How to find out which program belongs to a process launched from the TEMP folder?

N

naruto_hokagi2020-10-21 08:05:48

Windows

naruto_hokagi, 2020-10-21 08:05:48

Hello! Is it possible to determine its belonging to the program by the name of the process? For example, a process like this is launched: C:\Users\user\AppData\Local\TEMP\11e91b3b-0f70-4893-b84d-940a5137be.exe

Nothing could be googled. In addition to such an entry, there is nothing else; there is no access to the machine on which the process is launched.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

K

Konstantin Tsvetkov, 2020-10-21
@tsklab

Task Manager, Details, Properties or Web Search.

Y

younghacker, 2020-10-21
@younghacker

Try the sysinternals utilities, you need to catch the process that writes to this folder.
Alternatively, if you do not have Windows HomeEdidtion, you can prohibit the launch of applications from the TEMP folder (software execution policy or Applocker) and see which process will report an error. Look at the logs.

A

antonwx, 2020-10-21
@antonwx

You can track it with ProcessMonitor https://docs.microsoft.com/en-us/sysinternals/down...