diff --git a/linPEAS/linpeas.sh b/linPEAS/linpeas.sh old mode 100755 new mode 100644 diff --git a/winPEAS/LICENSE b/winPEAS/LICENSE deleted file mode 100644 index e03ef2d..0000000 --- a/winPEAS/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2019 Carlos Polop - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/winPEAS/README.md b/winPEAS/README.md index 8a164ff..bb630b1 100644 --- a/winPEAS/README.md +++ b/winPEAS/README.md @@ -1,18 +1,18 @@ # Windows Privilege Escalation Awesome Scripts -![](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png) +![](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/raw/master/winPEAS/winPEASexe/images/winpeas.png) Check the **Local Windows Privilege Escalation checklist** from **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)** Check more **information about how to exploit** found misconfigurations in **[book.hacktricks.xyz](https://book.hacktricks.xyz/windows/windows-local-privilege-escalation)** ## WinPEAS .exe and .bat -- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASexe) -- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-script-suite/tree/master/winPEAS/winPEASbat) Notice that WinPEAS.bat is a batch script made for Windows systems which don't support WinPEAS.exe (Net.4 required) +- [Link to WinPEAS C# project (.exe)](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASexe) +- [Link to WinPEAS .bat project](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS/winPEASbat) Notice that WinPEAS.bat is a batch script made for Windows systems which don't support WinPEAS.exe (Net.4 required) ## Let's improve PEASS together -If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **Telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. +If you want to **add something** and have **any cool idea** related to this project, please let me know it in the **telegram group https://t.me/peass** or using **[github issues](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/issues)** and we will update the master version. ## Please, if this tool has been useful for you consider to donate @@ -24,8 +24,7 @@ Contact me and ask about the **Privilege Escalation Course** I am preparing for ## Advisory -All the scripts/binaries of the PEAS suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission. - +All the scripts/binaries of the PEAS Suite should be used for authorized penetration testing and/or educational purposes only. Any misuse of this software will not be the responsibility of the author or of any other collaborator. Use it at your own networks and/or with the network owner's permission. ## License diff --git a/winPEAS/winPEASexe/images/dotfuscator.PNG b/winPEAS/winPEASexe/images/dotfuscator.PNG new file mode 100644 index 0000000..5ef3432 Binary files /dev/null and b/winPEAS/winPEASexe/images/dotfuscator.PNG differ diff --git a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/.signature.p7s b/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/.signature.p7s deleted file mode 100644 index c9950d4..0000000 Binary files a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/.signature.p7s and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/Costura.Fody.4.1.0.nupkg b/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/Costura.Fody.4.1.0.nupkg deleted file mode 100644 index 175f3c3..0000000 Binary files a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/Costura.Fody.4.1.0.nupkg and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/build/Costura.Fody.props b/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/build/Costura.Fody.props deleted file mode 100644 index a189a9a..0000000 --- a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/build/Costura.Fody.props +++ /dev/null @@ -1,5 +0,0 @@ - - - - - \ No newline at end of file diff --git a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/lib/net40/Costura.dll b/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/lib/net40/Costura.dll deleted file mode 100644 index 27d80be..0000000 Binary files a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/lib/net40/Costura.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/lib/net40/Costura.xml b/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/lib/net40/Costura.xml deleted file mode 100644 index ec57626..0000000 --- a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/lib/net40/Costura.xml +++ /dev/null @@ -1,18 +0,0 @@ - - - - Costura - - - - - Contains methods for interacting with the Costura system. - - - - - Call this to Initialize the Costura system. - - - - diff --git a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.dll b/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.dll deleted file mode 100644 index d74ccba..0000000 Binary files a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.xcf b/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.xcf deleted file mode 100644 index 0f0424e..0000000 --- a/winPEAS/winPEASexe/packages/Costura.Fody.4.1.0/weaver/Costura.Fody.xcf +++ /dev/null @@ -1,85 +0,0 @@ - - - - - - A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks - - - - - A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks. - - - - - A list of unmanaged 32 bit assembly names to include, delimited with line breaks. - - - - - A list of unmanaged 64 bit assembly names to include, delimited with line breaks. - - - - - The order of preloaded assemblies, delimited with line breaks. - - - - - - This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file. - - - - - Controls if .pdbs for reference assemblies are also embedded. - - - - - Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option. - - - - - As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off. - - - - - Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code. - - - - - Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior. - - - - - A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with | - - - - - A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |. - - - - - A list of unmanaged 32 bit assembly names to include, delimited with |. - - - - - A list of unmanaged 64 bit assembly names to include, delimited with |. - - - - - The order of preloaded assemblies, delimited with |. - - - \ No newline at end of file diff --git a/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/.signature.p7s b/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/.signature.p7s deleted file mode 100644 index a423cd9..0000000 Binary files a/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/.signature.p7s and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/CredentialManagement.1.0.2.nupkg b/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/CredentialManagement.1.0.2.nupkg deleted file mode 100644 index 4d142ec..0000000 Binary files a/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/CredentialManagement.1.0.2.nupkg and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/lib/net35/CredentialManagement.dll b/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/lib/net35/CredentialManagement.dll deleted file mode 100644 index 26fcb6c..0000000 Binary files a/winPEAS/winPEASexe/packages/CredentialManagement.1.0.2/lib/net35/CredentialManagement.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/.signature.p7s b/winPEAS/winPEASexe/packages/Fody.6.0.0/.signature.p7s deleted file mode 100644 index 4d9aadd..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/.signature.p7s and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/Fody.6.0.0.nupkg b/winPEAS/winPEASexe/packages/Fody.6.0.0/Fody.6.0.0.nupkg deleted file mode 100644 index b355281..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/Fody.6.0.0.nupkg and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/build/Fody.targets b/winPEAS/winPEASexe/packages/Fody.6.0.0/build/Fody.targets deleted file mode 100644 index f8dcd9d..0000000 --- a/winPEAS/winPEASexe/packages/Fody.6.0.0/build/Fody.targets +++ /dev/null @@ -1,110 +0,0 @@ - - - - $(ProjectDir)FodyWeavers.xml - $(MSBuildThisFileDirectory)..\ - $(FodyPath)netstandardtask - $(FodyPath)netclassictask - $(FodyAssemblyDirectory)\Fody.dll - $(DefaultItemExcludes);FodyWeavers.xsd - true - 15 - $([System.Version]::Parse($(MSBuildVersion)).Major) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Fody.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Fody.dll deleted file mode 100644 index 2ca8d38..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Fody.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyCommon.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyCommon.dll deleted file mode 100644 index 8cd5941..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyCommon.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyHelpers.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyHelpers.dll deleted file mode 100644 index d04ebd9..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyHelpers.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyIsolated.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyIsolated.dll deleted file mode 100644 index fbf1279..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/FodyIsolated.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.dll deleted file mode 100644 index 980d4da..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.pdb b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.pdb deleted file mode 100644 index c3a88f3..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Pdb.pdb and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.dll deleted file mode 100644 index 1355bb7..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.pdb b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.pdb deleted file mode 100644 index 864cdbd..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.Rocks.pdb and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.dll deleted file mode 100644 index 099fba4..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.pdb b/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.pdb deleted file mode 100644 index ad888f4..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netclassictask/Mono.Cecil.pdb and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Fody.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Fody.dll deleted file mode 100644 index cbc88c1..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Fody.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyCommon.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyCommon.dll deleted file mode 100644 index 909c960..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyCommon.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyHelpers.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyHelpers.dll deleted file mode 100644 index d04ebd9..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyHelpers.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyIsolated.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyIsolated.dll deleted file mode 100644 index c938719..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/FodyIsolated.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.dll deleted file mode 100644 index e81b2f8..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.pdb b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.pdb deleted file mode 100644 index 8347861..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Pdb.pdb and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.dll deleted file mode 100644 index 2b2652b..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.pdb b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.pdb deleted file mode 100644 index 61af54c..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.Rocks.pdb and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.dll b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.dll deleted file mode 100644 index f1a5119..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.dll and /dev/null differ diff --git a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.pdb b/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.pdb deleted file mode 100644 index b506a34..0000000 Binary files a/winPEAS/winPEASexe/packages/Fody.6.0.0/netstandardtask/Mono.Cecil.pdb and /dev/null differ diff --git a/winPEAS/winPEASexe/winPEAS/Beaprint.cs b/winPEAS/winPEASexe/winPEAS/Beaprint.cs index a8f7d9b..27bb7e8 100644 --- a/winPEAS/winPEASexe/winPEAS/Beaprint.cs +++ b/winPEAS/winPEASexe/winPEAS/Beaprint.cs @@ -1,7 +1,5 @@ -//using Colorful; // http://colorfulconsole.com/ -using System; +using System; using System.Collections.Generic; -using System.Drawing; using System.Text.RegularExpressions; using System.Threading; @@ -20,10 +18,10 @@ namespace winPEAS static string BLUE = "\x1b[34m"; public static string LBLUE = "\x1b[1;34m"; static string MAGENTA = "\x1b[1:35m"; - static string LMAGENTA = "\x1b[1;35m"; + //static string LMAGENTA = "\x1b[1;35m"; static string CYAN = "\x1b[36m"; static string LCYAN = "\x1b[1;36m"; - static string REDYELLOW = "\x1b[31;103m"; + //static string REDYELLOW = "\x1b[31;103m"; public static string NOCOLOR = "\x1b[0m"; public static string ansi_color_bad = RED; public static string ansi_color_good = GREEN; @@ -39,8 +37,6 @@ namespace winPEAS ///////////////////////////////// public static void PrintBanner() { - try - { System.Console.WriteLine(BLUE + String.Format(@" {0}*((,.,/((((((((((((((((((((/, */ {0},/*,..*((((((((((((((((((((((((((((((((((, @@ -73,47 +69,30 @@ namespace winPEAS System.Console.WriteLine(LYELLOW + "ADVISORY: " + BLUE + Program.advisory); System.Console.WriteLine(); Thread.Sleep(700); - } - catch (Exception ex) - { - GrayPrint("Error in PrintBanner: " + ex); - } } public static void PrintInit() { - try - { - if (Program.banner) - PrintBanner(); + if (Program.banner) + PrintBanner(); + + System.Console.WriteLine(YELLOW + " WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR); + System.Console.WriteLine(); + PrintLeyend(); + System.Console.WriteLine(); + LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:"); - System.Console.WriteLine(YELLOW + " WinPEAS " + GREEN + Program.version + NOCOLOR + YELLOW + " by carlospolop" + NOCOLOR); - System.Console.WriteLine(); - PrintLeyend(); - System.Console.WriteLine(); - LinkPrint("https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation", "You can find a Windows local PE Checklist here:"); - } - catch(Exception ex) - { - GrayPrint("Error in PrintInit: " + ex); - } } static void PrintLeyend() { - try - { - System.Console.WriteLine(YELLOW + " [+] " + GREEN + "Leyend:" + NOCOLOR); - System.Console.WriteLine(RED + " Red" + GRAY + " Indicates a special privilege over an object or something is misconfigured" + NOCOLOR); - System.Console.WriteLine(GREEN + " Green" + GRAY + " Indicates that some protection is enabled or something is well configured" + NOCOLOR); - System.Console.WriteLine(CYAN + " Cyan" + GRAY + " Indicates active users" + NOCOLOR); - System.Console.WriteLine(BLUE + " Blue" + GRAY + " Indicates disabled users" + NOCOLOR); - System.Console.WriteLine(LYELLOW + " LightYellow" + GRAY + " Indicates links" + NOCOLOR); - } - catch(Exception ex) - { - GrayPrint("Error in PrintLeyend: " + ex); - } + System.Console.WriteLine(YELLOW + " [+] " + GREEN + "Leyend:" + NOCOLOR); + System.Console.WriteLine(RED + " Red" + GRAY + " Indicates a special privilege over an object or something is misconfigured" + NOCOLOR); + System.Console.WriteLine(GREEN + " Green" + GRAY + " Indicates that some protection is enabled or something is well configured" + NOCOLOR); + System.Console.WriteLine(CYAN + " Cyan" + GRAY + " Indicates active users" + NOCOLOR); + System.Console.WriteLine(BLUE + " Blue" + GRAY + " Indicates disabled users" + NOCOLOR); + System.Console.WriteLine(LYELLOW + " LightYellow" + GRAY + " Indicates links" + NOCOLOR); + } public static void PrintUsage() @@ -142,54 +121,27 @@ namespace winPEAS ///////////////////////////////// public static void GreatPrint(string toPrint) { - try - { - System.Console.WriteLine(); - System.Console.WriteLine(); - int halfTotal = 60; - System.Console.WriteLine(LCYAN + " " + new String('=', halfTotal - toPrint.Length) + "(" + NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); - } + + System.Console.WriteLine(); + System.Console.WriteLine(); + int halfTotal = 60; + System.Console.WriteLine(LCYAN + " " + new String('=', halfTotal - toPrint.Length) + "(" + NOCOLOR + YELLOW + toPrint + LCYAN + ")" + new String('=', halfTotal - toPrint.Length) + NOCOLOR); } public static void MainPrint(string toPrint, string attackid) { - try - { - System.Console.WriteLine(); - System.Console.WriteLine(YELLOW + " [+] " + GREEN + toPrint + YELLOW + "(" + DGRAY + attackid + YELLOW + ")" + NOCOLOR); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); - } + System.Console.WriteLine(); + System.Console.WriteLine(YELLOW + " [+] " + GREEN + toPrint + YELLOW + "(" + DGRAY + attackid + YELLOW + ")" + NOCOLOR); } public static void LinkPrint(string link, string comment = "") { - try - { - System.Console.WriteLine(YELLOW + " [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); - } + System.Console.WriteLine(YELLOW + " [?] " + LBLUE + comment + " " + LYELLOW + link + NOCOLOR); } public static void InfoPrint(string toPrint) { - try - { - System.Console.WriteLine(YELLOW + " [i] " + LBLUE + toPrint + NOCOLOR); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); - } + System.Console.WriteLine(YELLOW + " [i] " + LBLUE + toPrint + NOCOLOR); } public static void NotFoundPrint() @@ -247,131 +199,92 @@ namespace winPEAS } public static void DictPrint(Dictionary dicprint, Dictionary ansi_colors_regexp, bool delete_nulls, bool no_gray = false) { - try + foreach (KeyValuePair entry in dicprint) { - foreach (KeyValuePair entry in dicprint) - { - if (delete_nulls && String.IsNullOrEmpty(entry.Value.Trim())) - continue; - string value = entry.Value; - string key = entry.Key; - string line = ""; - if (! no_gray) - line = ansi_color_gray + " " + key + ": " + NOCOLOR + value; - else - line = " " + key + ": " + value; + if (delete_nulls && String.IsNullOrEmpty(entry.Value.Trim())) + continue; + string value = entry.Value; + string key = entry.Key; + string line = ""; + if (!no_gray) + line = ansi_color_gray + " " + key + ": " + NOCOLOR + value; + else + line = " " + key + ": " + value; - foreach (KeyValuePair color in ansi_colors_regexp) - line = Regexansi(line, color.Value, color.Key); - - System.Console.WriteLine(line); - } - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); + foreach (KeyValuePair color in ansi_colors_regexp) + line = Regexansi(line, color.Value, color.Key); + + System.Console.WriteLine(line); } + } public static void DictPrint(Dictionary dicprint, bool delete_nulls) { - try + if (dicprint.Count > 0) { - if (dicprint.Count > 0) + foreach (KeyValuePair entry in dicprint) { - foreach (KeyValuePair entry in dicprint) - { - if (delete_nulls && String.IsNullOrEmpty(entry.Value)) - continue; - System.Console.WriteLine(ansi_color_gray + " " + entry.Key + ": " + NOCOLOR + entry.Value); - } + if (delete_nulls && String.IsNullOrEmpty(entry.Value)) + continue; + System.Console.WriteLine(ansi_color_gray + " " + entry.Key + ": " + NOCOLOR + entry.Value); } - else - NotFoundPrint(); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); } + else + NotFoundPrint(); } public static void DictPrint(List> listdicprint, bool delete_nulls) { - try + if (listdicprint.Count > 0) { - if (listdicprint.Count > 0) + foreach (Dictionary dicprint in listdicprint) { - foreach (Dictionary dicprint in listdicprint) - { - DictPrint(dicprint, delete_nulls); - PrintLineSeparator(); - } + DictPrint(dicprint, delete_nulls); + PrintLineSeparator(); } - else - NotFoundPrint(); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); } + else + NotFoundPrint(); } public static void DictPrint(Dictionary dicprint, bool delete_nulls) { - try + + if (dicprint != null) { - if (dicprint != null) - { - Dictionary results = new Dictionary(); - foreach (KeyValuePair entry in dicprint) - results[entry.Key] = String.Format("{0}", entry.Value); - DictPrint(results, delete_nulls); - } - else - NotFoundPrint(); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); + Dictionary results = new Dictionary(); + foreach (KeyValuePair entry in dicprint) + results[entry.Key] = String.Format("{0}", entry.Value); + DictPrint(results, delete_nulls); } + else + NotFoundPrint(); + } public static void DictPrint(List> listdicprint, Dictionary colors, bool delete_nulls, bool no_gray = false) { - try + if (listdicprint.Count > 0) { - if (listdicprint.Count > 0) + foreach (Dictionary dicprint in listdicprint) { - foreach (Dictionary dicprint in listdicprint) - { - DictPrint(dicprint, colors, delete_nulls, no_gray); - PrintLineSeparator(); - } + DictPrint(dicprint, colors, delete_nulls, no_gray); + PrintLineSeparator(); } - else - NotFoundPrint(); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); } + else + NotFoundPrint(); } public static void ListPrint(List list_to_print) { - try + if (list_to_print.Count > 0) { - if (list_to_print.Count > 0) - { - foreach (string elem in list_to_print) - System.Console.WriteLine(" " + elem); - } - else - NotFoundPrint(); - } - catch (Exception ex) - { - GrayPrint(String.Format("{0}", ex)); + foreach (string elem in list_to_print) + System.Console.WriteLine(" " + elem); } + else + NotFoundPrint(); } public static void ListPrint(List list_to_print, Dictionary dic_colors) @@ -401,10 +314,10 @@ namespace winPEAS BLUE = ""; LBLUE = ""; MAGENTA = ""; - LMAGENTA = ""; + //LMAGENTA = ""; CYAN = ""; LCYAN = ""; - REDYELLOW = ""; + //REDYELLOW = ""; NOCOLOR = ""; ansi_color_bad = ""; ansi_color_good = ""; diff --git a/winPEAS/winPEASexe/winPEAS/KnownFileCredsInfo.cs b/winPEAS/winPEASexe/winPEAS/KnownFileCredsInfo.cs index 128df44..b1bb8da 100644 --- a/winPEAS/winPEASexe/winPEAS/KnownFileCredsInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/KnownFileCredsInfo.cs @@ -1,5 +1,4 @@ -using CredentialManagement; -using Microsoft.Win32; +using Microsoft.Win32; using System; using System.Collections.Generic; using System.Diagnostics; @@ -829,11 +828,6 @@ namespace winPEAS return results; } - public static void GetCredsCredmanager() - { - var cm = new Credential { }; - cm.Load(); - } public static List> GetSavedRDPConnections() { @@ -2007,25 +2001,7 @@ namespace winPEAS return false; } } - public static IEnumerable Split(string text, int partLength) - { - if (text == null) { Console.WriteLine("[ERROR] Split() - singleLineString"); } - if (partLength < 1) { Console.WriteLine("[ERROR] Split() - 'columns' must be greater than 0."); } - var partCount = Math.Ceiling((double)text.Length / partLength); - if (partCount < 2) - { - yield return text; - } - - for (int i = 0; i < partCount; i++) - { - var index = i * partLength; - var lengthLeft = Math.Min(partLength, text.Length - index); - var line = text.Substring(index, lengthLeft); - yield return line; - } - } public static List> ListKerberosTickets() { if (MyUtils.IsHighIntegrity()) @@ -2194,6 +2170,7 @@ namespace winPEAS } return results; } + public static List> ListKerberosTicketsCurrentUser() { List> results = new List>(); @@ -2294,6 +2271,7 @@ namespace winPEAS return ListKerberosTGTDataCurrentUser(); } } + public static List> ListKerberosTGTDataAllUsers() { List> results = new List>(); diff --git a/winPEAS/winPEASexe/winPEAS/MyUtils.cs b/winPEAS/winPEASexe/winPEAS/MyUtils.cs index 2d141e7..a08594e 100644 --- a/winPEAS/winPEASexe/winPEAS/MyUtils.cs +++ b/winPEAS/winPEASexe/winPEAS/MyUtils.cs @@ -9,7 +9,6 @@ using System.Text.RegularExpressions; using System.Reflection; using System.Security.AccessControl; using System.Runtime.InteropServices; -//using Colorful; using System.Threading; namespace winPEAS @@ -623,22 +622,6 @@ namespace winPEAS ////////////////////// //////// MISC //////// ////////////////////// - public static Dictionary RemoveEmptyKeys(Dictionary dic_in) - { - Dictionary results = new Dictionary(); - try - { - foreach (KeyValuePair entry in dic_in) - if (!String.IsNullOrEmpty(entry.Value.Trim())) - results[entry.Key] = entry.Value; - return results; - } - catch (Exception ex) - { - Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message)); - } - return results; - } public static List ListFolder(String path) { string root = @Path.GetPathRoot(Environment.SystemDirectory) + path; diff --git a/winPEAS/winPEASexe/winPEAS/ProcessesInfo.cs b/winPEAS/winPEASexe/winPEAS/ProcessesInfo.cs index 4d8409c..556b054 100644 --- a/winPEAS/winPEASexe/winPEAS/ProcessesInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/ProcessesInfo.cs @@ -13,709 +13,706 @@ namespace winPEAS class ProcessesInfo { public static Hashtable defensiveProcesses = new Hashtable() - { - {"mcshield.exe" , "McAfee AV"}, - {"windefend.exe" , "Windows Defender AV"}, - {"MSASCui.exe" , "Windows Defender AV"}, - {"MSASCuiL.exe" , "Windows Defender AV"}, - {"msmpeng.exe" , "Windows Defender AV"}, - {"msmpsvc.exe" , "Windows Defender AV"}, - {"WRSA.exe" , "WebRoot AV"}, - {"savservice.exe" , "Sophos AV"}, - {"TMCCSF.exe" , "Trend Micro AV"}, - {"symantec antivirus.exe" , "Symantec AV"}, - {"mbae.exe" , "MalwareBytes Anti-Exploit"}, - {"parity.exe" , "Bit9 application whitelisting"}, - {"cb.exe" , "Carbon Black behavioral analysis"}, - {"bds-vision.exe" , "BDS Vision behavioral analysis"}, - {"Triumfant.exe" , "Triumfant behavioral analysis"}, - {"CSFalcon.exe" , "CrowdStrike Falcon EDR"}, - {"ossec.exe" , "OSSEC intrusion detection"}, - {"TmPfw.exe" , "Trend Micro firewall"}, - {"dgagent.exe" , "Verdasys Digital Guardian DLP"}, - {"kvoop.exe" , "Unknown DLP process" }, - {"AAWTray.exe" , "UNKNOWN"}, - {"ackwin32.exe" , "UNKNOWN"}, - {"Ad-Aware.exe" , "UNKNOWN"}, - {"adaware.exe" , "UNKNOWN"}, - {"advxdwin.exe" , "UNKNOWN"}, - {"agentsvr.exe" , "UNKNOWN"}, - {"agentw.exe" , "UNKNOWN"}, - {"alertsvc.exe" , "UNKNOWN"}, - {"alevir.exe" , "UNKNOWN"}, - {"alogserv.exe" , "UNKNOWN"}, - {"amon9x.exe" , "UNKNOWN"}, - {"anti-trojan.exe" , "UNKNOWN"}, - {"antivirus.exe" , "UNKNOWN"}, - {"ants.exe" , "UNKNOWN"}, - {"apimonitor.exe" , "UNKNOWN"}, - {"aplica32.exe" , "UNKNOWN"}, - {"apvxdwin.exe" , "UNKNOWN"}, - {"arr.exe" , "UNKNOWN"}, - {"atcon.exe" , "UNKNOWN"}, - {"atguard.exe" , "UNKNOWN"}, - {"atro55en.exe" , "UNKNOWN"}, - {"atupdater.exe" , "UNKNOWN"}, - {"atwatch.exe" , "UNKNOWN"}, - {"au.exe" , "UNKNOWN"}, - {"aupdate.exe" , "UNKNOWN"}, - {"auto-protect.nav80try.exe", "UNKNOWN"}, - {"autodown.exe" , "UNKNOWN"}, - {"autoruns.exe" , "UNKNOWN"}, - {"autorunsc.exe" , "UNKNOWN"}, - {"autotrace.exe" , "UNKNOWN"}, - {"autoupdate.exe" , "UNKNOWN"}, - {"avconsol.exe" , "UNKNOWN"}, - {"ave32.exe" , "UNKNOWN"}, - {"avgcc32.exe" , "UNKNOWN"}, - {"avgctrl.exe" , "UNKNOWN"}, - {"avgemc.exe" , "UNKNOWN"}, - {"avgnt.exe" , "UNKNOWN"}, - {"avgrsx.exe" , "UNKNOWN"}, - {"avgserv.exe" , "UNKNOWN"}, - {"avgserv9.exe" , "UNKNOWN"}, - {"avguard.exe" , "UNKNOWN"}, - {"avgwdsvc.exe" , "UNKNOWN"}, - {"avgui.exe" , "UNKNOWN"}, - {"avgw.exe" , "UNKNOWN"}, - {"avkpop.exe" , "UNKNOWN"}, - {"avkserv.exe" , "UNKNOWN"}, - {"avkservice.exe" , "UNKNOWN"}, - {"avkwctl9.exe" , "UNKNOWN"}, - {"avltmain.exe" , "UNKNOWN"}, - {"avnt.exe" , "UNKNOWN"}, - {"avp.exe" , "UNKNOWN"}, - {"avp32.exe" , "UNKNOWN"}, - {"avpcc.exe" , "UNKNOWN"}, - {"avpdos32.exe" , "UNKNOWN"}, - {"avpm.exe" , "UNKNOWN"}, - {"avptc32.exe" , "UNKNOWN"}, - {"avpupd.exe" , "UNKNOWN"}, - {"avsched32.exe" , "UNKNOWN"}, - {"avsynmgr.exe" , "UNKNOWN"}, - {"avwin.exe" , "UNKNOWN"}, - {"avwin95.exe" , "UNKNOWN"}, - {"avwinnt.exe" , "UNKNOWN"}, - {"avwupd.exe" , "UNKNOWN"}, - {"avwupd32.exe" , "UNKNOWN"}, - {"avwupsrv.exe" , "UNKNOWN"}, - {"avxmonitor9x.exe" , "UNKNOWN"}, - {"avxmonitornt.exe" , "UNKNOWN"}, - {"avxquar.exe" , "UNKNOWN"}, - {"backweb.exe" , "UNKNOWN"}, - {"bargains.exe" , "UNKNOWN"}, - {"bd_professional.exe" , "UNKNOWN"}, - {"beagle.exe" , "UNKNOWN"}, - {"belt.exe" , "UNKNOWN"}, - {"bidef.exe" , "UNKNOWN"}, - {"bidserver.exe" , "UNKNOWN"}, - {"bipcp.exe" , "UNKNOWN"}, - {"bipcpevalsetup.exe" , "UNKNOWN"}, - {"bisp.exe" , "UNKNOWN"}, - {"blackd.exe" , "UNKNOWN"}, - {"blackice.exe" , "UNKNOWN"}, - {"blink.exe" , "UNKNOWN"}, - {"blss.exe" , "UNKNOWN"}, - {"bootconf.exe" , "UNKNOWN"}, - {"bootwarn.exe" , "UNKNOWN"}, - {"borg2.exe" , "UNKNOWN"}, - {"bpc.exe" , "UNKNOWN"}, - {"brasil.exe" , "UNKNOWN"}, - {"bs120.exe" , "UNKNOWN"}, - {"bundle.exe" , "UNKNOWN"}, - {"bvt.exe" , "UNKNOWN"}, - {"ccapp.exe" , "UNKNOWN"}, - {"ccevtmgr.exe" , "UNKNOWN"}, - {"ccpxysvc.exe" , "UNKNOWN"}, - {"ccSvcHst.exe" , "UNKNOWN"}, - {"cdp.exe" , "UNKNOWN"}, - {"cfd.exe" , "UNKNOWN"}, - {"cfgwiz.exe" , "UNKNOWN"}, - {"cfiadmin.exe" , "UNKNOWN"}, - {"cfiaudit.exe" , "UNKNOWN"}, - {"cfinet.exe" , "UNKNOWN"}, - {"cfinet32.exe" , "UNKNOWN"}, - {"claw95.exe" , "UNKNOWN"}, - {"claw95cf.exe" , "UNKNOWN"}, - {"clean.exe" , "UNKNOWN"}, - {"cleaner.exe" , "UNKNOWN"}, - {"cleaner3.exe" , "UNKNOWN"}, - {"cleanpc.exe" , "UNKNOWN"}, - {"cleanup.exe" , "UNKNOWN"}, - {"click.exe" , "UNKNOWN"}, - {"cmdagent.exe" , "UNKNOWN"}, - {"cmesys.exe" , "UNKNOWN"}, - {"cmgrdian.exe" , "UNKNOWN"}, - {"cmon016.exe" , "UNKNOWN"}, - {"connectionmonitor.exe" , "UNKNOWN"}, - {"cpd.exe" , "UNKNOWN"}, - {"cpf9x206.exe" , "UNKNOWN"}, - {"cpfnt206.exe" , "UNKNOWN"}, - {"ctrl.exe" , "UNKNOWN"}, - {"cv.exe" , "UNKNOWN"}, - {"cwnb181.exe" , "UNKNOWN"}, - {"cwntdwmo.exe" , "UNKNOWN"}, - {"CylanceUI.exe" , "UNKNOWN"}, - {"CyProtect.exe" , "UNKNOWN"}, - {"CyUpdate.exe" , "UNKNOWN"}, - {"cyserver.exe" , "UNKNOWN"}, - {"cytray.exe" , "UNKNOWN"}, - {"CyveraService.exe" , "UNKNOWN"}, - {"datemanager.exe" , "UNKNOWN"}, - {"dcomx.exe" , "UNKNOWN"}, - {"defalert.exe" , "UNKNOWN"}, - {"defscangui.exe" , "UNKNOWN"}, - {"defwatch.exe" , "UNKNOWN"}, - {"deputy.exe" , "UNKNOWN"}, - {"divx.exe" , "UNKNOWN"}, - {"dgprompt.exe" , "UNKNOWN"}, - {"DgService.exe" , "UNKNOWN"}, - {"dllcache.exe" , "UNKNOWN"}, - {"dllreg.exe" , "UNKNOWN"}, - {"doors.exe" , "UNKNOWN"}, - {"dpf.exe" , "UNKNOWN"}, - {"dpfsetup.exe" , "UNKNOWN"}, - {"dpps2.exe" , "UNKNOWN"}, - {"drwatson.exe" , "UNKNOWN"}, - {"drweb32.exe" , "UNKNOWN"}, - {"drwebupw.exe" , "UNKNOWN"}, - {"dssagent.exe" , "UNKNOWN"}, - {"dumpcap.exe" , "UNKNOWN"}, - {"dvp95.exe" , "UNKNOWN"}, - {"dvp95_0.exe" , "UNKNOWN"}, - {"ecengine.exe" , "UNKNOWN"}, - {"efpeadm.exe" , "UNKNOWN"}, - {"egui.exe" , "UNKNOWN"}, - {"ekrn.exe" , "UNKNOWN"}, - {"emet_agent.exe" , "UNKNOWN"}, - {"emet_service.exe" , "UNKNOWN"}, - {"emsw.exe" , "UNKNOWN"}, - {"engineserver.exe" , "UNKNOWN"}, - {"ent.exe" , "UNKNOWN"}, - {"esafe.exe" , "UNKNOWN"}, - {"escanhnt.exe" , "UNKNOWN"}, - {"escanv95.exe" , "UNKNOWN"}, - {"espwatch.exe" , "UNKNOWN"}, - {"ethereal.exe" , "UNKNOWN"}, - {"etrustcipe.exe" , "UNKNOWN"}, - {"evpn.exe" , "UNKNOWN"}, - {"exantivirus-cnet.exe" , "UNKNOWN"}, - {"exe.avxw.exe" , "UNKNOWN"}, - {"expert.exe" , "UNKNOWN"}, - {"explore.exe" , "UNKNOWN"}, - {"f-agnt95.exe" , "UNKNOWN"}, - {"f-prot.exe" , "UNKNOWN"}, - {"f-prot95.exe" , "UNKNOWN"}, - {"f-stopw.exe" , "UNKNOWN"}, - {"fameh32.exe" , "UNKNOWN"}, - {"fast.exe" , "UNKNOWN"}, - {"fch32.exe" , "UNKNOWN"}, - {"fcagswd.exe" , "McAfee DLP Agent"}, - {"fcags.exe" , "McAfee DLP Agent"}, - {"fih32.exe" , "UNKNOWN"}, - {"findviru.exe" , "UNKNOWN"}, - {"firesvc.exe" , "McAfee Host Intrusion Prevention"}, - {"firetray.exe" , "UNKNOWN"}, - {"firewall.exe" , "UNKNOWN"}, - {"fnrb32.exe" , "UNKNOWN"}, - {"fp-win.exe" , "UNKNOWN"}, - {"fp-win_trial.exe" , "UNKNOWN"}, - {"fprot.exe" , "UNKNOWN"}, - {"frameworkservice.exe" , "UNKNOWN"}, - {"frminst.exe" , "UNKNOWN"}, - {"frw.exe" , "UNKNOWN"}, - {"fsaa.exe" , "UNKNOWN"}, - {"fsav.exe" , "UNKNOWN"}, - {"fsav32.exe" , "UNKNOWN"}, - {"fsav530stbyb.exe" , "UNKNOWN"}, - {"fsav530wtbyb.exe" , "UNKNOWN"}, - {"fsav95.exe" , "UNKNOWN"}, - {"fsgk32.exe" , "UNKNOWN"}, - {"fsm32.exe" , "UNKNOWN"}, - {"fsma32.exe" , "UNKNOWN"}, - {"fsmb32.exe" , "UNKNOWN"}, - {"gator.exe" , "UNKNOWN"}, - {"gbmenu.exe" , "UNKNOWN"}, - {"gbpoll.exe" , "UNKNOWN"}, - {"generics.exe" , "UNKNOWN"}, - {"gmt.exe" , "UNKNOWN"}, - {"guard.exe" , "UNKNOWN"}, - {"guarddog.exe" , "UNKNOWN"}, - {"hacktracersetup.exe" , "UNKNOWN"}, - {"hbinst.exe" , "UNKNOWN"}, - {"hbsrv.exe" , "UNKNOWN"}, - {"HijackThis.exe" , "UNKNOWN"}, - {"hipsvc.exe" , "UNKNOWN"}, - {"HipMgmt.exe" , "McAfee Host Intrusion Protection"}, - {"hotactio.exe" , "UNKNOWN"}, - {"hotpatch.exe" , "UNKNOWN"}, - {"htlog.exe" , "UNKNOWN"}, - {"htpatch.exe" , "UNKNOWN"}, - {"hwpe.exe" , "UNKNOWN"}, - {"hxdl.exe" , "UNKNOWN"}, - {"hxiul.exe" , "UNKNOWN"}, - {"iamapp.exe" , "UNKNOWN"}, - {"iamserv.exe" , "UNKNOWN"}, - {"iamstats.exe" , "UNKNOWN"}, - {"ibmasn.exe" , "UNKNOWN"}, - {"ibmavsp.exe" , "UNKNOWN"}, - {"icload95.exe" , "UNKNOWN"}, - {"icloadnt.exe" , "UNKNOWN"}, - {"icmon.exe" , "UNKNOWN"}, - {"icsupp95.exe" , "UNKNOWN"}, - {"icsuppnt.exe" , "UNKNOWN"}, - {"idle.exe" , "UNKNOWN"}, - {"iedll.exe" , "UNKNOWN"}, - {"iedriver.exe" , "UNKNOWN"}, - {"iface.exe" , "UNKNOWN"}, - {"ifw2000.exe" , "UNKNOWN"}, - {"inetlnfo.exe" , "UNKNOWN"}, - {"infus.exe" , "UNKNOWN"}, - {"infwin.exe" , "UNKNOWN"}, - {"init.exe" , "UNKNOWN"}, - {"intdel.exe" , "UNKNOWN"}, - {"intren.exe" , "UNKNOWN"}, - {"iomon98.exe" , "UNKNOWN"}, - {"istsvc.exe" , "UNKNOWN"}, - {"jammer.exe" , "UNKNOWN"}, - {"jdbgmrg.exe" , "UNKNOWN"}, - {"jedi.exe" , "UNKNOWN"}, - {"kavlite40eng.exe" , "UNKNOWN"}, - {"kavpers40eng.exe" , "UNKNOWN"}, - {"kavpf.exe" , "UNKNOWN"}, - {"kazza.exe" , "UNKNOWN"}, - {"keenvalue.exe" , "UNKNOWN"}, - {"kerio-pf-213-en-win.exe" , "UNKNOWN"}, - {"kerio-wrl-421-en-win.exe" , "UNKNOWN"}, - {"kerio-wrp-421-en-win.exe" , "UNKNOWN"}, - {"kernel32.exe" , "UNKNOWN"}, - {"KeyPass.exe" , "UNKNOWN"}, - {"killprocesssetup161.exe" , "UNKNOWN"}, - {"launcher.exe" , "UNKNOWN"}, - {"ldnetmon.exe" , "UNKNOWN"}, - {"ldpro.exe" , "UNKNOWN"}, - {"ldpromenu.exe" , "UNKNOWN"}, - {"ldscan.exe" , "UNKNOWN"}, - {"lnetinfo.exe" , "UNKNOWN"}, - {"loader.exe" , "UNKNOWN"}, - {"localnet.exe" , "UNKNOWN"}, - {"lockdown.exe" , "UNKNOWN"}, - {"lockdown2000.exe" , "UNKNOWN"}, - {"lookout.exe" , "UNKNOWN"}, - {"lordpe.exe" , "UNKNOWN"}, - {"lsetup.exe" , "UNKNOWN"}, - {"luall.exe" , "UNKNOWN"}, - {"luau.exe" , "UNKNOWN"}, - {"lucomserver.exe" , "UNKNOWN"}, - {"luinit.exe" , "UNKNOWN"}, - {"luspt.exe" , "UNKNOWN"}, - {"mapisvc32.exe" , "UNKNOWN"}, - {"masvc.exe" , "McAfee Agent"}, - {"mbamservice.exe" , "UNKNOWN"}, - {"mcafeefire.exe" , "UNKNOWN"}, - {"mcagent.exe" , "UNKNOWN"}, - {"mcmnhdlr.exe" , "UNKNOWN"}, - {"mcscript.exe" , "UNKNOWN"}, - {"mcscript_inuse.exe" , "UNKNOWN"}, - {"mctool.exe" , "UNKNOWN"}, - {"mctray.exe" , "UNKNOWN"}, - {"mcupdate.exe" , "UNKNOWN"}, - {"mcvsrte.exe" , "UNKNOWN"}, - {"mcvsshld.exe" , "UNKNOWN"}, - {"md.exe" , "UNKNOWN"}, - {"mfeann.exe" , "McAfee VirusScan Enterprise"}, - {"mfemactl.exe" , "McAfee VirusScan Enterprise"}, - {"mfevtps.exe" , "UNKNOWN"}, - {"mfin32.exe" , "UNKNOWN"}, - {"mfw2en.exe" , "UNKNOWN"}, - {"mfweng3.02d30.exe" , "UNKNOWN"}, - {"mgavrtcl.exe" , "UNKNOWN"}, - {"mgavrte.exe" , "UNKNOWN"}, - {"mghtml.exe" , "UNKNOWN"}, - {"mgui.exe" , "UNKNOWN"}, - {"minilog.exe" , "UNKNOWN"}, - {"minionhost.exe" , "UNKNOWN"}, - {"mmod.exe" , "UNKNOWN"}, - {"monitor.exe" , "UNKNOWN"}, - {"moolive.exe" , "UNKNOWN"}, - {"mostat.exe" , "UNKNOWN"}, - {"mpfagent.exe" , "UNKNOWN"}, - {"mpfservice.exe" , "UNKNOWN"}, - {"mpftray.exe" , "UNKNOWN"}, - {"mrflux.exe" , "UNKNOWN"}, - {"msapp.exe" , "UNKNOWN"}, - {"msbb.exe" , "UNKNOWN"}, - {"msblast.exe" , "UNKNOWN"}, - {"mscache.exe" , "UNKNOWN"}, - {"msccn32.exe" , "UNKNOWN"}, - {"mscman.exe" , "UNKNOWN"}, - {"msconfig.exe" , "UNKNOWN"}, - {"msdm.exe" , "UNKNOWN"}, - {"msdos.exe" , "UNKNOWN"}, - {"msiexec16.exe" , "UNKNOWN"}, - {"msinfo32.exe" , "UNKNOWN"}, - {"mslaugh.exe" , "UNKNOWN"}, - {"msmgt.exe" , "UNKNOWN"}, - {"msmsgri32.exe" , "UNKNOWN"}, - {"MsSense.exe" , "Microsoft Defender ATP"}, - {"mssmmc32.exe" , "UNKNOWN"}, - {"mssys.exe" , "UNKNOWN"}, - {"msvxd.exe" , "UNKNOWN"}, - {"mu0311ad.exe" , "UNKNOWN"}, - {"mwatch.exe" , "UNKNOWN"}, - {"n32scanw.exe" , "UNKNOWN"}, - {"naprdmgr.exe" , "UNKNOWN"}, - {"nav.exe" , "UNKNOWN"}, - {"navap.navapsvc.exe" , "UNKNOWN"}, - {"navapsvc.exe" , "UNKNOWN"}, - {"navapw32.exe" , "UNKNOWN"}, - {"navdx.exe" , "UNKNOWN"}, - {"navlu32.exe" , "UNKNOWN"}, - {"navnt.exe" , "UNKNOWN"}, - {"navstub.exe" , "UNKNOWN"}, - {"navw32.exe" , "UNKNOWN"}, - {"navwnt.exe" , "UNKNOWN"}, - {"nc2000.exe" , "UNKNOWN"}, - {"ncinst4.exe" , "UNKNOWN"}, - {"ndd32.exe" , "UNKNOWN"}, - {"neomonitor.exe" , "UNKNOWN"}, - {"neowatchlog.exe" , "UNKNOWN"}, - {"netarmor.exe" , "UNKNOWN"}, - {"netd32.exe" , "UNKNOWN"}, - {"netinfo.exe" , "UNKNOWN"}, - {"netmon.exe" , "UNKNOWN"}, - {"netscanpro.exe" , "UNKNOWN"}, - {"netspyhunter-1.2.exe" , "UNKNOWN"}, - {"netstat.exe" , "UNKNOWN"}, - {"netutils.exe" , "UNKNOWN"}, - {"nisserv.exe" , "UNKNOWN"}, - {"nisum.exe" , "UNKNOWN"}, - {"nmain.exe" , "UNKNOWN"}, - {"nod32.exe" , "UNKNOWN"}, - {"normist.exe" , "UNKNOWN"}, - {"norton_internet_secu_3.0_407.exe" , "UNKNOWN"}, - {"notstart.exe" , "UNKNOWN"}, - {"npf40_tw_98_nt_me_2k.exe" , "UNKNOWN"}, - {"npfmessenger.exe" , "UNKNOWN"}, - {"nprotect.exe" , "UNKNOWN"}, - {"npscheck.exe" , "UNKNOWN"}, - {"npssvc.exe" , "UNKNOWN"}, - {"nsched32.exe" , "UNKNOWN"}, - {"nssys32.exe" , "UNKNOWN"}, - {"nstask32.exe" , "UNKNOWN"}, - {"nsupdate.exe" , "UNKNOWN"}, - {"nt.exe" , "UNKNOWN"}, - {"ntrtscan.exe" , "UNKNOWN"}, - {"ntvdm.exe" , "UNKNOWN"}, - {"ntxconfig.exe" , "UNKNOWN"}, - {"nui.exe" , "UNKNOWN"}, - {"nupgrade.exe" , "UNKNOWN"}, - {"nvarch16.exe" , "UNKNOWN"}, - {"nvc95.exe" , "UNKNOWN"}, - {"nvsvc32.exe" , "UNKNOWN"}, - {"nwinst4.exe" , "UNKNOWN"}, - {"nwservice.exe" , "UNKNOWN"}, - {"nwtool16.exe" , "UNKNOWN"}, - {"nxlog.exe" , "UNKNOWN"}, - {"ollydbg.exe" , "UNKNOWN"}, - {"onsrvr.exe" , "UNKNOWN"}, - {"optimize.exe" , "UNKNOWN"}, - {"ostronet.exe" , "UNKNOWN"}, - {"osqueryd.exe" , "UNKNOWN"}, - {"otfix.exe" , "UNKNOWN"}, - {"outpost.exe" , "UNKNOWN"}, - {"outpostinstall.exe" , "UNKNOWN"}, - {"outpostproinstall.exe" , "UNKNOWN"}, - {"padmin.exe" , "UNKNOWN"}, - {"panixk.exe" , "UNKNOWN"}, - {"patch.exe" , "UNKNOWN"}, - {"pavcl.exe" , "UNKNOWN"}, - {"pavproxy.exe" , "UNKNOWN"}, - {"pavsched.exe" , "UNKNOWN"}, - {"pavw.exe" , "UNKNOWN"}, - {"pccwin98.exe" , "UNKNOWN"}, - {"pcfwallicon.exe" , "UNKNOWN"}, - {"pcip10117_0.exe" , "UNKNOWN"}, - {"pcscan.exe" , "UNKNOWN"}, - {"pdsetup.exe" , "UNKNOWN"}, - {"periscope.exe" , "UNKNOWN"}, - {"persfw.exe" , "UNKNOWN"}, - {"perswf.exe" , "UNKNOWN"}, - {"pf2.exe" , "UNKNOWN"}, - {"pfwadmin.exe" , "UNKNOWN"}, - {"pgmonitr.exe" , "UNKNOWN"}, - {"pingscan.exe" , "UNKNOWN"}, - {"platin.exe" , "UNKNOWN"}, - {"pop3trap.exe" , "UNKNOWN"}, - {"poproxy.exe" , "UNKNOWN"}, - {"popscan.exe" , "UNKNOWN"}, - {"portdetective.exe" , "UNKNOWN"}, - {"portmonitor.exe" , "UNKNOWN"}, - {"powerscan.exe" , "UNKNOWN"}, - {"ppinupdt.exe" , "UNKNOWN"}, - {"pptbc.exe" , "UNKNOWN"}, - {"ppvstop.exe" , "UNKNOWN"}, - {"prizesurfer.exe" , "UNKNOWN"}, - {"prmt.exe" , "UNKNOWN"}, - {"prmvr.exe" , "UNKNOWN"}, - {"procdump.exe" , "UNKNOWN"}, - {"processmonitor.exe" , "UNKNOWN"}, - {"procexp.exe" , "UNKNOWN"}, - {"procexp64.exe" , "UNKNOWN"}, - {"procexplorerv1.0.exe" , "UNKNOWN"}, - {"procmon.exe" , "UNKNOWN"}, - {"programauditor.exe" , "UNKNOWN"}, - {"proport.exe" , "UNKNOWN"}, - {"protectx.exe" , "UNKNOWN"}, - {"pspf.exe" , "UNKNOWN"}, - {"purge.exe" , "UNKNOWN"}, - {"qconsole.exe" , "UNKNOWN"}, - {"qserver.exe" , "UNKNOWN"}, - {"rapapp.exe" , "UNKNOWN"}, - {"rav7.exe" , "UNKNOWN"}, - {"rav7win.exe" , "UNKNOWN"}, - {"rav8win32eng.exe" , "UNKNOWN"}, - {"ray.exe" , "UNKNOWN"}, - {"rb32.exe" , "UNKNOWN"}, - {"rcsync.exe" , "UNKNOWN"}, - {"realmon.exe" , "UNKNOWN"}, - {"reged.exe" , "UNKNOWN"}, - {"regedit.exe" , "UNKNOWN"}, - {"regedt32.exe" , "UNKNOWN"}, - {"rescue.exe" , "UNKNOWN"}, - {"rescue32.exe" , "UNKNOWN"}, - {"rrguard.exe" , "UNKNOWN"}, - {"rtvscan.exe" , "UNKNOWN"}, - {"rtvscn95.exe" , "UNKNOWN"}, - {"rulaunch.exe" , "UNKNOWN"}, - {"run32dll.exe" , "UNKNOWN"}, - {"rundll.exe" , "UNKNOWN"}, - {"rundll16.exe" , "UNKNOWN"}, - {"ruxdll32.exe" , "UNKNOWN"}, - {"safeweb.exe" , "UNKNOWN"}, - {"sahagent.exescan32.exe" , "UNKNOWN"}, - {"save.exe" , "UNKNOWN"}, - {"savenow.exe" , "UNKNOWN"}, - {"sbserv.exe" , "UNKNOWN"}, - {"scam32.exe" , "UNKNOWN"}, - {"scan32.exe" , "UNKNOWN"}, - {"scan95.exe" , "UNKNOWN"}, - {"scanpm.exe" , "UNKNOWN"}, - {"scrscan.exe" , "UNKNOWN"}, - {"SentinelOne.exe" , "UNKNOWN"}, - {"serv95.exe" , "UNKNOWN"}, - {"setupvameeval.exe" , "UNKNOWN"}, - {"setup_flowprotector_us.exe", "UNKNOWN"}, - {"sfc.exe" , "UNKNOWN"}, - {"sgssfw32.exe" , "UNKNOWN"}, - {"sh.exe" , "UNKNOWN"}, - {"shellspyinstall.exe" , "UNKNOWN"}, - {"shn.exe" , "UNKNOWN"}, - {"showbehind.exe" , "UNKNOWN"}, - {"shstat.exe" , "McAfee VirusScan Enterprise"}, - {"SISIDSService.exe" , "UNKNOWN"}, - {"SISIPSUtil.exe" , "UNKNOWN"}, - {"smc.exe" , "UNKNOWN"}, - {"sms.exe" , "UNKNOWN"}, - {"smss32.exe" , "UNKNOWN"}, - {"soap.exe" , "UNKNOWN"}, - {"sofi.exe" , "UNKNOWN"}, - {"sperm.exe" , "UNKNOWN"}, - {"splunk.exe" , "Splunk"}, - {"splunkd.exe" , "Splunk"}, - {"splunk-admon.exe" , "Splunk"}, - {"splunk-powershell.exe" , "Splunk"}, - {"splunk-winevtlog.exe" , "Splunk"}, - {"spf.exe" , "UNKNOWN"}, - {"sphinx.exe" , "UNKNOWN"}, - {"spoler.exe" , "UNKNOWN"}, - {"spoolcv.exe" , "UNKNOWN"}, - {"spoolsv32.exe" , "UNKNOWN"}, - {"spyxx.exe" , "UNKNOWN"}, - {"srexe.exe" , "UNKNOWN"}, - {"srng.exe" , "UNKNOWN"}, - {"ss3edit.exe" , "UNKNOWN"}, - {"ssgrate.exe" , "UNKNOWN"}, - {"ssg_4104.exe" , "UNKNOWN"}, - {"st2.exe" , "UNKNOWN"}, - {"start.exe" , "UNKNOWN"}, - {"stcloader.exe" , "UNKNOWN"}, - {"supftrl.exe" , "UNKNOWN"}, - {"support.exe" , "UNKNOWN"}, - {"supporter5.exe" , "UNKNOWN"}, - {"svchostc.exe" , "UNKNOWN"}, - {"svchosts.exe" , "UNKNOWN"}, - {"sweep95.exe" , "UNKNOWN"}, - {"sweepnet.sweepsrv.sys.swnetsup.exe", "UNKNOWN"}, - {"symproxysvc.exe" , "UNKNOWN"}, - {"symtray.exe" , "UNKNOWN"}, - {"sysedit.exe" , "UNKNOWN"}, - {"sysmon.exe" , "Sysinternals Sysmon"}, - {"sysupd.exe" , "UNKNOWN"}, - {"TaniumClient.exe" , "Tanium"}, - {"taskmg.exe" , "UNKNOWN"}, - {"taskmo.exe" , "UNKNOWN"}, - {"taumon.exe" , "UNKNOWN"}, - {"tbmon.exe" , "UNKNOWN"}, - {"tbscan.exe" , "UNKNOWN"}, - {"tc.exe" , "UNKNOWN"}, - {"tca.exe" , "UNKNOWN"}, - {"tcm.exe" , "UNKNOWN"}, - {"tcpview.exe" , "UNKNOWN"}, - {"tds-3.exe" , "UNKNOWN"}, - {"tds2-98.exe" , "UNKNOWN"}, - {"tds2-nt.exe" , "UNKNOWN"}, - {"teekids.exe" , "UNKNOWN"}, - {"tfak.exe" , "UNKNOWN"}, - {"tfak5.exe" , "UNKNOWN"}, - {"tgbob.exe" , "UNKNOWN"}, - {"titanin.exe" , "UNKNOWN"}, - {"titaninxp.exe" , "UNKNOWN"}, - {"tlaservice.exe" , "UNKNOWN"}, - {"tlaworker.exe" , "UNKNOWN"}, - {"tracert.exe" , "UNKNOWN"}, - {"trickler.exe" , "UNKNOWN"}, - {"trjscan.exe" , "UNKNOWN"}, - {"trjsetup.exe" , "UNKNOWN"}, - {"trojantrap3.exe" , "UNKNOWN"}, - {"tsadbot.exe" , "UNKNOWN"}, - {"tshark.exe" , "UNKNOWN"}, - {"tvmd.exe" , "UNKNOWN"}, - {"tvtmd.exe" , "UNKNOWN"}, - {"udaterui.exe" , "UNKNOWN"}, - {"undoboot.exe" , "UNKNOWN"}, - {"updat.exe" , "UNKNOWN"}, - {"update.exe" , "UNKNOWN"}, - {"updaterui.exe" , "UNKNOWN"}, - {"upgrad.exe" , "UNKNOWN"}, - {"utpost.exe" , "UNKNOWN"}, - {"vbcmserv.exe" , "UNKNOWN"}, - {"vbcons.exe" , "UNKNOWN"}, - {"vbust.exe" , "UNKNOWN"}, - {"vbwin9x.exe" , "UNKNOWN"}, - {"vbwinntw.exe" , "UNKNOWN"}, - {"vcsetup.exe" , "UNKNOWN"}, - {"vet32.exe" , "UNKNOWN"}, - {"vet95.exe" , "UNKNOWN"}, - {"vettray.exe" , "UNKNOWN"}, - {"vfsetup.exe" , "UNKNOWN"}, - {"vir-help.exe" , "UNKNOWN"}, - {"virusmdpersonalfirewall.exe", "UNKNOWN"}, - {"vnlan300.exe" , "UNKNOWN"}, - {"vnpc3000.exe" , "UNKNOWN"}, - {"vpc32.exe" , "UNKNOWN"}, - {"vpc42.exe" , "UNKNOWN"}, - {"vpfw30s.exe" , "UNKNOWN"}, - {"vptray.exe" , "UNKNOWN"}, - {"vscan40.exe" , "UNKNOWN"}, - {"vscenu6.02d30.exe" , "UNKNOWN"}, - {"vsched.exe" , "UNKNOWN"}, - {"vsecomr.exe" , "UNKNOWN"}, - {"vshwin32.exe" , "UNKNOWN"}, - {"vsisetup.exe" , "UNKNOWN"}, - {"vsmain.exe" , "UNKNOWN"}, - {"vsmon.exe" , "UNKNOWN"}, - {"vsstat.exe" , "UNKNOWN"}, - {"vstskmgr.exe" , "McAfee VirusScan Enterprise"}, - {"vswin9xe.exe" , "UNKNOWN"}, - {"vswinntse.exe" , "UNKNOWN"}, - {"vswinperse.exe" , "UNKNOWN"}, - {"w32dsm89.exe" , "UNKNOWN"}, - {"w9x.exe" , "UNKNOWN"}, - {"watchdog.exe" , "UNKNOWN"}, - {"webdav.exe" , "UNKNOWN"}, - {"webscanx.exe" , "UNKNOWN"}, - {"webtrap.exe" , "UNKNOWN"}, - {"wfindv32.exe" , "UNKNOWN"}, - {"whoswatchingme.exe" , "UNKNOWN"}, - {"wimmun32.exe" , "UNKNOWN"}, - {"win-bugsfix.exe" , "UNKNOWN"}, - {"win32.exe" , "UNKNOWN"}, - {"win32us.exe" , "UNKNOWN"}, - {"winactive.exe" , "UNKNOWN"}, - {"window.exe" , "UNKNOWN"}, - {"windows.exe" , "UNKNOWN"}, - {"wininetd.exe" , "UNKNOWN"}, - {"wininitx.exe" , "UNKNOWN"}, - {"winlogin.exe" , "UNKNOWN"}, - {"winmain.exe" , "UNKNOWN"}, - {"winnet.exe" , "UNKNOWN"}, - {"winppr32.exe" , "UNKNOWN"}, - {"winrecon.exe" , "UNKNOWN"}, - {"winservn.exe" , "UNKNOWN"}, - {"winssk32.exe" , "UNKNOWN"}, - {"winstart.exe" , "UNKNOWN"}, - {"winstart001.exe" , "UNKNOWN"}, - {"wintsk32.exe" , "UNKNOWN"}, - {"winupdate.exe" , "UNKNOWN"}, - {"wireshark.exe" , "UNKNOWN"}, - {"wkufind.exe" , "UNKNOWN"}, - {"wnad.exe" , "UNKNOWN"}, - {"wnt.exe" , "UNKNOWN"}, - {"wradmin.exe" , "UNKNOWN"}, - {"wrctrl.exe" , "UNKNOWN"}, - {"wsbgate.exe" , "UNKNOWN"}, - {"wupdater.exe" , "UNKNOWN"}, - {"wupdt.exe" , "UNKNOWN"}, - {"wyvernworksfirewall.exe" , "UNKNOWN"}, - {"xagt.exe" , "UNKNOWN"}, - {"xpf202en.exe" , "UNKNOWN"}, - {"zapro.exe" , "UNKNOWN"}, - {"zapsetup3001.exe" , "UNKNOWN"}, - {"zatutor.exe" , "UNKNOWN"}, - {"zonalm2601.exe" , "UNKNOWN"}, - {"zonealarm.exe" , "UNKNOWN"}, - {"_avp32.exe" , "UNKNOWN"}, - {"_avpcc.exe" , "UNKNOWN"}, - {"rshell.exe" , "UNKNOWN"}, - {"_avpm.exe" , "UNKNOWN"} - }; + { + {"mcshield.exe" , "McAfee AV"}, + {"windefend.exe" , "Windows Defender AV"}, + {"MSASCui.exe" , "Windows Defender AV"}, + {"MSASCuiL.exe" , "Windows Defender AV"}, + {"msmpeng.exe" , "Windows Defender AV"}, + {"msmpsvc.exe" , "Windows Defender AV"}, + {"WRSA.exe" , "WebRoot AV"}, + {"savservice.exe" , "Sophos AV"}, + {"TMCCSF.exe" , "Trend Micro AV"}, + {"symantec antivirus.exe" , "Symantec AV"}, + {"mbae.exe" , "MalwareBytes Anti-Exploit"}, + {"parity.exe" , "Bit9 application whitelisting"}, + {"cb.exe" , "Carbon Black behavioral analysis"}, + {"bds-vision.exe" , "BDS Vision behavioral analysis"}, + {"Triumfant.exe" , "Triumfant behavioral analysis"}, + {"CSFalcon.exe" , "CrowdStrike Falcon EDR"}, + {"ossec.exe" , "OSSEC intrusion detection"}, + {"TmPfw.exe" , "Trend Micro firewall"}, + {"dgagent.exe" , "Verdasys Digital Guardian DLP"}, + {"kvoop.exe" , " DLP process" }, + {"AAWTray.exe" , ""}, + {"ackwin32.exe" , ""}, + {"Ad-Aware.exe" , ""}, + {"adaware.exe" , ""}, + {"advxdwin.exe" , ""}, + {"agentsvr.exe" , ""}, + {"agentw.exe" , ""}, + {"alertsvc.exe" , ""}, + {"alevir.exe" , ""}, + {"alogserv.exe" , ""}, + {"amon9x.exe" , ""}, + {"anti-trojan.exe" , ""}, + {"antivirus.exe" , ""}, + {"ants.exe" , ""}, + {"apimonitor.exe" , ""}, + {"aplica32.exe" , ""}, + {"apvxdwin.exe" , ""}, + {"arr.exe" , ""}, + {"atcon.exe" , ""}, + {"atguard.exe" , ""}, + {"atro55en.exe" , ""}, + {"atupdater.exe" , ""}, + {"atwatch.exe" , ""}, + {"au.exe" , ""}, + {"aupdate.exe" , ""}, + {"auto-protect.nav80try.exe", ""}, + {"autodown.exe" , ""}, + {"autoruns.exe" , ""}, + {"autorunsc.exe" , ""}, + {"autotrace.exe" , ""}, + {"autoupdate.exe" , ""}, + {"avconsol.exe" , ""}, + {"ave32.exe" , ""}, + {"avgcc32.exe" , ""}, + {"avgctrl.exe" , ""}, + {"avgemc.exe" , ""}, + {"avgnt.exe" , ""}, + {"avgrsx.exe" , ""}, + {"avgserv.exe" , ""}, + {"avgserv9.exe" , ""}, + {"avguard.exe" , ""}, + {"avgwdsvc.exe" , ""}, + {"avgui.exe" , ""}, + {"avgw.exe" , ""}, + {"avkpop.exe" , ""}, + {"avkserv.exe" , ""}, + {"avkservice.exe" , ""}, + {"avkwctl9.exe" , ""}, + {"avltmain.exe" , ""}, + {"avnt.exe" , ""}, + {"avp.exe" , ""}, + {"avp32.exe" , ""}, + {"avpcc.exe" , ""}, + {"avpdos32.exe" , ""}, + {"avpm.exe" , ""}, + {"avptc32.exe" , ""}, + {"avpupd.exe" , ""}, + {"avsched32.exe" , ""}, + {"avsynmgr.exe" , ""}, + {"avwin.exe" , ""}, + {"avwin95.exe" , ""}, + {"avwinnt.exe" , ""}, + {"avwupd.exe" , ""}, + {"avwupd32.exe" , ""}, + {"avwupsrv.exe" , ""}, + {"avxmonitor9x.exe" , ""}, + {"avxmonitornt.exe" , ""}, + {"avxquar.exe" , ""}, + {"backweb.exe" , ""}, + {"bargains.exe" , ""}, + {"bd_professional.exe" , ""}, + {"beagle.exe" , ""}, + {"belt.exe" , ""}, + {"bidef.exe" , ""}, + {"bidserver.exe" , ""}, + {"bipcp.exe" , ""}, + {"bipcpevalsetup.exe" , ""}, + {"bisp.exe" , ""}, + {"blackd.exe" , ""}, + {"blackice.exe" , ""}, + {"blink.exe" , ""}, + {"blss.exe" , ""}, + {"bootconf.exe" , ""}, + {"bootwarn.exe" , ""}, + {"borg2.exe" , ""}, + {"bpc.exe" , ""}, + {"brasil.exe" , ""}, + {"bs120.exe" , ""}, + {"bundle.exe" , ""}, + {"bvt.exe" , ""}, + {"ccapp.exe" , ""}, + {"ccevtmgr.exe" , ""}, + {"ccpxysvc.exe" , ""}, + {"ccSvcHst.exe" , ""}, + {"cdp.exe" , ""}, + {"cfd.exe" , ""}, + {"cfgwiz.exe" , ""}, + {"cfiadmin.exe" , ""}, + {"cfiaudit.exe" , ""}, + {"cfinet.exe" , ""}, + {"cfinet32.exe" , ""}, + {"claw95.exe" , ""}, + {"claw95cf.exe" , ""}, + {"clean.exe" , ""}, + {"cleaner.exe" , ""}, + {"cleaner3.exe" , ""}, + {"cleanpc.exe" , ""}, + {"cleanup.exe" , ""}, + {"click.exe" , ""}, + {"cmdagent.exe" , ""}, + {"cmesys.exe" , ""}, + {"cmgrdian.exe" , ""}, + {"cmon016.exe" , ""}, + {"connectionmonitor.exe" , ""}, + {"cpd.exe" , ""}, + {"cpf9x206.exe" , ""}, + {"cpfnt206.exe" , ""}, + {"ctrl.exe" , ""}, + {"cv.exe" , ""}, + {"cwnb181.exe" , ""}, + {"cwntdwmo.exe" , ""}, + {"CylanceUI.exe" , ""}, + {"CyProtect.exe" , ""}, + {"CyUpdate.exe" , ""}, + {"cyserver.exe" , ""}, + {"cytray.exe" , ""}, + {"CyveraService.exe" , ""}, + {"datemanager.exe" , ""}, + {"dcomx.exe" , ""}, + {"defalert.exe" , ""}, + {"defscangui.exe" , ""}, + {"defwatch.exe" , ""}, + {"deputy.exe" , ""}, + {"divx.exe" , ""}, + {"dgprompt.exe" , ""}, + {"DgService.exe" , ""}, + {"dllcache.exe" , ""}, + {"dllreg.exe" , ""}, + {"doors.exe" , ""}, + {"dpf.exe" , ""}, + {"dpfsetup.exe" , ""}, + {"dpps2.exe" , ""}, + {"drwatson.exe" , ""}, + {"drweb32.exe" , ""}, + {"drwebupw.exe" , ""}, + {"dssagent.exe" , ""}, + {"dumpcap.exe" , ""}, + {"dvp95.exe" , ""}, + {"dvp95_0.exe" , ""}, + {"ecengine.exe" , ""}, + {"efpeadm.exe" , ""}, + {"egui.exe" , ""}, + {"ekrn.exe" , ""}, + {"emet_agent.exe" , ""}, + {"emet_service.exe" , ""}, + {"emsw.exe" , ""}, + {"engineserver.exe" , ""}, + {"ent.exe" , ""}, + {"esafe.exe" , ""}, + {"escanhnt.exe" , ""}, + {"escanv95.exe" , ""}, + {"espwatch.exe" , ""}, + {"ethereal.exe" , ""}, + {"etrustcipe.exe" , ""}, + {"evpn.exe" , ""}, + {"exantivirus-cnet.exe" , ""}, + {"exe.avxw.exe" , ""}, + {"expert.exe" , ""}, + {"explore.exe" , ""}, + {"f-agnt95.exe" , ""}, + {"f-prot.exe" , ""}, + {"f-prot95.exe" , ""}, + {"f-stopw.exe" , ""}, + {"fameh32.exe" , ""}, + {"fast.exe" , ""}, + {"fch32.exe" , ""}, + {"fcagswd.exe" , "McAfee DLP Agent"}, + {"fcags.exe" , "McAfee DLP Agent"}, + {"fih32.exe" , ""}, + {"findviru.exe" , ""}, + {"firesvc.exe" , "McAfee Host Intrusion Prevention"}, + {"firetray.exe" , ""}, + {"firewall.exe" , ""}, + {"fnrb32.exe" , ""}, + {"fp-win.exe" , ""}, + {"fp-win_trial.exe" , ""}, + {"fprot.exe" , ""}, + {"frameworkservice.exe" , ""}, + {"frminst.exe" , ""}, + {"frw.exe" , ""}, + {"fsaa.exe" , ""}, + {"fsav.exe" , ""}, + {"fsav32.exe" , ""}, + {"fsav530stbyb.exe" , ""}, + {"fsav530wtbyb.exe" , ""}, + {"fsav95.exe" , ""}, + {"fsgk32.exe" , ""}, + {"fsm32.exe" , ""}, + {"fsma32.exe" , ""}, + {"fsmb32.exe" , ""}, + {"gator.exe" , ""}, + {"gbmenu.exe" , ""}, + {"gbpoll.exe" , ""}, + {"generics.exe" , ""}, + {"gmt.exe" , ""}, + {"guard.exe" , ""}, + {"guarddog.exe" , ""}, + {"hacktracersetup.exe" , ""}, + {"hbinst.exe" , ""}, + {"hbsrv.exe" , ""}, + {"HijackThis.exe" , ""}, + {"hipsvc.exe" , ""}, + {"HipMgmt.exe" , "McAfee Host Intrusion Protection"}, + {"hotactio.exe" , ""}, + {"hotpatch.exe" , ""}, + {"htlog.exe" , ""}, + {"htpatch.exe" , ""}, + {"hwpe.exe" , ""}, + {"hxdl.exe" , ""}, + {"hxiul.exe" , ""}, + {"iamapp.exe" , ""}, + {"iamserv.exe" , ""}, + {"iamstats.exe" , ""}, + {"ibmasn.exe" , ""}, + {"ibmavsp.exe" , ""}, + {"icload95.exe" , ""}, + {"icloadnt.exe" , ""}, + {"icmon.exe" , ""}, + {"icsupp95.exe" , ""}, + {"icsuppnt.exe" , ""}, + {"idle.exe" , ""}, + {"iedll.exe" , ""}, + {"iedriver.exe" , ""}, + {"iface.exe" , ""}, + {"ifw2000.exe" , ""}, + {"inetlnfo.exe" , ""}, + {"infus.exe" , ""}, + {"infwin.exe" , ""}, + {"init.exe" , ""}, + {"intdel.exe" , ""}, + {"intren.exe" , ""}, + {"iomon98.exe" , ""}, + {"istsvc.exe" , ""}, + {"jammer.exe" , ""}, + {"jdbgmrg.exe" , ""}, + {"jedi.exe" , ""}, + {"kavlite40eng.exe" , ""}, + {"kavpers40eng.exe" , ""}, + {"kavpf.exe" , ""}, + {"kazza.exe" , ""}, + {"keenvalue.exe" , ""}, + {"kerio-pf-213-en-win.exe" , ""}, + {"kerio-wrl-421-en-win.exe" , ""}, + {"kerio-wrp-421-en-win.exe" , ""}, + {"kernel32.exe" , ""}, + {"KeyPass.exe" , ""}, + {"killprocesssetup161.exe" , ""}, + {"launcher.exe" , ""}, + {"ldnetmon.exe" , ""}, + {"ldpro.exe" , ""}, + {"ldpromenu.exe" , ""}, + {"ldscan.exe" , ""}, + {"lnetinfo.exe" , ""}, + {"loader.exe" , ""}, + {"localnet.exe" , ""}, + {"lockdown.exe" , ""}, + {"lockdown2000.exe" , ""}, + {"lookout.exe" , ""}, + {"lordpe.exe" , ""}, + {"lsetup.exe" , ""}, + {"luall.exe" , ""}, + {"luau.exe" , ""}, + {"lucomserver.exe" , ""}, + {"luinit.exe" , ""}, + {"luspt.exe" , ""}, + {"mapisvc32.exe" , ""}, + {"masvc.exe" , "McAfee Agent"}, + {"mbamservice.exe" , ""}, + {"mcafeefire.exe" , ""}, + {"mcagent.exe" , ""}, + {"mcmnhdlr.exe" , ""}, + {"mcscript.exe" , ""}, + {"mcscript_inuse.exe" , ""}, + {"mctool.exe" , ""}, + {"mctray.exe" , ""}, + {"mcupdate.exe" , ""}, + {"mcvsrte.exe" , ""}, + {"mcvsshld.exe" , ""}, + {"md.exe" , ""}, + {"mfeann.exe" , "McAfee VirusScan Enterprise"}, + {"mfemactl.exe" , "McAfee VirusScan Enterprise"}, + {"mfevtps.exe" , ""}, + {"mfin32.exe" , ""}, + {"mfw2en.exe" , ""}, + {"mfweng3.02d30.exe" , ""}, + {"mgavrtcl.exe" , ""}, + {"mgavrte.exe" , ""}, + {"mghtml.exe" , ""}, + {"mgui.exe" , ""}, + {"minilog.exe" , ""}, + {"minionhost.exe" , ""}, + {"mmod.exe" , ""}, + {"monitor.exe" , ""}, + {"moolive.exe" , ""}, + {"mostat.exe" , ""}, + {"mpfagent.exe" , ""}, + {"mpfservice.exe" , ""}, + {"mpftray.exe" , ""}, + {"mrflux.exe" , ""}, + {"msapp.exe" , ""}, + {"msbb.exe" , ""}, + {"msblast.exe" , ""}, + {"mscache.exe" , ""}, + {"msccn32.exe" , ""}, + {"mscman.exe" , ""}, + {"msconfig.exe" , ""}, + {"msdm.exe" , ""}, + {"msdos.exe" , ""}, + {"msiexec16.exe" , ""}, + {"msinfo32.exe" , ""}, + {"mslaugh.exe" , ""}, + {"msmgt.exe" , ""}, + {"msmsgri32.exe" , ""}, + {"MsSense.exe" , "Microsoft Defender ATP"}, + {"mssmmc32.exe" , ""}, + {"mssys.exe" , ""}, + {"msvxd.exe" , ""}, + {"mu0311ad.exe" , ""}, + {"mwatch.exe" , ""}, + {"n32scanw.exe" , ""}, + {"naprdmgr.exe" , ""}, + {"nav.exe" , ""}, + {"navap.navapsvc.exe" , ""}, + {"navapsvc.exe" , ""}, + {"navapw32.exe" , ""}, + {"navdx.exe" , ""}, + {"navlu32.exe" , ""}, + {"navnt.exe" , ""}, + {"navstub.exe" , ""}, + {"navw32.exe" , ""}, + {"navwnt.exe" , ""}, + {"nc2000.exe" , ""}, + {"ncinst4.exe" , ""}, + {"ndd32.exe" , ""}, + {"neomonitor.exe" , ""}, + {"neowatchlog.exe" , ""}, + {"netarmor.exe" , ""}, + {"netd32.exe" , ""}, + {"netinfo.exe" , ""}, + {"netmon.exe" , ""}, + {"netscanpro.exe" , ""}, + {"netspyhunter-1.2.exe" , ""}, + {"netstat.exe" , ""}, + {"netutils.exe" , ""}, + {"nisserv.exe" , ""}, + {"nisum.exe" , ""}, + {"nmain.exe" , ""}, + {"nod32.exe" , ""}, + {"normist.exe" , ""}, + {"norton_internet_secu_3.0_407.exe" , ""}, + {"notstart.exe" , ""}, + {"npf40_tw_98_nt_me_2k.exe" , ""}, + {"npfmessenger.exe" , ""}, + {"nprotect.exe" , ""}, + {"npscheck.exe" , ""}, + {"npssvc.exe" , ""}, + {"nsched32.exe" , ""}, + {"nssys32.exe" , ""}, + {"nstask32.exe" , ""}, + {"nsupdate.exe" , ""}, + {"nt.exe" , ""}, + {"ntrtscan.exe" , ""}, + {"ntvdm.exe" , ""}, + {"ntxconfig.exe" , ""}, + {"nui.exe" , ""}, + {"nupgrade.exe" , ""}, + {"nvarch16.exe" , ""}, + {"nvc95.exe" , ""}, + {"nvsvc32.exe" , ""}, + {"nwinst4.exe" , ""}, + {"nwservice.exe" , ""}, + {"nwtool16.exe" , ""}, + {"nxlog.exe" , ""}, + {"ollydbg.exe" , ""}, + {"onsrvr.exe" , ""}, + {"optimize.exe" , ""}, + {"ostronet.exe" , ""}, + {"osqueryd.exe" , ""}, + {"otfix.exe" , ""}, + {"outpost.exe" , ""}, + {"outpostinstall.exe" , ""}, + {"outpostproinstall.exe" , ""}, + {"padmin.exe" , ""}, + {"panixk.exe" , ""}, + {"patch.exe" , ""}, + {"pavcl.exe" , ""}, + {"pavproxy.exe" , ""}, + {"pavsched.exe" , ""}, + {"pavw.exe" , ""}, + {"pccwin98.exe" , ""}, + {"pcfwallicon.exe" , ""}, + {"pcip10117_0.exe" , ""}, + {"pcscan.exe" , ""}, + {"pdsetup.exe" , ""}, + {"periscope.exe" , ""}, + {"persfw.exe" , ""}, + {"perswf.exe" , ""}, + {"pf2.exe" , ""}, + {"pfwadmin.exe" , ""}, + {"pgmonitr.exe" , ""}, + {"pingscan.exe" , ""}, + {"platin.exe" , ""}, + {"pop3trap.exe" , ""}, + {"poproxy.exe" , ""}, + {"popscan.exe" , ""}, + {"portdetective.exe" , ""}, + {"portmonitor.exe" , ""}, + {"powerscan.exe" , ""}, + {"ppinupdt.exe" , ""}, + {"pptbc.exe" , ""}, + {"ppvstop.exe" , ""}, + {"prizesurfer.exe" , ""}, + {"prmt.exe" , ""}, + {"prmvr.exe" , ""}, + {"procdump.exe" , ""}, + {"processmonitor.exe" , ""}, + {"procexp.exe" , ""}, + {"procexp64.exe" , ""}, + {"procexplorerv1.0.exe" , ""}, + {"procmon.exe" , ""}, + {"programauditor.exe" , ""}, + {"proport.exe" , ""}, + {"protectx.exe" , ""}, + {"pspf.exe" , ""}, + {"purge.exe" , ""}, + {"qconsole.exe" , ""}, + {"qserver.exe" , ""}, + {"rapapp.exe" , ""}, + {"rav7.exe" , ""}, + {"rav7win.exe" , ""}, + {"rav8win32eng.exe" , ""}, + {"ray.exe" , ""}, + {"rb32.exe" , ""}, + {"rcsync.exe" , ""}, + {"realmon.exe" , ""}, + {"reged.exe" , ""}, + {"regedit.exe" , ""}, + {"regedt32.exe" , ""}, + {"rescue.exe" , ""}, + {"rescue32.exe" , ""}, + {"rrguard.exe" , ""}, + {"rtvscan.exe" , ""}, + {"rtvscn95.exe" , ""}, + {"rulaunch.exe" , ""}, + {"run32dll.exe" , ""}, + {"rundll.exe" , ""}, + {"rundll16.exe" , ""}, + {"ruxdll32.exe" , ""}, + {"safeweb.exe" , ""}, + {"sahagent.exescan32.exe" , ""}, + {"save.exe" , ""}, + {"savenow.exe" , ""}, + {"sbserv.exe" , ""}, + {"scam32.exe" , ""}, + {"scan32.exe" , ""}, + {"scan95.exe" , ""}, + {"scanpm.exe" , ""}, + {"scrscan.exe" , ""}, + {"SentinelOne.exe" , ""}, + {"serv95.exe" , ""}, + {"setupvameeval.exe" , ""}, + {"setup_flowprotector_us.exe", ""}, + {"sfc.exe" , ""}, + {"sgssfw32.exe" , ""}, + {"sh.exe" , ""}, + {"shellspyinstall.exe" , ""}, + {"shn.exe" , ""}, + {"showbehind.exe" , ""}, + {"shstat.exe" , "McAfee VirusScan Enterprise"}, + {"SISIDSService.exe" , ""}, + {"SISIPSUtil.exe" , ""}, + {"smc.exe" , ""}, + {"sms.exe" , ""}, + {"smss32.exe" , ""}, + {"soap.exe" , ""}, + {"sofi.exe" , ""}, + {"sperm.exe" , ""}, + {"splunk.exe" , "Splunk"}, + {"splunkd.exe" , "Splunk"}, + {"splunk-admon.exe" , "Splunk"}, + {"splunk-powershell.exe" , "Splunk"}, + {"splunk-winevtlog.exe" , "Splunk"}, + {"spf.exe" , ""}, + {"sphinx.exe" , ""}, + {"spoler.exe" , ""}, + {"spoolcv.exe" , ""}, + {"spoolsv32.exe" , ""}, + {"spyxx.exe" , ""}, + {"srexe.exe" , ""}, + {"srng.exe" , ""}, + {"ss3edit.exe" , ""}, + {"ssgrate.exe" , ""}, + {"ssg_4104.exe" , ""}, + {"st2.exe" , ""}, + {"start.exe" , ""}, + {"stcloader.exe" , ""}, + {"supftrl.exe" , ""}, + {"support.exe" , ""}, + {"supporter5.exe" , ""}, + {"svchostc.exe" , ""}, + {"svchosts.exe" , ""}, + {"sweep95.exe" , ""}, + {"sweepnet.sweepsrv.sys.swnetsup.exe", ""}, + {"symproxysvc.exe" , ""}, + {"symtray.exe" , ""}, + {"sysedit.exe" , ""}, + {"sysmon.exe" , "Sysinternals Sysmon"}, + {"sysupd.exe" , ""}, + {"TaniumClient.exe" , "Tanium"}, + {"taskmg.exe" , ""}, + {"taskmo.exe" , ""}, + {"taumon.exe" , ""}, + {"tbmon.exe" , ""}, + {"tbscan.exe" , ""}, + {"tc.exe" , ""}, + {"tca.exe" , ""}, + {"tcm.exe" , ""}, + {"tcpview.exe" , ""}, + {"tds-3.exe" , ""}, + {"tds2-98.exe" , ""}, + {"tds2-nt.exe" , ""}, + {"teekids.exe" , ""}, + {"tfak.exe" , ""}, + {"tfak5.exe" , ""}, + {"tgbob.exe" , ""}, + {"titanin.exe" , ""}, + {"titaninxp.exe" , ""}, + {"tlaservice.exe" , ""}, + {"tlaworker.exe" , ""}, + {"tracert.exe" , ""}, + {"trickler.exe" , ""}, + {"trjscan.exe" , ""}, + {"trjsetup.exe" , ""}, + {"trojantrap3.exe" , ""}, + {"tsadbot.exe" , ""}, + {"tshark.exe" , ""}, + {"tvmd.exe" , ""}, + {"tvtmd.exe" , ""}, + {"udaterui.exe" , ""}, + {"undoboot.exe" , ""}, + {"updat.exe" , ""}, + {"update.exe" , ""}, + {"updaterui.exe" , ""}, + {"upgrad.exe" , ""}, + {"utpost.exe" , ""}, + {"vbcmserv.exe" , ""}, + {"vbcons.exe" , ""}, + {"vbust.exe" , ""}, + {"vbwin9x.exe" , ""}, + {"vbwinntw.exe" , ""}, + {"vcsetup.exe" , ""}, + {"vet32.exe" , ""}, + {"vet95.exe" , ""}, + {"vettray.exe" , ""}, + {"vfsetup.exe" , ""}, + {"vir-help.exe" , ""}, + {"virusmdpersonalfirewall.exe", ""}, + {"vnlan300.exe" , ""}, + {"vnpc3000.exe" , ""}, + {"vpc32.exe" , ""}, + {"vpc42.exe" , ""}, + {"vpfw30s.exe" , ""}, + {"vptray.exe" , ""}, + {"vscan40.exe" , ""}, + {"vscenu6.02d30.exe" , ""}, + {"vsched.exe" , ""}, + {"vsecomr.exe" , ""}, + {"vshwin32.exe" , ""}, + {"vsisetup.exe" , ""}, + {"vsmain.exe" , ""}, + {"vsmon.exe" , ""}, + {"vsstat.exe" , ""}, + {"vstskmgr.exe" , "McAfee VirusScan Enterprise"}, + {"vswin9xe.exe" , ""}, + {"vswinntse.exe" , ""}, + {"vswinperse.exe" , ""}, + {"w32dsm89.exe" , ""}, + {"w9x.exe" , ""}, + {"watchdog.exe" , ""}, + {"webdav.exe" , ""}, + {"webscanx.exe" , ""}, + {"webtrap.exe" , ""}, + {"wfindv32.exe" , ""}, + {"whoswatchingme.exe" , ""}, + {"wimmun32.exe" , ""}, + {"win-bugsfix.exe" , ""}, + {"win32.exe" , ""}, + {"win32us.exe" , ""}, + {"winactive.exe" , ""}, + {"window.exe" , ""}, + {"windows.exe" , ""}, + {"wininetd.exe" , ""}, + {"wininitx.exe" , ""}, + {"winlogin.exe" , ""}, + {"winmain.exe" , ""}, + {"winnet.exe" , ""}, + {"winppr32.exe" , ""}, + {"winrecon.exe" , ""}, + {"winservn.exe" , ""}, + {"winssk32.exe" , ""}, + {"winstart.exe" , ""}, + {"winstart001.exe" , ""}, + {"wintsk32.exe" , ""}, + {"winupdate.exe" , ""}, + {"wireshark.exe" , ""}, + {"wkufind.exe" , ""}, + {"wnad.exe" , ""}, + {"wnt.exe" , ""}, + {"wradmin.exe" , ""}, + {"wrctrl.exe" , ""}, + {"wsbgate.exe" , ""}, + {"wupdater.exe" , ""}, + {"wupdt.exe" , ""}, + {"wyvernworksfirewall.exe" , ""}, + {"xagt.exe" , ""}, + {"xpf202en.exe" , ""}, + {"zapro.exe" , ""}, + {"zapsetup3001.exe" , ""}, + {"zatutor.exe" , ""}, + /*{"zonalm2601" , ""}, These names (ending in .exe) are detected by AVs + {"zonealarm" , ""}, + {"_avp32" , ""}, + {"_avpcc" , ""}, + {"rshell" , ""}, + {"_avpms" , ""}*/ + }; // TODO: cyberark? other password managers? public static Hashtable interestingProcesses = new Hashtable() { - {"CmRcService" , "Configuration Manager Remote Control Service"}, - {"ftp" , "Misc. FTP client"}, - {"LMIGuardian" , "LogMeIn Reporter"}, - {"LogMeInSystray" , "LogMeIn System Tray"}, - {"RaMaint" , "LogMeIn maintenance sevice"}, - {"mmc" , "Microsoft Management Console"}, - {"putty" , "Putty SSH client"}, - {"pscp" , "Putty SCP client"}, - {"psftp" , "Putty SFTP client"}, - {"puttytel" , "Putty Telnet client"}, - {"plink" , "Putty CLI client"}, - {"pageant" , "Putty SSH auth agent"}, - {"kitty" , "Kitty SSH client"}, - {"telnet" , "Misc. Telnet client"}, - {"SecureCRT" , "SecureCRT SSH/Telnet client"}, - {"TeamViewer" , "TeamViewer"}, - {"tv_x64" , "TeamViewer x64 remote control"}, - {"tv_w32" , "TeamViewer x86 remote control"}, - {"keepass" , "KeePass password vault"}, - {"mstsc" , "Microsoft RDP client"}, - {"vnc" , "Possible VNC client"}, - {"powershell" , "PowerShell host process"}, - {"cmd" , "Command Prompt"}, + {"CmRcService.exe" , "Configuration Manager Remote Control Service"}, + {"ftp.exe" , "Misc. FTP client"}, + {"LMIGuardian.exe" , "LogMeIn Reporter"}, + {"LogMeInSystray.exe" , "LogMeIn System Tray"}, + {"RaMaint.exe" , "LogMeIn maintenance sevice"}, + {"mmc.exe" , "Microsoft Management Console"}, + {"putty.exe" , "Putty SSH client"}, + {"pscp.exe" , "Putty SCP client"}, + {"psftp.exe" , "Putty SFTP client"}, + {"puttytel.exe" , "Putty Telnet client"}, + {"plink.exe" , "Putty CLI client"}, + {"pageant.exe" , "Putty SSH auth agent"}, + {"kitty.exe" , "Kitty SSH client"}, + {"telnet.exe" , "Misc. Telnet client"}, + {"SecureCRT.exe" , "SecureCRT SSH/Telnet client"}, + {"TeamViewer.exe" , "TeamViewer"}, + {"tv_x64.exe" , "TeamViewer x64 remote control"}, + {"tv_w32.exe" , "TeamViewer x86 remote control"}, + {"keepass.exe" , "KeePass password vault"}, + {"mstsc.exe" , "Microsoft RDP client"}, + {"vnc.exe" , "Possible VNC client"}, + {"powershell.exe" , "PowerShell host process"}, + {"cmd.exe" , "Command Prompt"}, }; - public static Hashtable browserProcesses = new Hashtable() - { - {"chrome" , "Google Chrome"}, - {"iexplore" , "Microsoft Internet Explorer"}, - {"MicrosoftEdge" , "Microsoft Edge"}, - {"firefox" , "Mozilla Firefox"} - }; - - private static string GetProcessUser(Process process) + [DllImport("advapi32.dll", SetLastError = true)] + private static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle); + [DllImport("kernel32.dll", SetLastError = true)] + [return: MarshalAs(UnmanagedType.Bool)] + private static extern bool CloseHandle(IntPtr hObject); + private static string GetProcU(Process p) { - IntPtr processHandle = IntPtr.Zero; + IntPtr pHandle = IntPtr.Zero; try { - OpenProcessToken(process.Handle, 8, out processHandle); - WindowsIdentity wi = new WindowsIdentity(processHandle); - string user = wi.Name; - return user.Contains(@"\") ? user.Substring(user.IndexOf(@"\") + 1) : user; + OpenProcessToken(p.Handle, 8, out pHandle); + WindowsIdentity WI = new WindowsIdentity(pHandle); + String uSEr = WI.Name; + return uSEr.Contains(@"\") ? uSEr.Substring(uSEr.IndexOf(@"\") + 1) : uSEr; } catch { @@ -723,67 +720,64 @@ namespace winPEAS } finally { - if (processHandle != IntPtr.Zero) + if (pHandle != IntPtr.Zero) { - CloseHandle(processHandle); + CloseHandle(pHandle); } } } - [DllImport("advapi32.dll", SetLastError = true)] - private static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle); - [DllImport("kernel32.dll", SetLastError = true)] - [return: MarshalAs(UnmanagedType.Bool)] - private static extern bool CloseHandle(IntPtr hObject); + + // // TODO: check out https://github.com/harleyQu1nn/AggressorScripts/blob/master/ProcessColor.cna#L10 - public static List> GetProcessInfo() + public static List> GetProcInfo() { - List> final_results = new List>(); + List> f_results = new List>(); try { - var wmiQueryString = "SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process"; - using (var searcher = new ManagementObjectSearcher(wmiQueryString)) - using (var results = searcher.Get()) + var wmiQueRyStr = "SELECT ProcessId, ExecutablePath, CommandLine FROM Win32_Process"; + using (var srcher = new ManagementObjectSearcher(wmiQueRyStr)) + using (var reslts = srcher.Get()) { - var query = from p in Process.GetProcesses() - join mo in results.Cast() + var queRy = from p in Process.GetProcesses() + join mo in reslts.Cast() on p.Id equals (int)(uint)mo["ProcessId"] select new { - Process = p, - Path = (string)mo["ExecutablePath"], - CommandLine = (string)mo["CommandLine"], - Owner = GetProcessUser(p), //Needed inside the next foreach + Proc = p, + Pth = (string)mo["ExecutablePath"], + CommLine = (string)mo["CommandLine"], + Owner = GetProcU(p), //Needed inside the next foreach }; - foreach (var item in query) + foreach (var itm in queRy) { - if (item.Path != null) + if (itm.Pth != null) { string companyName = ""; string isDotNet = ""; try { - FileVersionInfo myFileVersionInfo = FileVersionInfo.GetVersionInfo(item.Path); - companyName = myFileVersionInfo.CompanyName; - isDotNet = MyUtils.CheckIfDotNet(item.Path) ? "isDotNet" : ""; + FileVersionInfo myFileVerInfo = FileVersionInfo.GetVersionInfo(itm.Pth); + //compName = myFileVerInfo.CompanyName; + isDotNet = MyUtils.CheckIfDotNet(itm.Pth) ? "isDotNet" : ""; } - catch (Exception ex) + catch { // Not enough privileges } if ((String.IsNullOrEmpty(companyName)) || (!Regex.IsMatch(companyName, @"^Microsoft.*", RegexOptions.IgnoreCase))) { - Dictionary toadd = new Dictionary(); - toadd["Name"] = item.Process.ProcessName; - toadd["ProcessID"] = item.Process.Id.ToString(); - toadd["ExecutablePath"] = item.Path; - toadd["Product"] = companyName; - toadd["Owner"] = item.Owner == null ? "" : item.Owner; - toadd["isDotNet"] = isDotNet; - toadd["CommandLine"] = item.CommandLine; - final_results.Add(toadd); + Dictionary to_add = new Dictionary(); + to_add["Name"] = itm.Proc.ProcessName; + to_add["ProcessID"] = itm.Proc.Id.ToString(); + to_add["ExecutablePath"] = itm.Pth; + to_add["Product"] = companyName; + to_add["Owner"] = itm.Owner == null ? "" : itm.Owner; + to_add["isDotNet"] = isDotNet; + to_add["CommandLine"] = itm.CommLine; + f_results.Add(to_add); } } } @@ -793,7 +787,7 @@ namespace winPEAS { Beaprint.GrayPrint(String.Format(" [X] Exception: {0}", ex.Message)); } - return final_results; + return f_results; } } } diff --git a/winPEAS/winPEASexe/winPEAS/Program.cs b/winPEAS/winPEASexe/winPEAS/Program.cs index ea121e4..a4c0941 100644 --- a/winPEAS/winPEASexe/winPEAS/Program.cs +++ b/winPEAS/winPEASexe/winPEAS/Program.cs @@ -1,5 +1,4 @@ -//using Colorful; // http://colorfulconsole.com/ -using System; +using System; using System.Collections.Generic; using System.IO; using System.Management; @@ -654,33 +653,31 @@ namespace winPEAS { void PrintInterestingProcesses() { - /* Colors Code - * RED: - * ---- Write privileges in path - * ---- Different Owner than myself - * GREEN: - * ---- No Write privileges in path - * MAGENTA: - * ---- Current username - */ try { Beaprint.MainPrint("Interesting Processes -non Microsoft-", "T1010&T1057&T1007"); Beaprint.LinkPrint("https://book.hacktricks.xyz/windows/windows-local-privilege-escalation#running-processes", "Check if any interesting proccesses for memmory dump or if you could overwrite some binary running"); - List> processes_info = ProcessesInfo.GetProcessInfo(); + List> processes_info = ProcessesInfo.GetProcInfo(); foreach (Dictionary proc_info in processes_info) { + Dictionary colorsP = new Dictionary() + { + { " "+currentUserName, Beaprint.ansi_current_user }, + { "Permissions:.*", Beaprint.ansi_color_bad }, + { "Possible DLL Hijacking.*", Beaprint.ansi_color_bad }, + }; + if (ProcessesInfo.defensiveProcesses.ContainsKey(proc_info["Name"])) { - proc_info["Product"] = ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString(); + if (!String.IsNullOrEmpty(ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString())) + proc_info["Product"] = ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString(); + colorsP[proc_info["Product"]] = Beaprint.ansi_color_good; } else if (ProcessesInfo.interestingProcesses.ContainsKey(proc_info["Name"])) { - proc_info["Product"] = ProcessesInfo.interestingProcesses[proc_info["Name"]].ToString(); - } - else if (ProcessesInfo.browserProcesses.ContainsKey(proc_info["Name"])) - { - proc_info["Product"] = ProcessesInfo.browserProcesses[proc_info["Name"]].ToString(); + if (!String.IsNullOrEmpty(ProcessesInfo.defensiveProcesses[proc_info["Name"]].ToString())) + proc_info["Product"] = ProcessesInfo.interestingProcesses[proc_info["Name"]].ToString(); + colorsP[proc_info["Product"]] = Beaprint.ansi_color_bad; } List file_rights = MyUtils.GetPermissionsFile(proc_info["ExecutablePath"], currentUserSIDs); @@ -688,6 +685,8 @@ namespace winPEAS if (proc_info["ExecutablePath"] != null && proc_info["ExecutablePath"] != "") dir_rights = MyUtils.GetPermissionsFolder(Path.GetDirectoryName(proc_info["ExecutablePath"]), currentUserSIDs); + colorsP[proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+", "\\+") + "[^\"^']"] = (file_rights.Count > 0 || dir_rights.Count > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good; + string formString = " {0}({1})[{2}]"; if (proc_info["Product"] != null && proc_info["Product"].Length > 1) formString += ": {3}"; @@ -702,13 +701,7 @@ namespace winPEAS if (proc_info["CommandLine"].Length > 1) formString += "\n "+ Beaprint.ansi_color_gray + "Command Line: {9}"; - Dictionary colorsP = new Dictionary() - { - { " "+currentUserName, Beaprint.ansi_current_user }, - { "Permissions:.*", Beaprint.ansi_color_bad }, - { "Possible DLL Hijacking.*", Beaprint.ansi_color_bad }, - { proc_info["ExecutablePath"].Replace("\\", "\\\\").Replace("(", "\\(").Replace(")", "\\)").Replace("]", "\\]").Replace("[", "\\[").Replace("?", "\\?").Replace("+","\\+")+"[^\"^']", (file_rights.Count > 0 || dir_rights.Count > 0) ? Beaprint.ansi_color_bad : Beaprint.ansi_color_good }, - }; + Beaprint.AnsiPrint(String.Format(formString, proc_info["Name"], proc_info["ProcessID"], proc_info["ExecutablePath"], proc_info["Product"], proc_info["Owner"], proc_info["isDotNet"], String.Join(", ", file_rights), dir_rights.Count > 0 ? Path.GetDirectoryName(proc_info["ExecutablePath"]) : "", String.Join(", ", dir_rights), proc_info["CommandLine"]), colorsP); Beaprint.PrintLineSeparator(); } diff --git a/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs b/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs index 524d0e9..be338e0 100644 --- a/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/Properties/AssemblyInfo.cs @@ -5,11 +5,11 @@ using System.Runtime.InteropServices; // General Information about an assembly is controlled through the following // set of attributes. Change these attribute values to modify the information // associated with an assembly. -[assembly: AssemblyTitle("winPEAS")] +[assembly: AssemblyTitle("asdas2dasd")] [assembly: AssemblyDescription("")] [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("")] -[assembly: AssemblyProduct("winPEAS")] +[assembly: AssemblyProduct("asdas2dasd")] [assembly: AssemblyCopyright("Copyright © 2019")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] @@ -20,7 +20,7 @@ using System.Runtime.InteropServices; [assembly: ComVisible(false)] // The following GUID is for the ID of the typelib if this project is exposed to COM -[assembly: Guid("d934058e-a7db-493f-a741-ae8e3df867f4")] +[assembly: Guid("1928358e-a64b-493f-a741-ae8e3d029374")] // Version information for an assembly consists of the following four values: // diff --git a/winPEAS/winPEASexe/winPEAS/ServicesInfo.cs b/winPEAS/winPEASexe/winPEAS/ServicesInfo.cs index 451909f..70c01a0 100644 --- a/winPEAS/winPEASexe/winPEAS/ServicesInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/ServicesInfo.cs @@ -9,7 +9,6 @@ using System.ServiceProcess; using System.Reflection; using System.Security.AccessControl; using System.Runtime.InteropServices; -using System.Security.Principal; namespace winPEAS { diff --git a/winPEAS/winPEASexe/winPEAS/UserInfo.cs b/winPEAS/winPEASexe/winPEAS/UserInfo.cs index fd6cf6a..157f943 100644 --- a/winPEAS/winPEASexe/winPEAS/UserInfo.cs +++ b/winPEAS/winPEASexe/winPEAS/UserInfo.cs @@ -564,6 +564,7 @@ namespace winPEAS } return user; } + public static UserPrincipal GetUserLocal(string sUserName) { // Extract local user information @@ -575,6 +576,7 @@ namespace winPEAS user = searcher.FindOne() as UserPrincipal; return user; } + public static UserPrincipal GetUserDomain(string sUserName, string domain) { //if not local, try to extract domain user information @@ -979,8 +981,8 @@ namespace winPEAS else if (Clipboard.ContainsFileDropList()) c = String.Format("{0}", Clipboard.GetFileDropList()); - else if (Clipboard.ContainsImage()) - c = String.Format("{0}", Clipboard.GetImage()); + //else if (Clipboard.ContainsImage()) //No system.Drwing import + //c = String.Format("{0}", Clipboard.GetImage()); } catch (Exception ex) { diff --git a/winPEAS/winPEASexe/winPEAS/Watson.cs b/winPEAS/winPEASexe/winPEAS/Watson.cs index 80cf24c..be077fa 100644 --- a/winPEAS/winPEASexe/winPEAS/Watson.cs +++ b/winPEAS/winPEASexe/winPEAS/Watson.cs @@ -1,7 +1,5 @@ -//using Colorful; -using System; +using System; using System.Collections.Generic; -using System.Drawing; using System.Linq; using System.Management; diff --git a/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASany.exe b/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASany.exe new file mode 100644 index 0000000..368db86 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASany.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASx64.exe b/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASx64.exe new file mode 100644 index 0000000..bd934d7 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASx64.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASx86.exe b/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASx86.exe new file mode 100644 index 0000000..be03f15 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Obfuscated Releases/winPEASx86.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/Dotfuscator1.xml b/winPEAS/winPEASexe/winPEAS/bin/Release/Dotfuscator1.xml new file mode 100644 index 0000000..cf65693 --- /dev/null +++ b/winPEAS/winPEASexe/winPEAS/bin/Release/Dotfuscator1.xml @@ -0,0 +1,56 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/Microsoft.Win32.TaskScheduler.dll b/winPEAS/winPEASexe/winPEAS/bin/Release/Microsoft.Win32.TaskScheduler.dll new file mode 100644 index 0000000..118220e Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Release/Microsoft.Win32.TaskScheduler.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/de/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/Release/de/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..96e077c Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Release/de/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/es/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/Release/es/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..945939b Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Release/es/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..ec1d3b0 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/it/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/Release/it/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..e7bf5e1 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Release/it/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..d3554aa Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..5febb35 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.exe b/winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.exe index 6c3bf2e..81fe95c 100644 Binary files a/winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.exe and b/winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.pdb b/winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.pdb index 50abaf4..b7e7525 100644 Binary files a/winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.pdb and b/winPEAS/winPEASexe/winPEAS/bin/Release/winPEAS.pdb differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..2432ef4 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/Microsoft.Win32.TaskScheduler.dll b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/Microsoft.Win32.TaskScheduler.dll new file mode 100644 index 0000000..118220e Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/Microsoft.Win32.TaskScheduler.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/de/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/de/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..96e077c Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/de/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/es/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/es/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..945939b Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/es/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..ec1d3b0 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/it/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/it/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..e7bf5e1 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/it/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..d3554aa Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..5febb35 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.exe b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.exe index 6e98b55..98bbaea 100644 Binary files a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.exe and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.pdb b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.pdb index 510d1a6..b7e7525 100644 Binary files a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.pdb and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.pdb differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x64/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..2432ef4 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x64/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/Microsoft.Win32.TaskScheduler.dll b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/Microsoft.Win32.TaskScheduler.dll new file mode 100644 index 0000000..118220e Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/Microsoft.Win32.TaskScheduler.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/de/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/de/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..96e077c Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/de/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/es/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/es/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..945939b Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/es/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..ec1d3b0 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/fr/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/it/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/it/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..e7bf5e1 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/it/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..d3554aa Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/pl/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..5febb35 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/ru/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.exe b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.exe index f22f7e0..5bc4282 100644 Binary files a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.exe and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.pdb b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.pdb index 3d215d0..b7e7525 100644 Binary files a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.pdb and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/winPEAS.pdb differ diff --git a/winPEAS/winPEASexe/winPEAS/bin/x86/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll new file mode 100644 index 0000000..2432ef4 Binary files /dev/null and b/winPEAS/winPEASexe/winPEAS/bin/x86/Release/zh-CN/Microsoft.Win32.TaskScheduler.resources.dll differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/winPEAS/winPEASexe/winPEAS/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache index bc6e625..63d9094 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/winPEAS/winPEASexe/winPEAS/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache b/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache index 48e934e..d14fb9b 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache and b/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.csprojAssemblyReference.cache differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.exe b/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.exe index 64e1cec..ff41986 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.exe and b/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.pdb b/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.pdb index abbf7b3..cb78e14 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.pdb and b/winPEAS/winPEASexe/winPEAS/obj/Debug/winPEAS.pdb differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.FileListAbsolute.txt b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.FileListAbsolute.txt index 290f790..34ddebf 100644 --- a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.FileListAbsolute.txt +++ b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.FileListAbsolute.txt @@ -47,3 +47,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe.config +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.exe +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\winPEAS.pdb +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.xml +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csprojAssemblyReference.cache +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.csproj.CopyComplete +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.exe +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\Release\winPEAS.pdb +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\Microsoft.Win32.TaskScheduler.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\de\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\es\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\it\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll diff --git a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.Fody.CopyLocal.cache b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.Fody.CopyLocal.cache deleted file mode 100644 index acfbf1e..0000000 --- a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csproj.Fody.CopyLocal.cache +++ /dev/null @@ -1 +0,0 @@ -D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml diff --git a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache index 02c784d..ec62fc9 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache and b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.csprojAssemblyReference.cache differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.exe b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.exe index 6c3bf2e..81fe95c 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.exe and b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.pdb b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.pdb index 50abaf4..b7e7525 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.pdb and b/winPEAS/winPEASexe/winPEAS/obj/Release/winPEAS.pdb differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.FileListAbsolute.txt b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.FileListAbsolute.txt index 42939cc..bba1dec 100644 --- a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.FileListAbsolute.txt +++ b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.FileListAbsolute.txt @@ -23,3 +23,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csprojAssemblyReference.cache +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe.config +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.exe +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\winPEAS.pdb +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.xml +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csprojAssemblyReference.cache +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.csproj.CopyComplete +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.exe +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x64\Release\winPEAS.pdb +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\Microsoft.Win32.TaskScheduler.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\de\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\es\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\it\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x64\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll diff --git a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.Fody.CopyLocal.cache b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.Fody.CopyLocal.cache deleted file mode 100644 index acfbf1e..0000000 --- a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csproj.Fody.CopyLocal.cache +++ /dev/null @@ -1 +0,0 @@ -D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml diff --git a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csprojAssemblyReference.cache b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csprojAssemblyReference.cache index c3d63b1..f9e9abf 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csprojAssemblyReference.cache and b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.csprojAssemblyReference.cache differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.exe b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.exe index 6e98b55..98bbaea 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.exe and b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.pdb b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.pdb index 510d1a6..b7e7525 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.pdb and b/winPEAS/winPEASexe/winPEAS/obj/x64/Release/winPEAS.pdb differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache index c7e89b3..5b3f5c1 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache and b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/DesignTimeResolveAssemblyReferencesInput.cache differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.FileListAbsolute.txt b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.FileListAbsolute.txt index 07bbf02..3942089 100644 --- a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.FileListAbsolute.txt +++ b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.FileListAbsolute.txt @@ -23,3 +23,19 @@ D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\w D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csprojAssemblyReference.cache +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe.config +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.exe +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\winPEAS.pdb +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.xml +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csprojAssemblyReference.cache +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.csproj.CopyComplete +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.exe +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\obj\x86\Release\winPEAS.pdb +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\Microsoft.Win32.TaskScheduler.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\de\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\es\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\fr\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\it\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\pl\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\ru\Microsoft.Win32.TaskScheduler.resources.dll +D:\shared\cambiado-privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\winPEAS\bin\x86\Release\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll diff --git a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.Fody.CopyLocal.cache b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.Fody.CopyLocal.cache deleted file mode 100644 index acfbf1e..0000000 --- a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csproj.Fody.CopyLocal.cache +++ /dev/null @@ -1 +0,0 @@ -D:\shared\privilege-escalation-awesome-scripts-suite-master\winPEAS\winPEASexe\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.xml diff --git a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csprojAssemblyReference.cache b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csprojAssemblyReference.cache index 7d498b1..fd723b6 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csprojAssemblyReference.cache and b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.csprojAssemblyReference.cache differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.exe b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.exe index f22f7e0..5bc4282 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.exe and b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.exe differ diff --git a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.pdb b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.pdb index 3d215d0..b7e7525 100644 Binary files a/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.pdb and b/winPEAS/winPEASexe/winPEAS/obj/x86/Release/winPEAS.pdb differ diff --git a/winPEAS/winPEASexe/winPEAS/packages.config b/winPEAS/winPEASexe/winPEAS/packages.config index 19c1f58..403b903 100644 --- a/winPEAS/winPEASexe/winPEAS/packages.config +++ b/winPEAS/winPEASexe/winPEAS/packages.config @@ -1,7 +1,4 @@  - - - \ No newline at end of file diff --git a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj index f808ace..17726b4 100644 --- a/winPEAS/winPEASexe/winPEAS/winPEAS.csproj +++ b/winPEAS/winPEASexe/winPEAS/winPEAS.csproj @@ -1,6 +1,5 @@  - Debug @@ -85,19 +84,12 @@ false - - ..\packages\Costura.Fody.4.1.0\lib\net40\Costura.dll - - - ..\packages\CredentialManagement.1.0.2\lib\net35\CredentialManagement.dll - ..\packages\TaskScheduler.2.8.16\lib\net40\Microsoft.Win32.TaskScheduler.dll - @@ -106,7 +98,6 @@ - @@ -129,12 +120,4 @@ - - - - This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. - - - - \ No newline at end of file