49 lines
3.7 KiB
Plaintext
49 lines
3.7 KiB
Plaintext
Volatility 3 Framework 1.0.1
|
|
|
|
PID Process Args
|
|
|
|
4 System Required memory at 0x10 is not valid (process exited?)
|
|
396 smss.exe \SystemRoot\System32\smss.exe
|
|
460 csrss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
|
|
500 wininit.exe wininit.exe
|
|
584 services.exe C:\Windows\system32\services.exe
|
|
600 lsass.exe C:\Windows\system32\lsass.exe
|
|
608 lsm.exe C:\Windows\system32\lsm.exe
|
|
760 svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch
|
|
824 svchost.exe C:\Windows\system32\svchost.exe -k rpcss
|
|
856 svchost.exe C:\Windows\System32\svchost.exe -k secsvcs
|
|
988 svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
|
|
1016 svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
|
|
1032 svchost.exe C:\Windows\system32\svchost.exe -k netsvcs
|
|
1084 audiodg.exe C:\Windows\system32\AUDIODG.EXE 0x288
|
|
1108 svchost.exe C:\Windows\system32\svchost.exe -k GPSvcGroup
|
|
1132 SLsvc.exe C:\Windows\system32\SLsvc.exe
|
|
1224 svchost.exe C:\Windows\system32\svchost.exe -k LocalService
|
|
1296 svchost.exe C:\Windows\system32\svchost.exe -k NetworkService
|
|
1488 spoolsv.exe C:\Windows\System32\spoolsv.exe
|
|
1512 svchost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
|
|
1920 taskeng.exe taskeng.exe {7EC134E2-8BEF-46AF-94C8-8C16150FAB71}
|
|
496 svchost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
|
|
1316 VMwareService.e "C:\Program Files\VMware\VMware Tools\VMwareService.exe"
|
|
1444 svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
|
|
2028 SearchIndexer.e C:\Windows\system32\SearchIndexer.exe /Embedding
|
|
1356 dllhost.exe C:\Windows\system32\dllhost.exe /Processid:{D34C07AA-275B-496E-A3CC-AFA75F2752EE}
|
|
1796 dllhost.exe C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
|
|
2076 csrss.exe C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
|
|
2100 winlogon.exe winlogon.exe
|
|
2176 msdtc.exe C:\Windows\System32\msdtc.exe
|
|
2392 VSSVC.exe C:\Windows\system32\vssvc.exe
|
|
2504 taskeng.exe taskeng.exe {7F495FBC-66B3-4B6A-A068-DC3607159EB1}
|
|
2864 dwm.exe "C:\Windows\system32\Dwm.exe"
|
|
2884 explorer.exe C:\Windows\Explorer.EXE
|
|
2992 MSASCui.exe "C:\Program Files\Windows Defender\MSASCui.exe" -hide
|
|
3000 VMwareTray.exe "C:\Program Files\VMware\VMware Tools\VMwareTray.exe"
|
|
3008 VMwareUser.exe "C:\Program Files\VMware\VMware Tools\VMwareUser.exe"
|
|
3076 sidebar.exe "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
|
|
3576 cmd.exe "C:\Windows\System32\cmd.exe"
|
|
3804 SearchProtocolH "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
|
|
3828 SearchFilterHos "C:\Windows\system32\SearchFilterHost.exe" 0 628 632 640 65536 636
|
|
3868 SearchProtocolH "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_s-1-5-21-285957352-2877602163-2811336752-10002_ Global\UsGthrCtrlFltPipeMssGthrPipe_s-1-5-21-285957352-2877602163-2811336752-10002 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
|
|
3968 telnet.exe telnet towel.blinkenlights.nl
|
|
536 WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe
|