Scribd
Upload
238 views3 pages

Process List

The document contains a list of processes running on a system with their IDs, names, and command lines. Several suspicious processes are running from temporary folders with names like "foto0174.exe" and "y5970327.exe" that could indicate malware. The system is also running various Windows processes like explorer, svchost, and powershell.

Uploaded by

Anonymous BJdOLuAB
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
238 views3 pages

Process List

The document contains a list of processes running on a system with their IDs, names, and command lines. Several suspicious processes are running from temporary folders with names like "foto0174.exe" and "y5970327.exe" that could indicate malware. The system is also running various Windows processes like explorer, svchost, and powershell.

Uploaded by

Anonymous BJdOLuAB
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

***********************************************

* ____ _____ ____ _ ___ _ _ _____ *


* | _ | ____| _ | | |_ _| | | ____| *
* | |_) | _| | | | | | | || | | _| *
* | _ <| |___| |_| | |___ | || | | |___ *
* |_| _|_____|____/|_____|___|_| _|_____| *
* *
* Telegram : https://t.me/BananaLogs *
***********************************************

ID: 10196, Name: csrss.exe, CommandLine:


===============
ID: 9868, Name: winlogon.exe, CommandLine:
===============
ID: 14064, Name: fontdrvhost.exe, CommandLine:
===============
ID: 14172, Name: dwm.exe, CommandLine:
===============
ID: 12788, Name: atieclxx.exe, CommandLine:
===============
ID: 6316, Name: NVDisplay.Container.exe, CommandLine:
===============
ID: 9340, Name: hf5.exe, CommandLine: "C:\Program Files\Hide Folders\hf5.exe" /s
===============
ID: 10548, Name: uihost.exe, CommandLine: "C:\Program Files\McAfee\WebAdvisor\
UIHost.exe"
===============
ID: 12328, Name: sihost.exe, CommandLine: sihost.exe
===============
ID: 624, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 12560, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s WpnUserService
===============
ID: 11040, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-
A93F-A59CA119A75E}
===============
ID: 10848, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
===============
ID: 10728, Name: ctfmon.exe, CommandLine:
===============
ID: 10468, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 6644, Name: TextInputHost.exe, CommandLine: "C:\Windows\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -
ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
===============
ID: 14008, Name: StartMenuExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 2112, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 4000, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
ID: 9712, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 7664, Name: backgroundTaskHost.exe, CommandLine: "C:\Windows\system32\
backgroundTaskHost.exe" -
ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca
===============
ID: 8412, Name: backgroundTaskHost.exe, CommandLine: "C:\Windows\system32\
backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca
===============
ID: 3424, Name: powershell.exe, CommandLine:
===============
ID: 13276, Name: ksdeui.exe, CommandLine: "C:\Program Files (x86)\Kaspersky Lab\
Kaspersky VPN 5.9\ksdeui.exe" -hidden
===============
ID: 11940, Name: conhost.exe, CommandLine:
===============
ID: 1752, Name: dialer.exe, CommandLine:
===============
ID: 13848, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe
-Embedding
===============
ID: 7552, Name: Cortana.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe" -
ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mca
===============
ID: 8396, Name: oneetx.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
c3912af058\oneetx.exe"
===============
ID: 13656, Name: cmd.exe, CommandLine: "C:\Windows\System32\cmd.exe" /k echo Y|
CACLS "oneetx.exe" /P "User:N"&&CACLS "oneetx.exe" /P "User:R" /E&&echo Y|CACLS
"..\c3912af058" /P "User:N"&&CACLS "..\c3912af058" /P "User:R" /E&&Exit
===============
ID: 9628, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 8424, Name: dialer.exe, CommandLine:
===============
ID: 9992, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 14164, Name: dialer.exe, CommandLine:
===============
ID: 3032, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
AarSvcGroup -p -s AarSvc
===============
ID: 12444, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 10828, Name: foto0174.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000003051\foto0174.exe"
===============
ID: 13816, Name: x2976550.exe, CommandLine: C:\Users\User\AppData\Local\Temp\
IXP000.TMP\x2976550.exe
===============
ID: 6588, Name: g9646204.exe, CommandLine: C:\Users\User\AppData\Local\Temp\
IXP001.TMP\g9646204.exe
===============
ID: 12712, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 8520, Name: fotocr23.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000004051\fotocr23.exe"
===============
ID: 7592, Name: y5970327.exe, CommandLine: C:\Users\User\AppData\Local\Temp\
IXP002.TMP\y5970327.exe
===============
ID: 3116, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
===============
ID: 9352, Name: l3803403.exe, CommandLine: C:\Users\User\AppData\Local\Temp\
IXP003.TMP\l3803403.exe
===============
ID: 1376, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 13024, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
===============
ID: 4136, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 2992, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 9952, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 8512, Name: RegSvcs.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegSvcs.exe"
===============
ID: 10552, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy