Scribd
Upload
69 views

Process List

This document contains process information from a Windows system. It lists the process ID (ID), process name (Name), and command line (CommandLine) for 28 running processes. Many of the processes seem legitimate like explorer.exe and WINWORD.EXE, but others like csrss.exe, powershell.exe and conhost.exe are suspicious based on their command lines or locations in the temp folder. Overall this process listing suggests the system may have been compromised.

Uploaded by

Helenice Andrade
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
69 views

Process List

This document contains process information from a Windows system. It lists the process ID (ID), process name (Name), and command line (CommandLine) for 28 running processes. Many of the processes seem legitimate like explorer.exe and WINWORD.EXE, but others like csrss.exe, powershell.exe and conhost.exe are suspicious based on their command lines or locations in the temp folder. Overall this process listing suggests the system may have been compromised.

Uploaded by

Helenice Andrade
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

***********************************************

* *
* ____ _____ ____ _ ___ _ _ _____ *
* | _ \| ____| _ \| | |_ _| \ | | ____| *
* | |_) | _| | | | | | | || \| | _| *
* | _ <| |___| |_| | |___ | || |\ | |___ *
* |_| \_|_____|____/|_____|___|_| \_|_____| *
* *
* Telegram: https://t.me/redline_market_bot *
***********************************************

ID: 472, Name: csrss.exe, CommandLine: %SystemRoot%\system32\csrss.exe


ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off
MaxRequestThreads=16
===============
ID: 516, Name: winlogon.exe, CommandLine: winlogon.exe
===============
ID: 2040, Name: taskhost.exe, CommandLine: "taskhost.exe"
===============
ID: 2088, Name: dwm.exe, CommandLine: "C:\Windows\system32\Dwm.exe"
===============
ID: 2164, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
===============
ID: 2456, Name: NMBgMonitor.exe, CommandLine: "C:\Program Files (x86)\Common Files\
Ahead\Lib\NMBgMonitor.exe"
===============
ID: 2672, Name: NMIndexStoreSvr.exe, CommandLine: "C:\Program Files (x86)\Common
Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding
===============
ID: 4236, Name: taskhost.exe, CommandLine: "taskhost.exe"
===============
ID: 4748, Name: rundll32.exe, CommandLine: RunDll32.exe "C:\Program Files\HP\HP
Smart Tank 510 series\bin\HPStatusBL.dll",RunDLLEntry
SERIALNUMBER=CN09S340QD;CONNECTION=USB;MONITOR=1;DELAYSTART=1;
===============
ID: 3052, Name: WINWORD.EXE, CommandLine: "C:\Program Files (x86)\Microsoft Office\
Office12\WINWORD.EXE"
===============
ID: 4024, Name: splwow64.exe, CommandLine: C:\Windows\splwow64.exe 8192
===============
ID: 3600, Name: uTorrent.exe, CommandLine: "C:\Users\Luciano\AppData\Roaming\
uTorrent\uTorrent.exe" /RELOCATED
===============
ID: 4944, Name: helper.exe, CommandLine: "C:\Users\Luciano\AppData\Roaming\
uTorrent\helper\helper.exe" 47068 --hval 29fPIJTdI-BgZ3Lm -- -pid 3600 -version
46674
===============
ID: 3372, Name: notepad.exe, CommandLine: "C:\Windows\system32\NOTEPAD.EXE" C:\
Users\Luciano\Desktop\BAIXAR VIDEO YUT.txt
===============
ID: 4704, Name: AppLaunch.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\AppLaunch.exe"
===============
ID: 5112, Name: vbc.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\vbc.exe"
===============
ID: 116, Name: cmd.exe, CommandLine: C:\Windows\system32\cmd.exe /c C:\Users\
Luciano\AppData\Roaming\bebra.exe
===============
ID: 2884, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe "-
193250056-1002427408940756810-130750174715571653761699564983705986884-1700661287
===============
ID: 3940, Name: J7aQ.exe, CommandLine: "C:\Users\Luciano\AppData\Roaming\
9L8H8SQkET\J7aQ.exe"
===============
ID: 4180, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" -exec bypass -enc
UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAAMgAwAA==
===============
ID: 4428, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe
"250846659-708670801054435628-1914821119-80766274320371898371833405156-416931485
===============
ID: 4848, Name: 7SNGFdI.exe, CommandLine: "C:\Users\Luciano\AppData\Roaming\
0eKp3\7SNGFdI.exe"
===============
ID: 1556, Name: a2PG.exe, CommandLine: "C:\Users\Luciano\AppData\Roaming\
KnM8fv7qh7P\a2PG.exe"
===============
ID: 2644, Name: csrss.exe, CommandLine: C:\Windows\rss\csrss.exe
===============
ID: 5116, Name: U8BqaAYLhQVHY6WBxp_QKq5H.exe, CommandLine: "{path}"
===============
ID: 4772, Name: patch.exe, CommandLine: "C:\Users\Luciano\AppData\Local\Temp\csrss\
patch.exe"
===============
ID: 128, Name: injector.exe, CommandLine: C:\Users\Luciano\AppData\Local\Temp\
csrss\injector\injector.exe taskmgr.exe C:\Users\Luciano\AppData\Local\Temp\csrss\
injector\NtQuerySystemInformationHook.dll
===============
ID: 2244, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe
"1114063989-1201346421-755528286-863775101-1069742012-1772061177237283123-926153016

You might also like