svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 5.1.2600.5512 (xpsp.080413-2111) |
| MD5: | 27c6d03bcdb8cfeb96b716f3d8be3e18 |
| SHA1: | 49083ae3725a0488e0a8fbbe1335c745f70c4667 |
| SHA256: | 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 5.1.2600.5512 (xpsp.080413-2111) |
| Product version: | 5.1.2600.5512 |
| Size: | 14 KB (14,336 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[UDP] listens on port 1900
[UDP] listens on port 123
[UDP] listens on port 8590
[UDP] listens on port 1027
[UDP] listens on port 3062
[UDP] listens on port 2466
[UDP] listens on port 427
[UDP] listens on port 1158
[UDP] listens on port 4801
[UDP] listens on port 3261
[UDP] listens on port 1515
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00540216% | |
| Kernel CPU: | 0.00225998% | |
| User CPU: | 0.00314218% | |
| Kernel CPU time: | 846,685 ms/min | |
| Context switches: | 42/sec | |
| Memory |
| Private memory: | 6.54 MB | |
| Private (maximum): | 10.97 MB | |
| Private (minimum): | 4.97 MB | |
| Non-paged memory: | 6.54 MB | |
| Virtual memory: | 61.44 MB | |
| Virtual memory (peak): | 73.13 MB | |
| Working set: | 6.92 MB | |
| Working set (peak): | 15.3 MB | |
| Page faults: | 186,048/min | |
| I/O |
| I/O read transfer: | 18.85 KB/sec | |
| I/O read operations: | 6/sec | |
| I/O write transfer: | 15.15 KB/sec | |
| I/O write operations: | 6/sec | |
| I/O other transfer: | 11.5 KB/sec | |
| I/O other operations: | 104/sec | |
| Resource allocations |
| Threads: | 19 | |
| Handles: | 411 | |
| GUI GDI count: | 5 | |
| GUI USER count: | 6 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost -k rpcss
- C:\Windows\System32\svchost -k dcomlaunch
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost.exe -k imgsvc
- C:\Windows\System32\svchost.exe -k httpfilter
- (23 more)
|
| Owner: | SYSTEM |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| wuaueng.dll (Windows Update Agent by Microsoft) |
| Total CPU: | 8.86952066% | |
| Kernel CPU: | 3.14460426% | |
| User CPU: | 5.72491640% | |
| Context switches: | 39/sec | |
| Memory: | 1.85 MB | |
| wiaservc.dll (Still Image Devices Service by Microsoft) |
| Total CPU: | 0.79112303% | |
| Kernel CPU: | 0.48938876% | |
| User CPU: | 0.30173426% | |
| Context switches: | 9/sec | |
| Memory: | 340 KB | |
| qmgr.dll (Background Intelligent Transfer Service by Microsoft) |
| Total CPU: | 0.32464530% | |
| Kernel CPU: | 0.14038048% | |
| User CPU: | 0.18426482% | |
| Context switches: | 58/sec | |
| Memory: | 428 KB | |
| wbemcore.dll |
| Total CPU: | 0.20053943% | |
| Kernel CPU: | 0.03804713% | |
| User CPU: | 0.16249230% | |
| Context switches: | 17/sec | |
| Memory: | 532 KB | |
| ipxrip.dll |
| Total CPU: | 0.14904810% | |
| Kernel CPU: | 0.00043584% | |
| User CPU: | 0.14861226% | |
| Context switches: | 3/sec | |
| Memory: | 36 KB | |
| RPCRT4.dll |
| Total CPU: | 0.10654474% | |
| Kernel CPU: | 0.02386758% | |
| User CPU: | 0.08267716% | |
| Context switches: | 15/sec | |
| Memory: | 588 KB | |
| wbemcomn.dll |
| Total CPU: | 0.07063088% | |
| Kernel CPU: | 0.02493776% | |
| User CPU: | 0.04569312% | |
| Context switches: | 3/sec | |
| Memory: | 220 KB | |
| npggNT.des |
| Total CPU: | 0.03039296% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.03039296% | |
| Memory: | 284 KB | |
| es.dll (COM Services by Microsoft) |
| Total CPU: | 0.02972652% | |
| Kernel CPU: | 0.02972652% | |
| User CPU: | 0.00000000% | |
| Context switches: | 5/sec | |
| Memory: | 272 KB | |
| ole32.dll |
| Total CPU: | 0.02053535% | |
| Kernel CPU: | 0.00297237% | |
| User CPU: | 0.01756298% | |
| Context switches: | 1/sec | |
| Memory: | 1.24 MB | |
| schedsvc.dll |
| Total CPU: | 0.01804537% | |
| Kernel CPU: | 0.00732977% | |
| User CPU: | 0.01071559% | |
| Memory: | 204 KB | |
| ntdll.dll |
| Total CPU: | 0.01796910% | |
| Kernel CPU: | 0.00369502% | |
| User CPU: | 0.01427409% | |
| Context switches: | 1/sec | |
| Memory: | 712 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
