svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
Version: | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) |
MD5: | 5aba1c6a271424661500829458210602 |
SHA1: | 2b6625b7dce7187d3b1bf272f652d1174bd18cd7 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.
Details
File name: | svchost.exe |
Publisher: | Microsoft Corporation |
Product name: | Host Process for Windows Services |
Description: | Microsoft® Windows® Operating System |
Typical file path: | C:\Windows\System32\svchost.exe |
Original name: | svchost.exe.mui |
File version: | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) |
Product version: | 5.1.2600.2180 |
Size: | 14 KB (14,336 bytes) |
Build date: | 8/4/2004 3:14 PM |
Certificate |
Issued to: | Microsoft Corporation |
Authority (CA): | Microsoft Corporation |
Expiration date: | Friday, June 13, 2014 |
Digital DNA |
Entropy: | 5.878473 |
File packed: | No |
Code language: | Microsoft Visual C++ |
.NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[UDP] listens on port 123
[UDP] listens on port 1900
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.05109090% | |
Kernel CPU: | 0.01832854% | |
User CPU: | 0.03276236% | |
Kernel CPU time: | 701 ms/min | |
Context switches: | 24/sec | |
Memory |
Private memory: | 4.44 MB | |
Private (maximum): | 8.55 MB | |
Private (minimum): | 5.82 MB | |
Non-paged memory: | 4.44 MB | |
Virtual memory: | 54.64 MB | |
Virtual memory (peak): | 63.29 MB | |
Working set: | 7.31 MB | |
Working set (peak): | 11.11 MB | |
Page faults: | 4,321/min | |
I/O |
I/O read transfer: | 621 Bytes/sec | |
I/O read operations: | 1/sec | |
I/O write transfer: | 258 Bytes/sec | |
I/O write operations: | 1/sec | |
I/O other transfer: | 97 Bytes/sec | |
I/O other operations: | 4/sec | |
Resource allocations |
Threads: | 18 | |
Handles: | 324 | |
GUI GDI count: | 6 | |
GUI USER count: | 5 | |
Process properties
Integrety level: | Undefined |
Platform: | 32-bit |
Command lines: |
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost.exe -k httpfilter
- C:\Windows\System32\svchost.exe -k imgsvc
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost -k rpcss
- C:\Windows\System32\svchost -k dcomlaunch
- (7 more)
|
Owner: | SYSTEM |
Parent process: | services.exe (Microsoft Windows Operating System by Microsoft) |
Threads
Averages
wuaueng.dll |
Total CPU: | 0.47701718% | |
Kernel CPU: | 0.18591868% | |
User CPU: | 0.29109850% | |
Context switches: | 4/sec | |
Memory: | 1.63 MB | |
wbemcore.dll |
Total CPU: | 0.30592286% | |
Kernel CPU: | 0.12239908% | |
User CPU: | 0.18352378% | |
Context switches: | 14/sec | |
Memory: | 532 KB | |
schedsvc.dll (Microsoft Windows Operating System by Microsoft) |
Total CPU: | 0.08995400% | |
Kernel CPU: | 0.02066488% | |
User CPU: | 0.06928912% | |
Memory: | 196 KB | |
ntdll.dll |
Total CPU: | 0.02670616% | |
Kernel CPU: | 0.02185049% | |
User CPU: | 0.00485567% | |
Memory: | 636 KB | |
ole32.dll |
Total CPU: | 0.02488305% | |
Kernel CPU: | 0.00746491% | |
User CPU: | 0.01741813% | |
Memory: | 1.24 MB | |
ADVAPI32.dll |
Total CPU: | 0.01136697% | |
Kernel CPU: | 0.00584545% | |
User CPU: | 0.00552152% | |
Memory: | 676 KB | |
svchost.exe (main module) |
Total CPU: | 0.00849537% | |
Kernel CPU: | 0.00485253% | |
User CPU: | 0.00364284% | |
Memory: | 24 KB | |
SSDPAPI.dll |
Total CPU: | 0.00506634% | |
Kernel CPU: | 0.00253317% | |
User CPU: | 0.00253317% | |
Memory: | 48 KB | |
WINHTTP.dll |
Total CPU: | 0.00255258% | |
Kernel CPU: | 0.00000000% | |
User CPU: | 0.00255258% | |
Memory: | 356 KB | |
rastapi.dll |
Total CPU: | 0.00251300% | |
Kernel CPU: | 0.00251300% | |
User CPU: | 0.00000000% | |
Memory: | 68 KB | |
shsvcs.dll (Microsoft Windows Operating System by Microsoft) |
Total CPU: | 0.00251168% | |
Kernel CPU: | 0.00251168% | |
User CPU: | 0.00000000% | |
Memory: | 140 KB | |
ncprov.dll |
Total CPU: | 0.00248521% | |
Kernel CPU: | 0.00000000% | |
User CPU: | 0.00248521% | |
Memory: | 56 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.