File details
File name: svchost.exe
Name: Generic Host Process for Win32 Services
Description: Microsoft® Windows® Operating System
Version: 5.1.2600.5512 (xpsp.080413-2111)
Product version: 5.1.2600.5512
Size: 14 KB
Original file name: svchost.exe
Windows file protection:
Yes
Resource utilization
 | CPU utilization averages |
Total CPU: 0.0026953653%
Privileged CPU:
0.0013807389%

User CPU:
0.00131462640394%

Privileged CPU time: 13945.62 ms
Privileged CPU time /min: 2 ms
Context switches /sec:
38
 | Memory utilization averages |
Committed memory:
63.28 MB
Peak committed memory: 88.32 MB
Paged memory:
8.01 MB
Peak paged memory: 20.71 MB
Paged system memory:
98.17 KB
Non-paged system memory: 50.52 KB
Working set memory:
7.88 MB
Peak working set memory: 22.54 MB
Min working set memory: 5.6 MB
Private memory:
8.01 MB
Page faults:
125,292
Page faults /min: 24
 | Process I/O averages |
Total read operations:
9,598
Read operations /min: 3
Total read transfer: 23.6 MB
Read transfer /min: 11.37 KB
Total write operations:
8,074
Write operations /min: 5
Total write transfer: 30.04 MB
Write transfer /min: 14.6 KB
Total other operations:
71,182
Other operations /min: 33
Total other transfer: 2.41 MB
Other Transfer /min: 790 Bytes
 | GUI Object Averages |
GDI objects:
5
USER objects:
6
Resources
Handle count average: 443
Thread count average: 17
Thread resource averages
Total CPU: 3.923645508130%
Privileged CPU: 0.787123777015%
User CPU: 3.136521731116%
Context switches /sec: 33
Module memory size: 1.85 MB
Total CPU: 0.988900197581%
Privileged CPU: 0.611735954309%
User CPU: 0.377164243273%
Context switches /sec: 11
Module memory size: 340 KB
wuaueng.dll

Total CPU: 0.525984855186%
Privileged CPU: 0.073252406560%
User CPU: 0.452732448627%
Context switches /sec: 3
Module memory size: 1.85 MB
Total CPU: 0.324645300575%
Privileged CPU: 0.140380478573%
User CPU: 0.184264822002%
Context switches /sec: 58
Module memory size: 428 KB
wbemcore.dll

Total CPU: 0.209749355425%
Privileged CPU: 0.040486315444%
User CPU: 0.169263039981%
Context switches /sec: 17
Module memory size: 532 KB
ipxrip.dll

Total CPU: 0.149048104841%
Privileged CPU: 0.000435843982%
User CPU: 0.148612260860%
Context switches /sec: 3
Module memory size: 36 KB
rpcrt4.dll

Total CPU: 0.132735090959%
Privileged CPU: 0.029759568876%
User CPU: 0.102975522083%
Context switches /sec: 18
Module memory size: 588 KB
wbemcomn.dll

Total CPU: 0.070630875629%
Privileged CPU: 0.024937755108%
User CPU: 0.045693120521%
Context switches /sec: 3
Module memory size: 220 KB
npggnt.des

Total CPU: 0.030392957229%
Privileged CPU: 0.000000000000%
User CPU: 0.030392957229%
Module memory size: 284 KB
Total CPU: 0.029726518315%
Privileged CPU: 0.029726518315%
User CPU: 0.000000000000%
Context switches /sec: 5
Module memory size: 272 KB
Total CPU: 0.024414970223%
Privileged CPU: 0.019358603076%
User CPU: 0.005056367147%
Context switches /sec: 1
Module memory size: 140 KB
ntdll.dll

Total CPU: 0.018938288304%
Privileged CPU: 0.003865566582%
User CPU: 0.015072721722%
Context switches /sec: 1
Module memory size: 712 KB
Total CPU: 0.017247363842%
Privileged CPU: 0.014013483122%
User CPU: 0.003233880720%
Context switches /sec: 14
Module memory size: 72 KB
schedsvc.dll

Total CPU: 0.017022224007%
Privileged CPU: 0.006834792587%
User CPU: 0.010187431420%
Module memory size: 204 KB
winhttp.dll

Total CPU: 0.016750417970%
Privileged CPU: 0.008375208985%
User CPU: 0.008375208985%
Module memory size: 356 KB
ole32.dll

Total CPU: 0.013887162582%
Privileged CPU: 0.000013688467%
User CPU: 0.013873474115%
Module memory size: 1.24 MB
rpcrt4.dll

Total CPU: 0.013343610682%
Privileged CPU: 0.004712780907%
User CPU: 0.008630829775%
Context switches /sec: 2
Module memory size: 588 KB
ntdll.dll

Total CPU: 0.012609094701%
Privileged CPU: 0.008907321084%
User CPU: 0.003701773617%
Context switches /sec: 1
Module memory size: 712 KB
ole32.dll

Total CPU: 0.011697457269%
Privileged CPU: 0.002059598866%
User CPU: 0.009637858403%
Context switches /sec: 1
Module memory size: 1.24 MB
rpcrt4.dll

Total CPU: 0.010949727288%
Privileged CPU: 0.001486094759%
User CPU: 0.009463632530%
Context switches /sec: 3
Module memory size: 584 KB
Process details
Runs as (owner): System
Integrety level: Undefined
Windows platform: 32-bit
Runs as a service: Yes
Parent Processes
Child Processes
Process Commands
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Hosted services
6to4
AeLookupSvc
Akamai
Alerter
Application Experience (AeLookupSvc)

Application Management (AppMgmt)

AppMgmt
ASBroker
ASChannel
AudioSrv
Background Intelligent Transfer Service (BITS)

BITS
Browser

BthServ
Cryptographic Services (CryptSvc)

CryptSvc
DCOM Server Process Launcher (DcomLaunch)

DcomLaunch
DCOM-Server-Prozessstart (DcomLaunch)

Dhcp
DHCP Client (Dhcp)

Distributed Link Tracking Client (TrkWks)
dmserver
DNS Client (Dnscache)
Dnscache
Dot3svc
EapHost
ERSvc
EventSystem

Extensible Authentication Protocol (EapHost)

FastUserSwitchingCompatibility
FunshionSvr
getPlusHelper
Health Key and Certificate Management (hkmsvc)

helpsvc
HidServ
hkmsvc
hpqcxs08
hpqddsvc
HPSLPSVC
HTTPFilter
Human Interface Device Access (HidServ)
IASJet
Internet Connection Sharing (ICS) (SharedAccess)

Iprip
ir16_32
Irmon
KBDMAI
Lanceur de processus serveur DCOM (DcomLaunch)

LanmanServer
lanmanworkstation
LmHosts
Messenger
MHN
napagent
Net Driver HPZ12
Netman
Network Access Protection Agent (napagent)

Network Connections (Netman)

Network Provisioning Service (xmlprov)

Nla
nosGetPlusHelper
NtmsSvc
NWCWorkstation
NwSapAgent
p2pgasvc
p2pimsvc
p2psvc
Pml Driver HPZ12
PNRPSvc
QWAVE
RasAuto
RasMan
Remote Access Auto Connection Manager (RasAuto)

Remote Access Connection Manager (RasMan)

Remote Desktop Services (TermService)

Remote Procedure Call (RPC) (RpcSs)

Remote Registry (RemoteRegistry)

RemoteAccess
RemoteRegistry
Routing and Remote Access (RemoteAccess)

RpcSs
scan
Schedule
seclogon
Secondary Logon (seclogon)

Security Center (wscsvc)

SENS
Server (LanmanServer)

SharedAccess
Shell Hardware Detection (ShellHWDetection)

ShellHWDetection
sina_live_deamon
srservice
SSDP Discovery (SSDPSRV)

SSDPSRV
stisvc
swprv
System Event Notification Service (SENS)

TapiSrv
Task Scheduler (Schedule)

TCP/IP NetBIOS Helper (LmHosts)

Telephony (TapiSrv)

TermService
Themes

tlstnme
TrkWks
UPnP Device Host (upnphost)

upnphost
usnsvc
usprserv
UxTuneUp
W32Time
WebClient

Windows Audio (AudioSrv)

Windows Image Acquisition (WIA) (stisvc)

Windows Management Instrumentation (winmgmt)

Windows Time (W32Time)

Windows Update (wuauserv)

WinHttpAutoProxySvc
winmgmt
Network connectivity
UDP: LISTENING on port 123
UDP: LISTENING on port 1900
TCP: localhost on port 2869
TCP: localhost on port 135
UDP: LISTENING on port 427
UDP: LISTENING on port 1900
UDP: LISTENING on port 123
UDP: LISTENING on port 123
UDP: LISTENING on port 1900
UDP: LISTENING on port 1900
UDP: LISTENING on port 123
UDP: LISTENING on port 1158
Windows Firewall allowed program: Yes
Image hashes
MD5: 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA-1: 49083ae3725a0488e0a8fbbe1335c745f70c4667
SHA-256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
PE image details
File entropy: 5.74584
File packed: No
Import Table
advapi32.dll

RegQueryValueExW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW
kernel32.dll

HeapFree
GetLastError
WideCharToMultiByte
lstrlenW
LocalFree
GetCurrentProcess
GetCurrentThread
GetProcAddress
LoadLibraryExW
LeaveCriticalSection
HeapAlloc
EnterCriticalSection
LCMapStringW
FreeLibrary
lstrcpyW
ExpandEnvironmentStringsW
lstrcmpiW
ExitProcess
GetCommandLineW
InitializeCriticalSection
GetProcessHeap
SetErrorMode
SetUnhandledExceptionFilter
RegisterWaitForSingleObject
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
LocalAlloc
lstrcmpW
DelayLoadFailureHook
ntdll.dll

NtQuerySecurityObject
RtlFreeHeap
NtOpenKey
wcscat
wcscpy
RtlAllocateHeap
RtlCompareUnicodeString
RtlInitUnicodeString
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
NtClose
RtlSubAuthorityCountSid
RtlGetDaclSecurityDescriptor
RtlQueryInformationAcl
RtlGetAce
RtlImageNtHeader
wcslen
RtlUnhandledExceptionFilter
RtlCopySid
rpcrt4.dll

RpcServerUnregisterIfEx
RpcMgmtWaitServerListen
RpcMgmtSetServerStackSize
RpcServerUnregisterIf
RpcServerListen
RpcServerUseProtseqEpW
RpcServerRegisterIf
I_RpcMapWin32Status
RpcMgmtStopServerListening