svchost.exe
Host Process for Windows Services by Microsoft Corporation (Signed)
| Version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| MD5: | ede27eace742ee2888c5dd36400a2ec0 |
| SHA1: | 27dacbb2d894d42f2bb5e4385e7c4ef103993ec3 |
| SHA256: | 4ae0c5191fe9d93e1be2b99c0c64bf3ca43272cd66003139476192f946f0bec4 |
This is a Windows system installed file with Windows File Protection (WFP) enabled.
What is svchost.exe?
Host Process for Windows Tasks is a generic process which acts as a host for processes that run from DLLs rather than EXEs. At startup TASKHOST checks the Services portion of the Registry to construct a list of DLL-based services that it needs to load, and then loads them.
Overview
svchost.exe has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation. This version is installed on Windows 8 and is compiled as a 64 bit program.
Details
| File name: | svchost.exe |
| Publisher: | Microsoft Corporation |
| Product name: | Host Process for Windows Services |
| Description: | Microsoft® Windows® Operating System |
| Typical file path: | C:\Windows\System32\svchost.exe |
| Original name: | svchost.exe.mui |
| File version: | 6.2.9200.16384 (win8_rtm.120725-1247) |
| Product version: | 6.2.9200.16384 |
| Size: | 29 KB (29,696 bytes) |
| Certificate |
| Issued to: | Microsoft Corporation |
| Authority (CA): | Microsoft Corporation |
| Expiration date: | Friday, June 13, 2014 |
| Digital DNA |
| Entropy: | 5.878473 |
| File packed: | No |
| Code language: | Microsoft Visual C++ |
| .NET CLR: | No |
More details
Behaviors
Services
This is the shared Service Host controller that runs some of the following shared services:
- Service name 'QQPCFixSvc'
- Service name 'Журнал событий Windows'
Drivers
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Windows\system32\svchost.exe'
Network connections
Access through an approved Windows firewall exception
[TCP] a23-61-250-35.deploy.static.akamaitechnologies.com (23.61.250.35:80)
[UDP] listens on port 68
[UDP] listens on port 5355
[UDP] listens on port 53511
[UDP] listens on port 4500
[UDP] listens on port 59158
[UDP] listens on port 50125
[UDP] listens on port 53996
[UDP] listens on port 53176
[UDP] listens on port 123
[UDP] listens on port 64594
[UDP] listens on port 52702
[UDP] listens on port 52937
[UDP] listens on port 53355
[UDP] listens on port 54369
[UDP] listens on port 52846
[UDP] listens on port 63012
[UDP] listens on port 61100
[UDP] listens on port 1900
[UDP] listens on port 52984
[UDP] listens on port 63120
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00102768% | |
| Kernel CPU: | 0.00051971% | |
| User CPU: | 0.00050797% | |
| Kernel CPU time: | 79,531,995 ms/min | |
| CPU cycles: | 2,013,162/sec | |
| Context switches: | 30/sec | |
| Memory |
| Private memory: | 22.29 MB | |
| Private (maximum): | 60.02 MB | |
| Private (minimum): | 17.98 MB | |
| Non-paged memory: | 22.29 MB | |
| Virtual memory: | 244.89 MB | |
| Virtual memory (peak): | 337.98 MB | |
| Working set: | 24.33 MB | |
| Working set (peak): | 111.88 MB | |
| Page faults: | 1,725,977/min | |
| I/O |
| I/O read transfer: | 66.45 KB/sec | |
| I/O read operations: | 20/sec | |
| I/O write transfer: | 44.98 KB/sec | |
| I/O write operations: | 7/sec | |
| I/O other transfer: | 24.48 KB/sec | |
| I/O other operations: | 330/sec | |
| Resource allocations |
| Threads: | 18 | |
| Handles: | 643 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command lines: |
- C:\Windows\System32\svchost.exe -k localservicenetworkrestricted
- C:\Windows\System32\svchost.exe -k rpcss
- C:\Windows\System32\svchost.exe -k localsystemnetworkrestricted
- C:\Windows\System32\svchost.exe -k networkservice
- C:\Windows\System32\svchost.exe -k localservice
- C:\Windows\System32\svchost.exe -k netsvcs
- C:\Windows\System32\svchost.exe -k dcomlaunch
- (16 more)
|
| Owner: | SYSTEM |
| Parent process: | services.exe (by Microsoft) |
Threads
Averages
| wuaueng.dll (Windows Update Agent by Microsoft) |
| Total CPU: | 9.63606416% | |
| Kernel CPU: | 4.79149393% | |
| User CPU: | 4.84457023% | |
| CPU cycles: | 270,492,293/sec | |
| Context switches: | 353/sec | |
| Memory: | 3.21 MB | |
| sysmain.dll (Superfetch Service Host by Microsoft) |
| Total CPU: | 1.59086948% | |
| Kernel CPU: | 0.36763852% | |
| User CPU: | 1.22323096% | |
| CPU cycles: | 18,705,978/sec | |
| Context switches: | 6/sec | |
| Memory: | 1.28 MB | |
| defragsvc.dll (Microsoft\Drive Optimizer by Microsoft) |
| Total CPU: | 1.04256959% | |
| Kernel CPU: | 0.47975640% | |
| User CPU: | 0.56281319% | |
| CPU cycles: | 26,584,626/sec | |
| Context switches: | 16/sec | |
| Memory: | 344 KB | |
| CRYPTNET.dll |
| Total CPU: | 0.66467886% | |
| Kernel CPU: | 0.57478273% | |
| User CPU: | 0.08989613% | |
| CPU cycles: | 6,460,752/sec | |
| Memory: | 152 KB | |
| wbemcore.dll |
| Total CPU: | 0.13815647% | |
| Kernel CPU: | 0.02323633% | |
| User CPU: | 0.11492014% | |
| CPU cycles: | 3,725,446/sec | |
| Context switches: | 6/sec | |
| Memory: | 1.3 MB | |
| shcore.dll |
| Total CPU: | 0.09328348% | |
| Kernel CPU: | 0.05134463% | |
| User CPU: | 0.04193885% | |
| CPU cycles: | 1,110,012/sec | |
| Memory: | 600 KB | |
| sechost.dll |
| Total CPU: | 0.06844413% | |
| Kernel CPU: | 0.01944451% | |
| User CPU: | 0.04899962% | |
| CPU cycles: | 1,563,086/sec | |
| Context switches: | 2/sec | |
| Memory: | 288 KB | |
| dhcpcore.dll (DHCP Client Service by Microsoft) |
| Total CPU: | 0.06633505% | |
| Kernel CPU: | 0.05284459% | |
| User CPU: | 0.01349046% | |
| CPU cycles: | 1,112,496/sec | |
| Context switches: | 2/sec | |
| Memory: | 340 KB | |
| cryptsvc.dll (Cryptographic Services by Microsoft) |
| Total CPU: | 0.06569012% | |
| Kernel CPU: | 0.06569012% | |
| User CPU: | 0.00000000% | |
| CPU cycles: | 824,088/sec | |
| Memory: | 80 KB | |
| ntdll.dll |
| Total CPU: | 0.06306849% | |
| Kernel CPU: | 0.03768514% | |
| User CPU: | 0.02538335% | |
| CPU cycles: | 1,357,222/sec | |
| Context switches: | 5/sec | |
| Memory: | 1.74 MB | |
| audiosrv.dll (Windows Audio Service by Microsoft) |
| Total CPU: | 0.03936258% | |
| Kernel CPU: | 0.00751213% | |
| User CPU: | 0.03185045% | |
| CPU cycles: | 882,275/sec | |
| Context switches: | 12/sec | |
| Memory: | 792 KB | |
| ESENT.dll |
| Total CPU: | 0.02841689% | |
| Kernel CPU: | 0.02710256% | |
| User CPU: | 0.00131433% | |
| CPU cycles: | 380,517/sec | |
| Memory: | 2.75 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
| OS version | distribution |
| Windows 8.1 Pro |
100.00% |
|
Distribution by country
Austria installs about 79.00% of Host Process for Windows Services.
