Scribd
Upload
234 views3 pages

Process List

The document contains a list of processes running on a system with their IDs, names, and command lines. Several suspicious processes are running from temporary folders with names like "foto0174.exe" and "y5970327.exe" that could indicate malware. The system is also running various Windows processes like explorer, svchost, and powershell.

Uploaded by

Anonymous BJdOLuAB
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
234 views3 pages

Process List

The document contains a list of processes running on a system with their IDs, names, and command lines. Several suspicious processes are running from temporary folders with names like "foto0174.exe" and "y5970327.exe" that could indicate malware. The system is also running various Windows processes like explorer, svchost, and powershell.

Uploaded by

Anonymous BJdOLuAB
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

***********************************************

* ____ _____ ____ _ ___ _ _ _____ *


* | _ | ____| _ | | |_ _| | | ____| *
* | |_) | _| | | | | | | || | | _| *
* | _ <| |___| |_| | |___ | || | | |___ *
* |_| _|_____|____/|_____|___|_| _|_____| *
* *
* Telegram : https://t.me/BananaLogs *
***********************************************

ID: 10196, Name: csrss.exe, CommandLine:


===============
ID: 9868, Name: winlogon.exe, CommandLine:
===============
ID: 14064, Name: fontdrvhost.exe, CommandLine:
===============
ID: 14172, Name: dwm.exe, CommandLine:
===============
ID: 12788, Name: atieclxx.exe, CommandLine:
===============
ID: 6316, Name: NVDisplay.Container.exe, CommandLine:
===============
ID: 9340, Name: hf5.exe, CommandLine: "C:\Program Files\Hide Folders\hf5.exe" /s
===============
ID: 10548, Name: uihost.exe, CommandLine: "C:\Program Files\McAfee\WebAdvisor\
UIHost.exe"
===============
ID: 12328, Name: sihost.exe, CommandLine: sihost.exe
===============
ID: 624, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 12560, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
UnistackSvcGroup -s WpnUserService
===============
ID: 11040, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-
A93F-A59CA119A75E}
===============
ID: 10848, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
===============
ID: 10728, Name: ctfmon.exe, CommandLine:
===============
ID: 10468, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 6644, Name: TextInputHost.exe, CommandLine: "C:\Windows\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -
ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
===============
ID: 14008, Name: StartMenuExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 2112, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 4000, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
ID: 9712, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 7664, Name: backgroundTaskHost.exe, CommandLine: "C:\Windows\system32\
backgroundTaskHost.exe" -
ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca
===============
ID: 8412, Name: backgroundTaskHost.exe, CommandLine: "C:\Windows\system32\
backgroundTaskHost.exe" -ServerName:App.AppXfkd8mejksk4ancwf4vtyhmkvtzn1jcbs.mca
===============
ID: 3424, Name: powershell.exe, CommandLine:
===============
ID: 13276, Name: ksdeui.exe, CommandLine: "C:\Program Files (x86)\Kaspersky Lab\
Kaspersky VPN 5.9\ksdeui.exe" -hidden
===============
ID: 11940, Name: conhost.exe, CommandLine:
===============
ID: 1752, Name: dialer.exe, CommandLine:
===============
ID: 13848, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe
-Embedding
===============
ID: 7552, Name: Cortana.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe" -
ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mca
===============
ID: 8396, Name: oneetx.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
c3912af058\oneetx.exe"
===============
ID: 13656, Name: cmd.exe, CommandLine: "C:\Windows\System32\cmd.exe" /k echo Y|
CACLS "oneetx.exe" /P "User:N"&&CACLS "oneetx.exe" /P "User:R" /E&&echo Y|CACLS
"..\c3912af058" /P "User:N"&&CACLS "..\c3912af058" /P "User:R" /E&&Exit
===============
ID: 9628, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 8424, Name: dialer.exe, CommandLine:
===============
ID: 9992, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 14164, Name: dialer.exe, CommandLine:
===============
ID: 3032, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
AarSvcGroup -p -s AarSvc
===============
ID: 12444, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 10828, Name: foto0174.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000003051\foto0174.exe"
===============
ID: 13816, Name: x2976550.exe, CommandLine: C:\Users\User\AppData\Local\Temp\
IXP000.TMP\x2976550.exe
===============
ID: 6588, Name: g9646204.exe, CommandLine: C:\Users\User\AppData\Local\Temp\
IXP001.TMP\g9646204.exe
===============
ID: 12712, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 8520, Name: fotocr23.exe, CommandLine: "C:\Users\User\AppData\Local\Temp\
1000004051\fotocr23.exe"
===============
ID: 7592, Name: y5970327.exe, CommandLine: C:\Users\User\AppData\Local\Temp\
IXP002.TMP\y5970327.exe
===============
ID: 3116, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
===============
ID: 9352, Name: l3803403.exe, CommandLine: C:\Users\User\AppData\Local\Temp\
IXP003.TMP\l3803403.exe
===============
ID: 1376, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 13024, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
===============
ID: 4136, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 2992, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 9952, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
===============
ID: 8512, Name: RegSvcs.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
v4.0.30319\RegSvcs.exe"
===============
ID: 10552, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe

You might also like