Investigation of Suspicious File "svhost.exe" in System32 Directory

The author reports a file named svhost.exe (not to be confused with svchost.exe) detected by Sophos XDR in *C:\Windows\System32*. The file, which has AHS attributes, is hidden, weighs approximately 802 MB, and only appears when using dir /a in CMD. Although inactive as a process, it shows interactions with DLLs such as hmpalert.dll and sophosED.dll. The author seeks to identify persistence mechanisms and execution history but has been unable to obtain the file's hash or owner.