svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| MD5: | 57350bede3834915b6145b67c71c7bda |
| SHA1: | 76111d4f5d751dcc31fbe5066c46378d57ab70ff |
| SHA256: | 1d35014d937e02ee090a0cfc903ee6e6b1b65c832694519f2b4dc4c74d3eb0fd |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows 8 and is compiled as a 64 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| Product version: | 6.2.9200.16384 |
| Size: | 29.5 KB (30,208 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] a184-26-162-40.deploy.akamaitechnologies.com (184.26.162.40:80)
[UDP] listens on port 1900
[UDP] listens on port 5355
[UDP] listens on port 64379
[UDP] listens on port 68
[UDP] listens on port 63832
[UDP] listens on port 58401
[UDP] listens on port 64374
[UDP] listens on port 62807
[UDP] listens on port 56217
[UDP] listens on port 4500
[UDP] listens on port 52869
[UDP] listens on port 65076
[UDP] listens on port 51413
[UDP] listens on port 54779
[UDP] listens on port 60193
[UDP] listens on port 56898
[UDP] listens on port 60389
[UDP] listens on port 62572
[UDP] listens on port 60379
[UDP] listens on port 63885
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00226282% | |
| Kernel CPU: | 0.00100213% | |
| User CPU: | 0.00126069% | |
| Kernel CPU time: | 65,963,153 ms/min | |
| CPU cycles: | 2,076,337/sec | |
| Context switches: | 54/sec | |
| Memory |
| Private memory: | 22.68 MB | |
| Private (maximum): | 41.65 MB | |
| Private (minimum): | 16.33 MB | |
| Non-paged memory: | 22.68 MB | |
| Virtual memory: | 283.15 MB | |
| Virtual memory (peak): | 422.31 MB | |
| Working set: | 20.2 MB | |
| Working set (peak): | 65.71 MB | |
| Page faults: | 777,876/min | |
| I/O |
| I/O read transfer: | 94.88 KB/sec | |
| I/O read operations: | 34/sec | |
| I/O write transfer: | 66.87 KB/sec | |
| I/O write operations: | 9/sec | |
| I/O other transfer: | 30.57 KB/sec | |
| I/O other operations: | 371/sec | |
| Resource allocations |
| Threads: | 19 | |
| Handles: | 666 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost.exe -k localservicenonetwork
- C:\Windows\System32\svchost.exe -k localserviceandnoimpersonation
- C:\Windows\System32\svchost.exe -k localsystemnetworkrestricted
- C:\Windows\System32\svchost.exe -k localservicenetworkrestricted
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost.exe -k localservice
- (17 more)
|
| Owner: | LOCAL SERVICE |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| sysmain.dll (Superfetch Service Host by Microsoft) |
| Total CPU: | 0.83828294% | |
| Kernel CPU: | 0.81583825% | |
| User CPU: | 0.02244469% | |
| CPU cycles: | 22,176,754/sec | |
| Memory: | 1.28 MB | |
| wuaueng.dll |
| Total CPU: | 0.74159026% | |
| Kernel CPU: | 0.41906333% | |
| User CPU: | 0.32252693% | |
| CPU cycles: | 13,624,665/sec | |
| Context switches: | 39/sec | |
| Memory: | 3.19 MB | |
| wbemcore.dll |
| Total CPU: | 0.35391433% | |
| Kernel CPU: | 0.05645448% | |
| User CPU: | 0.29745985% | |
| CPU cycles: | 7,079,552/sec | |
| Context switches: | 26/sec | |
| Memory: | 1.3 MB | |
| sechost.dll |
| Total CPU: | 0.07308128% | |
| Kernel CPU: | 0.02025937% | |
| User CPU: | 0.05282191% | |
| CPU cycles: | 1,436,248/sec | |
| Context switches: | 1/sec | |
| Memory: | 288 KB | |
| perftrack.dll |
| Total CPU: | 0.07296724% | |
| Kernel CPU: | 0.07246788% | |
| User CPU: | 0.00049936% | |
| CPU cycles: | 3,657,090/sec | |
| Context switches: | 1/sec | |
| Memory: | 1.02 MB | |
| ntdll.dll |
| Total CPU: | 0.04651318% | |
| Kernel CPU: | 0.02911057% | |
| User CPU: | 0.01740261% | |
| CPU cycles: | 938,509/sec | |
| Context switches: | 6/sec | |
| Memory: | 1.74 MB | |
| nlasvc.dll (Network Location Awareness 2 by Microsoft) |
| Total CPU: | 0.00678752% | |
| Kernel CPU: | 0.00625157% | |
| User CPU: | 0.00053595% | |
| CPU cycles: | 155,994/sec | |
| Context switches: | 1/sec | |
| Memory: | 364 KB | |
| combase.dll |
| Total CPU: | 0.00411305% | |
| Kernel CPU: | 0.00167156% | |
| User CPU: | 0.00244149% | |
| CPU cycles: | 91,033/sec | |
| Memory: | 1.69 MB | |
| ssdpapi.dll |
| Total CPU: | 0.00336009% | |
| Kernel CPU: | 0.00169772% | |
| User CPU: | 0.00166237% | |
| CPU cycles: | 59,106/sec | |
| Memory: | 72 KB | |
| ESENT.dll |
| Total CPU: | 0.00334878% | |
| Kernel CPU: | 0.00328005% | |
| User CPU: | 0.00006873% | |
| CPU cycles: | 79,107/sec | |
| Context switches: | 1/sec | |
| Memory: | 2.75 MB | |
| SensorsApi.dll |
| Total CPU: | 0.00263103% | |
| Kernel CPU: | 0.00131335% | |
| User CPU: | 0.00131768% | |
| CPU cycles: | 17,544/sec | |
| Memory: | 216 KB | |
| mpssvc.dll (Microsoft Protection Service by Microsoft) |
| Total CPU: | 0.00251340% | |
| Kernel CPU: | 0.00139914% | |
| User CPU: | 0.00111426% | |
| CPU cycles: | 85,102/sec | |
| Memory: | 900 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
