svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
Version: | 5.1.2600.5512 (xpsp.080413-2111) |
MD5: | 6b1139ca38db1678487678c44874b80f |
SHA1: | f643afafa067cca765970ef4b412212025b6b3eb |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.
Details
File name: | svchost.exe |
Publisher: | Microsoft Corporation |
Product name: | Host Process for Windows Services |
Description: | Microsoft® Windows® Operating System |
Typical file path: | C:\Windows\System32\svchost.exe |
Original name: | svchost.exe.mui |
File version: | 5.1.2600.5512 (xpsp.080413-2111) |
Product version: | 5.1.2600.5512 |
Size: | 14 KB (14,336 bytes) |
Certificate |
Issued to: | Microsoft Corporation |
Authority (CA): | Microsoft Corporation |
Expiration date: | Friday, June 13, 2014 |
Digital DNA |
Entropy: | 5.878473 |
File packed: | No |
Code language: | Microsoft Visual C++ |
.NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[UDP] listens on port 1900
[UDP] listens on port 123
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00651687% | |
Kernel CPU: | 0.00285742% | |
User CPU: | 0.00365946% | |
Kernel CPU time: | 3,815 ms/min | |
Memory |
Private memory: | 5.76 MB | |
Private (maximum): | 8.99 MB | |
Private (minimum): | 8.83 MB | |
Non-paged memory: | 5.76 MB | |
Virtual memory: | 71.01 MB | |
Virtual memory (peak): | 82.23 MB | |
Working set: | 8.92 MB | |
Working set (peak): | 27.32 MB | |
Resource allocations |
Threads: | 20 | |
Handles: | 374 | |
GUI GDI count: | 5 | |
GUI USER count: | 6 | |
Process properties
Integrety level: | Undefined |
Platform: | 32-bit |
Command lines: |
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost.exe -k wudfservicegroup
- C:\Windows\System32\svchost -k rpcss
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost -k dcomlaunch
|
Owner: | SYSTEM |
Parent process: | services.exe (by Microsoft) |
Threads
Averages
wbemcore.dll |
Total CPU: | 0.11074196% | |
Kernel CPU: | 0.11074196% | |
User CPU: | 0.00000000% | |
Memory: | 532 KB | |
schedsvc.dll (Task Scheduler Engine by Microsoft) |
Total CPU: | 0.02771928% | |
Kernel CPU: | 0.01011378% | |
User CPU: | 0.01760550% | |
Memory: | 204 KB | |
ntdll.dll |
Total CPU: | 0.01108726% | |
Kernel CPU: | 0.00827298% | |
User CPU: | 0.00281428% | |
Memory: | 692 KB | |
ADVAPI32.dll |
Total CPU: | 0.00534050% | |
Kernel CPU: | 0.00262447% | |
User CPU: | 0.00271603% | |
Memory: | 684 KB | |
RPCRT4.dll |
Total CPU: | 0.00309726% | |
Kernel CPU: | 0.00140784% | |
User CPU: | 0.00168941% | |
Memory: | 588 KB | |
ole32.dll |
Total CPU: | 0.00226130% | |
Kernel CPU: | 0.00141331% | |
User CPU: | 0.00084799% | |
Memory: | 1.24 MB | |
AUTHZ.dll |
Total CPU: | 0.00084660% | |
Kernel CPU: | 0.00028220% | |
User CPU: | 0.00056440% | |
Memory: | 72 KB | |
svchost.exe (main module) |
Total CPU: | 0.00084313% | |
Kernel CPU: | 0.00056225% | |
User CPU: | 0.00028088% | |
Memory: | 24 KB | |
wscsvc.dll (Windows Security Center Service by Microsoft) |
Total CPU: | 0.00056580% | |
Kernel CPU: | 0.00014145% | |
User CPU: | 0.00042435% | |
Memory: | 92 KB | |
USERENV.dll |
Total CPU: | 0.00028482% | |
Kernel CPU: | 0.00028482% | |
User CPU: | 0.00000000% | |
Memory: | 720 KB | |
shsvcs.dll (by Microsoft) |
Total CPU: | 0.00028459% | |
Kernel CPU: | 0.00028459% | |
User CPU: | 0.00000000% | |
Memory: | 140 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.