msiexec.exe(进程ID：4900) 命令行:"c:\windows\system32\msiexec.exe" /I C:\Users\admin\AppData\Local\Temp\AweSnu_15.3.20758_x64.msi
msiexec.exe(进程ID：7612) 命令行:C:\Windows\system32\msiexec.exe /V
  msiexec.exe(进程ID：6876) 命令行:C:\Windows\syswow64\MsiExec.exe -Embedding 8AEEBE1AAABF7DF5B89E5CEE152397C1 C
    xmplay.exe(进程ID：7748) 命令行:"C:\Program Files (x86)\贝锐向日葵\贝锐向日葵\360weis\xmplay.exe" 
      powershell.exe(进程ID：7548) 命令行:powershell.exe -NoProfile -ExecutionPolicy Bypass -Command "$action = New-ScheduledTaskAction -Execute \"C:\\Program Files (x86)\\?????\\?????\\360weis\\xmplay.exe\"; $trigger = New-ScheduledTaskTrigger -AtLogon; $principal = New-ScheduledTaskPrincipal -UserId $env:USERNAME -LogonType Interactive -RunLevel Highest; $task = New-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -Description \"Runs scanner at logon\"; if (Get-ScheduledTask -TaskName \"9qsKBF8GsrZIAqD\" -ErrorAction SilentlyContinue) { exit }; Register-ScheduledTask -TaskName \"9qsKBF8GsrZIAqD\" -InputObject $task"
      installer.exe(进程ID：2744) 命令行:installer.exe
  msiexec.exe(进程ID：7208) 命令行:C:\Windows\syswow64\MsiExec.exe -Embedding 4DCC920B24237BDF0530DBEFFE0810CD
  MSIA756.tmp(进程ID：3064) 命令行:"C:\Windows\Installer\MSIA756.tmp" /EnforcedRunAsAdmin /DontWait /RunAsAdmin "C:\Program Files (x86)\贝锐向日葵\贝锐向日葵\AweSun_15.8.4.20746_x64.exe"
    AweSun_15.8.4.20746_x64.exe(进程ID：6668) 命令行:"C:\Program Files (x86)\贝锐向日葵\贝锐向日葵\AweSun_15.8.4.20746_x64.exe" 
      AweSun_15.8.4.20746_x64.exe(进程ID：2404) 命令行:"C:\Program Files (x86)\贝锐向日葵\贝锐向日葵\AweSun_15.8.4.20746_x64.exe" --mod=install --admin=1
        AweSun.exe(进程ID：6848) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=helper --cmd=webview2_check 
        cmd.exe(进程ID：4112) 命令行:cmd /c install.bat AweSun
          cmd.exe(进程ID：5644) 命令行:cmd  /c netsh firewall delete allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" profile=ALL
            netsh.exe(进程ID：4796) 命令行:netsh  firewall delete allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" profile=ALL
          cmd.exe(进程ID：3696) 命令行:cmd  /c netsh firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" name="AweSun" ENABLE
            netsh.exe(进程ID：7704) 命令行:netsh  firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" name="AweSun" ENABLE
          cmd.exe(进程ID：5440) 命令行:cmd  /c netsh firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" name="AweSun" ENABLE profile=ALL
            netsh.exe(进程ID：1860) 命令行:netsh  firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" name="AweSun" ENABLE profile=ALL
          cmd.exe(进程ID：6336) 命令行:cmd  /c netsh firewall delete allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" profile=ALL
            netsh.exe(进程ID：2204) 命令行:netsh  firewall delete allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" profile=ALL
          cmd.exe(进程ID：1728) 命令行:cmd  /c netsh firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" name="AweSunDesktopAgent" ENABLE
            netsh.exe(进程ID：5980) 命令行:netsh  firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" name="AweSunDesktopAgent" ENABLE
          cmd.exe(进程ID：4056) 命令行:cmd  /c netsh firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" name="AweSunDesktopAgent" ENABLE profile=ALL
            netsh.exe(进程ID：2720) 命令行:netsh  firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" name="AweSunDesktopAgent" ENABLE profile=ALL
        AweSun.exe(进程ID：6232) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=install --cmd=driver_iddcx
          devcon.exe(进程ID：5872) 命令行:"C:\Program Files\Oray\AweSun\AweSun\Driver\Idd64\devcon.exe"  remove Root\OrayIddDriver
          devcon.exe(进程ID：7880) 命令行:"C:\Program Files\Oray\AweSun\AweSun\Driver\Idd64\devcon.exe"  install "C:\Program Files\Oray\AweSun\AweSun\Driver\Idd64\OrayIddDriver.inf" Root\OrayIddDriver
        AweSun.exe(进程ID：7764) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=install --cmd=driver_vgc
          devcon.exe(进程ID：3816) 命令行:"C:\Program Files\Oray\AweSun\AweSun\Driver\VGC64\devcon.exe"  remove  oray\orayvgc
          devcon.exe(进程ID：5880) 命令行:"C:\Program Files\Oray\AweSun\AweSun\Driver\VGC64\devcon.exe"  install "C:\Program Files\Oray\AweSun\AweSun\Driver\VGC64\orayvgc.inf" oray\orayvgc
        AweSun.exe(进程ID：1292) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=install --cmd=driver_usbip_vhci
cmd.exe(进程ID：2392) 命令行:"c:\windows\System32\cmd.exe" /c "C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --cmd=autorun
  AweSun.exe(进程ID：6120) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe"  --cmd=autorun
    AweSun.exe(进程ID：6588) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=install --admin=1
      AweSun.exe(进程ID：1120) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=helper --cmd=webview2_check 
      cmd.exe(进程ID：5764) 命令行:cmd /c install.bat AweSun
        cmd.exe(进程ID：5772) 命令行:cmd  /c netsh firewall delete allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" profile=ALL
          netsh.exe(进程ID：3932) 命令行:netsh  firewall delete allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" profile=ALL
        cmd.exe(进程ID：4648) 命令行:cmd  /c netsh firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" name="AweSun" ENABLE
          netsh.exe(进程ID：3168) 命令行:netsh  firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" name="AweSun" ENABLE
        cmd.exe(进程ID：5332) 命令行:cmd  /c netsh firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" name="AweSun" ENABLE profile=ALL
          netsh.exe(进程ID：6516) 命令行:netsh  firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" name="AweSun" ENABLE profile=ALL
        cmd.exe(进程ID：7440) 命令行:cmd  /c netsh firewall delete allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" profile=ALL
          netsh.exe(进程ID：7776) 命令行:netsh  firewall delete allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" profile=ALL
        cmd.exe(进程ID：6640) 命令行:cmd  /c netsh firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" name="AweSunDesktopAgent" ENABLE
          netsh.exe(进程ID：1620) 命令行:netsh  firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" name="AweSunDesktopAgent" ENABLE
        cmd.exe(进程ID：4152) 命令行:cmd  /c netsh firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" name="AweSunDesktopAgent" ENABLE profile=ALL
          netsh.exe(进程ID：4216) 命令行:netsh  firewall add allowedprogram program="C:\Program Files\Oray\AweSun\AweSun\agent\AweSun.exe" name="AweSunDesktopAgent" ENABLE profile=ALL
      AweSun.exe(进程ID：6308) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=install --cmd=driver_iddcx
        devcon.exe(进程ID：1208) 命令行:"C:\Program Files\Oray\AweSun\AweSun\Driver\Idd64\devcon.exe"  remove Root\OrayIddDriver
        devcon.exe(进程ID：1452) 命令行:"C:\Program Files\Oray\AweSun\AweSun\Driver\Idd64\devcon.exe"  install "C:\Program Files\Oray\AweSun\AweSun\Driver\Idd64\OrayIddDriver.inf" Root\OrayIddDriver
      AweSun.exe(进程ID：7852) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=install --cmd=driver_vgc
        devcon.exe(进程ID：7632) 命令行:"C:\Program Files\Oray\AweSun\AweSun\Driver\VGC64\devcon.exe"  remove  oray\orayvgc
        devcon.exe(进程ID：1996) 命令行:"C:\Program Files\Oray\AweSun\AweSun\Driver\VGC64\devcon.exe"  install "C:\Program Files\Oray\AweSun\AweSun\Driver\VGC64\orayvgc.inf" oray\orayvgc
      AweSun.exe(进程ID：2292) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=install --cmd=driver_usbip_vhci
WUDFHost.exe(进程ID：3220) 命令行:"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-81cbc7c7-62f9-4e27-9cf3-35fa71505651 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-8bd1c370-8887-4cdf-9654-01e668bf6bee -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-9e798c06-ff50-4453-8943-18830711518f -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b3ae35ab-2876-4628-beb0-72bfbb25cceb -LifetimeId:51f78736-4aee-4d4c-ad0a-008c165af5b3 -DeviceGroupId:OrayIddDriverGroup -HostArg:0
AweSun.exe(进程ID：8180) 命令行:"C:\Program Files\Oray\AweSun\AweSun\AweSun.exe" --mod=service
WUDFHost.exe(进程ID：2488) 命令行:"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4e5ac7a6-4dbe-42dc-8753-45bbade85d68 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-213c6976-ae74-418c-a194-eee47c6e11f8 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-2d61ffc3-c6be-4f15-b5c0-45671a2aac99 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-dbaedca2-a18b-492f-a83b-9e0dfb5ca96c -LifetimeId:a02ac04c-e86f-455b-851b-eb9a3c87d6bb -DeviceGroupId:OrayIddDriverGroup -HostArg:0
awesun_guard.exe(进程ID：5680) 命令行:"C:\Program Files\Oray\AweSun\AweSun\awesun_guard\64\awesun_guard.exe" start -mode worker -server api-ti.sunlogin.oray.com -sunlogin -appname "Global\966DDA87-F543-42B4-B6CE-A1225068B7C7" -client_id "" -uid 0 -ua "SLRC/15.8.4.20746 (Windows,x64,appname=sunloginRemoteClient)"