Hi All,
I am new to HTB and I am slowly working my way through the content. However, I have hit a snag. Under the Windows Fundamental section and the part dealing with Windows Security there is a question which asks - What non-standard application is running under the current user ? (The answer is case sensitive).
Through a variety of methods, using powershell, cmd, tasklist and the gui via windows menus settings apps, I have managed to identify the following apps running: I have tried to take out duplicates to make the list shorter:
ProcessName Id
cmd 1624
CompatTelRunner 6588
conhost 4244
conhost 6244
csrss 444
csrss 552
csrss 4024
ctfmon 4576
dllhost 3996
dllhost 8080
dwm 340
dwm 5472
explorer 6112
fontdrvhost 892
fontdrvhost 900
fontdrvhost 1620
FoxitReaderUpdateService 2984
Idle 0
LockApp 2524
LogonUI 7720
lsass 720
Memory Compression 1724
MicrosoftEdgeUpdate 4900
msdtc 4212
MsMpEng 3212
NisSrv 4220
OneDriveStandaloneUpdater 5716
powershell 7948
rdpclip 2572
Registry 100
RuntimeBroker 3268
RuntimeBroker 6844
RuntimeBroker 7076
RuntimeBroker 7412
RuntimeBroker 7812
SearchApp 6960
SearchIndexer 6988
SecurityHealthService 4944
SecurityHealthSystray 7648
services 700
SgrmBroker 1580
sihost 908
smss 356
spoolsv 2684
StartMenuExperienceHost 6776
svchost 7976
System 4
taskhostw 3960
taskhostw 6540
TextInputHost 6424
VGAuthService 3164
vm3dservice 3152
vm3dservice 3452
vm3dservice 5868
vm3dservice 6376
vmtoolsd 3184
vmtoolsd 7692
wininit 576
winlogon 620
winlogon 4224
WmiPrvSE 3976
WmiPrvSE 5156
WUDFHost 1880
YourPhone 5644
I have tried each of these (and yes it took ages, I could actually fell myself aging) with various combinations of extensions, without extension and also with exe, in various guises such as EXE, eXe, ExE etc and nothing has worked. I reset the system, reset my internet workstation several times, put all of the above in again and still getting just ‘error wrong answer’. As I think I have pretty much exhausted every option available to me, could someone please save my sanity and just give me the answer so I can carry on with the rest of the content?
Kind Regards,
Alex.