Scribd
Upload
40 views2 pages

Windows Process List Overview

This document contains process information from a Windows system. It lists the process ID (ID), process name (Name), and command line (CommandLine) for 28 running processes. Many of the processes seem legitimate like explorer.exe and WINWORD.EXE, but others like csrss.exe, powershell.exe and conhost.exe are suspicious based on their command lines or locations in the temp folder. Overall this process listing suggests the system may have been compromised.

Uploaded by

Helenice Andrade
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
40 views2 pages

Windows Process List Overview

This document contains process information from a Windows system. It lists the process ID (ID), process name (Name), and command line (CommandLine) for 28 running processes. Many of the processes seem legitimate like explorer.exe and WINWORD.EXE, but others like csrss.exe, powershell.exe and conhost.exe are suspicious based on their command lines or locations in the temp folder. Overall this process listing suggests the system may have been compromised.

Uploaded by

Helenice Andrade
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

***********************************************

* *
* ____ _____ ____ _ ___ _ _ _____ *
* | _ \| ____| _ \| | |_ _| \ | | ____| *
* | |_) | _| | | | | | | || \| | _| *
* | _ <| |___| |_| | |___ | || |\ | |___ *
* |_| \_|_____|____/|_____|___|_| \_|_____| *
* *
* Telegram: [Link] *
***********************************************

ID: 472, Name: [Link], CommandLine: %SystemRoot%\system32\[Link]


ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off
MaxRequestThreads=16
===============
ID: 516, Name: [Link], CommandLine: [Link]
===============
ID: 2040, Name: [Link], CommandLine: "[Link]"
===============
ID: 2088, Name: [Link], CommandLine: "C:\Windows\system32\[Link]"
===============
ID: 2164, Name: [Link], CommandLine: C:\Windows\[Link]
===============
ID: 2456, Name: [Link], CommandLine: "C:\Program Files (x86)\Common Files\
Ahead\Lib\[Link]"
===============
ID: 2672, Name: [Link], CommandLine: "C:\Program Files (x86)\Common
Files\Ahead\Lib\[Link]" -Embedding
===============
ID: 4236, Name: [Link], CommandLine: "[Link]"
===============
ID: 4748, Name: [Link], CommandLine: [Link] "C:\Program Files\HP\HP
Smart Tank 510 series\bin\[Link]",RunDLLEntry
SERIALNUMBER=CN09S340QD;CONNECTION=USB;MONITOR=1;DELAYSTART=1;
===============
ID: 3052, Name: [Link], CommandLine: "C:\Program Files (x86)\Microsoft Office\
Office12\[Link]"
===============
ID: 4024, Name: [Link], CommandLine: C:\Windows\[Link] 8192
===============
ID: 3600, Name: [Link], CommandLine: "C:\Users\Luciano\AppData\Roaming\
uTorrent\[Link]" /RELOCATED
===============
ID: 4944, Name: [Link], CommandLine: "C:\Users\Luciano\AppData\Roaming\
uTorrent\helper\[Link]" 47068 --hval 29fPIJTdI-BgZ3Lm -- -pid 3600 -version
46674
===============
ID: 3372, Name: [Link], CommandLine: "C:\Windows\system32\[Link]" C:\
Users\Luciano\Desktop\BAIXAR VIDEO [Link]
===============
ID: 4704, Name: [Link], CommandLine: "C:\Windows\[Link]\Framework\
v4.0.30319\[Link]"
===============
ID: 5112, Name: [Link], CommandLine: "C:\Windows\[Link]\Framework\
v4.0.30319\[Link]"
===============
ID: 116, Name: [Link], CommandLine: C:\Windows\system32\[Link] /c C:\Users\
Luciano\AppData\Roaming\[Link]
===============
ID: 2884, Name: [Link], CommandLine: \??\C:\Windows\system32\[Link] "-
193250056-1002427408940756810-130750174715571653761699564983705986884-1700661287
===============
ID: 3940, Name: [Link], CommandLine: "C:\Users\Luciano\AppData\Roaming\
9L8H8SQkET\[Link]"
===============
ID: 4180, Name: [Link], CommandLine: "C:\Windows\System32\
WindowsPowerShell\v1.0\[Link]" -exec bypass -enc
UwB0AGEAcgB0AC0AUwBsAGUAZQBwACAAMgAwAA==
===============
ID: 4428, Name: [Link], CommandLine: \??\C:\Windows\system32\[Link]
"250846659-708670801054435628-1914821119-80766274320371898371833405156-416931485
===============
ID: 4848, Name: [Link], CommandLine: "C:\Users\Luciano\AppData\Roaming\
0eKp3\[Link]"
===============
ID: 1556, Name: [Link], CommandLine: "C:\Users\Luciano\AppData\Roaming\
KnM8fv7qh7P\[Link]"
===============
ID: 2644, Name: [Link], CommandLine: C:\Windows\rss\[Link]
===============
ID: 5116, Name: U8BqaAYLhQVHY6WBxp_QKq5H.exe, CommandLine: "{path}"
===============
ID: 4772, Name: [Link], CommandLine: "C:\Users\Luciano\AppData\Local\Temp\csrss\
[Link]"
===============
ID: 128, Name: [Link], CommandLine: C:\Users\Luciano\AppData\Local\Temp\
csrss\injector\[Link] [Link] C:\Users\Luciano\AppData\Local\Temp\csrss\
injector\[Link]
===============
ID: 2244, Name: [Link], CommandLine: \??\C:\Windows\system32\[Link]
"1114063989-1201346421-755528286-863775101-1069742012-1772061177237283123-926153016

You might also like