spoolsv.exe
Spooler SubSystem App by Microsoft
| Version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| MD5: | 3f215bf2d4d8d6756298b25b579772c2 |
| SHA1: | b6a1178d62a88092d269290f08839fbcd32c05db |
| SHA256: | 744192d1635e5d296bfd399e870b70592202ceaf95c31c2d2b226a868d33a3fd |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Overview
spoolsv.exe runs as a service under the name Spouleur d'impression (Spooler) with extensive SYSTEM privileges (full administrator access). This version is installed on Windows 8 and is compiled as a 64 bit program.
Details
| File name: | spoolsv.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Spooler SubSystem App |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\spoolsv.exe |
| Original name: | spoolsv.exe.mui |
| File version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| Product version: | 6.2.9200.16384 |
| Size: | 751 KB (769,024 bytes) |
| Digital DNA |
| Entropy: | 6.401537 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Network connections
[UDP] listens on port 54353
[UDP] listens on port 50104
[UDP] listens on port 52043
[UDP] listens on port 49172
[UDP] listens on port 50276
[UDP] listens on port 63789
[UDP] listens on port 53139
[UDP] listens on port 54444
[UDP] listens on port 57963
[UDP] listens on port 51921
[UDP] listens on port 57044
[UDP] listens on port 53249
[UDP] listens on port 63766
[UDP] listens on port 49365
[UDP] listens on port 61965
[UDP] listens on port 53802
[UDP] listens on port 61663
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00097702% | |
| Kernel CPU: | 0.00060561% | |
| User CPU: | 0.00037141% | |
| Kernel CPU time: | 1,024,280 ms/min | |
| CPU cycles: | 222,918/sec | |
| Context switches: | 12/sec | |
| Memory |
| Private memory: | 5.09 MB | |
| Private (maximum): | 12.98 MB | |
| Private (minimum): | 8.16 MB | |
| Non-paged memory: | 5.09 MB | |
| Virtual memory: | 66.1 MB | |
| Virtual memory (peak): | 73.31 MB | |
| Working set: | 9.65 MB | |
| Working set (peak): | 17.61 MB | |
| Page faults: | 62,836/min | |
| I/O |
| I/O read transfer: | 6.26 KB/sec | |
| I/O read operations: | 10/sec | |
| I/O write transfer: | 5.48 KB/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 1.42 KB/sec | |
| I/O other operations: | 46/sec | |
| Resource allocations |
| Threads: | 15 | |
| Handles: | 400 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command line: | C:\Windows\System32\spoolsv.exe |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | Spooler |
| Display name: | Spouleur d'impression |
| Description: | “Charge les fichiers en mémoire pour une impression ultérieure” |
| Type: | Win32OwnProcess, InteractiveProcess |
| Parent process: | services.exe (by Microsoft) |
Threads
Averages
| ntdll.dll |
| Total CPU: | 0.02746909% | |
| Kernel CPU: | 0.01503211% | |
| User CPU: | 0.01243698% | |
| CPU cycles: | 616,944/sec | |
| Context switches: | 2/sec | |
| Memory: | 1.75 MB | |
| localspl.dll |
| Total CPU: | 0.00109445% | |
| Kernel CPU: | 0.00064989% | |
| User CPU: | 0.00044456% | |
| CPU cycles: | 32,664/sec | |
| Memory: | 1024 KB | |
| spoolsv.exe (main module) |
| Total CPU: | 0.00053799% | |
| Kernel CPU: | 0.00042995% | |
| User CPU: | 0.00010804% | |
| CPU cycles: | 10,950/sec | |
| Memory: | 764 KB | |
| sechost.dll |
| Total CPU: | 0.00027853% | |
| Kernel CPU: | 0.00024732% | |
| User CPU: | 0.00003120% | |
| CPU cycles: | 2,591/sec | |
| Memory: | 288 KB | |
| fdPnp.dll |
| Total CPU: | 0.00019262% | |
| Kernel CPU: | 0.00011178% | |
| User CPU: | 0.00008084% | |
| CPU cycles: | 5,144/sec | |
| Memory: | 68 KB | |
| msvcrt.dll (Windows NT CRT DLL by Microsoft) |
| Total CPU: | 0.00016556% | |
| Kernel CPU: | 0.00011288% | |
| User CPU: | 0.00005267% | |
| CPU cycles: | 23,472/sec | |
| Memory: | 660 KB | |
| FunDisc.dll |
| Total CPU: | 0.00009015% | |
| Kernel CPU: | 0.00006365% | |
| User CPU: | 0.00002651% | |
| CPU cycles: | 2,328/sec | |
| Memory: | 152 KB | |
| npggNT64.des |
| Total CPU: | 0.00007225% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.00007225% | |
| CPU cycles: | 44,368/sec | |
| Memory: | 296 KB | |
| tcpmon.dll |
| Total CPU: | 0.00004424% | |
| Kernel CPU: | 0.00003017% | |
| User CPU: | 0.00001407% | |
| CPU cycles: | 2,142/sec | |
| Memory: | 208 KB | |
| hpbprtmon.dll |
| Total CPU: | 0.00003180% | |
| Kernel CPU: | 0.00000622% | |
| User CPU: | 0.00002557% | |
| CPU cycles: | 328/sec | |
| Memory: | 408 KB | |
| PrintIsolationProxy.dll |
| Total CPU: | 0.00002196% | |
| Kernel CPU: | 0.00002133% | |
| User CPU: | 0.00000063% | |
| CPU cycles: | 24/sec | |
| Memory: | 72 KB | |
| mswsock.dll |
| Total CPU: | 0.00000452% | |
| Kernel CPU: | 0.00000226% | |
| User CPU: | 0.00000226% | |
| CPU cycles: | 2,027/sec | |
| Memory: | 368 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
59.50% |
|
| Windows 7 Ultimate |
25.00% |
|
| Windows 7 Professional |
12.00% |
|
| Windows 7 Home Basic |
3.00% |
|
| Windows Vista Home Premium |
0.50% |
|
Distribution by country
United States installs about 50.51% of Spooler SubSystem App.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
24.59% |
|
| Hewlett-Packard |
21.31% |
|
| ASUS |
14.75% |
|
| Acer |
13.93% |
|
| Toshiba |
13.11% |
|
| Sony |
4.92% |
|
| GIGABYTE |
2.46% |
|
| Alienware |
1.64% |
|
| Samsung |
1.64% |
|
| Lenovo |
1.64% |
|
