Scribd
Upload
85 views33 pages

PowerShell Transcript - qaw-MJABER-NB. +NZRNB .20220116090657

Uploaded by

2ti816
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
85 views33 pages

PowerShell Transcript - qaw-MJABER-NB. +NZRNB .20220116090657

Uploaded by

2ti816
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 33

**********************

Windows PowerShell transcript start


Start time: 20220116090658
Username: QF\mjaber
RunAs User: QF\mjaber
Configuration Name:
Machine: QAW-MJABER-NB (Microsoft Windows NT 10.0.19042.0)
Host Application: powershell.exe /c Get-CimInstance -className win32_process |
select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath
Process ID: 33000
PSVersion: 5.1.19041.1320
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.19041.1320
BuildVersion: 10.0.19041.1320
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1
**********************
PS>Get-CimInstance -className win32_process | select
Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath

Name : System Idle Process


ProcessId : 0
ParentProcessId : 0
CommandLine :
ExecutablePath :

Name : System
ProcessId : 4
ParentProcessId : 0
CommandLine :
ExecutablePath :

Name : Secure System


ProcessId : 72
ParentProcessId : 4
CommandLine :
ExecutablePath :

Name : Registry
ProcessId : 132
ParentProcessId : 4
CommandLine :
ExecutablePath :

Name : smss.exe
ProcessId : 520
ParentProcessId : 4
CommandLine :
ExecutablePath :

Name : csrss.exe
ProcessId : 828
ParentProcessId : 700
CommandLine :
ExecutablePath :
Name : wininit.exe
ProcessId : 916
ParentProcessId : 700
CommandLine :
ExecutablePath :

Name : services.exe
ProcessId : 988
ParentProcessId : 916
CommandLine :
ExecutablePath :

Name : LsaIso.exe
ProcessId : 1008
ParentProcessId : 916
CommandLine :
ExecutablePath :

Name : lsass.exe
ProcessId : 1016
ParentProcessId : 916
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1040
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : WUDFHost.exe
ProcessId : 1048
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : fontdrvhost.exe
ProcessId : 1104
ParentProcessId : 916
CommandLine :
ExecutablePath :

Name : WUDFHost.exe
ProcessId : 1168
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1224
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1272
ParentProcessId : 988
CommandLine :
ExecutablePath :
Name : WUDFHost.exe
ProcessId : 1444
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1572
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1596
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1656
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1664
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1672
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1688
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1696
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1800
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1944
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1956
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2000
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2028
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 1244
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2080
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2184
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : IntelCpHDCPSvc.exe
ProcessId : 2192
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2224
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2324
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2340
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2364
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2704
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : IntelCpHeciSvc.exe
ProcessId : 2760
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2792
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2820
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2828
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2836
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 2944
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3220
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3292
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : PresentationFontCache.exe
ProcessId : 3432
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3440
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3452
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3504
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : NetworkCap.exe
ProcessId : 3644
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : DiagsCap.exe
ProcessId : 3656
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : AppHelperCap.exe
ProcessId : 3664
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SysInfoCap.exe
ProcessId : 3696
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3768
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3816
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3824
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3912
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : TouchpointAnalyticsClientService.exe
ProcessId : 3956
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3968
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4272
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SynTPEnhService.exe
ProcessId : 4472
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4560
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4576
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4640
ParentProcessId : 988
CommandLine :
ExecutablePath :
Name : Memory Compression
ProcessId : 4648
ParentProcessId : 4
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4664
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : WmiPrvSE.exe
ProcessId : 4836
ParentProcessId : 1040
CommandLine :
ExecutablePath :

Name : unsecapp.exe
ProcessId : 4968
ParentProcessId : 1040
CommandLine :
ExecutablePath :

Name : WmiPrvSE.exe
ProcessId : 5108
ParentProcessId : 1040
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4396
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4704
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 5164
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : vpnagent.exe
ProcessId : 5220
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 5276
ParentProcessId : 988
CommandLine :
ExecutablePath :
Name : svchost.exe
ProcessId : 5336
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : spoolsv.exe
ProcessId : 5404
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 5444
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : activcontrolsvc.exe
ProcessId : 5484
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : armsvc.exe
ProcessId : 5500
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : residentAgent.exe
ProcessId : 5508
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : CmRcService.exe
ProcessId : 5560
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : CxUtilSvc.exe
ProcessId : 5568
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : OfficeClickToRun.exe
ProcessId : 5584
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 5600
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 5608
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : FMService64.exe
ProcessId : 5668
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : HotKeyServiceUWP.exe
ProcessId : 5684
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : ibtsiva.exe
ProcessId : 5692
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : LHAgent.exe
ProcessId : 5700
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : OneApp.IGCC.WinService.exe
ProcessId : 5732
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : pds.exe
ProcessId : 5784
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : LocalSch.EXE
ProcessId : 5792
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 5800
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : esif_uf.exe
ProcessId : 5824
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : issuser.exe
ProcessId : 5884
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : tmcsvc.exe
ProcessId : 5956
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : jhi_service.exe
ProcessId : 5996
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : MicrosoftSearchInBing.exe
ProcessId : 6104
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 6116
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : LMS.exe
ProcessId : 6132
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4728
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : RtkAudUService64.exe
ProcessId : 4828
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 4616
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SECOMN64.exe
ProcessId : 6200
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SoftMon.exe
ProcessId : 6208
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : MsSense.exe
ProcessId : 6216
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : TbtP2pShortcutService.exe
ProcessId : 6276
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : ThunderboltService.exe
ProcessId : 6292
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : MsMpEng.exe
ProcessId : 6324
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : XtuService.exe
ProcessId : 6484
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 6492
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 6508
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 6612
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 6924
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : LanWlanWwanSwitchingServiceUWP.exe
ProcessId : 6932
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : wlanext.exe
ProcessId : 7140
ParentProcessId : 5276
CommandLine :
ExecutablePath :

Name : conhost.exe
ProcessId : 7260
ParentProcessId : 7140
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 7460
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : collector.exe
ProcessId : 8368
ParentProcessId : 5508
CommandLine :
ExecutablePath :

Name : conhost.exe
ProcessId : 8400
ParentProcessId : 8368
CommandLine :
ExecutablePath :

Name : SearchIndexer.exe
ProcessId : 8940
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : NisSrv.exe
ProcessId : 1644
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : dllhost.exe
ProcessId : 9116
ParentProcessId : 1040
CommandLine :
ExecutablePath :
Name : SelfElectController.exe
ProcessId : 10576
ParentProcessId : 5956
CommandLine :
ExecutablePath :

Name : conhost.exe
ProcessId : 10584
ParentProcessId : 10576
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 10876
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 10968
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 10588
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : GoogleCrashHandler.exe
ProcessId : 11540
ParentProcessId : 10784
CommandLine :
ExecutablePath :

Name : GoogleCrashHandler64.exe
ProcessId : 11644
ParentProcessId : 10784
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 11656
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 12132
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 8544
ParentProcessId : 988
CommandLine :
ExecutablePath :
Name : svchost.exe
ProcessId : 13476
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SgrmBroker.exe
ProcessId : 13724
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SecurityHealthService.exe
ProcessId : 14584
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 14932
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 15128
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 12008
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 3748
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SenseCE.exe
ProcessId : 14568
ParentProcessId : 6216
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 7516
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : CcmExec.exe
ProcessId : 5904
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : WmiPrvSE.exe
ProcessId : 15272
ParentProcessId : 1040
CommandLine :
ExecutablePath :

Name : WatchDogService.exe
ProcessId : 9488
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : Microsoft.Management.Services.IntuneWindowsAgent.exe
ProcessId : 6400
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : uhssvc.exe
ProcessId : 6380
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 15532
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : WmiPrvSE.exe
ProcessId : 4536
ParentProcessId : 1040
CommandLine :
ExecutablePath :

Name : WmiPrvSE.exe
ProcessId : 3556
ParentProcessId : 1040
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 17136
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 11416
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 10912
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 20908
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : WmiPrvSE.exe
ProcessId : 6560
ParentProcessId : 1040
CommandLine :
ExecutablePath :

Name : MoUsoCoreWorker.exe
ProcessId : 11560
ParentProcessId : 1040
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 15976
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : csrss.exe
ProcessId : 9136
ParentProcessId : 21992
CommandLine :
ExecutablePath :

Name : winlogon.exe
ProcessId : 6056
ParentProcessId : 21992
CommandLine :
ExecutablePath :

Name : fontdrvhost.exe
ProcessId : 11420
ParentProcessId : 6056
CommandLine :
ExecutablePath :

Name : dwm.exe
ProcessId : 1064
ParentProcessId : 6056
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 10768
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SynTPEnh.exe
ProcessId : 17056
ParentProcessId : 4472
CommandLine : "C:\WINDOWS\System32\SynTPEnh.exe"
ExecutablePath : C:\WINDOWS\System32\SynTPEnh.exe

Name : SECOCL64.exe
ProcessId : 20380
ParentProcessId : 6200
CommandLine : /exit-mutex-guid={85659686-3F7A-4645-916D-E312F4A6AD9A}
/host-pipe-name=\\.\pipe\{B2180EBB-CA13-4674-8973-07F7BE49B0AE}
ExecutablePath : C:\WINDOWS\System32\SECOCL64.exe

Name : conhost.exe
ProcessId : 8816
ParentProcessId : 20380
CommandLine : \??\C:\WINDOWS\system32\conhost.exe 0x4
ExecutablePath : C:\WINDOWS\system32\conhost.exe

Name : SynTPHelper.exe
ProcessId : 10892
ParentProcessId : 18252
CommandLine :
ExecutablePath :

Name : sihost.exe
ProcessId : 6244
ParentProcessId : 2704
CommandLine : sihost.exe
ExecutablePath : C:\WINDOWS\system32\sihost.exe

Name : svchost.exe
ProcessId : 12608
ParentProcessId : 988
CommandLine : C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
ExecutablePath : C:\WINDOWS\system32\svchost.exe

Name : svchost.exe
ProcessId : 10948
ParentProcessId : 988
CommandLine : C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup -s
WpnUserService
ExecutablePath : C:\WINDOWS\system32\svchost.exe

Name : taskhostw.exe
ProcessId : 16124
ParentProcessId : 2080
CommandLine : taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
ExecutablePath : C:\WINDOWS\system32\taskhostw.exe

Name : explorer.exe
ProcessId : 2776
ParentProcessId : 21988
CommandLine : C:\WINDOWS\Explorer.EXE
ExecutablePath : C:\WINDOWS\Explorer.EXE

Name : svchost.exe
ProcessId : 6808
ParentProcessId : 988
CommandLine : C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p -s
cbdhsvc
ExecutablePath : C:\WINDOWS\system32\svchost.exe

Name : StartMenuExperienceHost.exe
ProcessId : 22488
ParentProcessId : 1040
CommandLine : "C:\WINDOWS\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHos
t.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
ExecutablePath : C:\WINDOWS\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost
.exe

Name : ctfmon.exe
ProcessId : 2092
ParentProcessId : 10968
CommandLine :
ExecutablePath :

Name : RuntimeBroker.exe
ProcessId : 22144
ParentProcessId : 1040
CommandLine : C:\Windows\System32\RuntimeBroker.exe -Embedding
ExecutablePath : C:\Windows\System32\RuntimeBroker.exe

Name : RtkAudUService64.exe
ProcessId : 13940
ParentProcessId : 4828
CommandLine :
ExecutablePath :

Name : rcgui.exe
ProcessId : 18540
ParentProcessId : 5884
CommandLine :
ExecutablePath :

Name : SearchApp.exe
ProcessId : 16968
ParentProcessId : 1040
CommandLine : "C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\
SearchApp.exe"
-ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
ExecutablePath : C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\
SearchApp.exe

Name : RuntimeBroker.exe
ProcessId : 18232
ParentProcessId : 1040
CommandLine : C:\Windows\System32\RuntimeBroker.exe -Embedding
ExecutablePath : C:\Windows\System32\RuntimeBroker.exe

Name : RuntimeBroker.exe
ProcessId : 17412
ParentProcessId : 1040
CommandLine : C:\Windows\System32\RuntimeBroker.exe -Embedding
ExecutablePath : C:\Windows\System32\RuntimeBroker.exe

Name : svchost.exe
ProcessId : 14800
ParentProcessId : 988
CommandLine : C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
ExecutablePath : C:\WINDOWS\System32\svchost.exe

Name : SCNotification.exe
ProcessId : 21676
ParentProcessId : 5904
CommandLine : "C:\Windows\CCM\SCNotification.exe"
ExecutablePath : C:\Windows\CCM\SCNotification.exe

Name : WINWORD.EXE
ProcessId : 13456
ParentProcessId : 2776
CommandLine : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n
"C:\Users\mjaber\Desktop\links\LINKS.docx
ExecutablePath : C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

Name : SecurityHealthSystray.exe
ProcessId : 20684
ParentProcessId : 2776
CommandLine : "C:\Windows\System32\SecurityHealthSystray.exe"
ExecutablePath : C:\Windows\System32\SecurityHealthSystray.exe

Name : RtkAudUService64.exe
ProcessId : 18928
ParentProcessId : 2776
CommandLine : "C:\Windows\System32\DriverStore\FileRepository\
realtekservice.inf_amd64_f31d3fd59f245137\RtkAudUServ
ice64.exe" -background
ExecutablePath : C:\Windows\System32\DriverStore\FileRepository\
realtekservice.inf_amd64_f31d3fd59f245137\RtkAudUServi
ce64.exe

Name : SearchProtocolHost.exe
ProcessId : 14548
ParentProcessId : 8940
CommandLine :
ExecutablePath :

Name : activmgr.exe
ProcessId : 6648
ParentProcessId : 2776
CommandLine : "C:\Program Files\Activ Software\ActivDriver\activmgr.exe"
ExecutablePath : C:\Program Files\Activ Software\ActivDriver\activmgr.exe

Name : TextInputHost.exe
ProcessId : 19876
ParentProcessId : 1040
CommandLine : "C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\
InputApp\TextInputHost.exe"
-ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
ExecutablePath : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\
InputApp\TextInputHost.exe

Name : dllhost.exe
ProcessId : 10112
ParentProcessId : 1040
CommandLine : C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-
B70B-5A0F49CCDF3F}
ExecutablePath : C:\WINDOWS\system32\DllHost.exe

Name : OneDrive.exe
ProcessId : 19512
ParentProcessId : 2776
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\OneDrive\
OneDrive.exe" /background
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\OneDrive\OneDrive.exe

Name : SettingSyncHost.exe
ProcessId : 9484
ParentProcessId : 1040
CommandLine : C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
ExecutablePath : C:\WINDOWS\system32\SettingSyncHost.exe

Name : Teams.exe
ProcessId : 16408
ParentProcessId : 15292
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--system-initiated
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : Teams.exe
ProcessId : 10712
ParentProcessId : 16408
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--type=gpu-process
--field-trial-
handle=1652,7308693035464843651,2269878448211151455,131072 --enable-
features=ContextBri

dgeMutability,WebComponentsV0Enabled,WinUseBrowserSpellChecker,WinUseHybridSpellChe
cker --disable-fea

tures=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForS
itePerProcess --gp
u-
preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQ
AAAAgAAAAAAAAACg

AAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAA
ABAAAABQAAABAAAAAA
AAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : Teams.exe
ProcessId : 14308
ParentProcessId : 16408
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--type=utility
--utility-sub-type=network.mojom.NetworkService
--field-trial-
handle=1652,7308693035464843651,2269878448211151455,131072 --enable-
features=ContextBri

dgeMutability,WebComponentsV0Enabled,WinUseBrowserSpellChecker,WinUseHybridSpellChe
cker --disable-fea

tures=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForS
itePerProcess
--lang=en-US --service-sandbox-type=network --enable-wer --ms-
teams-less-cors=522133263
--mojo-platform-channel-handle=2200 /prefetch:8
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : Teams.exe
ProcessId : 18052
ParentProcessId : 16408
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--type=renderer
--autoplay-policy=no-user-gesture-required --disable-background-
timer-throttling
--field-trial-
handle=1652,7308693035464843651,2269878448211151455,131072 --enable-
features=ContextBri

dgeMutability,WebComponentsV0Enabled,WinUseBrowserSpellChecker,WinUseHybridSpellChe
cker --disable-fea

tures=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForS
itePerProcess
--lang=en-US --enable-wer --ms-teams-less-cors=522133263
--app-user-model-id=com.squirrel.Teams.Teams
--app-path="C:\Users\mjaber\AppData\Local\Microsoft\Teams\
current\resources\app.asar"
--enable-sandbox --native-window-open --preload="C:\Users\mjaber\
AppData\Local\Microsoft\Teams\curren
t\resources\app.asar\lib\renderer\notifications\
preload_notifications.js" --background-color=#fff
--enable-spellcheck --enable-websql --disable-electron-site-
instance-overrides
--device-scale-factor=1.5 --num-raster-threads=4 --enable-main-
frame-before-activation
--renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-
platform-channel-handle=2856
/prefetch:1 --msteams-process-type=notificationsManager
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : Teams.exe
ProcessId : 19092
ParentProcessId : 16408
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--type=renderer
--autoplay-policy=no-user-gesture-required --disable-background-
timer-throttling
--field-trial-
handle=1652,7308693035464843651,2269878448211151455,131072 --enable-
features=ContextBri

dgeMutability,WebComponentsV0Enabled,WinUseBrowserSpellChecker,WinUseHybridSpellChe
cker --disable-fea

tures=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForS
itePerProcess
--lang=en-US --enable-wer --ms-teams-less-cors=522133263
--app-user-model-id=com.squirrel.Teams.Teams
--app-path="C:\Users\mjaber\AppData\Local\Microsoft\Teams\
current\resources\app.asar" --webview-tag
--enable-sandbox --native-window-open --preload="C:\Users\mjaber\
AppData\Local\Microsoft\Teams\curren
t\resources\app.asar\lib\renderer\preload.js" --world-safe-
execute-javascript
--background-color=#fff --enable-spellcheck --enable-websql
--disable-electron-site-instance-overrides --device-scale-
factor=1.5 --num-raster-threads=4
--enable-main-frame-before-activation --renderer-client-id=4 --
no-v8-untrusted-code-mitigations
--mojo-platform-channel-handle=3396 /prefetch:1 --msteams-
process-type=main-renderer
--msteams-rendererid=main-renderer
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : HPTouchpointManagerTray.exe
ProcessId : 21716
ParentProcessId : 18488
CommandLine : "C:\Program Files (x86)\Hewlett-Packard\HP Touchpoint Manager\
Agent\HPTouchpointManagerTray.exe"
ExecutablePath : C:\Program Files (x86)\Hewlett-Packard\HP Touchpoint Manager\
Agent\HPTouchpointManagerTray.exe

Name : Teams.exe
ProcessId : 19416
ParentProcessId : 16408
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--type=utility
--utility-sub-type=audio.mojom.AudioService
--field-trial-
handle=1652,7308693035464843651,2269878448211151455,131072 --enable-
features=ContextBri

dgeMutability,WebComponentsV0Enabled,WinUseBrowserSpellChecker,WinUseHybridSpellChe
cker --disable-fea

tures=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForS
itePerProcess
--lang=en-US --service-sandbox-type=audio --enable-wer --ms-
teams-less-cors=522133263
--mojo-platform-channel-handle=3696 /prefetch:8
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : jusched.exe
ProcessId : 19960
ParentProcessId : 18488
CommandLine : "C:\Program Files (x86)\Common Files\Java\Java Update\
jusched.exe"
ExecutablePath : C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Name : vpnui.exe
ProcessId : 7376
ParentProcessId : 18488
CommandLine : "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
Client\vpnui.exe" -minimized
ExecutablePath : C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility
Client\vpnui.exe

Name : clickshare_native.exe
ProcessId : 16988
ParentProcessId : 7892
CommandLine : "C:\ClickShareApp\ClickShare\app-4.18.0-b8\clickshare_native.exe"
--minimized
ExecutablePath : C:\ClickShareApp\ClickShare\app-4.18.0-b8\clickshare_native.exe

Name : calendarreader64.exe
ProcessId : 22040
ParentProcessId : 18480
CommandLine : "C:\ClickShareApp\ClickShare\app-4.19.1-b5\calendarreader64.exe"
-i 16988
ExecutablePath : C:\ClickShareApp\ClickShare\app-4.19.1-b5\calendarreader64.exe

Name : PresentSense.exe
ProcessId : 4980
ParentProcessId : 17912
CommandLine : "C:\ClickShareApp\ClickShare\app-4.19.1-b5\PresentSense.exe" -p
49201
ExecutablePath : C:\ClickShareApp\ClickShare\app-4.19.1-b5\PresentSense.exe

Name : WebComponent.exe
ProcessId : 20780
ParentProcessId : 18500
CommandLine : "C:\ClickShareApp\ClickShare\app-4.19.1-b5\WebComponent.exe" -
p=49202 -ck=ih2UkrhmIY/9fpg2wUP2tV/VU8p

V/pswmIVeSBNsNvsPEkJduLiV79B4cLi4WIbdPCfE36SZeyQMxM0WU8UIxIQdpR1PIqawxhCunhilYAHOL6
59Xl0yngcrfy9L+ovJ
0o3H1VtwpEwnqknPnQCwG/wCZEmoSrfcipA1V8lA+dg=
ExecutablePath : C:\ClickShareApp\ClickShare\app-4.19.1-b5\WebComponent.exe

Name : ClickShare Web Component.exe


ProcessId : 20056
ParentProcessId : 20780
CommandLine : "C:\Users\mjaber\AppData\Local\Temp\23cBxbPouNWcc5a4X7mykfsdmj6\
ClickShare Web Component.exe"
-p=49202
-ck=ih2UkrhmIY/9fpg2wUP2tV/VU8pV/pswmIVeSBNsNvsPEkJduLiV79B4cLi4WIbdPCfE36SZeyQMxM0
WU8UIxIQd

pR1PIqawxhCunhilYAHOL659Xl0yngcrfy9L+ovJ0o3H1VtwpEwnqknPnQCwG/wCZEmoSrfcipA1V8lA+dg
=
ExecutablePath : C:\Users\mjaber\AppData\Local\Temp\23cBxbPouNWcc5a4X7mykfsdmj6\
ClickShare Web Component.exe

Name : ClickShare Web Component.exe


ProcessId : 15204
ParentProcessId : 20056
CommandLine : "C:\Users\mjaber\AppData\Local\Temp\23cBxbPouNWcc5a4X7mykfsdmj6\
ClickShare Web Component.exe"
--type=gpu-process --field-trial-
handle=1564,14033485384203195073,1419439644315206913,131072 --disabl
e-
features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnly
OnDemand
--user-data-dir="C:\Users\mjaber\AppData\Local\Barco\client-web-
engine" --gpu-preferences=UAAAAAAAAAD

gAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAA
AASAAAAAAAAAAYAAAA
AgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAA
AAAAAAAA=
--mojo-platform-channel-handle=1636 /prefetch:2
ExecutablePath : C:\Users\mjaber\AppData\Local\Temp\23cBxbPouNWcc5a4X7mykfsdmj6\
ClickShare Web Component.exe

Name : ClickShare Web Component.exe


ProcessId : 16488
ParentProcessId : 20056
CommandLine : "C:\Users\mjaber\AppData\Local\Temp\23cBxbPouNWcc5a4X7mykfsdmj6\
ClickShare Web Component.exe"
--type=utility --utility-sub-type=network.mojom.NetworkService
--field-trial-
handle=1564,14033485384203195073,1419439644315206913,131072 --disable-
features=PlzServi

ceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --
lang=en-US
--service-sandbox-type=none --user-data-dir="C:\Users\mjaber\
AppData\Local\Barco\client-web-engine"
--mojo-platform-channel-handle=1856 /prefetch:8
ExecutablePath : C:\Users\mjaber\AppData\Local\Temp\23cBxbPouNWcc5a4X7mykfsdmj6\
ClickShare Web Component.exe

Name : bomgar-scc.exe
ProcessId : 21780
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : bomgar-scc.exe
ProcessId : 19944
ParentProcessId : 21780
CommandLine :
ExecutablePath :

Name : Teams.exe
ProcessId : 4216
ParentProcessId : 16408
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--type=renderer
--autoplay-policy=no-user-gesture-required --disable-background-
timer-throttling
--field-trial-
handle=1652,7308693035464843651,2269878448211151455,131072 --enable-
features=ContextBri

dgeMutability,WebComponentsV0Enabled,WinUseBrowserSpellChecker,WinUseHybridSpellChe
cker --disable-fea

tures=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForS
itePerProcess
--lang=en-US --enable-wer --ms-teams-less-cors=522133263
--app-user-model-id=com.squirrel.Teams.Teams
--app-path="C:\Users\mjaber\AppData\Local\Microsoft\Teams\
current\resources\app.asar"
--enable-sandbox --native-window-open --preload="C:\Users\mjaber\
AppData\Local\Microsoft\Teams\curren
t\resources\app.asar\lib\renderer\experienceRenderer\
preload_webview.js" --background-color=#fff
--guest-instance-id=5 --enable-blink-features --disable-blink-
features --hidden-page
--node-integration-in-subframes --enable-spellcheck --enable-
websql
--disable-electron-site-instance-overrides --device-scale-
factor=1.5 --num-raster-threads=4
--enable-main-frame-before-activation --renderer-client-id=9 --
no-v8-untrusted-code-mitigations
--mojo-platform-channel-handle=3940 /prefetch:1 --msteams-
process-type=experience-renderer
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : Teams.exe
ProcessId : 15048
ParentProcessId : 16408
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--type=renderer
--autoplay-policy=no-user-gesture-required --disable-background-
timer-throttling
--field-trial-
handle=1652,7308693035464843651,2269878448211151455,131072 --enable-
features=ContextBri

dgeMutability,WebComponentsV0Enabled,WinUseBrowserSpellChecker,WinUseHybridSpellChe
cker --disable-fea

tures=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForS
itePerProcess
--lang=en-US --enable-wer --ms-teams-less-cors=522133263
--app-user-model-id=com.squirrel.Teams.Teams
--app-path="C:\Users\mjaber\AppData\Local\Microsoft\Teams\
current\resources\app.asar" --no-sandbox
--no-zygote --preload="C:\Users\mjaber\AppData\Local\Microsoft\
Teams\current\resources\app.asar\lib\p
luginhost\preload.js" --context-isolation --background-color=#fff
--enable-spellcheck
--enable-websql --disable-electron-site-instance-overrides --
device-scale-factor=1.5
--num-raster-threads=4 --enable-main-frame-before-activation --
renderer-client-id=10
--no-v8-untrusted-code-mitigations --mojo-platform-channel-
handle=4592 /prefetch:1
--msteams-process-type=pluginHost
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : chrome.exe
ProcessId : 16084
ParentProcessId : 2776
CommandLine : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
ExecutablePath : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name : chrome.exe
ProcessId : 20540
ParentProcessId : 16084
CommandLine : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --
type=crashpad-handler
"--user-data-dir=C:\Users\mjaber\AppData\Local\Google\Chrome\User
Data" /prefetch:7
--monitor-self-annotation=ptype=crashpad-handler
"--database=C:\Users\mjaber\AppData\Local\Google\Chrome\User
Data\Crashpad"
"--metrics-dir=C:\Users\mjaber\AppData\Local\Google\Chrome\User
Data"
--url=https://clients2.google.com/cr/report --annotation=channel=
--annotation=plat=Win64
--annotation=prod=Chrome --annotation=ver=97.0.4692.71
--initial-client-
data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffac97ae850,0x7ffac97ae860,0x7ffac97ae870
ExecutablePath : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name : chrome.exe
ProcessId : 10688
ParentProcessId : 16084
CommandLine : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --
type=gpu-process
--field-trial-
handle=1728,11489693762423402073,11501012059268732355,131072 --gpu-
preferences=UAAAAAAA

AADgAAAYAAAAAAAAAAAAAAAAAABgAIAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAA
AAAAASAAAAAAAAAAYA

AAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAA
CAAAAAAAAAA=
--mojo-platform-channel-handle=1736 /prefetch:2
ExecutablePath : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name : chrome.exe
ProcessId : 15312
ParentProcessId : 16084
CommandLine : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --
type=utility
--utility-sub-type=network.mojom.NetworkService
--field-trial-
handle=1728,11489693762423402073,11501012059268732355,131072 --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-
handle=2032 /prefetch:8
ExecutablePath : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name : chrome.exe
ProcessId : 9060
ParentProcessId : 16084
CommandLine : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --
type=utility
--utility-sub-type=storage.mojom.StorageService
--field-trial-
handle=1728,11489693762423402073,11501012059268732355,131072 --lang=en-US
--service-sandbox-type=utility --mojo-platform-channel-
handle=2108 /prefetch:8
ExecutablePath : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name : rckvm.exe
ProcessId : 8444
ParentProcessId : 5884
CommandLine :
ExecutablePath :
Name : rckvm.exe
ProcessId : 5312
ParentProcessId : 5884
CommandLine :
ExecutablePath :

Name : ApplicationFrameHost.exe
ProcessId : 18304
ParentProcessId : 1040
CommandLine : C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
ExecutablePath : C:\WINDOWS\system32\ApplicationFrameHost.exe

Name : HxOutlook.exe
ProcessId : 21144
ParentProcessId : 1040
CommandLine : "C:\Program Files\WindowsApps\
microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8b
bwe\HxOutlook.exe" -
ServerName:microsoft.windowslive.mail.AppXfbjsbkxvprcgqg6q4c9jfr0pn3kv9x5s.mca
ExecutablePath : C:\Program Files\WindowsApps\
microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bb
we\HxOutlook.exe

Name : RuntimeBroker.exe
ProcessId : 10524
ParentProcessId : 1040
CommandLine : C:\Windows\System32\RuntimeBroker.exe -Embedding
ExecutablePath : C:\Windows\System32\RuntimeBroker.exe

Name : HxTsr.exe
ProcessId : 21320
ParentProcessId : 1040
CommandLine : "C:\Program Files\WindowsApps\
microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8b
bwe\HxTsr.exe" -ServerName:Hx.IPC.Server
ExecutablePath : C:\Program Files\WindowsApps\
microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bb
we\HxTsr.exe

Name : Microsoft.Photos.exe
ProcessId : 20768
ParentProcessId : 1040
CommandLine : "C:\Program Files\WindowsApps\
Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsof
t.Photos.exe" -
ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
ExecutablePath : C:\Program
Files\WindowsApps\
Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Name : RuntimeBroker.exe
ProcessId : 13380
ParentProcessId : 1040
CommandLine : C:\Windows\System32\RuntimeBroker.exe -Embedding
ExecutablePath : C:\Windows\System32\RuntimeBroker.exe

Name : chrome.exe
ProcessId : 1640
ParentProcessId : 16084
CommandLine : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --
type=renderer --extension-process
--display-capture-permissions-policy-allowed
--field-trial-
handle=1728,11489693762423402073,11501012059268732355,131072 --lang=en-US
--device-scale-factor=1.5 --num-raster-threads=4 --enable-main-
frame-before-activation
--renderer-client-id=13 --launch-time-ticks=406218574845 --mojo-
platform-channel-handle=5196
/prefetch:1
ExecutablePath : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name : chrome.exe
ProcessId : 18140
ParentProcessId : 16084
CommandLine : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --
type=utility
--utility-sub-type=audio.mojom.AudioService
--field-trial-
handle=1728,11489693762423402073,11501012059268732355,131072 --lang=en-US
--service-sandbox-type=audio --mojo-platform-channel-
handle=3052 /prefetch:8
ExecutablePath : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name : SystemSettings.exe
ProcessId : 3844
ParentProcessId : 1040
CommandLine : "C:\Windows\ImmersiveControlPanel\SystemSettings.exe"
-ServerName:microsoft.windows.immersivecontrolpanel
ExecutablePath : C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Name : chrome.exe
ProcessId : 20772
ParentProcessId : 16084
CommandLine : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --
type=renderer
--display-capture-permissions-policy-allowed
--field-trial-
handle=1728,11489693762423402073,11501012059268732355,131072 --lang=en-US
--device-scale-factor=1.5 --num-raster-threads=4 --enable-main-
frame-before-activation
--renderer-client-id=17 --launch-time-ticks=406244637359 --mojo-
platform-channel-handle=1176
/prefetch:1
ExecutablePath : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Name : OUTLOOK.EXE
ProcessId : 10564
ParentProcessId : 2776
CommandLine : "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE"
ExecutablePath : C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

Name : Inspire.exe
ProcessId : 13768
ParentProcessId : 2776
CommandLine : "C:\Program Files (x86)\Activ Software\Inspire\Inspire.exe" "C:\
Users\mjaber\Desktop\Distance
Learning Flipcharts\January 16 2022 Sunday.flipchart"
ExecutablePath : C:\Program Files (x86)\Activ Software\Inspire\Inspire.exe

Name : jucheck.exe
ProcessId : 14160
ParentProcessId : 19960
CommandLine : "C:\Program Files (x86)\Common Files\Java\Java Update\
jucheck.exe" -auto
ExecutablePath : C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

Name : Video.UI.exe
ProcessId : 20440
ParentProcessId : 1040
CommandLine : "C:\Program Files\WindowsApps\
Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe"
-
ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
ExecutablePath : C:\Program Files\WindowsApps\
Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe

Name : RuntimeBroker.exe
ProcessId : 14432
ParentProcessId : 1040
CommandLine : C:\Windows\System32\RuntimeBroker.exe -Embedding
ExecutablePath : C:\Windows\System32\RuntimeBroker.exe

Name : svchost.exe
ProcessId : 23428
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : msedge.exe
ProcessId : 21112
ParentProcessId : 22640
CommandLine : "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --
no-startup-window /prefetch:5
ExecutablePath : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Name : msedge.exe
ProcessId : 3100
ParentProcessId : 21112
CommandLine : "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --
type=crashpad-handler
"--user-data-dir=C:\Users\mjaber\AppData\Local\Microsoft\Edge\
User Data" /prefetch:7
--monitor-self-annotation=ptype=crashpad-handler
"--database=C:\Users\mjaber\AppData\Local\Microsoft\Edge\User
Data\Crashpad"
--annotation=IsOfficialBuild=1 --annotation=channel= --
annotation=chromium-version=97.0.4692.71
"--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\
Application\msedge.exe"
--annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --
annotation=ver=97.0.1072.62
--initial-client-
data=0xf0,0xf4,0xf8,0xcc,0xfc,0x7ffad450db60,0x7ffad450db70,0x7ffad450db80
ExecutablePath : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Name : msedge.exe
ProcessId : 24296
ParentProcessId : 21112
CommandLine : "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --
type=gpu-process
--field-trial-
handle=2040,4654209318025211441,15024924724668248072,131072 --gpu-
preferences=UAAAAAAAA

ADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAA
AAAASAAAAAAAAAAYAA

AAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAAC
AAAAAAAAAA=
--mojo-platform-channel-handle=2064 /prefetch:2
ExecutablePath : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Name : msedge.exe
ProcessId : 30616
ParentProcessId : 21112
CommandLine : "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --
type=utility
--utility-sub-type=network.mojom.NetworkService
--field-trial-
handle=2040,4654209318025211441,15024924724668248072,131072 --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-
handle=2276 /prefetch:3
ExecutablePath : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Name : msedge.exe
ProcessId : 27724
ParentProcessId : 21112
CommandLine : "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --
type=utility
--utility-sub-type=storage.mojom.StorageService
--field-trial-
handle=2040,4654209318025211441,15024924724668248072,131072 --lang=en-US
--service-sandbox-type=utility --mojo-platform-channel-
handle=2868 /prefetch:8
ExecutablePath : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Name : audiodg.exe
ProcessId : 8864
ParentProcessId : 4396
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 32440
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SenseNdr.exe
ProcessId : 32888
ParentProcessId : 6216
CommandLine :
ExecutablePath :

Name : smartscreen.exe
ProcessId : 25848
ParentProcessId : 1040
CommandLine : C:\Windows\System32\smartscreen.exe -Embedding
ExecutablePath : C:\Windows\System32\smartscreen.exe

Name : svchost.exe
ProcessId : 31528
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : SearchFilterHost.exe
ProcessId : 33468
ParentProcessId : 8940
CommandLine :
ExecutablePath :

Name : svchost.exe
ProcessId : 26248
ParentProcessId : 988
CommandLine :
ExecutablePath :

Name : Teams.exe
ProcessId : 28828
ParentProcessId : 16408
CommandLine : "C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe"
--type=renderer
--autoplay-policy=no-user-gesture-required --disable-background-
timer-throttling
--field-trial-
handle=1652,7308693035464843651,2269878448211151455,131072 --enable-
features=ContextBri

dgeMutability,WebComponentsV0Enabled,WinUseBrowserSpellChecker,WinUseHybridSpellChe
cker --disable-fea

tures=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForS
itePerProcess
--lang=en-US --enable-wer --ms-teams-less-cors=522133263
--app-user-model-id=com.squirrel.Teams.Teams
--app-path="C:\Users\mjaber\AppData\Local\Microsoft\Teams\
current\resources\app.asar"
--device-scale-factor=1.5 --num-raster-threads=4 --enable-main-
frame-before-activation
--renderer-client-id=91 --no-v8-untrusted-code-mitigations --
mojo-platform-channel-handle=4848
/prefetch:1
ExecutablePath : C:\Users\mjaber\AppData\Local\Microsoft\Teams\current\Teams.exe

Name : powershell.exe
ProcessId : 33000
ParentProcessId : 20056
CommandLine : powershell.exe /c "Get-CimInstance -className win32_process |
select
Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath"
ExecutablePath : C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Name : conhost.exe
ProcessId : 30028
ParentProcessId : 33000
CommandLine : \??\C:\WINDOWS\system32\conhost.exe 0x4
ExecutablePath : C:\WINDOWS\system32\conhost.exe

PS>$global:?
True
**********************
Windows PowerShell transcript end
End time: 20220116090659
**********************

You might also like