File details
File name: svchost.exe
Name: Generic Host Process for Win32 Services
Description: Microsoft® Windows® Operating System
Version: 5.1.2600.5512 (xpsp.080413-2111)
Product version: 5.1.2600.5512
Size: 14 KB
Original file name: svchost.exe
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0082305833%
Privileged CPU:
0.0054208439%

User CPU:
0.00280973943168%

Privileged CPU time: 3403125 ms
Privileged CPU time /min: 6,615 ms
Context switches /sec:
16
 | Memory utilization averages |
Committed memory:
48.99 MB
Peak committed memory: 50.04 MB
Paged memory:
3.88 MB
Peak paged memory: 6.78 MB
Paged system memory:
46.54 KB
Non-paged system memory: 12.85 KB
Working set memory:
4.95 MB
Peak working set memory: 7.11 MB
Min working set memory: 4.76 MB
Private memory:
3.88 MB
Page faults:
31,909
Page faults /min: 62
 | Process I/O averages |
Total read operations:
622
Read operations /min: 2
Total read transfer: 2.9 MB
Read transfer /min: 5.78 KB
Total write operations:
232
Write operations /min: 1
Total write transfer: 647.74 KB
Write transfer /min: 1.26 KB
Total other operations:
22,493
Other operations /min: 44
Total other transfer: 512.21 KB
Other Transfer /min: 1020 Bytes
 | GUI Object Averages |
GDI objects:
5
USER objects:
9
Resources
Handle count average: 363
Thread count average: 17
Process details
Runs as (owner): System
Integrety level: Undefined
Windows platform: 32-bit
Runs as a service: Yes
Parent Process
Child Process
Process Commands
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
Hosted services
6to4
AeLookupSvc
Akamai
Alerter
Application Experience (AeLookupSvc)

Application Management (AppMgmt)

AppMgmt
ASBroker
ASChannel
AudioSrv
Background Intelligent Transfer Service (BITS)

BITS
Browser

BthServ
Cryptographic Services (CryptSvc)

CryptSvc
DCOM Server Process Launcher (DcomLaunch)

DcomLaunch
DCOM-Server-Prozessstart (DcomLaunch)

Dhcp
DHCP Client (Dhcp)

Distributed Link Tracking Client (TrkWks)
dmserver
DNS Client (Dnscache)
Dnscache
Dot3svc
EapHost
ERSvc
EventSystem

Extensible Authentication Protocol (EapHost)

FastUserSwitchingCompatibility
fhloaw
FunshionSvr
getPlusHelper
Health Key and Certificate Management (hkmsvc)

helpsvc
HidServ
hkmsvc
hpqcxs08
hpqddsvc
HPSLPSVC
HTTPFilter
Human Interface Device Access (HidServ)
IASJet
Internet Connection Sharing (ICS) (SharedAccess)

Iprip
ir16_32
Irmon
KBDMAI
Lanceur de processus serveur DCOM (DcomLaunch)

LanmanServer
lanmanworkstation
LmHosts
Messenger
MHN
napagent
Net Driver HPZ12
Netman
Network Access Protection Agent (napagent)

Network Connections (Netman)

Network Provisioning Service (xmlprov)

Nla
nosGetPlusHelper
NtmsSvc
NWCWorkstation
NwSapAgent
obrvj
p2pgasvc
p2pimsvc
p2psvc
Pml Driver HPZ12
PNRPSvc
QWAVE
RasAuto
RasMan
Remote Access Auto Connection Manager (RasAuto)

Remote Access Connection Manager (RasMan)

Remote Desktop Services (TermService)

Remote Procedure Call (RPC) (RpcSs)

Remote Registry (RemoteRegistry)

RemoteAccess
RemoteRegistry
Routing and Remote Access (RemoteAccess)

RpcSs
scan
Schedule
seclogon
Secondary Logon (seclogon)

Security Center (wscsvc)

SENS
Server (LanmanServer)

SharedAccess
Shell Hardware Detection (ShellHWDetection)

ShellHWDetection
sina_live_deamon
srservice
SSDP Discovery (SSDPSRV)

SSDPSRV
stisvc
swprv
System Event Notification Service (SENS)

TapiSrv
Task Scheduler (Schedule)

TCP/IP NetBIOS Helper (LmHosts)

Telephony (TapiSrv)

TermService
Themes

tlstnme
TrkWks
UPnP Device Host (upnphost)

upnphost
usnsvc
usprserv
UxTuneUp
W32Time
WebClient

Windows Audio (AudioSrv)

Windows Image Acquisition (WIA) (stisvc)

Windows Management Instrumentation (winmgmt)

Windows Time (W32Time)

Windows Update (wuauserv)

Network connectivity
UDP: LISTENING on port 123
UDP: LISTENING on port 1900
TCP: localhost on port 135
Windows Firewall allowed program: Yes
Image hashes
MD5: 8607d35d92528e2df386f19a960d23ce
SHA-1: f9fdce5b23352e556c5d7dfad53aa0d78fe5c880
PE image details
File entropy: 5.74584
File packed: No
Import Table
advapi32.dll

RegQueryValueExW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW
kernel32.dll

HeapFree
GetLastError
WideCharToMultiByte
lstrlenW
LocalFree
GetCurrentProcess
GetCurrentThread
GetProcAddress
LoadLibraryExW
LeaveCriticalSection
HeapAlloc
EnterCriticalSection
LCMapStringW
FreeLibrary
lstrcpyW
ExpandEnvironmentStringsW
lstrcmpiW
ExitProcess
GetCommandLineW
InitializeCriticalSection
GetProcessHeap
SetErrorMode
SetUnhandledExceptionFilter
RegisterWaitForSingleObject
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
LocalAlloc
lstrcmpW
DelayLoadFailureHook
ntdll.dll

NtQuerySecurityObject
RtlFreeHeap
NtOpenKey
wcscat
wcscpy
RtlAllocateHeap
RtlCompareUnicodeString
RtlInitUnicodeString
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
NtClose
RtlSubAuthorityCountSid
RtlGetDaclSecurityDescriptor
RtlQueryInformationAcl
RtlGetAce
RtlImageNtHeader
wcslen
RtlUnhandledExceptionFilter
RtlCopySid
rpcrt4.dll

RpcServerUnregisterIfEx
RpcMgmtWaitServerListen
RpcMgmtSetServerStackSize
RpcServerUnregisterIf
RpcServerListen
RpcServerUseProtseqEpW
RpcServerRegisterIf
I_RpcMapWin32Status
RpcMgmtStopServerListening