svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| MD5: | a46dc432f81473f526e3994aa483e366 |
| SHA1: | 952b68cbf2654a6208ef277d4300656a18592889 |
| SHA256: | c5f40d23a4866e16473a225d8ee07235c2eb90a0481b314d1a288e6222bbdf74 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows 8 and is compiled as a 32 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| Product version: | 6.2.9200.16384 |
| Size: | 22.5 KB (23,040 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] 65.55.53.156:443
[TCP] a125-252-225-161.deploy.akamaitechnologies.com (125.252.225.161:80)
[UDP] listens on port 58480
[UDP] listens on port 5355
[UDP] listens on port 4500
[UDP] listens on port 60214
[UDP] listens on port 427
[UDP] listens on port 68
[UDP] listens on port 62523
[UDP] listens on port 56082
[UDP] listens on port 62056
[UDP] listens on port 62008
[UDP] listens on port 53433
[UDP] listens on port 49822
[UDP] listens on port 64459
[UDP] listens on port 49159
[UDP] listens on port 53415
[UDP] listens on port 56286
[UDP] listens on port 53442
[UDP] listens on port 1900
[UDP] listens on port 50454
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00157198% | |
| Kernel CPU: | 0.00084145% | |
| User CPU: | 0.00073053% | |
| Kernel CPU time: | 622,607,067 ms/min | |
| CPU cycles: | 2,077,726/sec | |
| Context switches: | 62/sec | |
| Memory |
| Private memory: | 12.36 MB | |
| Private (maximum): | 28.71 MB | |
| Private (minimum): | 8.65 MB | |
| Non-paged memory: | 12.36 MB | |
| Virtual memory: | 81.18 MB | |
| Virtual memory (peak): | 118.28 MB | |
| Working set: | 10.97 MB | |
| Working set (peak): | 48.26 MB | |
| Page faults: | 666,909/min | |
| I/O |
| I/O read transfer: | 54.2 KB/sec | |
| I/O read operations: | 19/sec | |
| I/O write transfer: | 10.65 KB/sec | |
| I/O write operations: | 4/sec | |
| I/O other transfer: | 16.87 KB/sec | |
| I/O other operations: | 541/sec | |
| Resource allocations |
| Threads: | 16 | |
| Handles: | 547 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k dcomlaunch
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost.exe -k localservicenonetwork
- C:\Windows\System32\svchost.exe -k localservicenetworkrestricted
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost.exe -k localserviceandnoimpersonation
- (26 more)
|
| Owner: | SYSTEM |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| wuaueng.dll |
| Total CPU: | 0.52132635% | |
| Kernel CPU: | 0.33175313% | |
| User CPU: | 0.18957322% | |
| CPU cycles: | 10,036,969/sec | |
| Context switches: | 4/sec | |
| Memory: | 2.49 MB | |
| wbemcore.dll |
| Total CPU: | 0.19566363% | |
| Kernel CPU: | 0.05368811% | |
| User CPU: | 0.14197552% | |
| CPU cycles: | 3,538,137/sec | |
| Context switches: | 10/sec | |
| Memory: | 1012 KB | |
| sysmain.dll (Superfetch Service Host by Microsoft) |
| Total CPU: | 0.14097431% | |
| Kernel CPU: | 0.12501208% | |
| User CPU: | 0.01596222% | |
| CPU cycles: | 5,851,467/sec | |
| Context switches: | 10/sec | |
| Memory: | 1.02 MB | |
| ESENT.dll |
| Total CPU: | 0.08445936% | |
| Kernel CPU: | 0.08445936% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 442,050/sec | |
| Context switches: | 2/sec | |
| Memory: | 2.29 MB | |
| sechost.dll |
| Total CPU: | 0.06181942% | |
| Kernel CPU: | 0.01754503% | |
| User CPU: | 0.04427439% | |
| CPU cycles: | 1,593,367/sec | |
| Context switches: | 1/sec | |
| Memory: | 208 KB | |
| CRYPT32.dll |
| Total CPU: | 0.05366065% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.05366065% | |
| CPU cycles: | 12,665/sec | |
| Memory: | 1.53 MB | |
| audiosrv.dll (Sistema operativo Microsoft Windows by Microsoft) |
| Total CPU: | 0.03817648% | |
| Kernel CPU: | 0.02207020% | |
| User CPU: | 0.01610628% | |
| CPU cycles: | 1,141,917/sec | |
| Context switches: | 18/sec | |
| Memory: | 604 KB | |
| ntdll.dll |
| Total CPU: | 0.03687457% | |
| Kernel CPU: | 0.02220366% | |
| User CPU: | 0.01467091% | |
| CPU cycles: | 955,096/sec | |
| Context switches: | 9/sec | |
| Memory: | 1.41 MB | |
| dhcpcore.dll (DHCP Client Service by Microsoft) |
| Total CPU: | 0.02632462% | |
| Kernel CPU: | 0.01783801% | |
| User CPU: | 0.00848661% | |
| CPU cycles: | 75,476/sec | |
| Memory: | 280 KB | |
| dhcpcore6.dll |
| Total CPU: | 0.01163636% | |
| Kernel CPU: | 0.01161497% | |
| User CPU: | 0.00002139% | |
| CPU cycles: | 150,310/sec | |
| Context switches: | 8/sec | |
| Memory: | 216 KB | |
| wersvc.dll (by Microsoft) |
| Total CPU: | 0.00628403% | |
| Kernel CPU: | 0.00628403% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 7,481/sec | |
| Memory: | 88 KB | |
| fntcache.dll (Windows Font Cache Service by Microsoft) |
| Total CPU: | 0.00626446% | |
| Kernel CPU: | 0.00518068% | |
| User CPU: | 0.00108378% | |
| CPU cycles: | 142,820/sec | |
| Memory: | 1008 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
