dd80)
- AlpcInitializeMessageAttribute (Address: 0x18008dd88)
- DbgPrint (Address: 0x18008dd70)
- EtwEventActivityIdControl (Address: 0x18008de70)
- EtwEventRegister (Address: 0x18008ded8)
- EtwEventUnregister (Address: 0x18008def0)
- EtwEventWriteFull (Address: 0x18008de78)
- EtwEventWriteTransfer (Address: 0x18008def8)
- NtAllocateVirtualMemory (Address: 0x18008dde8)
- NtAlpcAcceptConnectPort (Address: 0x18008ddb8)
- NtAlpcCreatePort (Address: 0x18008dd78)
- NtAlpcDisconnectPort (Address: 0x18008dda0)
- NtAlpcQueryInformation (Address: 0x18008ddb0)
- NtAlpcSendWaitReceivePort (Address: 0x18008ddc0)
- NtClose (Address: 0x18008ddf8)
- NtCreateDirectoryObject (Address: 0x18008dd08)
- NtCreateEvent (Address: 0x18008de00)
- NtDelayExecution (Address: 0x18008de98)
- NtDuplicateObject (Address: 0x18008dca8)
- NtDuplicateToken (Address: 0x18008dd10)
- NtFreeVirtualMemory (Address: 0x18008dde0)
- NtGetNextProcess (Address: 0x18008dc68)
- NtNotifyChangeSession (Address: 0x18008de60)
- NtOpenEvent (Address: 0x18008de48)
- NtOpenKey (Address: 0x18008ddd8)
- NtOpenSession (Address: 0x18008de50)
- NtOpenSymbolicLinkObject (Address: 0x18008dd00)
- NtQueryDirectoryObject (Address: 0x18008dcd8)
- NtQueryInformationProcess (Address: 0x18008dd30)
- NtQueryInformationToken (Address: 0x18008dd58)
- NtQuerySecurityObject (Address: 0x18008dcc8)
- NtQuerySystemInformation (Address: 0x18008dcf8)
- NtQuerySystemTime (Address: 0x18008de18)
- NtQueryValueKey (Address: 0x18008ddd0)
- NtSetSecurityObject (Address: 0x18008dce0)
- NtSetSystemInformation (Address: 0x18008ddf0)
- NtTerminateProcess (Address: 0x18008dc50)
- NtWaitForSingleObject (Address: 0x18008dc58)
- RtlAcquireResourceExclusive (Address: 0x18008dcb0)
- RtlAcquireResourceShared (Address: 0x18008dcc0)
- RtlAddAccessAllowedAce (Address: 0x18008deb8)
- RtlAdjustPrivilege (Address: 0x18008dd50)
- RtlAllocateAndInitializeSid (Address: 0x18008ded0)
- RtlCaptureContext (Address: 0x18008dd48)
- RtlCaptureStackBackTrace (Address: 0x18008dcf0)
- RtlCompareUnicodeString (Address: 0x18008dd18)
- RtlConnectToSm (Address: 0x18008dd28)
- RtlConvertExclusiveToShared (Address: 0x18008de10)
- RtlConvertSharedToExclusive (Address: 0x18008de08)
- RtlCopySecurityDescriptor (Address: 0x18008dc98)
- RtlCreateAcl (Address: 0x18008dec0)
- RtlCreateSecurityDescriptor (Address: 0x18008deb0)
- RtlCreateUserSecurityObject (Address: 0x18008dca0)
- RtlDeleteAce (Address: 0x18008dc80)
- RtlDeleteElementGenericTable (Address: 0x18008de40)
- RtlDeleteResource (Address: 0x18008df08)
- RtlDeleteSecurityObject (Address: 0x18008dc70)
- RtlEnterCriticalSection (Address: 0x18008dd68)
- RtlEnumerateGenericTable (Address: 0x18008de38)
- RtlEqualSid (Address: 0x18008de68)
- RtlFreeSid (Address: 0x18008dea0)
- RtlGetAce (Address: 0x18008dc90)
- RtlGetDaclSecurityDescriptor (Address: 0x18008dc78)
- RtlGetPersistedStateLocation (Address: 0x18008dee0)
- RtlInitializeGenericTable (Address: 0x18008de30)
- RtlInitializeResource (Address: 0x18008df00)
- RtlInitUnicodeString (Address: 0x18008de58)
- RtlInitUnicodeStringEx (Address: 0x18008dc60)
- RtlInsertElementGenericTable (Address: 0x18008de20)
- RtlLeaveCriticalSection (Address: 0x18008dd60)
- RtlLengthSid (Address: 0x18008dec8)
- RtlLookupElementGenericTable (Address: 0x18008de28)
- RtlLookupFunctionEntry (Address: 0x18008dd40)
- RtlNtStatusToDosError (Address: 0x18008de80)
- RtlNumberGenericTableElements (Address: 0x18008ddc8)
- RtlQueryInformationAcl (Address: 0x18008dc88)
- RtlReleaseResource (Address: 0x18008dcb8)
- RtlSendMsgToSm (Address: 0x18008dd20)
- RtlSetDaclSecurityDescriptor (Address: 0x18008dea8)
- RtlSubscribeWnfStateChangeNotification (Address: 0x18008de90)
- RtlUnhandledExceptionFilter (Address: 0x18008dee8)
- RtlUnsubscribeWnfNotificationWaitForCompletion (Address: 0x18008de88)
- RtlVerifyVersionInfo (Address: 0x18008dce8)
- RtlVirtualUnwind (Address: 0x18008dd38)
- TpAllocAlpcCompletion (Address: 0x18008dda8)
- TpReleaseAlpcCompletion (Address: 0x18008dd90)
- TpWaitForAlpcCompletion (Address: 0x18008dd98)
- VerSetConditionMask (Address: 0x18008dcd0)
RPCRT4.dll
- I_RpcBindingInqLocalClientPID (Address: 0x18008d460)
- I_RpcBindingIsClientLocal (Address: 0x18008d4a8)
- I_RpcMapWin32Status (Address: 0x18008d480)
- Ndr64AsyncServerCallAll (Address: 0x18008d428)
- NdrAsyncServerCall (Address: 0x18008d430)
- NdrClientCall3 (Address: 0x18008d420)
- NdrServerCall2 (Address: 0x18008d438)
- NdrServerCallAll (Address: 0x18008d440)
- RpcAsyncCompleteCall (Address: 0x18008d488)
- RpcBindingFree (Address: 0x18008d478)
- RpcBindingFromStringBindingW (Address: 0x18008d468)
- RpcBindingServerFromClient (Address: 0x18008d450)
- RpcBindingToStringBindingW (Address: 0x18008d3f0)
- RpcExceptionFilter (Address: 0x18008d4d8)
- RpcImpersonateClient (Address: 0x18008d408)
- RpcRaiseException (Address: 0x18008d458)
- RpcRevertToSelf (Address: 0x18008d410)
- RpcServerInqCallAttributesW (Address: 0x18008d400)
- RpcServerInqDefaultPrincNameW (Address: 0x18008d4c0)
- RpcServerRegisterAuthInfoW (Address: 0x18008d4b8)
- RpcServerRegisterIf3 (Address: 0x18008d4c8)
- RpcServerRegisterIfEx (Address: 0x18008d3e0)
- RpcServerSubscribeForNotification (Address: 0x18008d4d0)
- RpcServerTestCancel (Address: 0x18008d4b0)
- RpcServerUnregisterIfEx (Address: 0x18008d3e8)
- RpcServerUnsubscribeForNotification (Address: 0x18008d490)
- RpcServerUseProtseqEpW (Address: 0x18008d448)
- RpcStringBindingComposeW (Address: 0x18008d470)
- RpcStringBindingParseW (Address: 0x18008d3f8)
- RpcStringFreeW (Address: 0x18008d418)
- UuidCreate (Address: 0x18008d4a0)
- UuidToStringW (Address: 0x18008d498)
USER32.dll
- LoadStringW (Address: 0x18008d4f8)
- RegisterDeviceNotificationW (Address: 0x18008d4e8)
- UnregisterDeviceNotification (Address: 0x18008d4f0)