svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| MD5: | 0a175af8b65797bd22c11903a8bfeb2d |
| SHA1: | 075d04db237e1fcb7d45d780268371fa80c512a2 |
| SHA256: | fed63df0389061c5eb6d8cf9c203bbe95fa2165d4f112464f33935370105adda |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows 8 and is compiled as a 32 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| Product version: | 6.2.9200.16384 |
| Size: | 22.5 KB (23,040 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] ABTS-mum-Static-075.123.169.122.airtelbroadband.in (122.169.123.75:80)
[TCP] 80-239-205-205.customer.teliacarrier.com (80.239.205.205:80)
[TCP] vh013.pbt.microsoft.com (65.55.11.247:80)
[UDP] listens on port 1900
[UDP] listens on port 5355
[UDP] listens on port 65375
[UDP] listens on port 123
[UDP] listens on port 54511
[UDP] listens on port 68
[UDP] listens on port 4500
[UDP] listens on port 55176
[UDP] listens on port 63356
[UDP] listens on port 63354
[UDP] listens on port 58510
[UDP] listens on port 55270
[UDP] listens on port 49985
[UDP] listens on port 59685
[UDP] listens on port 59207
[UDP] listens on port 55038
[UDP] listens on port 59485
[UDP] listens on port 60687
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00309705% | |
| Kernel CPU: | 0.00135797% | |
| User CPU: | 0.00173908% | |
| Kernel CPU time: | 428,980,639 ms/min | |
| CPU cycles: | 2,402,954/sec | |
| Context switches: | 34/sec | |
| Memory |
| Private memory: | 11 MB | |
| Private (maximum): | 21.54 MB | |
| Private (minimum): | 10.14 MB | |
| Non-paged memory: | 11 MB | |
| Virtual memory: | 85.72 MB | |
| Virtual memory (peak): | 123.18 MB | |
| Working set: | 13.12 MB | |
| Working set (peak): | 41.01 MB | |
| Page faults: | 322,196/min | |
| I/O |
| I/O read transfer: | 181.39 KB/sec | |
| I/O read operations: | 68/sec | |
| I/O write transfer: | 790.33 KB/sec | |
| I/O write operations: | 20/sec | |
| I/O other transfer: | 84.83 KB/sec | |
| I/O other operations: | 764/sec | |
| Resource allocations |
| Threads: | 18 | |
| Handles: | 626 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k localservicenonetwork
- C:\Windows\System32\svchost.exe -k dcomlaunch
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost.exe -k localsystemnetworkrestricted
- C:\Windows\System32\svchost.exe -k rpcss
- C:\Windows\System32\svchost.exe -k localservicenetworkrestricted
- C:\Windows\System32\svchost.exe -k localserviceandnoimpersonation
- (16 more)
|
| Owner: | LOCAL SERVICE |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| wuaueng.dll (Windows Update Agent by Microsoft) |
| Total CPU: | 1.07167085% | |
| Kernel CPU: | 0.53303273% | |
| User CPU: | 0.53863811% | |
| CPU cycles: | 19,432,652/sec | |
| Context switches: | 18/sec | |
| Memory: | 2.59 MB | |
| wbemcore.dll |
| Total CPU: | 0.33775730% | |
| Kernel CPU: | 0.13226987% | |
| User CPU: | 0.20548742% | |
| CPU cycles: | 7,553,850/sec | |
| Context switches: | 21/sec | |
| Memory: | 1012 KB | |
| qmgr.dll (Background Intelligent Transfer Service by Microsoft) |
| Total CPU: | 0.15776722% | |
| Kernel CPU: | 0.13066823% | |
| User CPU: | 0.02709899% | |
| CPU cycles: | 2,802,017/sec | |
| Context switches: | 6/sec | |
| Memory: | 632 KB | |
| sysmain.dll (Superfetch Service Host by Microsoft) |
| Total CPU: | 0.05462683% | |
| Kernel CPU: | 0.05462683% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 1,998,288/sec | |
| Context switches: | 71/sec | |
| Memory: | 1.01 MB | |
| ntdll.dll |
| Total CPU: | 0.05134264% | |
| Kernel CPU: | 0.02703400% | |
| User CPU: | 0.02430864% | |
| CPU cycles: | 1,048,008/sec | |
| Context switches: | 7/sec | |
| Memory: | 1.4 MB | |
| sechost.dll |
| Total CPU: | 0.03808101% | |
| Kernel CPU: | 0.00583000% | |
| User CPU: | 0.03225100% | |
| CPU cycles: | 823,180/sec | |
| Context switches: | 2/sec | |
| Memory: | 208 KB | |
| audiosrv.dll (Windows Audio Service by Microsoft) |
| Total CPU: | 0.02550736% | |
| Kernel CPU: | 0.00557548% | |
| User CPU: | 0.01993189% | |
| CPU cycles: | 714,265/sec | |
| Context switches: | 6/sec | |
| Memory: | 608 KB | |
| dhcpcore6.dll |
| Total CPU: | 0.02157424% | |
| Kernel CPU: | 0.02157138% | |
| User CPU: | 0.00000286% | |
| CPU cycles: | 149,315/sec | |
| Context switches: | 3/sec | |
| Memory: | 212 KB | |
| combase.dll |
| Total CPU: | 0.00240675% | |
| Kernel CPU: | 0.00104020% | |
| User CPU: | 0.00136655% | |
| CPU cycles: | 38,540/sec | |
| Memory: | 1.21 MB | |
| ESENT.dll |
| Total CPU: | 0.00230744% | |
| Kernel CPU: | 0.00172219% | |
| User CPU: | 0.00058525% | |
| CPU cycles: | 48,042/sec | |
| Memory: | 2.32 MB | |
| nlasvc.dll (Network Location Awareness 2 by Microsoft) |
| Total CPU: | 0.00173940% | |
| Kernel CPU: | 0.00149395% | |
| User CPU: | 0.00024545% | |
| CPU cycles: | 28,847/sec | |
| Memory: | 292 KB | |
| fntcache.dll (Windows Font Cache Service by Microsoft) |
| Total CPU: | 0.00126625% | |
| Kernel CPU: | 0.00065493% | |
| User CPU: | 0.00061133% | |
| CPU cycles: | 27,910/sec | |
| Memory: | 1008 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
