svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 6.0.6000.16386 (vista_rtm.061101-2205) |
| MD5: | 3794b461c45882e06856f282eef025af |
| SHA1: | bf15549a7ec01ac505ccac036aba5b9bae688135 |
| SHA256: | d4f79d7bc639fe86ac68961e6273836b9d7af491773fd054395b33d317017beb |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is designed to run on Windows Vista and is compiled as a 32 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 6.0.6000.16386 (vista_rtm.061101-2205) |
| Product version: | 6.0.6000.16386 |
| Size: | 21 KB (21,504 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] 157.56.77.158:443
[UDP] listens on port 55956
[UDP] listens on port 4500
[UDP] listens on port 5355
[UDP] listens on port 1900
[UDP] listens on port 61557
[UDP] listens on port 58451
[UDP] listens on port 49402
[UDP] listens on port 123
[UDP] listens on port 61892
[UDP] listens on port 58504
[UDP] listens on port 520
[UDP] listens on port 59722
[UDP] listens on port 57847
[UDP] listens on port 50182
[UDP] listens on port 53650
[UDP] listens on port 427
[UDP] listens on port 57032
[UDP] listens on port 62303
[UDP] listens on port 63860
[UDP] listens on port 51872
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00145009% | |
| Kernel CPU: | 0.00072229% | |
| User CPU: | 0.00072780% | |
| Kernel CPU time: | 94,126,486 ms/min | |
| CPU cycles: | 1,731,437/sec | |
| Context switches: | 186/sec | |
| Memory |
| Private memory: | 17.95 MB | |
| Private (maximum): | 40.98 MB | |
| Private (minimum): | 9.87 MB | |
| Non-paged memory: | 17.95 MB | |
| Virtual memory: | 86.49 MB | |
| Virtual memory (peak): | 133.42 MB | |
| Working set: | 15.53 MB | |
| Working set (peak): | 66.6 MB | |
| Page faults: | 237,505/min | |
| I/O |
| I/O read transfer: | 265.94 KB/sec | |
| I/O read operations: | 28/sec | |
| I/O write transfer: | 14.79 KB/sec | |
| I/O write operations: | 14/sec | |
| I/O other transfer: | 14.99 KB/sec | |
| I/O other operations: | 381/sec | |
| Resource allocations |
| Threads: | 16 | |
| Handles: | 389 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost.exe -k localsystemnetworkrestricted
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost.exe -k localservicenonetwork
- C:\Windows\System32\svchost.exe -k rpcss
- C:\Windows\System32\svchost.exe -k localserviceandnoimpersonation
- C:\Windows\System32\svchost.exe -k gpsvcgroup
- (24 more)
|
| Owner: | LOCAL SERVICE |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| qmgr.dll (Background Intelligent Transfer Service by Microsoft) |
| Total CPU: | 1.18063033% | |
| Kernel CPU: | 0.88636681% | |
| User CPU: | 0.29426352% | |
| CPU cycles: | 23,296,898/sec | |
| Context switches: | 1/sec | |
| Memory: | 1.75 MB | |
| wuaueng.dll (Windows Update Agent by Microsoft) |
| Total CPU: | 0.74438902% | |
| Kernel CPU: | 0.39234087% | |
| User CPU: | 0.35204814% | |
| CPU cycles: | 15,642,164/sec | |
| Context switches: | 10/sec | |
| Memory: | 1.85 MB | |
| sysmain.dll (Superfetch Service Host by Microsoft) |
| Total CPU: | 0.57596257% | |
| Kernel CPU: | 0.55564781% | |
| User CPU: | 0.02031475% | |
| CPU cycles: | 12,929,539/sec | |
| Context switches: | 3/sec | |
| Memory: | 552 KB | |
| ntdll.dll |
| Total CPU: | 0.57217246% | |
| Kernel CPU: | 0.50074394% | |
| User CPU: | 0.07142852% | |
| CPU cycles: | 12,294,473/sec | |
| Memory: | 1.16 MB | |
| RPCRT4.dll |
| Total CPU: | 0.33011290% | |
| Kernel CPU: | 0.21080681% | |
| User CPU: | 0.11930610% | |
| CPU cycles: | 6,597,520/sec | |
| Context switches: | 3/sec | |
| Memory: | 776 KB | |
| WININET.dll |
| Total CPU: | 0.26278103% | |
| Kernel CPU: | 0.17780698% | |
| User CPU: | 0.08497405% | |
| CPU cycles: | 10,104,841/sec | |
| Memory: | 1.11 MB | |
| msvcrt.dll (Windows NT CRT DLL by Microsoft) |
| Total CPU: | 0.23276356% | |
| Kernel CPU: | 0.03083869% | |
| User CPU: | 0.20192486% | |
| CPU cycles: | 5,979,017/sec | |
| Memory: | 680 KB | |
| mshtml.dll (Windows Internet Explorer by Microsoft) |
| Total CPU: | 0.14408726% | |
| Kernel CPU: | 0.06594311% | |
| User CPU: | 0.07814415% | |
| CPU cycles: | 2,788,928/sec | |
| Memory: | 11.77 MB | |
| emdmgmt.dll (ReadyBoost Service by Microsoft) |
| Total CPU: | 0.12728193% | |
| Kernel CPU: | 0.04528090% | |
| User CPU: | 0.08200102% | |
| CPU cycles: | 2,443,578/sec | |
| Context switches: | 1/sec | |
| Memory: | 568 KB | |
| wbemcore.dll |
| Total CPU: | 0.12683653% | |
| Kernel CPU: | 0.04127881% | |
| User CPU: | 0.08555772% | |
| CPU cycles: | 2,047,249/sec | |
| Context switches: | 2/sec | |
| Memory: | 740 KB | |
| ESENT.dll |
| Total CPU: | 0.12350827% | |
| Kernel CPU: | 0.10725675% | |
| User CPU: | 0.01625152% | |
| CPU cycles: | 3,005,993/sec | |
| Memory: | 1.41 MB | |
| smss.exe (Windows Session Manager by Microsoft) |
| Total CPU: | 0.04595192% | |
| Kernel CPU: | 0.02402415% | |
| User CPU: | 0.02192776% | |
| CPU cycles: | 25,681,966/sec | |
| Memory: | 36 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
