pslist.exe
- File Path:
C:\SysinternalsSuite\pslist.exe
- Description: Process information lister
Hashes
| Type |
Hash |
| MD5 |
2C23D6223D4AFF81AC137B6989BCE05C |
| SHA1 |
FE41E35485D4C5B61EC555C1C38965F837759585 |
| SHA256 |
9927831E111AC61FD7645BF7EFA1787DB1A3E85B6F64A274CA04B213DC27FD08 |
| SHA384 |
DD67DC2AC38915C5609F5E7B3F26515B64C5681A9524E1BA8D19ACCA17DD44073671EF06B806ABA388A99F2EBB589E54 |
| SHA512 |
09104320CAA2A5386545D17CC701F506748CFCF54BEF82DAEE5E8B601A03EAF6F3806541C73F019F0E49D37CF7180265F32FCB4AF02911D8A775446D4FE4309B |
| SSDEEP |
3072:+isFHxitJ/UPSTEzl0p9JzK/ZUFhLw6wDmXntsaVK/Ea:HsFMtZUOtz/hHtFc |
| IMP |
A7FBAC784C7100084BB86A01BF194F0E |
| PESHA1 |
1E4A80936F9F40DF77EFA6E36C7D32E8D7714119 |
| PE256 |
AB9BBFE362000C67E24D2E61F660A94007C8D18C42B5A634A9A099F2C0E9FFEF |
Runtime Data
Usage (stdout):
PsList v1.4 - Process information lister
Copyright (C) 2000-2016 Mark Russinovich
Sysinternals - www.sysinternals.com
Process information for 37AACD8D-548A-4:
Name Pid Pri Thd Hnd Priv CPU Time Elapsed Time
Idle 0 0 8 0 60 2:57:49.109 386:30:40.240
System 4 8 165 9240 196 0:01:02.640 386:30:40.240
Registry 124 8 4 0 9256 0:00:00.718 386:30:48.195
smss 428 11 2 53 1040 0:00:00.515 386:30:40.229
csrss 528 13 11 351 1628 0:00:01.687 386:30:38.109
wininit 600 13 1 163 1348 0:00:00.156 386:30:37.957
services 644 9 5 347 3372 0:00:02.828 386:30:37.750
lsass 664 9 8 1078 6588 0:00:05.156 386:30:37.640
svchost 776 8 10 851 9020 0:00:04.171 386:30:37.066
fontdrvhost 812 8 5 39 1468 0:00:00.625 386:30:36.991
svchost 844 8 8 851 5264 0:00:07.109 386:30:36.858
svchost 968 8 44 1601 23476 0:01:59.343 386:30:36.456
svchost 984 8 42 692 77436 0:00:13.343 386:30:36.451
svchost 1020 8 16 594 7552 0:00:11.015 386:30:36.429
svchost 1064 8 11 624 17592 0:00:01.390 386:30:36.254
svchost 1080 8 18 707 9428 0:00:01.671 386:30:36.247
Memory Compression 1108 8 34 0 200 0:00:01.484 386:30:36.226
svchost 1288 8 12 341 3568 0:00:01.250 389:30:35.454
svchost 1348 8 18 786 7456 0:00:00.859 389:30:35.402
svchost 1416 8 4 377 2280 0:00:00.156 389:30:35.263
svchost 1428 8 3 127 1596 0:00:00.093 389:30:35.258
spoolsv 1560 8 7 460 6548 0:00:01.328 389:30:35.102
svchost 1684 8 12 410 7908 0:00:01.328 389:30:35.013
svchost 1992 8 6 257 4956 0:00:00.234 389:30:34.528
svchost 2020 8 5 195 2264 0:00:00.375 389:30:34.507
CExecSvc 1192 8 2 67 1120 0:00:00.234 389:30:34.485
VmComputeAgent 2152 8 2 164 2160 0:00:00.546 389:30:33.901
svchost 1760 8 3 159 1684 0:00:00.078 0:23:28.799
csrss 2468 13 12 552 1884 0:00:03.250 0:23:28.702
winlogon 2484 13 3 260 2776 0:00:00.562 0:23:28.659
fontdrvhost 2712 8 5 39 2248 0:00:00.718 0:23:28.308
WUDFHost 2732 8 7 325 3368 0:00:01.843 0:23:28.307
dwm 3024 13 23 904 44800 0:00:14.359 0:23:28.168
svchost 3208 8 2 173 2640 0:00:00.453 0:23:27.627
svchost 3252 8 6 192 13968 0:00:06.781 0:23:27.567
rdpclip 3536 8 8 328 3496 0:00:05.406 0:23:26.522
sihost 3576 8 8 491 6404 0:00:02.875 0:23:26.437
svchost 3664 8 9 564 9280 0:00:04.906 0:23:26.294
taskhostw 3716 8 8 311 6844 0:00:01.078 0:23:26.258
svchost 3916 8 3 166 1672 0:00:00.250 0:23:26.121
ctfmon 3980 13 11 433 9736 0:00:07.671 0:23:26.020
explorer 3996 8 73 2592 84140 0:01:13.906 0:23:26.011
svchost 3696 8 5 310 3988 0:00:00.656 0:23:24.025
ApplicationFrameHost 4216 8 2 330 9480 0:00:00.656 0:23:23.162
MicrosoftEdge 4252 8 46 893 22508 0:00:00.875 0:23:23.143
browser_broker 4352 8 2 174 2020 0:00:00.062 0:23:22.987
RuntimeBroker 4460 8 1 212 2728 0:00:00.171 0:23:22.860
svchost 4468 8 2 139 1584 0:00:00.046 0:23:22.854
Windows.WARP.JITService 4540 8 2 107 1312 0:00:00.015 0:23:22.810
MicrosoftEdgeSH 4652 8 21 265 4268 0:00:00.140 0:23:22.527
MicrosoftEdgeCP 4696 8 27 482 6228 0:00:00.203 0:23:22.471
SearchApp 3168 8 54 1274 96852 0:00:09.656 0:23:13.086
RuntimeBroker 2816 8 6 495 12736 0:00:06.484 0:23:12.996
RuntimeBroker 824 8 1 218 2500 0:00:00.937 0:23:12.497
svchost 5396 8 5 208 1948 0:00:00.031 0:22:00.477
SgrmBroker 3392 8 7 103 4092 0:00:00.140 0:21:41.520
svchost 976 8 8 213 2480 0:00:00.046 0:21:41.165
powershell_ise 676 8 27 969 166548 0:01:53.687 0:21:34.222
StartMenuExperienceHost 4368 8 6 574 15724 0:00:01.187 0:21:22.635
RuntimeBroker 5996 8 1 236 3544 0:00:00.515 0:21:22.546
dllhost 2292 8 5 235 3848 0:00:00.265 0:21:21.014
cmd 696 8 1 244 3772 0:00:00.578 0:21:19.435
conhost 2276 8 4 270 7772 0:00:07.281 0:21:19.407
dllhost 1784 8 5 139 2028 0:00:00.359 0:20:59.355
SecurityHealthService 1256 8 4 225 2652 0:00:00.140 0:19:40.886
SecurityHealthHost 4516 8 1 147 1608 0:00:00.187 0:19:40.719
Desktops 892 8 3 215 2124 0:00:00.312 0:17:34.316
conhost 1356 8 3 188 7152 0:00:00.375 0:09:33.056
WmiPrvSE 6076 8 7 157 3660 0:00:12.062 0:09:30.592
audiodg 2676 8 5 253 7880 0:00:02.156 0:09:08.235
WmiPrvSE 3928 8 9 182 2800 0:00:00.078 0:04:47.075
svchost 5968 8 5 112 1696 0:00:00.156 0:01:43.268
WmiPrvSE 1676 8 9 178 3096 0:00:00.062 0:00:19.848
pslist 5064 13 4 229 2548 0:00:00.171 0:00:00.204
conhost 5716 8 4 99 6360 0:00:00.000 0:00:00.198
Loaded Modules:
| Path |
| C:\SysinternalsSuite\pslist.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
330000010A2C79AED7797BA6AC00010000010A
- Thumbprint:
3BDA323E552DB1FDE5F4FBEE75D6D5B2B187EEDC
- Issuer: CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: pslist.exe
- Product Name: Sysinternals pslist
- Company Name: Sysinternals - www.sysinternals.com
- File Version: 1.4
- Product Version: 1.4
- Language: English (United States)
- Legal Copyright: Copyright (C) 2000-2016 Mark Russinovich
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/70
- VirusTotal Link: https://www.virustotal.com/gui/file/9927831e111ac61fd7645bf7efa1787db1a3e85b6f64a274ca04b213dc27fd08/detection/
Possible Misuse
The following table contains possible examples of pslist.exe being misused. While pslist.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
MIT License. Copyright (c) 2020-2021 Strontic.