svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 6.2.8250.0 (winmain_win8beta.120217-1520) |
| MD5: | e4bc66e3b5638103a02a2837f922c6f4 |
| SHA1: | 28f1ccabce4100765eaa0c2fb002dde4b4ccbff0 |
| SHA256: | 98c751a466d968a54989e0791be9a4460fdcde1ff1274958da632798cbaf2d75 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows 8 and is compiled as a 32 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 6.2.8250.0 (winmain_win8beta.120217-1520) |
| Product version: | 6.2.8250.0 |
| Size: | 23.5 KB (24,064 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[UDP] listens on port 5355
[UDP] listens on port 61635
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00583812% | |
| Kernel CPU: | 0.00305577% | |
| User CPU: | 0.00278234% | |
| Kernel CPU time: | 1,365 ms/min | |
| Context switches: | 29/sec | |
| Memory |
| Private memory: | 9 MB | |
| Private (maximum): | 13.84 MB | |
| Private (minimum): | 7.62 MB | |
| Non-paged memory: | 9 MB | |
| Virtual memory: | 64.73 MB | |
| Virtual memory (peak): | 75.96 MB | |
| Working set: | 12.67 MB | |
| Working set (peak): | 15.44 MB | |
| Resource allocations |
| Threads: | 13 | |
| Handles: | 446 | |
Process properties
| Integrety level: | System |
| Platform: | 32-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k rpcss
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost.exe -k localsystemnetworkrestricted
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost.exe -k dcomlaunch
- C:\Windows\System32\svchost.exe -k localserviceandnoimpersonation
- C:\Windows\System32\svchost.exe -k localservicenetworkrestricted
- (10 more)
|
| Owner: | NETWORK SERVICE |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Threads
Averages
| wbemcore.dll |
| Total CPU: | 0.40207471% | |
| Kernel CPU: | 0.10051868% | |
| User CPU: | 0.30155603% | |
| CPU cycles: | 12,545,228/sec | |
| Context switches: | 19/sec | |
| Memory: | 1016 KB | |
| sechost.dll |
| Total CPU: | 0.17916826% | |
| Kernel CPU: | 0.02364042% | |
| User CPU: | 0.15552784% | |
| CPU cycles: | 5,347,184/sec | |
| Context switches: | 2/sec | |
| Memory: | 204 KB | |
| ntdll.dll |
| Total CPU: | 0.08538754% | |
| Kernel CPU: | 0.04716557% | |
| User CPU: | 0.03822198% | |
| CPU cycles: | 2,901,634/sec | |
| Context switches: | 32/sec | |
| Memory: | 1.41 MB | |
| taskcomp.dll |
| Total CPU: | 0.00213473% | |
| Kernel CPU: | 0.00170778% | |
| User CPU: | 0.00042695% | |
| CPU cycles: | 84,708/sec | |
| Memory: | 368 KB | |
| mpssvc.dll (Microsoft Protection Service by Microsoft) |
| Total CPU: | 0.00085299% | |
| Kernel CPU: | 0.00042649% | |
| User CPU: | 0.00042649% | |
| CPU cycles: | 8,693/sec | |
| Memory: | 692 KB | |
| wevtsvc.dll |
| Total CPU: | 0.00085227% | |
| Kernel CPU: | 0.00042614% | |
| User CPU: | 0.00042614% | |
| CPU cycles: | 27,486/sec | |
| Memory: | 1.34 MB | |
| dnsrslvr.dll (DNS Caching Resolver Service by Microsoft) |
| Total CPU: | 0.00085135% | |
| Kernel CPU: | 0.00085135% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 8,977/sec | |
| Memory: | 168 KB | |
| schedsvc.dll |
| Total CPU: | 0.00042694% | |
| Kernel CPU: | 0.00042694% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 4,506/sec | |
| Memory: | 932 KB | |
| svchost.exe (main module) |
| Total CPU: | 0.00042633% | |
| Kernel CPU: | 0.00042633% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 4,910/sec | |
| Memory: | 36 KB | |
| dhcpcore6.dll |
| Total CPU: | 0.00042617% | |
| Kernel CPU: | 0.00042617% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 1,038/sec | |
| Memory: | 196 KB | |
| fntcache.dll (Windows Font Cache Service by Microsoft) |
| Total CPU: | 0.00042597% | |
| Kernel CPU: | 0.00042597% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 15,222/sec | |
| Memory: | 992 KB | |
| nlasvc.dll (Network Location Awareness 2 by Microsoft) |
| Total CPU: | 0.00042576% | |
| Kernel CPU: | 0.00042576% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 13,830/sec | |
| Memory: | 292 KB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
