svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 5.1.2600.5512 (xpsp.080413-2111) |
| MD5: | b703aee8722ced0f0fd804ea844d8de6 |
| SHA1: | 42e60199ac366c782c935325df5de777af4c9206 |
| SHA256: | a8ec57a1e33bfe2f7dc81cdb5fce05ec7b1086e6e8a572465e2bf4113780be2c |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows XP and is compiled as a 32 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 5.1.2600.5512 (xpsp.080413-2111) |
| Product version: | 5.1.2600.5512 |
| Size: | 14 KB (14,336 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[UDP] listens on port 1900
[UDP] listens on port 123
[UDP] listens on port 1044
[UDP] listens on port 1037
[UDP] listens on port 4825
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00065744% | |
| Kernel CPU: | 0.00039032% | |
| User CPU: | 0.00026712% | |
| Kernel CPU time: | 18,547 ms/min | |
| Context switches: | 309/sec | |
| Memory |
| Private memory: | 7.99 MB | |
| Private (maximum): | 15.15 MB | |
| Private (minimum): | 1.41 MB | |
| Non-paged memory: | 7.99 MB | |
| Virtual memory: | 70.45 MB | |
| Virtual memory (peak): | 89.63 MB | |
| Working set: | 3.41 MB | |
| Working set (peak): | 26.32 MB | |
| Page faults: | 247,236/min | |
| I/O |
| I/O read transfer: | 4.12 KB/sec | |
| I/O read operations: | 2/sec | |
| I/O write transfer: | 1.01 KB/sec | |
| I/O write operations: | 1/sec | |
| I/O other transfer: | 28.28 KB/sec | |
| I/O other operations: | 1,794/sec | |
| Resource allocations |
| Threads: | 20 | |
| Handles: | 471 | |
| GUI GDI count: | 5 | |
| GUI USER count: | 7 | |
Process properties
| Integrety level: | Undefined |
| Platform: | 32-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost -k dcomlaunch
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost -k rpcss
- C:\Windows\System32\svchost.exe -k imgsvc
- C:\Windows\System32\svchost -k xlserviceplatform
- (11 more)
|
| Owner: | SYSTEM |
| Parent process: | services.exe (Microsoft Windows Operating System by Microsoft) |
Threads
Averages
| wbemcore.dll |
| Total CPU: | 0.21385519% | |
| Kernel CPU: | 0.08917962% | |
| User CPU: | 0.12467557% | |
| Context switches: | 25/sec | |
| Memory: | 532 KB | |
| ipxrip.dll |
| Total CPU: | 0.06341467% | |
| Kernel CPU: | 0.00005979% | |
| User CPU: | 0.06335488% | |
| Context switches: | 2/sec | |
| Memory: | 36 KB | |
| UCLiveCore.dll |
| Total CPU: | 0.02522589% | |
| Kernel CPU: | 0.01271700% | |
| User CPU: | 0.01250889% | |
| Context switches: | 537/sec | |
| Memory: | 412 KB | |
| live_deamon.dll |
| Total CPU: | 0.01183830% | |
| Kernel CPU: | 0.00656656% | |
| User CPU: | 0.00527174% | |
| Context switches: | 524/sec | |
| Memory: | 212 KB | |
| xpsp2res.dll |
| Total CPU: | 0.00833131% | |
| Kernel CPU: | 0.00089352% | |
| User CPU: | 0.00743779% | |
| Memory: | 5.29 MB | |
| ntdll.dll |
| Total CPU: | 0.00792619% | |
| Kernel CPU: | 0.00086690% | |
| User CPU: | 0.00705929% | |
| Context switches: | 1/sec | |
| Memory: | 604 KB | |
| ipxsap.dll (SAP Agent DLL by Microsoft) |
| Total CPU: | 0.00449783% | |
| Kernel CPU: | 0.00244667% | |
| User CPU: | 0.00205116% | |
| Context switches: | 21/sec | |
| Memory: | 92 KB | |
| schedsvc.dll (Microsoft Windows Operating System by Microsoft) |
| Total CPU: | 0.00375645% | |
| Kernel CPU: | 0.00280740% | |
| User CPU: | 0.00094905% | |
| Memory: | 200 KB | |
| RPCRT4.dll |
| Total CPU: | 0.00285582% | |
| Kernel CPU: | 0.00131524% | |
| User CPU: | 0.00154058% | |
| Context switches: | 1/sec | |
| Memory: | 588 KB | |
| ssdpsrv.dll (SSDP Service DLL by Microsoft) |
| Total CPU: | 0.00241040% | |
| Kernel CPU: | 0.00098165% | |
| User CPU: | 0.00142875% | |
| Memory: | 80 KB | |
| ADVAPI32.dll |
| Total CPU: | 0.00164303% | |
| Kernel CPU: | 0.00089775% | |
| User CPU: | 0.00074528% | |
| Memory: | 668 KB | |
| ESENT.dll |
| Total CPU: | 0.00049395% | |
| Kernel CPU: | 0.00032556% | |
| User CPU: | 0.00016839% | |
| Context switches: | 1/sec | |
| Memory: | 1.02 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
