0 ratings0% found this document useful (0 votes)
161 views8 pagesProcess List
The document lists the processes running on a Windows system, including details like the process ID, name, and command line. There are over 50 running processes listed, related to system services, drivers, applications, and more. The document provides a process listing to analyze what software is running on the system.
Uploaded by
dosekisCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0 ratings0% found this document useful (0 votes)
161 views8 pagesProcess List
The document lists the processes running on a Windows system, including details like the process ID, name, and command line. There are over 50 running processes listed, related to system services, drivers, applications, and more. The document provides a process listing to analyze what software is running on the system.
Uploaded by
dosekisCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 8
NEVERHODE CLOUD � @CLOUDNEVER �
@CLOUDNEVER_ROBOT
NEVERHODE CLOUD � @CLOUDNEVER � @CLOUDNEVER_ROBOT � NEVERHODE CLOUD �
@CLOUDNEVER � @CLOUDNEVER_ROBOT
__ __ ______ __ __ ______ ______ __ __
______ _____ ______
/\ "-.\ \ /\ ___\ /\ \ / / /\ ___\ /\ == \ /\ \_\ \ /\
__ \ /\ __-. /\ ___\
\ \ \-. \ \ \ __\ \ \ \'/ \ \ __\ \ \ __< \ \
__ \ \ \ \/\ \ \ \ \/\ \ \ \ __\
\ \_\\"\_\ \ \_____\ \ \__| \ \_____\ \ \_\ \_\ \ \_\ \_\ \ \
_____\ \ \____- \ \_____\
\/_/ \/_/ \/_____/ \/_/ \/_____/ \/_/ /_/ \/_/\/_/
\/_____/ \/____/ \/_____/
ID: 9536, Name: csrss.exe, CommandLine:
===============
ID: 14948, Name: winlogon.exe, CommandLine: C:\WINDOWS\System32\WinLogon.exe -
SpecialSession
===============
ID: 3832, Name: fontdrvhost.exe, CommandLine: "fontdrvhost.exe"
===============
ID: 20020, Name: dwm.exe, CommandLine: "dwm.exe"
===============
ID: 24436, Name: SynTPEnh.exe, CommandLine: "C:\Program Files\Synaptics\SynTP\
SynTPEnh.exe"
===============
ID: 11080, Name: QuickControl.exe, CommandLine: "C:\Program Files (x86)\Lenovo\
QuickControl\QuickControl.exe"
===============
ID: 8340, Name: tpnumlkd.exe, CommandLine: C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
===============
ID: 2300, Name: ISD_TabletUser.exe, CommandLine: "C:\Program Files\Tablet\ISD\
ISD_TabletUser.exe"
===============
ID: 23712, Name: virtscrl.exe, CommandLine: C:\PROGRA~1\LENOVO\VIRTSCRL\
virtscrl.exe
===============
ID: 28704, Name: TPONSCR.exe, CommandLine: C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
/UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.OnScreenDisplay
===============
ID: 28772, Name: WacomHost.exe, CommandLine: "C:\Program Files\Tablet\ISD\
WacomHost.exe" "C:\Program Files\Tablet\ISD\ISD_Tablet.exe" au
===============
ID: 27976, Name: shtctky.exe, CommandLine: C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
/UEFI\\.\pipe\{C6A9690C-33AE-4a55-8B65-9498CC0A7B34}.ShortcutKey
===============
ID: 5712, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 2468, Name: sihost.exe, CommandLine: sihost.exe
===============
ID: 16484, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
BthAppGroup -p -s BluetoothUserService
===============
ID: 17820, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 8292, Name: ISD_Tablet.exe, CommandLine: "C:\Program Files\Tablet\ISD\
ISD_Tablet.exe" au
===============
ID: 27524, Name: SynTPLpr.exe, CommandLine: "C:\Program Files\Synaptics\SynTP\
SynTPLpr.exe"
===============
ID: 4628, Name: SynLenovoHelper.exe, CommandLine: "C:\Program Files\Synaptics\
SynTP\SynLenovoHelper.exe"
===============
ID: 19440, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
UnistackSvcGroup -s WpnUserService
===============
ID: 3148, Name: ISUSPM.exe, CommandLine: "C:\Program Files (x86)\Common Files\
InstallShield\Update\ISUSPM.exe"
===============
ID: 16612, Name: PowerMgr.exe, CommandLine: "C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\
PowerMgr.exe"
===============
ID: 19916, Name: explorer.exe, CommandLine: C:\WINDOWS\Explorer.EXE
===============
ID: 26612, Name: igfxEM.exe, CommandLine: igfxEM.exe
===============
ID: 25028, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-
A93F-A59CA119A75E}
===============
ID: 5764, Name: SynTPHelper.exe, CommandLine: "C:\PROGRAM FILES\SYNAPTICS\SYNTP\
SYNTPHELPER.EXE"
===============
ID: 15208, Name: igfxHK.exe, CommandLine: igfxHK.exe
===============
ID: 10528, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 832, Name: StartMenuExperienceHost.exe, CommandLine: "C:\WINDOWS\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 1976, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 18720, Name: TextInputHost.exe, CommandLine: "C:\WINDOWS\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -
ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
===============
ID: 5132, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 27700, Name: ShellExperienceHost.exe, CommandLine: "C:\WINDOWS\SystemApps\
ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -
ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
===============
ID: 14092, Name: ctfmon.exe, CommandLine: "ctfmon.exe"
===============
ID: 26092, Name: TabTip.exe, CommandLine:
/QuitInfo:0000000000000418;000000000000041C;
===============
ID: 9444, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 12412, Name: SecurityHealthSystray.exe, CommandLine: "C:\Windows\System32\
SecurityHealthSystray.exe"
===============
ID: 30148, Name: RtsCM64.exe, CommandLine: "C:\Windows\RtsCM64.exe"
===============
ID: 17484, Name: fmapp.exe, CommandLine: "C:\Program Files\CONEXANT\ForteConfig\
fmapp.exe"
===============
ID: 24624, Name: CAudioFilterAgent64.exe, CommandLine: "C:\Program Files\CONEXANT\
cAudioFilterAgent\CAudioFilterAgent64.exe"
===============
ID: 29840, Name: SearchApp.exe, CommandLine: "C:\WINDOWS\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
ID: 18708, Name: TpShocks.exe, CommandLine: "C:\Windows\System32\TpShocks.exe"
===============
ID: 4560, Name: TpKnrres.exe, CommandLine: "C:\Program Files\Lenovo\Communications
Utility\TpKnrres.exe"
===============
ID: 748, Name: pdf24.exe, CommandLine: "C:\Program Files\PDF24\pdf24.exe"
===============
ID: 31100, Name: ISUSPM.exe, CommandLine: "C:\ProgramData\FLEXnet\Connect\11\
ISUSPM.exe" -scheduler
===============
ID: 12640, Name: PlariumPlay.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Plarium\PlariumPlay\PlariumPlay.exe" --args -tray-start
===============
ID: 8744, Name: OneDrive.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Microsoft\OneDrive\OneDrive.exe" /background
===============
ID: 16012, Name: CCleaner64.exe, CommandLine: "C:\Program Files\CCleaner\
CCleaner.exe" /MONITOR /uac
===============
ID: 22448, Name: iusb3mon.exe, CommandLine: "C:\Program Files (x86)\Intel\Intel(R)
USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
===============
ID: 29540, Name: pptd40nt.exe, CommandLine: "C:\Program Files (x86)\Nuance\
PaperPort\pptd40nt.exe"
===============
ID: 16320, Name: pdfPro5Hook.exe, CommandLine: "C:\Program Files (x86)\Nuance\PDF
Viewer Plus\pdfPro5Hook.exe"
===============
ID: 11904, Name: svchost.exe, CommandLine: C:\WINDOWS\system32\svchost.exe -k
UnistackSvcGroup
===============
ID: 2440, Name: BrCtrlCntr.exe, CommandLine: -BootProc
===============
ID: 21864, Name: hpwuschd2.exe, CommandLine: "C:\Program Files (x86)\HP\HP Software
Update\hpwuschd2.exe"
===============
ID: 8248, Name: PlariumPlay.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Plarium\PlariumPlay\PlariumPlay.exe" --type=gpu-process --no-sandbox --lang=en-US
--log-file="C:\Users\portatil\AppData\Local\Plarium\PlariumPlay\debug.log" --log-
severity=disable --gpu-vendor-id=0x8086 --gpu-device-id=0x1616 --gpu-driver-
vendor="Intel Corporation" --gpu-driver-version=20.19.15.4531 --gpu-driver-date=9-
29-2016 --lang=en-US --log-file="C:\Users\portatil\AppData\Local\Plarium\
PlariumPlay\debug.log" --log-severity=disable --service-request-channel-
token=FE02C3B3204BB9D2D7A9AED9E619D376 --mojo-platform-channel-handle=1820
/prefetch:2
===============
ID: 25632, Name: InputPersonalization.exe, CommandLine: "C:\Program Files\Common
Files\Microsoft Shared\Ink\InputPersonalization.exe"
===============
ID: 13432, Name: BrCcUxSys.exe, CommandLine: -BootProc
===============
ID: 12528, Name: PlariumPlay.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Plarium\PlariumPlay\PlariumPlay.exe" --type=renderer --no-sandbox --service-pipe-
token=1B3252E478794D0D6F4C2AC5554EE510 --lang=en-US --lang=en-US --log-file="C:\
Users\portatil\AppData\Local\Plarium\PlariumPlay\debug.log" --log-severity=disable
--ppapi-flash-path="C:\Users\portatil\AppData\Local\Plarium\PlariumPlay\
third_party\windows\pepflashplayer64_23_0_0_207.dll" --ppapi-flash-
version=23.0.0.207 --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2
--enable-main-frame-before-activation --content-image-texture-
target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,
3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553
;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;
1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,
3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3
553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2
,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3
,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,35
53;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,35
53;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,1
5,3553;4,16,3553;4,17,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,
6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553
;5,15,3553;5,16,3553;5,17,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,355
3;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,
3553;6,15,3553;6,16,3553;6,17,3553 --enable-gpu-async-worker-context --service-
request-channel-token=1B3252E478794D0D6F4C2AC5554EE510 --renderer-client-id=3 --
mojo-platform-channel-handle=2792 /prefetch:1
===============
ID: 20288, Name: Video.UI.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Video.UI.exe" -
ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
===============
ID: 13164, Name: FileCoAuth.exe, CommandLine: "C:\Users\portatil\AppData\Local\
Microsoft\OneDrive\23.246.1127.0002\FileCoAuth.exe" -Embedding
===============
ID: 23056, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 22200, Name: dllhost.exe, CommandLine: C:\WINDOWS\system32\DllHost.exe
/Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
===============
ID: 28876, Name: ApplicationFrameHost.exe, CommandLine: C:\WINDOWS\system32\
ApplicationFrameHost.exe -Embedding
===============
ID: 15136, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 1256, Name: UserOOBEBroker.exe, CommandLine: C:\Windows\System32\oobe\
UserOOBEBroker.exe -Embedding
===============
ID: 22772, Name: AdobeCollabSync.exe, CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe"
===============
ID: 2844, Name: AdobeCollabSync.exe, CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe" --type=collab-renderer --proc=22772
===============
ID: 1508, Name: CompPkgSrv.exe, CommandLine: C:\Windows\System32\CompPkgSrv.exe -
Embedding
===============
ID: 24304, Name: BitTorrent.exe, CommandLine: "C:\Users\portatil\AppData\Roaming\
BitTorrent\BitTorrent.exe" "C:\Users\portatil\Desktop\file" /SHELLASSOC
===============
ID: 21580, Name: bittorrentie.exe, CommandLine: "C:\Users\portatil\AppData\Roaming\
BitTorrent\updates\7.11.0_46923\bittorrentie.exe"
BitTorrent_24304_03C62E88_1056553959 BT4823DF041B09 BitTorrent ce unp
===============
ID: 22504, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --embedded-
browser-webview=1 --webview-exe-name=bittorrentie.exe --user-data-dir="C:\Users\
portatil\AppData\LocalLow\BitTorrent.WebView2\EBWebView" --noerrdialogs --embedded-
browser-webview-dpi-awareness=0 --disable-
features=msEnhancedTrackingPreventionEnabled --enable-features=MojoIpcz --mojo-
named-platform-channel-pipe=21580.3344.3662297421528100689
===============
ID: 11136, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --
type=crashpad-handler --user-data-dir=C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-
handler --database=C:\Users\portatil\AppData\LocalLow\BitTorrent.WebView2\
EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --
annotation=chromium-version=120.0.6099.130 "--annotation=exe=C:\Program Files
(x86)\Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --
annotation=plat=Win64 "--annotation=prod=Edge WebView2" --
annotation=ver=120.0.2210.91 --initial-client-
data=0x160,0x164,0x168,0x140,0x170,0x7ffb6fc62b38,0x7ffb6fc62b44,0x7ffb6fc62b50
===============
ID: 20076, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=gpu-
process --noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-
preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA==
--mojo-platform-channel-handle=2112 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:2
===============
ID: 5564, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\Microsoft\
EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=utility --utility-
sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --
noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-
channel-handle=2288 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:3
===============
ID: 3496, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\Microsoft\
EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=utility --utility-
sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --
noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-
channel-handle=2512 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:8
===============
ID: 16392, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=renderer
--noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --first-renderer-
process --lang=es --device-scale-factor=1 --num-raster-threads=2 --enable-main-
frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-
with-cleanup-some --expose-gc --ms-user-locale=" --time-ticks-at-unix-epoch=-
1703921120877455 --launch-time-ticks=548970561690 --mojo-platform-channel-
handle=3716 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:1
===============
ID: 20880, Name: bittorrentie.exe, CommandLine: "C:\Users\portatil\AppData\Roaming\
BitTorrent\updates\7.11.0_46923\bittorrentie.exe"
BitTorrent_24304_00B2A5F0_562333934 BT4823DF041B09 BitTorrent ce unp
===============
ID: 11704, Name: msedgewebview2.exe, CommandLine: "C:\Program Files (x86)\
Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe" --type=renderer
--noerrdialogs --user-data-dir="C:\Users\portatil\AppData\LocalLow\
BitTorrent.WebView2\EBWebView" --webview-exe-name=bittorrentie.exe --embedded-
browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --lang=es --device-
scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --
renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc
--ms-user-locale=" --time-ticks-at-unix-epoch=-1703921120877455 --launch-time-
ticks=548978756217 --mojo-platform-channel-handle=4828 --field-trial-
handle=2116,i,14028916975516341271,7701426781828227778,262144 --enable-
features=MojoIpcz --disable-features=msEnhancedTrackingPreventionEnabled --
variations-seed-version /prefetch:1
===============
ID: 15596, Name: helper.exe, CommandLine: "C:\Users\portatil\AppData\Roaming\
BitTorrent\helper\helper.exe" 16710 --hval RTSWCtgRQXfNzReA -- -pid 24304 -version
46923
===============
ID: 11072, Name: ACDaemon.exe, CommandLine: ACDaemon.exe -u
===============
ID: 30636, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe
-Embedding
===============
ID: 2956, Name: MlWBJhSDl6z_tMmE45EUqoPF.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\MlWBJhSDl6z_tMmE45EUqoPF.exe"
===============
ID: 14588, Name: MlWBJhSDl6z_tMmE45EUqoPF.tmp, CommandLine: "C:\Users\portatil\
AppData\Local\Temp\is-ICP6F.tmp\MlWBJhSDl6z_tMmE45EUqoPF.tmp"
/SL5="$D0388,4464273,54272,C:\Users\portatil\Documents\GuardFox\
MlWBJhSDl6z_tMmE45EUqoPF.exe"
===============
ID: 19568, Name: pip-master-std-lib.exe, CommandLine: "C:\Users\portatil\AppData\
Local\PIP Master std lib\pip-master-std-lib.exe" -s
===============
ID: 1504, Name: OOBE-Maintenance.exe, CommandLine: "C:\WINDOWS\system32\OOBE-
Maintenance.exe"
===============
ID: 13548, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 27792, Name: i8a7fnCcVcXFIA_x5h1JhiSG.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\i8a7fnCcVcXFIA_x5h1JhiSG.exe"
===============
ID: 19352, Name: MSBuild.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\
v4.0.30319\MsBuild.exe
===============
ID: 15568, Name: SystemSettings.exe, CommandLine: "C:\Windows\
ImmersiveControlPanel\SystemSettings.exe" -
ServerName:microsoft.windows.immersivecontrolpanel
===============
ID: 3020, Name: explorhe.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
d887ceb89d\explorhe.exe"
===============
ID: 22136, Name: SSvpChcl7gQ1eki6bK0sQQEL.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\SSvpChcl7gQ1eki6bK0sQQEL.exe" --Admin IsNotAutoStart IsNotTask
===============
ID: 22840, Name: taskhostw.exe, CommandLine: taskhostw.exe
===============
ID: 7668, Name: rundll32.exe, CommandLine: "C:\Windows\System32\rundll32.exe" C:\
Users\portatil\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
===============
ID: 12688, Name: rATlAxcsWmH7yzoX637utGn8.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\rATlAxcsWmH7yzoX637utGn8.exe"
===============
ID: 30736, Name: qemu-ga.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
d887ceb89d\qemu-ga.exe"
===============
ID: 14204, Name: BPMQAyhtpxWRGhcTJCzuHOlu.exe, CommandLine: "C:\Users\portatil\
Documents\GuardFox\BPMQAyhtpxWRGhcTJCzuHOlu.exe" --Admin IsNotAutoStart IsNotTask
===============
ID: 25892, Name: InstallUtil.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\
v4.0.30319\InstallUtil.exe
===============
ID: 14512, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 3692, Name: nocry.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
1000001001\nocry.exe"
===============
ID: 26904, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 23756, Name: RegAsm.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegAsm.exe"
===============
ID: 8924, Name: pixelguy.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
1000006001\pixelguy.exe"
===============
ID: 12604, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning
$true
===============
ID: 17220, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 12860, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen
$true
===============
ID: 11800, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 30040, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true
===============
ID: 30068, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 6024, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning
$true
===============
ID: 8832, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 9228, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6
-Force
===============
ID: 29536, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 25804, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 6
===============
ID: 29832, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 30816, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 0
===============
ID: 1268, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 9020, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -
ModerateThreatDefaultAction 6
===============
ID: 17660, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 9188, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction
6
===============
ID: 31512, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 18380, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -
SignatureDisableUpdateOnStartupWithoutEngine $true
===============
ID: 30032, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 31164, Name: powershell.exe, CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 2
===============
ID: 21388, Name: conhost.exe, CommandLine: \??\C:\WINDOWS\system32\conhost.exe 0x4
===============
ID: 16444, Name: YT.exe, CommandLine: "C:\Users\portatil\AppData\Local\Temp\
1000007001\YT.exe"
You might also like
- From LNK To RCE: Finding Bugs in Windows Shell Link ParserNo ratings yetFrom LNK To RCE: Finding Bugs in Windows Shell Link Parser103 pages
- TDSSKiller.3.1.0.12 22.02.2017 22.44.03 LogNo ratings yetTDSSKiller.3.1.0.12 22.02.2017 22.44.03 Log79 pages
- C9400-LC-24XS ZPCBST Pass Uut Spirent LogNo ratings yetC9400-LC-24XS ZPCBST Pass Uut Spirent Log6 pages
- Exception Report LAPTOP-VARJHBOR 12-19-23 16.47.10 ExceptionNo ratings yetException Report LAPTOP-VARJHBOR 12-19-23 16.47.10 Exception6 pages
