svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 6.3.9600.16384 (winblue_rtm.130821-1623) |
| MD5: | e4ca434f251681590d0538bc21c32d2f |
| SHA1: | 4eea9bdfe0eb41759d96ec9bd224c4519314a8fa |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. and is compiled as a 64 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 6.3.9600.16384 (winblue_rtm.130821-1623) |
| Product version: | 6.3.9600.16384 |
| Size: | 36.88 KB (37,768 bytes) |
| Build date: | 8/22/2013 5:54 AM |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] 209.2.233.220.static.exetel.com.au (220.233.2.209:80)
[UDP] listens on port 53324
[UDP] listens on port 64415
[UDP] listens on port 5355
[UDP] listens on port 50431
[UDP] listens on port 123
[UDP] listens on port 55243
[UDP] listens on port 61423
[UDP] listens on port 54596
[UDP] listens on port 62593
[UDP] listens on port 50978
[UDP] listens on port 58576
[UDP] listens on port 54776
[UDP] listens on port 51096
[UDP] listens on port 55285
[UDP] listens on port 59965
[UDP] listens on port 1900
[UDP] listens on port 65091
[UDP] listens on port 49809
[UDP] listens on port 61634
[UDP] listens on port 64633
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00265654% | |
| Kernel CPU: | 0.00146583% | |
| User CPU: | 0.00119072% | |
| Kernel CPU time: | 14,799,203 ms/min | |
| CPU cycles: | 2,243,919/sec | |
| Context switches: | 56/sec | |
| Memory |
| Private memory: | 19.35 MB | |
| Private (maximum): | 37.19 MB | |
| Private (minimum): | 19.47 MB | |
| Non-paged memory: | 19.35 MB | |
| Virtual memory: | 216.55 MB | |
| Virtual memory (peak): | 272.59 MB | |
| Working set: | 25.44 MB | |
| Working set (peak): | 59.49 MB | |
| Page faults: | 871,400/min | |
| I/O |
| I/O read transfer: | 60.64 KB/sec | |
| I/O read operations: | 19/sec | |
| I/O write transfer: | 40.71 KB/sec | |
| I/O write operations: | 7/sec | |
| I/O other transfer: | 57.25 KB/sec | |
| I/O other operations: | 509/sec | |
| Resource allocations |
| Threads: | 18 | |
| Handles: | 682 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k localsystemnetworkrestricted
- C:\Windows\System32\svchost.exe -k rpcss
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost.exe -k localservicenonetwork
- C:\Windows\System32\svchost.exe -k localservicenetworkrestricted
- C:\Windows\System32\svchost.exe -k dcomlaunch
- (17 more)
|
| Owner: | LOCAL SERVICE |
Threads
Averages
| wuaueng.dll |
| Total CPU: | 5.04883836% | |
| Kernel CPU: | 2.36948525% | |
| User CPU: | 2.67935311% | |
| CPU cycles: | 48,600,274/sec | |
| Context switches: | 1/sec | |
| Memory: | 3.39 MB | |
| sysmain.dll (Superfetch Service Host by Microsoft) |
| Total CPU: | 1.04016950% | |
| Kernel CPU: | 0.84403691% | |
| User CPU: | 0.19613259% | |
| CPU cycles: | 17,974,195/sec | |
| Context switches: | 10/sec | |
| Memory: | 1.15 MB | |
| wbemcore.dll |
| Total CPU: | 0.18026045% | |
| Kernel CPU: | 0.05204506% | |
| User CPU: | 0.12821538% | |
| CPU cycles: | 3,035,733/sec | |
| Context switches: | 5/sec | |
| Memory: | 1.18 MB | |
| ntdll.dll |
| Total CPU: | 0.10171311% | |
| Kernel CPU: | 0.04820385% | |
| User CPU: | 0.05350926% | |
| CPU cycles: | 2,095,882/sec | |
| Context switches: | 18/sec | |
| Memory: | 1.66 MB | |
| sechost.dll |
| Total CPU: | 0.09871234% | |
| Kernel CPU: | 0.03612815% | |
| User CPU: | 0.06258419% | |
| CPU cycles: | 2,153,063/sec | |
| Context switches: | 3/sec | |
| Memory: | 348 KB | |
| qmgr.dll (Background Intelligent Transfer Service by Microsoft) |
| Total CPU: | 0.02514263% | |
| Kernel CPU: | 0.00000000% | |
| User CPU: | 0.02514263% | |
| CPU cycles: | 228,032/sec | |
| Context switches: | 1/sec | |
| Memory: | 1008 KB | |
| taskcomp.dll |
| Total CPU: | 0.01790599% | |
| Kernel CPU: | 0.00026401% | |
| User CPU: | 0.01764199% | |
| CPU cycles: | 321,528/sec | |
| Memory: | 496 KB | |
| bfe.dll (Base Filtering Engine by Microsoft) |
| Total CPU: | 0.01407369% | |
| Kernel CPU: | 0.00048318% | |
| User CPU: | 0.01359051% | |
| CPU cycles: | 262,964/sec | |
| Context switches: | 1/sec | |
| Memory: | 828 KB | |
| DAB.dll |
| Total CPU: | 0.01110850% | |
| Kernel CPU: | 0.00144595% | |
| User CPU: | 0.00966255% | |
| CPU cycles: | 240,241/sec | |
| Context switches: | 6/sec | |
| Memory: | 108 KB | |
| dhcpcore6.dll |
| Total CPU: | 0.00783216% | |
| Kernel CPU: | 0.00783061% | |
| User CPU: | 0.00000156% | |
| CPU cycles: | 37,446/sec | |
| Memory: | 284 KB | |
| audiosrv.dll (Windows Audio Service by Microsoft) |
| Total CPU: | 0.00679171% | |
| Kernel CPU: | 0.00204176% | |
| User CPU: | 0.00474995% | |
| CPU cycles: | 259,729/sec | |
| Memory: | 844 KB | |
| combase.dll |
| Total CPU: | 0.00489727% | |
| Kernel CPU: | 0.00194063% | |
| User CPU: | 0.00295664% | |
| CPU cycles: | 144,629/sec | |
| Memory: | 1.84 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
