0% found this document useful (0 votes)
161 views8 pages

Process List

The document lists the processes running on a Windows system, including details like the process ID, name, and command line. There are over 50 running processes listed, related to system services, drivers, applications, and more. The document provides a process listing to analyze what software is running on the system.

Uploaded by

dosekis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
161 views8 pages

Process List

The document lists the processes running on a Windows system, including details like the process ID, name, and command line. There are over 50 running processes listed, related to system services, drivers, applications, and more. The document provides a process listing to analyze what software is running on the system.

Uploaded by

dosekis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 8

NEVERHODE CLOUD � @CLOUDNEVER �

@CLOUDNEVER_ROBOT

NEVERHODE CLOUD � @CLOUDNEVER � @CLOUDNEVER_ROBOT � NEVERHODE CLOUD �


@CLOUDNEVER � @CLOUDNEVER_ROBOT

__ __ ______ __ __ ______ ______ __ __


______ _____ ______
/\ "-.\ \ /\ ___\ /\ \ / / /\ ___\ /\ == \ /\ \_\ \ /\
__ \ /\ __-. /\ ___\
\ \ \-. \ \ \ __\ \ \ \'/ \ \ __\ \ \ __< \ \
__ \ \ \ \/\ \ \ \ \/\ \ \ \ __\
\ \_\\"\_\ \ \_____\ \ \__| \ \_____\ \ \_\ \_\ \ \_\ \_\ \ \
_____\ \ \____- \ \_____\
\/_/ \/_/ \/_____/ \/_/ \/_____/ \/_/ /_/ \/_/\/_/
\/_____/ \/____/ \/_____/

ID: 9536, Name: csrss.exe, CommandLine:


===============
ID: 14948, Name: winlogon.exe, CommandLine: C:\WINDOWS\System32\WinLogon.exe -
SpecialSession
===============
ID: 3832, Name: fontdrvhost.exe, CommandLine: "fontdrvhost.exe"
===============
ID: 20020, Name: dwm.exe, CommandLine: "dwm.exe"
===============
ID: 24436, Name: SynTPEnh.exe, CommandLine: "C:\Program Files\Synaptics\SynTP\
SynTPEnh.exe"
===============
ID: 11080, Name: QuickControl.exe, CommandLine: "C:\Program Files (x86)\Lenovo\
QuickControl\QuickControl.exe"
===============
ID: 8340, Name: tpnumlkd.exe, CommandLine: C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
===============
ID: 2300, Name: ISD_TabletUser.exe, CommandLine: "C:\Program Files\Tablet\ISD\
ISD_TabletUser.exe"
===============
ID: 23712, Name: virtscrl.exe, CommandLine: C:\PROGRA~1\LENOVO\VIRTSCRL\
virtscrl.exe
===============
ID: 28704, Name: TPONSCR.exe, CommandLine: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
/UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
===============
ID: 28772, Name: WacomHost.exe, CommandLine: "C:\Program Files\Tablet\ISD\
WacomHost.exe" "C:\Program Files\Tablet\ISD\ISD_Tablet.exe" au
===============
ID: 27976, Name: shtctky.exe, CommandLine: C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
/UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
===============
ID: 5712, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 2468, Name: sihost.exe, CommandLine: sihost.exe
===============
ID: 16484, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
BthAppGroup -p -s BluetoothUserService
===============
ID: 17820, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 8292, Name: ISD_Tablet.exe, CommandLine: "C:\Program Files\Tablet\ISD\
ISD_Tablet.exe" au
===============
ID: 27524, Name: SynTPLpr.exe, CommandLine: "C:\Program Files\Synaptics\SynTP\
SynTPLpr.exe"
===============
ID: 4628, Name: SynLenovoHelper.exe, CommandLine: "C:\Program Files\Synaptics\
SynTP\SynLenovoHelper.exe"
===============
ID: 19440, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
UnistackSvcGroup -s WpnUserService
===============
ID: 3148, Name: ISUSPM.exe, CommandLine: "C:\Program Files (x86)\Common Files\
InstallShield\Update\ISUSPM.exe"
===============
ID: 16612, Name: PowerMgr.exe, CommandLine: "C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\
PowerMgr.exe"
===============
ID: 19916, Name: explorer.exe, CommandLine: C:\WINDOWS\Explorer.EXE
===============
ID: 26612, Name: igfxEM.exe, CommandLine: igfxEM.exe
===============
ID: 25028, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-
A93F-A59CA119A75E}
===============
ID: 5764, Name: SynTPHelper.exe, CommandLine: "C:\PROGRAM FILES\SYNAPTICS\SYNTP\
SYNTPHELPER.EXE"
===============
ID: 15208, Name: igfxHK.exe, CommandLine: igfxHK.exe
===============
ID: 10528, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 832, Name: StartMenuExperienceHost.exe, CommandLine: "C:\WINDOWS\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 1976, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 18720, Name: TextInputHost.exe, CommandLine: "C:\WINDOWS\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -
ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
===============
ID: 5132, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 27700, Name: ShellExperienceHost.exe, CommandLine: "C:\WINDOWS\SystemApps\
ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -
ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
===============
ID: 14092, Name: ctfmon.exe, CommandLine: "ctfmon.exe"
===============
ID: 26092, Name: TabTip.exe, CommandLine:
/QuitInfo:0000000000000418;000000000000041C;
===============
ID: 9444, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 12412, Name: SecurityHealthSystray.exe, CommandLine: "C:\Windows\System32\
SecurityHealthSystray.exe"
===============
ID: 30148, Name: RtsCM64.exe, CommandLine: "C:\Windows\RtsCM64.exe"
===============
ID: 17484, Name: fmapp.exe, CommandLine: "C:\Program Files\CONEXANT\ForteConfig\
fmapp.exe"
===============
ID: 24624, Name: CAudioFilterAgent64.exe, CommandLine: "C:\Program Files\CONEXANT\
cAudioFilterAgent\CAudioFilterAgent64.exe"
===============
ID: 29840, Name: SearchApp.exe, CommandLine: "C:\WINDOWS\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
ID: 18708, Name: TpShocks.exe, CommandLine: "C:\Windows\System32\TpShocks.exe"
===============
ID: 4560, Name: TpKnrres.exe, CommandLine: "C:\Program Files\Lenovo\Communications
Utility\TpKnrres.exe"
===============
ID: 748, Name: pdf24.exe, CommandLine: "C:\Program Files\PDF24\pdf24.exe"
===============
ID: 31100, Name: ISUSPM.exe, CommandLine: "C:\ProgramData\FLEXnet\Connect\11\
ISUSPM.exe" -scheduler
===============
ID: 12640, Name: PlariumPlay.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Plarium\PlariumPlay\PlariumPlay.exe" --args -tray-start
===============
ID: 8744, Name: OneDrive.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Microsoft\OneDrive\OneDrive.exe" /background
===============
ID: 16012, Name: CCleaner64.exe, CommandLine: "C:\Program Files\CCleaner\
CCleaner.exe" /MONITOR /uac
===============
ID: 22448, Name: iusb3mon.exe, CommandLine: "C:\Program Files (x86)\Intel\Intel(R)
USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
===============
ID: 29540, Name: pptd40nt.exe, CommandLine: "C:\Program Files (x86)\Nuance\
PaperPort\pptd40nt.exe"
===============
ID: 16320, Name: pdfPro5Hook.exe, CommandLine: "C:\Program Files (x86)\Nuance\PDF
Viewer Plus\pdfPro5Hook.exe"
===============
ID: 11904, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
UnistackSvcGroup
===============
ID: 2440, Name: BrCtrlCntr.exe, CommandLine: -BootProc
===============
ID: 21864, Name: hpwuschd2.exe, CommandLine: "C:\Program Files (x86)\HP\HP Software
Update\hpwuschd2.exe"
===============
ID: 8248, Name: PlariumPlay.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Plarium\PlariumPlay\PlariumPlay.exe" --type=gpu-process --no-sandbox --lang=en-US
--log-file="C:\Users\portatil\AppData\Local\Plarium\PlariumPlay\debug.log" --log-
severity=disable --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-
vendor="Intel Corporation" --gpu-driver-version=20.19.15.4531 --gpu-driver-date=9-
29-2016 --lang=en-US --log-file="C:\Users\portatil\AppData\Local\Plarium\
PlariumPlay\debug.log" --log-severity=disable --service-request-channel-
token=FE02C3B3204BB9D2D7A9AED9E619D376 --mojo-platform-channel-handle=1820
/prefetch:2
===============
ID: 25632, Name: InputPersonalization.exe, CommandLine: "C:\Program Files\Common
Files\Microsoft Shared\Ink\InputPersonalization.exe"
===============
ID: 13432, Name: BrCcUxSys.exe, CommandLine: -BootProc
===============
ID: 12528, Name: PlariumPlay.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Plarium\PlariumPlay\PlariumPlay.exe" --type=renderer --no-sandbox --service-pipe-
token=1B3252E478794D0D6F4C2AC5554EE510 --lang=en-US --lang=en-US --log-file="C:\
Users\portatil\AppData\Local\Plarium\PlariumPlay\debug.log" --log-severity=disable
--ppapi-flash-path="C:\Users\portatil\AppData\Local\Plarium\PlariumPlay\
third_party\windows\pepflashplayer64_23_0_0_207.dll" --ppapi-flash-
version=23.0.0.207 --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2
--enable-main-frame-before-activation --content-image-texture-
target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,
3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553
;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;
1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,
3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3
553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2
,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3
,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,35
53;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,35
53;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,1
5,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,
6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553
;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,355
3;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,
3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-
request-channel-token=1B3252E478794D0D6F4C2AC5554EE510 --renderer-client-id=3 --
mojo-platform-channel-handle=2792 /prefetch:1
===============
ID: 20288, Name: Video.UI.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Video.UI.exe" -
ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
===============
ID: 13164, Name: FileCoAuth.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Microsoft\OneDrive\23.246.1127.0002\FileCoAuth.exe" -Embedding
===============
ID: 23056, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 22200, Name: dllhost.exe, CommandLine: C:\WINDOWS\system32\DllHost.exe
/Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
===============
ID: 28876, Name: ApplicationFrameHost.exe, CommandLine: C:\WINDOWS\system32\
ApplicationFrameHost.exe -Embedding
===============
ID: 15136, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 1256, Name: UserOOBEBroker.exe, CommandLine: C:\Windows\System32\oobe\
UserOOBEBroker.exe -Embedding
===============
ID: 22772, Name: AdobeCollabSync.exe, CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe"
===============
ID: 2844, Name: AdobeCollabSync.exe, CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe" --type=collab-renderer --proc=22772
===============
ID: 1508, Name: CompPkgSrv.exe, CommandLine: C:\Windows\System32\CompPkgSrv.exe -
Embedding
===============
ID: 24304, Name: BitTorrent.exe, CommandLine: "C:\Users\portatil\AppData\Roaming\
BitTorrent\BitTorrent.exe" "C:\Users\portatil\Desktop\file" /SHELLASSOC
===============
ID: 21580, Name: bittorrentie.exe, CommandLine: "C:\Users\portatil\AppData\Roaming\
BitTorrent\updates\7.11.0_46923\bittorrentie.exe"
BitTorrent_24304_03C62E88_1056553959 BT4823DF041B09 BitTorrent ce unp
===============
ID: 22504, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --embedded-
browser-webview=1 --webview-exe-name=bittorrentie.exe --user-data-dir="C:\Users\
portatil\AppData\LocalLow\BitTorrent.WebView2\EBWebView" --noerrdialogs --embedded-
browser-webview-dpi-awareness=0 --disable-
features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-
named-platform-channel-pipe=21580.3344.3662297421528100689
===============
ID: 11136, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --
type=crashpad-handler --user-data-dir=C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-
handler --database=C:\Users\portatil\AppData\LocalLow\BitTorrent.WebView2\
EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --
annotation=chromium-version=120.0.6099.130 "--annotation=exe=C:\Program Files
(x86)\Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --
annotation=plat=Win64 "--annotation=prod=Edge WebView2" --
annotation=ver=120.0.2210.91 --initial-client-
data=0x160,0x164,0x168,0x140,0x170,0x7ffb6fc62b38,0x7ffb6fc62b44,0x7ffb6fc62b50
===============
ID: 20076, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=gpu-
process --noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-
preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA==
--mojo-platform-channel-handle=2112 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:2
===============
ID: 5564, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\Microsoft\
EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=utility --utility-
sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --
noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-
channel-handle=2288 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:3
===============
ID: 3496, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\Microsoft\
EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=utility --utility-
sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --
noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-
channel-handle=2512 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:8
===============
ID: 16392, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=renderer
--noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --first-renderer-
process --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-
frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-
with-cleanup-some --expose-gc --ms-user-locale=" --time-ticks-at-unix-epoch=-
1703921120877455 --launch-time-ticks=548970561690 --mojo-platform-channel-
handle=3716 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:1
===============
ID: 20880, Name: bittorrentie.exe, CommandLine: "C:\Users\portatil\AppData\Roaming\
BitTorrent\updates\7.11.0_46923\bittorrentie.exe"
BitTorrent_24304_00B2A5F0_562333934 BT4823DF041B09 BitTorrent ce unp
===============
ID: 11704, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=renderer
--noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --lang=es --device-
scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --
renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc
--ms-user-locale=" --time-ticks-at-unix-epoch=-1703921120877455 --launch-time-
ticks=548978756217 --mojo-platform-channel-handle=4828 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:1
===============
ID: 15596, Name: helper.exe, CommandLine: "C:\Users\portatil\AppData\Roaming\
BitTorrent\helper\helper.exe" 16710 --hval RTSWCtgRQXfNzReA -- -pid 24304 -version
46923
===============
ID: 11072, Name: ACDaemon.exe, CommandLine: ACDaemon.exe -u
===============
ID: 30636, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe
-Embedding
===============
ID: 2956, Name: MlWBJhSDl6z_tMmE45EUqoPF.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\MlWBJhSDl6z_tMmE45EUqoPF.exe"
===============
ID: 14588, Name: MlWBJhSDl6z_tMmE45EUqoPF.tmp, CommandLine: "C:\Users\portatil\
AppData\Local\Temp\is-ICP6F.tmp\MlWBJhSDl6z_tMmE45EUqoPF.tmp"
/SL5="$D0388,4464273,54272,C:\Users\portatil\Documents\GuardFox\
MlWBJhSDl6z_tMmE45EUqoPF.exe"
===============
ID: 19568, Name: pip-master-std-lib.exe, CommandLine: "C:\Users\portatil\AppData\
Local\PIP Master std lib\pip-master-std-lib.exe" -s
===============
ID: 1504, Name: OOBE-Maintenance.exe, CommandLine: "C:\WINDOWS\system32\OOBE-
Maintenance.exe"
===============
ID: 13548, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 27792, Name: i8a7fnCcVcXFIA_x5h1JhiSG.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\i8a7fnCcVcXFIA_x5h1JhiSG.exe"
===============
ID: 19352, Name: MSBuild.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\
v4.0.30319\MsBuild.exe
===============
ID: 15568, Name: SystemSettings.exe, CommandLine: "C:\Windows\
ImmersiveControlPanel\SystemSettings.exe" -
ServerName:microsoft.windows.immersivecontrolpanel
===============
ID: 3020, Name: explorhe.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
d887ceb89d\explorhe.exe"
===============
ID: 22136, Name: SSvpChcl7gQ1eki6bK0sQQEL.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\SSvpChcl7gQ1eki6bK0sQQEL.exe" --Admin IsNotAutoStart IsNotTask
===============
ID: 22840, Name: taskhostw.exe, CommandLine: taskhostw.exe
===============
ID: 7668, Name: rundll32.exe, CommandLine: "C:\Windows\System32\rundll32.exe" C:\
Users\portatil\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
===============
ID: 12688, Name: rATlAxcsWmH7yzoX637utGn8.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\rATlAxcsWmH7yzoX637utGn8.exe"
===============
ID: 30736, Name: qemu-ga.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
d887ceb89d\qemu-ga.exe"
===============
ID: 14204, Name: BPMQAyhtpxWRGhcTJCzuHOlu.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\BPMQAyhtpxWRGhcTJCzuHOlu.exe" --Admin IsNotAutoStart IsNotTask
===============
ID: 25892, Name: InstallUtil.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\
v4.0.30319\InstallUtil.exe
===============
ID: 14512, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 3692, Name: nocry.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
1000001001\nocry.exe"
===============
ID: 26904, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 23756, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 8924, Name: pixelguy.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
1000006001\pixelguy.exe"
===============
ID: 12604, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning
$true
===============
ID: 17220, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 12860, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen
$true
===============
ID: 11800, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 30040, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true
===============
ID: 30068, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 6024, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning
$true
===============
ID: 8832, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 9228, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6
-Force
===============
ID: 29536, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 25804, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
===============
ID: 29832, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 30816, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
===============
ID: 1268, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 9020, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -
ModerateThreatDefaultAction 6
===============
ID: 17660, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 9188, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction
6
===============
ID: 31512, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 18380, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -
SignatureDisableUpdateOnStartupWithoutEngine $true
===============
ID: 30032, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 31164, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
===============
ID: 21388, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 16444, Name: YT.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
1000007001\YT.exe"

You might also like