Launch CMD as admin.
Code:
This could be helpful, to find other sessions.
Code:
Code:
Code:
If something besides System Idle Process is running, probably scream and figure shit out quickly. Could also swap this to eq Domain1\Username1
Code:
Search for Realtek drivers running?
Code:
Any unresponsive processes? Kill 'em perhaps.
Code:
Find some early processes?
Code:
If you run a regular Command Prompt and then one as an Administrator, you will see the difference with this filter.
Code:
Find all processes running as an Administrator:
Code:
Any console apps running?
Code:
Any non-console apps running?
Code:
Anything running not a console nor a service?
Code:
Get output in a csv view.
Code:
Find what is using the "iexproxy" dll?
Code:
Longest running app? Launch PowerShell as admin.
Code:
Code:
Code:
Code:
tasklist /fi "memusage gt 50000" | sort /r /+65This could be helpful, to find other sessions.
Code:
tasklist /v /FI "Session gt 0"Code:
tasklist /v /FI "Username eq N/A"Code:
tasklist /v /FI "Username ne N/A"If something besides System Idle Process is running, probably scream and figure shit out quickly. Could also swap this to eq Domain1\Username1
Code:
tasklist /v /FI "Username eq NT AUTHORITY\SYSTEM"Search for Realtek drivers running?
Code:
tasklist /v /FI "Windowtitle eq Real*"Any unresponsive processes? Kill 'em perhaps.
Code:
tasklist /v /FI "Status eq Not Responding"Find some early processes?
Code:
tasklist /v /FI "pid lt 1000"If you run a regular Command Prompt and then one as an Administrator, you will see the difference with this filter.
Code:
tasklist /v /FI "Imagename eq cmd*"Find all processes running as an Administrator:
Code:
Code:
tasklist /v | findstr "Admin"
tasklist /v /FI "Windowtitle eq Admin*"Any console apps running?
Code:
tasklist /v /FI "Sessionname eq Console"Any non-console apps running?
Code:
tasklist /v /FI "Sessionname ne Console"Anything running not a console nor a service?
Code:
tasklist /v /FI "Sessionname ne Console" /FI "Sessionname ne Services"Get output in a csv view.
Code:
tasklist /v /FI "Imagename eq d*" /fo csvFind what is using the "iexproxy" dll?
Code:
tasklist /M /fo csv | findstr "ieproxy"Longest running app? Launch PowerShell as admin.
Code:
get-wmiobject Win32_PerfFormattedData_PerfProc_Process | Select -Property PercentProcessorTime, Name, ElapsedTime | Sort-Object -Property ElapsedTime | Format-Table ElapsedTime, Name, PercentProcessorTimeCode:
get-wmiobject Win32_PerfFormattedData_PerfProc_Process | Select -Property PercentProcessorTime, Name, ElapsedTime, Threadcount | Sort-Object -Property ThreadcountCode:
get-wmiobject Win32_PerfFormattedData_PerfProc_Process | Select -Property CreatingProcessID, Name | Sort-Object -Property CreatingProcessID | Format-List CreatingProcessID, Name
