Last active
June 26, 2019 01:32
-
-
Save MHaggis/1ecbf78b0e2c71af727411bdb7a3cd8d to your computer and use it in GitHub Desktop.
lolbins
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Powershell": { | |
| "process_name": ["powershell.exe"] | |
| }, | |
| "Utilman": { | |
| "process_name": ["utilman.exe"] | |
| }, | |
| "msiexec": { | |
| "process_name": ["msiexec.exe"] | |
| }, | |
| "wmic": { | |
| "process_name": ["wmic.exe"] | |
| }, | |
| "mshta": { | |
| "process_name": ["mshta.exe"] | |
| }, | |
| "wscript": { | |
| "process_name": ["wscript.exe"] | |
| }, | |
| "cscript": { | |
| "process_name": ["cscript.exe"] | |
| }, | |
| "csc": { | |
| "process_name": ["csc.exe"] | |
| }, | |
| "mmc": { | |
| "process_name": ["mmc.exe"] | |
| }, | |
| "control": { | |
| "process_name": ["control.exe"] | |
| }, | |
| "csvde": { | |
| "process_name": ["csvde.exe"] | |
| }, | |
| "installutil": { | |
| "process_name": ["installutil.exe"] | |
| }, | |
| "msbuild": { | |
| "process_name": ["msbuild.exe"] | |
| }, | |
| "cmdkey": { | |
| "process_name": ["cmdkey.exe"] | |
| }, | |
| "cmstp": { | |
| "process_name": ["cmstp.exe"] | |
| }, | |
| "certutil": { | |
| "process_name": ["certutil.exe"] | |
| }, | |
| "regasm": { | |
| "process_name": ["regasm.exe"] | |
| }, | |
| "regsvr32": { | |
| "process_name": ["regsvr32.exe"] | |
| }, | |
| "rundll32": { | |
| "process_name": ["rundll32.exe"] | |
| }, | |
| "Regsvcs": { | |
| "process_name": ["regsvcs.exe"] | |
| }, | |
| "rpcping": { | |
| "process_name": ["rpcping.exe"] | |
| }, | |
| "remote": { | |
| "process_name": ["remote.exe"] | |
| }, | |
| "dfsvc": { | |
| "process_name": ["dfsvc.exe"] | |
| }, | |
| "diskshadow": { | |
| "process_name": ["diskshadow.exe"] | |
| }, | |
| "bash": { | |
| "process_name": ["bash.exe"] | |
| }, | |
| "esentutil": { | |
| "process_name": ["esentutl.exe"] | |
| }, | |
| "msxsl": { | |
| "process_name": ["msxsl.exe"] | |
| }, | |
| "atbroker": { | |
| "process_name": ["atbroker.exe"] | |
| }, | |
| "expand": { | |
| "process_name": ["expand.exe"] | |
| }, | |
| "leexec": { | |
| "process_name": ["leexec.exe"] | |
| }, | |
| "hh": { | |
| "process_name": ["hh.exe"] | |
| }, | |
| "forfiles": { | |
| "process_name": ["forfiles.exe"] | |
| }, | |
| "makecab": { | |
| "process_name": ["makecab.exe"] | |
| }, | |
| "infdefaultinstall": { | |
| "process_name": ["infdefaultinstall.exe"] | |
| }, | |
| "ie4unit": { | |
| "process_name": ["ie4unit.exe"] | |
| }, | |
| "msdt": { | |
| "process_name": ["msdt.exe"] | |
| }, | |
| "mavinject": { | |
| "process_name": ["mavinject.exe"] | |
| }, | |
| "findstr": { | |
| "process_name": ["findstr.exe"] | |
| }, | |
| "odbcconf": { | |
| "process_name": ["odbcconf.exe"] | |
| }, | |
| "pcalua": { | |
| "process_name": ["pcalua.exe"] | |
| }, | |
| "nltest": { | |
| "process_name": ["nltest.exe"] | |
| }, | |
| "regedit": { | |
| "process_name": ["regedit.exe"] | |
| }, | |
| "reg": { | |
| "process_name": ["reg.exe"] | |
| }, | |
| "qprocess": { | |
| "process_name": ["qprocess.exe"] | |
| }, | |
| "print": { | |
| "process_name": ["print.exe"] | |
| }, | |
| "presentationhost": { | |
| "process_name": ["presentationhost.exe"] | |
| }, | |
| "xwizard": { | |
| "process_name": ["xwizard.exe"] | |
| }, | |
| "syncappvpublishingserver": { | |
| "process_name": ["syncappvpublishingserver.exe"] | |
| }, | |
| "scriptrunner": { | |
| "process_name": ["scriptrunner.exe"] | |
| }, | |
| "sc": { | |
| "process_name": ["sc.exe"] | |
| }, | |
| "runscripthelper": { | |
| "process_name": ["runscripthelper.exe"] | |
| }, | |
| "robocopy": { | |
| "process_name": ["robocopy.exe"] | |
| }, | |
| "replace": { | |
| "process_name": ["replace.exe"] | |
| }, | |
| "regini": { | |
| "process_name": ["regini.exe"] | |
| }, | |
| "extrac32": { | |
| "process_name": ["extrac32.exe"] | |
| }, | |
| "csi": { | |
| "process_name": ["csi.exe"] | |
| }, | |
| "cdb": { | |
| "process_name": ["cdb.exe"] | |
| }, | |
| "bginfo": { | |
| "process_name": ["bginfo.exe"] | |
| }, | |
| "nvudisp": { | |
| "process_name": ["nvudisp.exe"] | |
| }, | |
| "nvuhda6": { | |
| "process_name": ["nvuhda6.exe"] | |
| }, | |
| "winword": { | |
| "process_name": ["winword.exe"] | |
| }, | |
| "tracker": { | |
| "process_name": ["tracker.exe"] | |
| }, | |
| "te": { | |
| "process_name": ["te.exe"] | |
| }, | |
| "sqlps": { | |
| "process_name": ["sqlps.exe"] | |
| }, | |
| "sqldumper": { | |
| "process_name": ["sqldumper.exe"] | |
| }, | |
| "rcsi": { | |
| "process_name": ["rcsi.exe"] | |
| }, | |
| "dnx": { | |
| "process_name": ["dnx.exe"] | |
| }, | |
| "appvlp": { | |
| "process_name": ["appvlp.exe"] | |
| }, | |
| "bitsadmin": { | |
| "process_name": ["bitsadmin.exe"] | |
| }, | |
| "dnscmd": { | |
| "process_name": ["dnscmd.exe"] | |
| }, | |
| "extexport": { | |
| "process_name": ["extexport.exe"] | |
| }, | |
| "gpscript": { | |
| "process_name": ["gpscript.exe"] | |
| }, | |
| "le4uinit": { | |
| "process_name": ["le4uinit.exe"] | |
| }, | |
| "msconfig": { | |
| "process_name": ["mcsconfig.exe"] | |
| }, | |
| "netsh": { | |
| "process_name": ["netsh.exe"] | |
| }, | |
| "openwith": { | |
| "process_name": ["openwith.exe"] | |
| }, | |
| "pcwrun": { | |
| "process_name": ["pcwrun.exe"] | |
| }, | |
| "psr": { | |
| "process_name": ["psr.exe"] | |
| }, | |
| "register-cimprovider": { | |
| "process_name": ["register-cimprovider.exe"] | |
| }, | |
| "runonce": { | |
| "process_name": ["runonce.exe"] | |
| }, | |
| "wab": { | |
| "process_name": ["wab.exe"] | |
| }, | |
| "dxcap": { | |
| "process_name": ["dxcap.exe"] | |
| }, | |
| "mftrace": { | |
| "process_name": ["mftrace.exe"] | |
| }, | |
| "msdeploy": { | |
| "process_name": ["msdeploy.exe"] | |
| }, | |
| "sqltoolsps": { | |
| "process_name": ["sqltoolsps.exe"] | |
| }, | |
| "vsjitdebugger": { | |
| "process_name": ["vsjitdebugger.exe"] | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment